Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
November 20, 2008                                         Vol. 7. Week 47
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                         2
Third Party Windows Apps                        6 (#4)
Linux                                           4
Solaris                                         1
Unix                                            1
Cross Platform                                 23 (#1, #2, #3)
Web Application - Cross Site Scripting          5
Web Application - SQL Injection                27
Web Application                                24
Network Device                                  6


********************* Sponsored By Sourcefire, Inc. *********************

Best of Open Source Security (BOSS) Conference 2009 

February 8-10, 2009 at the Flamingo in Las Vegas.  Content-rich agenda
around open source security (OSS).   Come join others passionate about
OSS and share ideas and experiences.  Sponsors include Sourcefire,
Nokia, Symantec, ArcSight, Crossbeam Systems, and others.  Sourcefire
Users Summit will be running simultaneously.  Early-bird registration
now in effect.
http://www.sans.org/info/35604
*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - London (12/1- 12/9) http://sans.org/london08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Trend Micro ServerProtect Multiple Vulnerabilities
(2) CRITICAL: Apple Safari Multiple Vulnerabilities
(3) HIGH: Adobe AIR Multiple Vulnerabilities
(4) HIGH: Exodus "im://" URL Handling Command Injection

************************  Sponsored Link:  ******************************
1) Rediscover Orlando and hear about Process Control Security issues. -
SCADA & Process Control Security Summit February 2-3.
http://www.sans.org/info/35609
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.47.1  - Microsoft XML Core Services DTD Cross Domain Information Disclosure
08.47.2  - Microsoft XML Core Services Transfer Encoding Cross Domain
Information Disclosure
 -- Third Party Windows Apps
08.47.3  - pi3Web ISAPI Directory Remote Denial of Service
08.47.4  - VeryPDF PDFView ActiveX Component Heap Buffer Overflow
08.47.5  - GungHo LoadPrgAx ActiveX Control Unspecified
08.47.6  - Exodus "im://" URI Handler Command Line Parameter Injection
08.47.7  - Chilkat Socket ActiveX "SaveLastError()" Arbitrary File Overwrite
08.47.8  - Microsoft Communicator RTCP Unspecified Remote Denial of Service
 -- Linux
08.47.9  - Linux Kernel "hfs_cat_find_brec()" Local Denial of Service
08.47.10 - Ubuntu vm-builder Local Security Bypass
08.47.11 - Linux Kernel "drivers/media/video/tvaudio.c" Memory Corruption
08.47.12 - No-IP Dynamic Update Client for Linux Remote Buffer Overflow
 -- Solaris
08.47.13 - Sun Solaris "3SOCKET" Local Denial of Service
 -- Unix
08.47.14 - Debian xmcd Insecure Temporary File Creation Vulnerabilities
 -- Cross Platform
08.47.15 - Trend Micro ServerProtect Multiple Remote Vulnerabilities
08.47.16 - OptiPNG BMP Reader Buffer Overflow
08.47.17 - ooVoo URI Handler Remote Buffer Overflow
08.47.18 - smcFanControl Local Buffer Overfow
08.47.19 - Google Chrome Pop-Up Address Bar URI Spoofing
08.47.20 - Multiple Avira Products Driver IOCTL Request Local Buffer Overflow
08.47.21 - HP Service Manager (HPSM) Unspecified Privilege Escalation
08.47.22 - AlstraSoft SendIt Pro Arbitrary File Upload
08.47.23 - University of Washington IMAP "smtp.c" Null Pointer Dereference
Denial of Service
08.47.24 - Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
08.47.25 - Sun Logical Domain Manager Local Security Bypass
08.47.26 - Apple Safari Prior to 3.2 Multiple Security Vulnerabilities
08.47.27 - Multiple Scriptsfeed Scripts Arbitrary File Upload
08.47.28 - Microsoft Active Directory LDAP Server Username Enumeration Weakness
08.47.29 - Cobbler Web Interface Kickstart Template Remote Privilege Escalation
08.47.30 - OpenSSH CBC Mode Information Disclosure
08.47.31 - Opera Web Browser "file://" Heap Based Buffer Overflow
08.47.32 - FREEze Greetings "pwd.txt" Password Information Disclosure
08.47.33 - libxml2 "xmlSAX2Characters()" Integer Overflow
08.47.34 - libxml2 "xmlBufferResize()" Remote Denial of Service
08.47.35 - Adobe AIR Unspecified JavaScript Code Execution
08.47.36 - Balabit syslog-ng Insecure "chroot()" Implementation Weakness
08.47.37 - Mozilla Firefox Arbitrary Image Cross Domain Security Bypass
 -- Web Application - Cross Site Scripting
08.47.38 - TYPO3 Core Multiple Cross-Site Scripting Vulnerabilities
08.47.39 - Sun Java System Messaging Server Cross-Site Scripting
08.47.40 - Interchange Multiple Cross-Site Scripting Vulnerabilities
08.47.41 - BoutikOne CMS "search_query" Parameter Cross-Site Scripting
08.47.42 - Kimson CMS "id" Parameter Cross-Site Scripting
 -- Web Application - SQL Injection
08.47.43 - Joomla! and Mambo Books Component "book_id" Parameter SQL Injection
08.47.44 - Joomla! and Mambo Catalog Production Component "id" Parameter SQL
Injection
08.47.45 - Digital Greys Contact Information Module Joomla! Component SQL
Injection
08.47.46 - PozScripts Business Directory "showcategory.php" SQL Injection
08.47.47 - ActiveCampaign TrioLive "department_id" SQL Injection and Cross-Site
Scripting Vulnerabilities
08.47.48 - AlstraSoft Article Manager Pro "admin/admin.php" SQL Injection
08.47.49 - HyperStop WebHost Directory "admin/login" SQL Injection
08.47.50 - MemHT Portal "inc/ajax/ajax_rating.php" SQL Injection
08.47.51 - AlstraSoft Web Host Directory "Password" Parameter SQL Injection
08.47.52 - Bankoi Webhost Panel "login.asp" SQL Injection
08.47.53 - SlimCMS "edit.php" SQL Injection
08.47.54 - X7 Chat Password Field SQL Injection
08.47.55 - HOSTNOMI Real Estate Portal Pro "index.php" SQL Injection
08.47.56 - ClipShare Pro "channel_detail.php" SQL Injection
08.47.57 - Wholesale "track.php" SQL Injection
08.47.58 - Flosites Blog SQL Injection Vulnerabilities
08.47.59 - phpstore.info Yahoo Answers-Like "index.php" SQL Injection
08.47.60 - OpenASP "default.asp" SQL Injection
08.47.61 - E-topbiz AdManager "view.php" SQL Injection
08.47.62 - SaturnCMS "Username" Login Page SQL Injection
08.47.63 - Jadu Galaxies "documents.php" SQL Injection
08.47.64 - Simple Customer "login.php" SQL Injection
08.47.65 - UltraStats "login.php" SQL Injection
08.47.66 - vBulletin "admincalendar.php" SQL Injection
08.47.67 - vBulletin "admincp/verify.php" SQL Injection
08.47.68 - vBulletin "admincp/attachmentpermission.php" SQL Injection
08.47.69 - vBulletin "admincp/image.php" SQL Injection
 -- Web Application
08.47.70 - Sun Java System Identity Manager Multiple Vulnerabilities
08.47.71 - Joomla! Multiple HTML Injection Vulnerabilities
08.47.72 - WOW Raid Manager "auth/auth_phpbb3.php"  Security Bypass
08.47.73 - AJ Article Authentication Bypass Vulnerabilities
08.47.74 - AJ Classifieds Authentication Bypass
08.47.75 - Pre Real Estate Listings Seller Logo Arbitrary File Upload
08.47.76 - Joomla! Simple RSS Reader Component Remote File Include
08.47.77 - Zope PythonScript Multiple Remote Denial of Service Vulnerabilities
08.47.78 - Linksys WRT160N DHCP Client Table HTML Injection
08.47.79 - TurnkeyForms Local Classifieds "Site_Admin/admin.php" Authentication
Bypass
08.47.80 - TurnkeyForms Web Hosting Directory Multiple Vulnerabilities
08.47.81 - BandSite CMS Cookie Authentication Bypass
08.47.82 - AlstraSoft Web Hosting Directory Multiple Vulnerabilities
08.47.83 - TurnkeyForms Text Link Sales "admin.php" Authentication Bypass
08.47.84 - Discuz! "index.php" Remote Code Execution
08.47.85 - GS Real Estate Portal Multiple Input Validation Vulnerabilities
08.47.86 - TurnkeyForms Text Link Sales "admin.php" SQL Injection and Cross-Site
Scripting Vulnerabilities
08.47.87 - Minigal "index.php" Directory Traversal
08.47.88 - infiniteReality mxCamArchive "archive/config.ini" Information
Disclosure
08.47.89 - QuadComm Q-Shop Cross-Site Scripting and Multiple SQL Injection
Vulnerabilities
08.47.90 - phpFan "init.php" Remote File Include
08.47.91 - Pluck "g_pcltar_lib_dir" Parameter Local File Include
08.47.92 - Link Back Checker Cookie Authentication Bypass
08.47.93 - MDaemon Server WorldClient Script Injection
 -- Network Device
08.47.94 - Sweex RO002 Router Default Password Security Bypass
08.47.95 - Actiontec MI424WR Default WEP Key Security Bypass
08.47.96 - Belkin F5D8233-4 Wireless N Router IP-Based Authentication Session
Hijacking
08.47.97 - Belkin F5D8233-4 Wireless N Router Multiple Scripts Authentication
Bypass Vulnerabilities
08.47.98 - NETGEAR WGR614 Administration Interface Remote Denial of Service
08.47.99 - Check Point VPN-1 Port Address Translation Information Disclosure
Weakness

