Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
November 13, 2008                                         Vol. 7. Week 46
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                          2 (#1, #2)
Third Party Windows Apps                         2 (#6)
Linux                                            7
Solaris                                          2
Apple                                            1 (#5)
Unix                                             1
Cross Platform                                  32 (#3, #4)
Web Application - Cross Site Scripting           7
Web Application - SQL Injection                 50
Web Application                                 46
Network Device                                   2
Hardware                                         1

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - London (12/1- 12/9) http://sans.org/london08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
- - Las Vegas (1/24-2/01) http://sans.org/securitywest09/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software

(1) CRITICAL: Microsoft XML Core Services Multiple Vulnerabilities (MS08-069)
(2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
(4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
(5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
(6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability

************************ SPONSORED LINK *********************************
1) Come hear about the most valuable research projects in SCADA security
today. SANS SCADA Summit - February 2-3 - Orlando
http://www.sans.org/info/35279
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.46.1  - Microsoft Windows "UnhookWindowsHookEx" Local Denial of Service
 -- Third Party Windows Apps
08.46.2  - NOS Microsystems getPlus Download Manager ActiveX Control Buffer
Overflow
08.46.3  - SAP AG SAPgui "mdrmsap.dll" ActiveX Control Remote Code Execution
 -- Linux
08.46.4  - Linux Kernel "hfsplus_find_cat()" Local Denial of Service
08.46.5  - Linux Kernel "tvaudio.c" Operations NULL Pointer Dereference Denial
of Service
08.46.6  - Linux Kernel "hfsplus_block_allocate()" Local Denial of Service
08.46.7  - Linux Kernel VDSO Unspecified Privilege Escalation
08.46.8  - Linux Kernel "ndiswrapper" Remote Buffer Overflow
08.46.9  - Linux Kernel "__scm_destroy()" Local Denial of Service
08.46.10 - cluster Multiple Insecure Temporary File Creation Vulnerabilities
 -- Solaris
08.46.11 - Sun Solaris DHCP Denial of Service And Remote Code Execution
Vulnerabilities
08.46.12 - Sun Solstice X.25 "/dev/xty" Local Denial of Service
 -- Unix
08.46.13 - GnuTLS X.509 Certificate Chain Security Bypass
 -- Cross Platform
08.46.14 - HP Tru64 UNIX AdvFS "showfile" Command Local Privilege Escalation
08.46.15 - Adobe Reader "util.printf()" JavaScript Function Stack Buffer
Overflow
08.46.16 - FFmpeg "libswscale" Buffer Overflow
08.46.17 - libsamplerate Buffer Overflow
08.46.18 - Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
08.46.19 - XWork "ParameterInterceptor" Class OGNL Security Bypass
08.46.20 - Aruba Networks ArubaOS SNMP Community String Information Disclosure
08.46.21 - getPlus Download Manager Unauthorized Access
08.46.22 - Novell Access Manager Local Browser Security Bypass
08.46.23 - libcdaudio "cddb.c" Remote Heap Buffer Overflow
08.46.24 - VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
08.46.25 - Multiple Pre Projects Products Cookie Authentication Bypass
08.46.26 - Adobe Flash Player Multiple Security Vulnerabilities
08.46.27 - Adobe ColdFusion Local Information Disclosure and Local Privilege
Escalation
08.46.28 - CuteNews aj-fork "path" Parameter Remote File Include
08.46.29 - Sun System Firmware Unspecified Local Information Disclosure
08.46.30 - Nagios Unspecified Privilege Escalation
08.46.31 - Wi-Fi Protected Access (WPA) Encryption Standard TKIP Encryption
Bypass
08.46.32 - VMware Products Trap Flag In-Guest Privilege Escalation
08.46.33 - VMware VirtualCenter Directory Traversal
08.46.34 - IBM Hardware Management Console RMC Daemon Remote Denial of Service
08.46.35 - Orb Networks Orb Unspecified Directory Traversal
08.46.36 - Openfire Multiple Input Validation Vulnerabilities
08.46.37 - Multiple ISecSoft Products Multiple IOCTL Request Local Privilege