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Trend Micro ServerProtect Multiple Vulnerabilities
Affected:
Trend Micro ServerProtect versions 5.58 and prior

Description: Trend Micro ServerProtect is a popular enterprise antivirus
solution. It contains multiple vulnerabilities in its handling of a
variety of inputs. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process (SYSTEM). Some technical details are publicly
available for these vulnerabilities. It is confirmed that at least one
vulnerability can be exploited without authentication. The exact
vectors of exploitation have not been disclosed, but it is possible that
an attacker could exploit at least one of these vulnerabilities by
sending an email to a server running the vulnerable software.

Status: Vendor has not confirmed, no updates available.

References:
IBM ISS X-Force Security Advisories
http://www.iss.net/threats/308.html
http://www.iss.net/threats/309.html
http://www.iss.net/threats/310.html
http://www.iss.net/threats/307.html
ISS Frequency X Blog Post
http://blogs.iss.net/archive/trend.html
Vendor Home Page
http://us.trendmicro.com/us/home/index.html?utm_source=www.trendmicro.com&
utm_medium=referral&utm_campaign=www.trendmicro.com
SecurityFocus BID
http://www.securityfocus.com/bid/32261

*******************************************

(2) CRITICAL: Apple Safari Multiple Vulnerabilities
Affected:
Apple Safari versions prior to 3.2

Description: Safari, Apple's web browser for Mac OS X and Microsoft
Windows, contains multiple vulnerabilities in its handling of a variety
of inputs. A specially crafted web page or URL could trigger one of
these vulnerabilities, with a variety of consequences, including remote
code execution with the privileges of the current user. Some technical
details are publicly available for these vulnerabilities. Additionally,
since portions of Safari are open source, it is possible that further
details may be uncovered via source code analysis. Safari on both Apple
Mac OS X and Microsoft Windows is affected.

Status: Vendor confirmed, updates available.

References:
Apple Security Bulletin
http://support.apple.com/kb/HT3298
Product Home Page
http://www.apple.com/safari/
SecurityFocus BID
http://www.securityfocus.com/bid/32291

*******************************************

(3) HIGH: Adobe AIR Multiple Vulnerabilities
Affected:
Adobe AIR versions prior to 1.5

Description: Adobe AIR is the Adobe Integrated Runtime. It is an
application designed to ease development of web- and Adobe Flash-based
applications with functionality similar to traditional desktop
applications. Since it uses Adobe's Flash Player technology, it is also
vulnerable to the issues recently discovered in that application.
Additionally, it contains a vulnerability in its handling of certain
input. A specially crafted set of input could trigger this
vulnerability, allowing an attacker to execute arbitrary JavaScript code
with elevated privileges, potentially equal to the full rights of the
current user.

Status: Vendor confirmed, updates available.

References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-23.html
Product Home Page
http://www.adobe.com/products/air/
SecurityFocus BID
http://www.securityfocus.com/bid/32334

*******************************************

(4) HIGH: Exodus "im://" URL Handling Command Injection
Affected:
Exodus versions 0.10.0 and prior

Description: Exodus is a popular Jabber/XMPP instant messaging client
for Microsoft Windows. XMPP (sometimes called Jabber) is a popular
open-standards instant messaging protocol. Exodus contains a
command-injection vulnerability in its handling of "im://" links. A
specially crafted "im://" link could result in arbitrary command
execution with the privileges of the current user. Exodus must be
registered as the handler for the "im://" URI type for users to be
vulnerable; this may be the default behavior depending on configuration.
Full technical details and a simple proof-of-concept are publicly
available for this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Retrogod Security Advisory (includes proof-of-concept)
http://retrogod.altervista.org/exodus_uri.html
Product Home Page
http://code.google.com/p/exodus/
Wikipedia Article on XMPP
http://en.wikipedia.org/wiki/Extensible_Messaging_and_Presence_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/32330

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 47, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.47.1 CVE: CVE-2008-4029
Platform: Windows
Title: Microsoft XML Core Services DTD Cross Domain Information
Disclosure
Description: Microsoft XML Core Services (MSXML) is a software
component that allows multiple programming languages to support
XML-based communication. MSXML is exposed to a cross-domain
information disclosure issue because it fails to properly handle error
checks for external document type definitions (DTDs).
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-438.htm
______________________________________________________________________

08.47.2 CVE: CVE-2008-4033
Platform: Windows
Title: Microsoft XML Core Services Transfer Encoding Cross Domain
Information Disclosure
Description: Microsoft XML Core Services (MSXML) is a software
component that allows multiple programming languages to support
XML-based communication. MSXML is exposed to a cross-domain
information disclosure issue because it fails to enforce the
same-origin policy. This issue stems from the way MSXML handles
transfer-encoding HTTP headers.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-438.htm
______________________________________________________________________

08.47.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: pi3Web ISAPI Directory Remote Denial of Service
Description: pi3Web is an HTTP server available for Microsoft Windows.
The server is exposed to a remote denial of service issue. The problem
stems from a design flaw whenever an invalid ISAPI module is requested
from the server. pi3Web version 2.0.13 is affected.
Ref: http://www.securityfocus.com/bid/32287
______________________________________________________________________

08.47.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: VeryPDF PDFView ActiveX Component Heap Buffer Overflow
Description: The VeryPDF PDFView ActiveX control handles files in the
PDF digital document format. The application is exposed to a
heap-based buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it into an
insufficiently sized memory buffer.
Ref: http://www.securityfocus.com/bid/32313
______________________________________________________________________

08.47.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: GungHo LoadPrgAx ActiveX Control Unspecified
Description: The GungHo LoadPrgAx ActiveX control is exposed to an
unspecified issue. An attacker can exploit this issue by enticing an
unsuspecting victim to visit a malicious HTML page. The GungHo
LoadPrgAx ActiveX control versions 1.0.0.6 and earlier are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.47.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Exodus "im://" URI Handler Command Line Parameter Injection
Description: Exodus is a Jabber/XMPP client for Windows platforms.
Exodus is exposed to an issue that lets attackers inject command-line
parameters through protocol handlers. This issue occurs because the
application fails to adequately sanitize user-supplied input. Exodus
version 0.10 is affected.
Ref: http://www.securityfocus.com/archive/1/498389
______________________________________________________________________

08.47.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat Socket ActiveX "SaveLastError()" Arbitrary File
Overwrite
Description: Chikat Socket ActiveX control is a TCP sockets component
with SSL capabilities. The control is exposed to an issue that allows
attackers to overwrite arbitrary attacker-specified files. This issue
occurs in the "SaveLastError()" method of the "ChilkatSocket.dll"
ActiveX control. Chikat Socket ActiveX control version 2.3.1.1 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.47.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Communicator RTCP Unspecified Remote Denial of
Service
Description: Microsoft Communicator is an online communications client
including instant messaging, voice, and video. The application is
exposed to a remote denial of service issue. Microsoft Communicator,
Office Communications Server (OCS), and Windows Live Messenger are
affected.
Ref:
http://www.voipshield.com/research-details.php?id=132&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.47.9 CVE: CVE-2008-5025
Platform: Linux
Title: Linux Kernel "hfs_cat_find_brec()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly bounds-check data before copying it
to an insufficiently sized memory buffer. The problem occurs in the
"hfs_cat_find_brec()" function of the "fs/hfs/catalog.c" source file.
Linux kernel versions prior to 2.6.27.6 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.6
______________________________________________________________________

08.47.10 CVE: Not Available
Platform: Linux
Title: Ubuntu vm-builder Local Security Bypass
Description: Ubuntu vm-builder is an application used to create
customized virtual machines. The application is exposed to a local
security bypass issue. Specifically, the issue occurs because the
application improperly sets the root password when creating virtual
machines.
Ref: http://www.securityfocus.com/bid/32292
______________________________________________________________________

08.47.11 CVE: Not Available
Platform: Linux
Title: Linux Kernel "drivers/media/video/tvaudio.c" Memory Corruption
Description: The Linux kernel is exposed to a local denial of service
issue. This issue stems from potential bounds-checking errors related
to the "shadow.bytes[]" array in the "drivers/media/video/tvaudio.c" 
source file. Linux kernel versions prior to the 2.6.28-rc5 are
affected.
Ref: http://www.securityfocus.com/bid/32327
______________________________________________________________________

08.47.12 CVE: Not Available
Platform: Linux
Title: No-IP Dynamic Update Client for Linux Remote Buffer Overflow
Description: No-IP Dynamic Update Client (DUC) is a client application
for the No-IP dynamic DNS service; it is available for a number of
platforms. DUC is exposed to a buffer overflow issue that arises when
the client handles malformed responses from the No-IP server. DUC
version 2.1.7 for Linux is affected.
Ref: http://www.securityfocus.com/bid/32344
______________________________________________________________________

08.47.13 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "3SOCKET" Local Denial of Service
Description: Sun Solaris is a UNIX-based operating system. Sun Solaris
is exposed to a local denial of service issue that occurs in the
"3SOCKET" socket function on Solaris systems without InfiniBand
hardware. Solaris 10 and OpenSolaris based upon builds snv_57 to
snv_91 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242806-1
______________________________________________________________________

08.47.14 CVE: CVE-2008-4994
Platform: Unix
Title: Debian xmcd Insecure Temporary File Creation Vulnerabilities
Description: Debian xmcd is a CD player application for the X11 window
system. Debian xmcd creates temporary files in an insecure manner. An
attacker with local access could potentially exploit these issues to
perform symbolic-link attacks, overwriting arbitrary files in the
context of the affected application. Debian xmcd version 2.6.19-3 is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496416
______________________________________________________________________

08.47.15 CVE: CVE-2006-5268, CVE-2006-5269, CVE-2008-0012,
CVE-2008-0013, CVE-2008-0014, CVE-2007-0072, CVE-2007-0073,
CVE-2007-0074
Platform: Cross Platform
Title: Trend Micro ServerProtect Multiple Remote Vulnerabilities
Description: Trend Micro ServerProtect is an antivirus application
designed specifically for servers. Trend Micro ServerProtect is
exposed to multiple remote issues. Successfully exploiting the
buffer-overflow issues may allow the attacker to execute arbitrary
code with SYSTEM-level privileges or crash the affected application,
denying service to legitimate users. Trend Micro ServerProtect
versions 5.58 and 5.7 are affected.
Ref: http://www.iss.net/threats/308.html
______________________________________________________________________

08.47.16 CVE: Not Available
Platform: Cross Platform
Title: OptiPNG BMP Reader Buffer Overflow
Description: OptiPNG is an application for optimizing and converting
PNG files. OptiPNG is exposed to a buffer overflow issue because it
fails to perform adequate checks on user-supplied input. This issue
occurs in the BMP reader. OptiPNG versions prior to 0.6.2 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404
______________________________________________________________________

08.47.17 CVE: Not Available
Platform: Cross Platform
Title: ooVoo URI Handler Remote Buffer Overflow
Description: ooVoo is video chat software available for various
operating systems. ooVoo is exposed to a remote buffer overflow issue
because it fails to perform adequate checks on user-supplied input.
ooVoo version 1.7.1.35 is affected.
Ref: http://www.securityfocus.com/archive/1/498235
______________________________________________________________________

08.47.18 CVE: Not Available
Platform: Cross Platform
Title: smcFanControl Local Buffer Overflow
Description: smcFanControl is an application for setting fan speeds on
Intel-based Mac computers. The application is exposed to a local
buffer overflow issue because it fails to adequately bounds-check
user-supplied input. The issue occurs in the "smc.c" source file and
can be triggered with excessively long input to the "smc -k" option.
smcFanControl version 2.1.2 is affected.
Ref: http://blog.xwings.net/?p=127
______________________________________________________________________

08.47.19 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Pop-Up Address Bar URI Spoofing
Description: Google Chrome is a web browser. The application is
affected by a URI spoofing vulnerability. This issue occurs because
the application fails to handle user-supplied data in pop-up windows.
Google Chrome versions prior to 0.3.154.9 are affected.
Ref:
http://googlechromereleases.blogspot.com/2008/10/beta-release-031549.html
______________________________________________________________________

08.47.20 CVE: Not Available
Platform: Cross Platform
Title: Multiple Avira Products Driver IOCTL Request Local Buffer
Overflow
Description: Avira produces anti-virus products for a variety of
operating systems. The applications are exposed to multiple local
buffer overflow issues because the drivers fail to properly validate
user-space input to IOCTL requests.
Ref: http://www.frsirt.com/english/FrSIRT-Security-Advisory-20081112.txt
______________________________________________________________________

08.47.21 CVE: CVE-2008-4415
Platform: Cross Platform
Title: HP Service Manager (HPSM) Unspecified Privilege Escalation
Description: HP Service Manager (HPSM) is an IT service desk
application available for multiple platforms. The software is exposed
to an unspecified privilege escalation issue. HP Service Manager
version 7.01 is affected.
Ref: http://www.securityfocus.com/bid/32272
______________________________________________________________________

08.47.22 CVE: Not Available
Platform: Cross Platform
Title: AlstraSoft SendIt Pro Arbitrary File Upload
Description: AlstraSoft SendIt Pro is a file hosting application.
AlstraSoft SendIt Pro is exposed to an issue that lets remote
attackers upload and execute arbitrary script code on an affected
computer within the context of the webserver process. This issue
occurs because the application fails to sufficiently sanitize file
extensions before accepting uploaded files onto the webserver.
Ref: http://www.securityfocus.com/bid/32277
______________________________________________________________________

08.47.23 CVE: CVE-2008-5006
Platform: Cross Platform
Title: University of Washington IMAP "smtp.c" Null Pointer Dereference
Denial of Service
Description: The University of Washington IMAP library is a library
implementing the IMAP mail protocol. The library is exposed to a
remote denial of service issue because it fails to handle specific
error conditions. University of Washington IMAP version 2007b is
affected.
Ref: http://www.washington.edu/imap/
______________________________________________________________________

08.47.24 CVE: CVE-2008-0017, CVE-2008-5015, CVE-2008-5024,
CVE-2008-5023, CVE-2008-5022, CVE-2008-5021, CVE-2008-5019,
CVE-2008-5018, CVE-2008-5017, CVE-2008-5016, CVE-2008-5014,
CVE-2008-5013, CVE-2008-5012, CVE-2008-5052
Platform: Cross Platform
Title: Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote
Vulnerabilities
Description: The Mozilla Foundation has released multiple advisories
regarding security vulnerabilities in Mozilla
Firefox/Thunderbird/SeaMonkey. These vulnerabilities can be exploited
by malicious people to disclose sensitive information, bypass certain
security restrictions, or compromise a user's system. Firefox versions
2.0.0.17 and earlier are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
______________________________________________________________________

08.47.25 CVE: Not Available
Platform: Cross Platform
Title: Sun Logical Domain Manager Local Security Bypass
Description: Sun Logical Domain Manager is exposed to a local security
bypass issue. Specifically, local attackers can circumvent SPARC
Firmware password protection. Logical Domain Manager versions 1.0 up
to and including 1.0.3 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243606-1
______________________________________________________________________

08.47.26 CVE: CVE-2008-4216, CVE-2008-3644, CVE-2008-3623
Platform: Cross Platform
Title: Apple Safari Prior to 3.2 Multiple Security Vulnerabilities
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. Safari is exposed to multiple security issues.
Attackers may exploit these issues to execute arbitrary code or obtain
sensitive information. Safari versions prior to 3.2 running on Apple
Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista
are affected.
Ref: http://support.apple.com/kb/HT3298
______________________________________________________________________

08.47.27 CVE: Not Available
Platform: Cross Platform
Title: Multiple Scriptsfeed Scripts Arbitrary File Upload
Description: Multiple Scriptsfeed scripts are exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an
affected computer within the context of the webserver process. This
issue occurs because the applications fail to sufficiently sanitize
file extensions before accepting uploaded files.
Ref: http://www.securityfocus.com/bid/32293
______________________________________________________________________

08.47.28 CVE: Not Available
Platform: Cross Platform
Title: Microsoft Active Directory LDAP Server Username Enumeration
Weakness
Description: Microsoft Active Directory is an LDAP implementation used
on the Microsoft Windows operating system. The application is exposed
to a username-enumeration weakness because of a design error in the
application when verifying user-supplied input. Windows 2000 SP4 and
Windows Server 2003 SP1 and SP2 are affected.
Ref: http://labs.portcullis.co.uk/application/ldapuserenum/
______________________________________________________________________

08.47.29 CVE: Not Available
Platform: Cross Platform
Title: Cobbler Web Interface Kickstart Template Remote Privilege
Escalation
Description: Cobbler is a network installation and update server. The
application is exposed to a remote privilege escalation issue that
occurs in the Cobbler Web interface. Remote attackers who can edit
kickstart templates, may exploit this issue to execute arbitrary python
code with root privileges. Cobbler versions prior to 1.2.9 are affected.
Ref: http://www.securityfocus.com/bid/32317
______________________________________________________________________

08.47.30 CVE: Not Available
Platform: Cross Platform
Title: OpenSSH CBC Mode Information Disclosure
Description: OpenSSH is exposed to an information disclosure issue.
This issue arises because of an error in the implementation of the
block cipher algorithm in CBC (Cipher-Block Chaining) mode. OpenSSH
version 4.7p1 is affected.
Ref: http://www.cpni.gov.uk/Products/3716.aspx
______________________________________________________________________

08.47.31 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser "file://" Heap Based Buffer Overflow
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input before copying it to an insufficiently sized
buffer. Opera Web Browser version 9.62 is affected.
Ref: http://www.securityfocus.com/archive/1/498388
______________________________________________________________________

08.47.32 CVE: Not Available
Platform: Cross Platform
Title: FREEze Greetings "pwd.txt" Password Information Disclosure
Description: FREEze Greetings  is a greeting card application. netRisk
is exposed to an information disclosure issue because it fails to
restrict access to the "pwd.txt" file.
Ref: http://www.securityfocus.com/bid/32325
______________________________________________________________________

08.47.33 CVE: CVE-2008-4226
Platform: Cross Platform
Title: libxml2 "xmlSAX2Characters()" Integer Overflow
Description: The "libxml2" library is freely available, open-source
software designed to manipulate XML files. The library is exposed to
an integer overflow issue because it fails to properly verify
user-supplied data. libxml2 version 2.7.2 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470466
______________________________________________________________________

08.47.34 CVE: CVE-2008-4225
Platform: Cross Platform
Title: libxml2 "xmlBufferResize()" Remote Denial of Service
Description: The "libxml2" library is freely available, open-source
software designed to manipulate XML files. The library is exposed to a
remote denial of service issue. 
Specifically, this issue is triggered when an application using the
library parses a specially crafted XML file. libxml version 2-2.7.2 is
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470480
______________________________________________________________________

08.47.35 CVE: Not Available
Platform: Cross Platform
Title: Adobe AIR Unspecified JavaScript Code Execution
Description: Adobe AIR is a runtime environment for constructing rich
internet applications that would execute on local computers. Adobe AIR
is exposed to a security issue that permits remote attackers to
execute arbitrary JavaScript code with elevated privileges. Adobe AIR
versions prior to 1.5 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-23.html
______________________________________________________________________

08.47.36 CVE: CVE-2008-5110
Platform: Cross Platform
Title: Balabit syslog-ng Insecure "chroot()" Implementation Weakness
Description: Balabit syslog-ng is a system log application available
for multiple platforms. syslog-ng is prone to a weakness in its use of
"chroot()". Specifically, the application fails to call "chdir()" on
the jail directory immediately before calling "chroot()". Syslog-ng
version 2.0.9 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
______________________________________________________________________

08.47.37 CVE: CVE-2008-5012
Platform: Cross Platform
Title: Mozilla Firefox Arbitrary Image Cross Domain Security Bypass
Description: Mozilla Firefox is a web browser available for multiple
platforms. An origin-validation issue may allow attackers to bypass
the same-origin policy and gain access to arbitrary images from other
domains. Firefox versions prior to 2.0.0.18 are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-441.htm
______________________________________________________________________

08.47.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Core Multiple Cross-Site Scripting Vulnerabilities
Description: TYPO3 is a web-based content manager. The TYPO3 Core
component of the application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input. TYPO3 versions 4.2.0 up to and including 4.2.2 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/
______________________________________________________________________

08.47.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Java System Messaging Server Cross-Site Scripting
Description: Sun Java System Messaging Server provides messaging
services for enterprises. Sun Java System Messaging Server is exposed
to a cross-site scripting issue because it fails to properly sanitize
unspecified user-supplied input. Sun Java System Messaging Server
versions 6.2 and 6.3 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242186-1
______________________________________________________________________

08.47.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Interchange Multiple Cross-Site Scripting Vulnerabilities
Description: Interchange is an ecommerce application implemented in
PERL. The application is exposed to multiple cross-site scripting
issues because it fails to properly sanitize user-supplied input.
Interchange versions prior to 5.4.3 or 5.6.1 are affected.
Ref:
http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mvpc=96
______________________________________________________________________

08.47.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BoutikOne CMS "search_query" Parameter Cross-Site Scripting
Description: BoutikOne CMS is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"search_query" parameter of the "search.php" script.
Ref: http://www.securityfocus.com/bid/32321
______________________________________________________________________

08.47.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kimson CMS "id" Parameter Cross-Site Scripting
Description: Kimson CMS is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "bbs.track.php" script.
Ref: http://www.securityfocus.com/archive/1/498438
______________________________________________________________________

08.47.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Books Component "book_id" Parameter SQL
Injection
Description: Books is a component for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "com_books" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32255
______________________________________________________________________

08.47.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Catalog Production Component "id" Parameter
SQL Injection
Description: Catalog Production is a component for the Joomla! and
Mambo content managers. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "com_catalogproduction" component before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32259
______________________________________________________________________

08.47.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Digital Greys Contact Information Module Joomla! Component SQL
Injection
Description: Contact Information Module is a component for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter of the "com_contactinfo" component before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/32260
______________________________________________________________________

08.47.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PozScripts Business Directory "showcategory.php" SQL Injection
Description: PozScripts Business Directory is a web-application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"showcategory.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32264
______________________________________________________________________

08.47.47 CVE: CVE-2008-5055, CVE-2008-5056
Platform: Web Application - SQL Injection
Title: ActiveCampaign TrioLive "department_id" SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: ActiveCampaign TrioLive is a web-based live chat
application implemented in PHP. The application is exposed to
multiple issues because it fails to adequately sanitize user-supplied
input. ActiveCampaign TrioLive versions prior to 1.58.7 are affected.
Ref: http://holisticinfosec.org/content/view/93/45/
______________________________________________________________________

08.47.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AlstraSoft Article Manager Pro "admin/admin.php" SQL Injection
Description: AlstraSoft Article Manager Pro is a PHP-based content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "username"
and "password" parameters of the "admin/admin.php" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/32276
______________________________________________________________________

08.47.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HyperStop WebHost Directory "admin/login" SQL Injection
Description: HyperStop WebHost Directory is a PHP-based content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "passwd"
parameter of the "admin/login" script before using it in an SQL query.
WebHost Directory version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32278
______________________________________________________________________

08.47.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MemHT Portal "inc/ajax/ajax_rating.php" SQL Injection
Description: MemHT Portal is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "X-Forwarded-For" HTTP
header in the "inc/ajax/ajax_rating.php" script before using the data
in an SQL query. MemHT Portal version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/32294
______________________________________________________________________

08.47.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AlstraSoft Web Host Directory "Password" Parameter SQL
Injection
Description: AlstraSoft Web Host Directory is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "password"
parameter of the login script before using it in an SQL query. Web
Host Directory version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32298
______________________________________________________________________

08.47.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bankoi Webhost Panel "login.asp" SQL Injection
Description: Bankoi Webhost Panel is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" and
"password" parameters of the "login.asp" script before using it in an
SQL query. Webhost Panel version 1.20 is affected.
Ref: http://www.milw0rm.com/exploits/7120
______________________________________________________________________

08.47.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SlimCMS "edit.php" SQL Injection
Description: SlimCMS is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "pageID" parameter of the
"edit.php" script before using it in an SQL query. 
SlimCMS version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/32300
______________________________________________________________________

08.47.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: X7 Chat Password Field SQL Injection
Description: X7 Chat is a free, open source, web-based chat
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
password form field before using it in an SQL query. X7 Chat version
2.0.5 is affected.
Ref: http://www.securityfocus.com/bid/32309
______________________________________________________________________

08.47.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HOSTNOMI Real Estate Portal Pro "index.php" SQL Injection
Description: HOSTNOMI Real Estate Portal Pro is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"show_board" parameter of the "index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32310
______________________________________________________________________

08.47.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ClipShare Pro "channel_detail.php" SQL Injection
Description: ClipShare Pro is a PHP-based script for sharing videos.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "chid" parameter of
the "channel_detail.php" script before using it in an SQL query.
ClipShare Pro version 4 is affected.
Ref: http://www.securityfocus.com/bid/32311
______________________________________________________________________

08.47.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wholesale "track.php" SQL Injection
Description: Wholesale is a PHP-based application used for wholesale
business. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "track.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32314
______________________________________________________________________

08.47.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Flosites Blog SQL Injection Vulnerabilities
Description: Flosites Blog is a PHP-based blogging application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "cat" and
"category" parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/32315
______________________________________________________________________

08.47.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpstore.info Yahoo Answers-Like "index.php" SQL Injection
Description: Yahoo Answers-Like is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32316
______________________________________________________________________

08.47.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OpenASP "default.asp" SQL Injection
Description: OpenASP is an ASP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "idpage" parameter of the
"forum.asp" script before using it in an SQL query. OpenASP version
3.0 is affected.
Ref: http://www.securityfocus.com/bid/32322
______________________________________________________________________


08.47.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz AdManager "view.php" SQL Injection
Description: E-topbiz AdManager is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "group" parameter of
the "view.php" script before using it in an SQL query. AdManager
version 4 is affected.
Ref: http://www.securityfocus.com/bid/32328
______________________________________________________________________

08.47.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SaturnCMS "Username" Login Page SQL Injection
Description: SaturnCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to adequately
sanitize user-supplied input to the "Username" field when logging in
as an administrator.
Ref: http://www.securityfocus.com/bid/32336
______________________________________________________________________

08.47.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jadu Galaxies "documents.php" SQL Injection
Description: Jadu Galaxies is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "categoryID" parameter of
the "documents.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32337
______________________________________________________________________

08.47.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Customer "login.php" SQL Injection
Description: Simple Customer is a web-based contact manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "password" parameter
of the "login.php" script before using it in an SQL query. Simple
Customer version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32339
______________________________________________________________________

08.47.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UltraStats "login.php" SQL Injection
Description: UltraStats is a web-based log analyzer for Call of Duty 2
server logfiles. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"serverid" parameter of the "index.php" script before using it in an
SQL query. UltraStats versions 0.3.11 and 0.2.144 are affected.
Ref: http://www.securityfocus.com/bid/32340
______________________________________________________________________

08.47.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vBulletin "admincalendar.php" SQL Injection
Description: vBulletin is a web-based bulletin board. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "holidayinfo" parameter of the
"admincp/admincalendar.php" script before using it in an SQL query.
vBulletin version 3.7.3.pl1 is affected.
Ref: http://www.waraxe.us/advisory-68.html
______________________________________________________________________

08.47.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vBulletin "admincp/verify.php" SQL Injection
Description: vBulletin is a PHP-based bulletin board. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "answer" parameter of the
"admincp/verify.php" script before using it in an SQL query. vBulletin
version 3.7.4 is affected.
Ref: http://www.waraxe.us/advisory-69.html
______________________________________________________________________

08.47.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vBulletin "admincp/attachmentpermission.php" SQL Injection
Description: vBulletin is a PHP-based bulletin board. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "extension" parameter of the
"admincp/attachmentpermission.php" script before using it in an SQL
query. vBulletin version 3.7.4 is affected.
Ref: http://www.waraxe.us/advisory-69.html
______________________________________________________________________

08.47.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vBulletin "admincp/image.php" SQL Injection
Description: vBulletin is a PHP-based bulletin board. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "iperm" parameter of the
"admincp/image.php" script before using it in an SQL query. vBulletin
version 3.7.4 is affected.
Ref: http://www.waraxe.us/advisory-69.html
______________________________________________________________________

08.47.70 CVE: Not Available
Platform: Web Application
Title: Sun Java System Identity Manager Multiple Vulnerabilities
Description: Sun Java System Identity Manager is a web-based
application. The application is exposed to multiple web-based issues.
Successful exploits of many of these issues will allow an attacker to
completely compromise the affected devices.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243386-1
______________________________________________________________________

08.47.71 CVE: Not Available
Platform: Web Application
Title: Joomla! Multiple HTML Injection Vulnerabilities
Description: Joomla! is a web-based content manager. The application
is exposed to multiple issues. Joomla! versions prior to 1.5.8 are
affected.
Ref:
http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-
vulnerability.html
______________________________________________________________________

08.47.72 CVE: Not Available
Platform: Web Application
Title: WOW Raid Manager "auth/auth_phpbb3.php" Security Bypass
Description: WOW Raid Manager is a PHP-based Raid and Group management
system for World of Warcraft. The application is exposed to a security
bypass issue that is caused by an error in the "auth/auth_phpbb3.php"
script. WOW Raid Manager versions prior to 3.6.0 are vulnerable to
this issue.
Ref:
http://github.com/Illydth/wowraidmanager/commit/
7dd6367ae85003dd5d715431b6ab695f2c2f200a
______________________________________________________________________

08.47.73 CVE: Not Available
Platform: Web Application
Title: AJ Article Authentication Bypass Vulnerabilities
Description: AJ Article is a web-based application. The application is
exposed to multiple authentication bypass issues. An attacker
accessing the scripts can effectively bypass the intended security
measures and gain administrative access to the application.
Ref: http://www.securityfocus.com/bid/32254
______________________________________________________________________

08.47.74 CVE: Not Available
Platform: Web Application
Title: AJ Classifieds Authentication Bypass
Description: AJ Classifieds is a web-based application. The
application is exposed to an authentication bypass issue affecting the
"admin/home.php" file.
Ref: http://www.securityfocus.com/bid/32256
______________________________________________________________________

08.47.75 CVE: Not Available
Platform: Web Application
Title: Pre Real Estate Listings Seller Logo Arbitrary File Upload
Description: Pre Real Estate Listings is a web-based application. Pre
Real Estate Listings is exposed to an issue that lets remote attackers
upload and execute arbitrary script code on an affected computer
within the context of the web server process. This issue occurs because
the applications fail to sufficiently sanitize file extensions before
accepting uploaded files via the script "profile.php".
Ref: http://www.securityfocus.com/bid/32257
______________________________________________________________________

08.47.76 CVE: Not Available
Platform: Web Application
Title: Joomla! Simple RSS Reader Component Remote File Include
Description: Simple RSS Reader is a component for the Joomla! content
manager. Simple RSS Reader is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"mosConfig_live_site" parameter of the "admin.rssreader.php" script.
Simple RSS Reader version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32265
______________________________________________________________________

08.47.77 CVE: Not Available
Platform: Web Application
Title: Zope PythonScript Multiple Remote Denial of Service
Vulnerabilities
Description: Zope is a content management system implemented in
Python. Zope is exposed to multiple remote denial of service issues
related to the PythonScript scripting language. Zope versions 2.7.0
through 2.11.2 are affected.
Ref: http://www.zope.org/advisories/advisory-2008-08-12/document_view
______________________________________________________________________

08.47.78 CVE: Not Available
Platform: Web Application
Title: Linksys WRT160N DHCP Client Table HTML Injection
Description: Linksys WRT160N is a wireless router. The router is
exposed to an HTML injection issue that occurs when an administrator
views a DHCP client table. Specifically, the application fails to
sanitize user-supplied data to the "host name" value, before storing it into
the DHCP client table.
Ref: http://www.securityfocus.com/bid/32274
______________________________________________________________________

08.47.79 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Local Classifieds "Site_Admin/admin.php"
Authentication Bypass
Description: TurnkeyForms Local Classifieds is a web-based
application. The application is exposed to an authentication bypass
issue. Specifically, this issue affects the "Site_Admin/admin.php"
script because the application fails to restrict access to it.
Ref: http://www.securityfocus.com/bid/32282
______________________________________________________________________

08.47.80 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Web Hosting Directory Multiple Vulnerabilities
Description: TurnkeyForms Web Hosting Directory is a web-based
application. The application is exposed to multiple issues. The
attacker can exploit the authentication bypass vulnerability to gain
administrative access to the affected application.
Ref: http://www.securityfocus.com/bid/32283
______________________________________________________________________

08.47.81 CVE: Not Available
Platform: Web Application
Title: BandSite CMS Cookie Authentication Bypass
Description: BandSite CMS is web-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. BandSite CMS version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32295
______________________________________________________________________

08.47.82 CVE: Not Available
Platform: Web Application
Title: AlstraSoft Web Hosting Directory Multiple Vulnerabilities
Description: AlstraSoft Web Hosting Directory is a web-based
application. The application is exposed to multiple issues. An
attacker may masquerade as an administrator by setting the value of
this cookie parameter to 1.
Ref: http://www.securityfocus.com/bid/32301
______________________________________________________________________

08.47.83 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Text Link Sales "admin.php" Authentication Bypass
Description: TurnkeyForms Text Link Sales is a web-based application.
The application is exposed to an authentication bypass issue.
Specifically, this issue affects the "admin.php" script because the
application fails to restrict access to it.
Ref: http://www.securityfocus.com/bid/32302
______________________________________________________________________

08.47.84 CVE: Not Available
Platform: Web Application
Title: Discuz! "index.php" Remote Code Execution
Description: Discuz! is web-based forum software. The application is
exposed to an issue that lets remote attackers execute arbitrary code.
The problem occurs because the application performs an "eval()"
function call on user-supplied input. Discuz! versions 6.x and 7.x are
affected.
Ref: http://www.securityfocus.com/bid/32303
______________________________________________________________________

08.47.85 CVE: Not Available
Platform: Web Application
Title: GS Real Estate Portal Multiple Input Validation Vulnerabilities
Description: GS Real Estate Portal is a web-based realty application.
The application is exposed to mulitple input validation issues. An
attacker can exploit these issues to execute arbitrary code in the
context of the web server process, steal cookie-based authentication
credentials, control how the site is rendered to the user, compromise
the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/32307
______________________________________________________________________

08.47.86 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Text Link Sales "admin.php" SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: TurnkeyForms Text Link Sales is a web-based application.
The application is exposed to the multiple issues because it fails to
adequately sanitize user-supplied input. Exploiting these issues could
allow an attacker to steal cookie-based authentication credentials,
compromise the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/32308
______________________________________________________________________

08.47.87 CVE: Not Available
Platform: Web Application
Title: Minigal "index.php" Directory Traversal
Description: Minigal is a web-based application. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "list" parameter of
the "index.php" script. Minigal version B13 is affected.
Ref: http://www.securityfocus.com/bid/32312
______________________________________________________________________

08.47.88 CVE: Not Available
Platform: Web Application
Title: infiniteReality mxCamArchive "archive/config.ini" Information
Disclosure
Description: infiniteReality mxCamArchive is PHP-based photo gallery
application. mxCamArchive is exposed to an information disclosure
issue that occurs in the "archive/config.ini" script. mxCamArchive
version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/32324
______________________________________________________________________

08.47.89 CVE: Not Available
Platform: Web Application
Title: QuadComm Q-Shop Cross-Site Scripting and Multiple SQL Injection
Vulnerabilities
Description: QuadComm Q-Shop is a web-based application. The
application is exposed to the multiple issues because it fails to
adequately sanitize user-supplied input. Q-Shop version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/32329
______________________________________________________________________

08.47.90 CVE: Not Available
Platform: Web Application
Title: phpFan "init.php" Remote File Include
Description: phpFan is a web-based application for maintaining links.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the
"includepath" parameter of the "init.php" script. phpFan version 3.3.4
is affected.
Ref: http://www.securityfocus.com/bid/32335
______________________________________________________________________

08.47.91 CVE: Not Available
Platform: Web Application
Title: Pluck "g_pcltar_lib_dir" Parameter Local File Include
Description: Pluck is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "g_pcltar_lib_dir" parameter of
the "data/inc/lib/pcltar.lib.php" script. Pluck version 4.5.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/498438
______________________________________________________________________

08.47.92 CVE: Not Available
Platform: Web Application
Title: Link Back Checker Cookie Authentication Bypass
Description: Link Back Checker is a web-based application that can
indicate whether sites that were linked to will also link back. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication.
Ref: http://www.securityfocus.com/bid/32354
______________________________________________________________________

08.47.93 CVE: Not Available
Platform: Web Application
Title: MDaemon Server WorldClient Script Injection
Description: WorldClient is a web-based email client shipped with
MDaemon Email Server. The application is exposed to a script injection
issue because it fails to properly sanitize user-supplied input.
WorldClient HTTP Server and WorldClient DLL versions 10.0.1 included
in MDaemon PRO 10.0.1 for Windows are affected.
Ref: http://files.altn.com/MDaemon/Release/RelNotes_en.txt
______________________________________________________________________

08.47.94 CVE: Not Available
Platform: Network Device
Title: Sweex RO002 Router Default Password Security Bypass
Description: Sweex RO002 Router is affected by a vulnerability that
allows attackers to bypass  security restrictions. Specifically,
attackers can log in to the web configuration interface using an
undocumented username "rdc123" and password "rdc123". Sweex RO002
Router with firmware version Ts03-072 is affected.
Ref: http://www.securityfocus.com/bid/32249
______________________________________________________________________

08.47.95 CVE: Not Available
Platform: Network Device
Title: Actiontec MI424WR Default WEP Key Security Bypass
Description: ActionTec MI424WR is a wireless broadband router. The
device is exposed to a security bypass issue because it uses a default
WEP encryption key. Specifically, the default WEP key is the same as
the device's MAC address.
Ref: http://www.securityfocus.com/bid/32271
______________________________________________________________________

08.47.96 CVE: Not Available
Platform: Network Device
Title: Belkin F5D8233-4 Wireless N Router IP-Based Authentication
Session Hijacking
Description: The Belkin F5D8233-4 Wireless N Router is a Wi-Fi
networking device. The device is exposed to an authentication bypass
issue because of the way it maintains authentication states. This
issue occurs because authentication states are maintained based on the
IP address of users. Belkin F5D8233-4 is affected.
Ref: http://www.securityfocus.com/bid/32273
______________________________________________________________________

08.47.97 CVE: Not Available
Platform: Network Device
Title: Belkin F5D8233-4 Wireless N Router Multiple Scripts
Authentication Bypass Vulnerabilities
Description: The Belkin F5D8233-4 Wireless N Router is a Wi-Fi
networking router. The device is exposed to multiple issues because of
a lack of authentication when users access specific administration
scripts. Belkin version F5D8233-4 is affected.
Ref: http://www.securityfocus.com/bid/32275
______________________________________________________________________

08.47.98 CVE: Not Available
Platform: Network Device
Title: NETGEAR WGR614 Administration Interface Remote Denial of
Service
Description: NETGEAR WGR614 is a wireless router. NETGEAR WGR614 is
exposed to a denial of service issue that occurs in the administration
web interface. Specifically, the web administration interface
crashes when processing a URI that has a "?" character appended to the
end.
Ref: http://www.securityfocus.com/bid/32290
______________________________________________________________________

08.47.99 CVE: Not Available
Platform: Network Device
Title: Check Point VPN-1 Port Address Translation Information
Disclosure Weakness
Description: Check Point VPN-1 is a virtual private network device.
Check Point VPN-1 is exposed to an information disclosure weakness.
The problem occurs when handling specially-crafted packets to ports on
the firewall that are mapped by port address translation (PAT) to
ports on internal devices. Information regarding the internal network
can be disclosed in the subsequent ICMP error packets.
Ref: http://www.portcullis-security.com/293.php
______________________________________________________________________
[ terug ]