Escalation Vulnerabilities
08.46.38 - ClamAV "get_unicode_name()" Off-By-One Heap Based Buffer Overflow
08.46.39 - Collabtive Multiple Remote Vulnerabilities
08.46.40 - rtgdictionary for TYPO3 Arbitrary File Upload
08.46.41 - FreshScripts Fresh Email Script Session Fixation and Remote File
Include Vulnerabilities
08.46.42 - Multiple phpstore.info Scripts Arbitrary File Upload
08.46.43 - WIMS Insecure Temporary File Creation Vulnerabilities
08.46.44 - Yosemite Backup "DtbClsLogin()" Remote Buffer Overflow
08.46.45 - sISAPILocation HTTP Header Rewrite Security Bypass
 -- Web Application - Cross Site Scripting
08.46.46 - firmCHANNEL Indoor & Outdoor Digital SIGNAGE Cross-Site Scripting
08.46.47 - Simple Machines Forum Cross-Site Request Forgery
08.46.48 - Pre ADS Portal Cross-Site Scripting Vulnerabilities and
Authentication Bypass
08.46.49 - Silva "fulltext" Parameter Cross-Site Scripting
08.46.50 - Parallels Plesk Billing "new_language" Parameter Cross-Site Scripting
08.46.51 - Mini Web Calendar Local File Include and Cross-Site Scripting
Vulnerabilities
08.46.52 - IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting
Vulnerabilities
 -- Web Application - SQL Injection
08.46.53 - SoftComplex PHP Image Gallery Multiple SQL Injection Vulnerabilities
08.46.54 - DeltaScripts PHP Links "admin/adm_login.php" Multiple SQL Injection
Vulnerabilities
08.46.55 - WEBBDOMAIN post Card "choosecard.php" SQL Injection
08.46.56 - Vibro-CMS "pId" and "nId" Parameters Multiple SQL Injection
Vulnerabilities
08.46.57 - Multiple WEBBDOMAIN Products Login Screen SQL Injection
08.46.58 - NicLOR Vibro-School-CMS "view_news.php" SQL Injection
08.46.59 - MicroHellas ToursManager "cityview.php" SQL Injection
08.46.60 - NicLOR CMS-School 2005 "showarticle.php" SQL Injection
08.46.61 - Simple Document Management System "login.php" SQL Injection
08.46.62 - Tr Script News "admin/login.php" SQL Injection
08.46.63 - phpBB2 Small ShoutBox Module "shoutbox_view.php" Multiple SQL
Injection Vulnerabilities
08.46.64 - Pre Podcast Portal "Tour.php" SQL Injection
08.46.65 - Pre Multi-Vendor Shopping Malls "buyer_detail.php" Multiple SQL
Injection Vulnerabilities
08.46.66 - PHP Auto Listings Script "moreinfo.php" SQL Injection
08.46.67 - Pre Simple CMS "adminlogin.php" SQL Injection
08.46.68 - Pre Job Board SQL Injection
08.46.69 - Pre Real Estate Listings SQL Injection
08.46.70 - Five Dollar Scripts Drinks Script "index.php" SQL Injection
08.46.71 - Mole Group Airline Ticket Script "info.php" SQL Injection
08.46.72 - Mole Group Taxi Dist-Calc Script "login.php" SQL Injection
08.46.73 - Develop It Easy News And Article System Multiple SQL Injection
Vulnerabilities
08.46.74 - Develop It Easy Membership System Multiple SQL Injection
Vulnerabilities
08.46.75 - Develop It Easy Event Calendar Multiple SQL Injection Vulnerabilities
08.46.76 - NICE PHP FAQ Script "Admin Panel" SQL Injection
08.46.77 - Mole Group Pizza Script "index.php" SQL Injection
08.46.78 - TurnkeyForms Business Survey Pro "survey_results_text.php" SQL
Injection
08.46.79 - E-topbiz Domain Shop "admin.php" SQL Injection
08.46.80 - E-topbiz Slide Popups "admin.php" SQL Injection
08.46.81 - EC-CUBE "image" Parameter Multiple SQL Injection Vulnerabilities
08.46.82 - SoftComplex PHP Image Gallery
08.46.83 - E-topbiz Online Store "login.php" SQL Injection
08.46.84 - DeltaScripts PHP Classifieds "detail.php" SQL Injection
08.46.85 - PHP Auto Listings Script "adminlogin.php" SQL Injection
08.46.86 - Mole Group Rental Script "admin/login.php" SQL Injection
08.46.87 - E-topbiz eStore "index.php" SQL Injection
08.46.88 - E-topbiz Number Links 1 "admin/admin_catalog.php" SQL Injection
08.46.89 - Multiple MyioSoft Products Login Screen SQL Injection
08.46.90 - MyioSoft EasyBookMarker "bookmarker_backend.php" SQL Injection
08.46.91 - Domain Seller Pro "index.php" SQL Injection
08.46.92 - MemHT Portal "lang/english.php" SQL Injection
08.46.93 - V3 Chat Profiles/Dating Script SQL Injection Vulnerabilities
08.46.94 - Digiappz DigiAffiliate Script SQL Injection Vulnerabilities
08.46.95 - Mole Group Airline Ticket Script "username" SQL Injection
08.46.96 - Exocrew ExoPHPDesk "username" SQL Injection
08.46.97 - ZEEMATRI "bannerclick.php" SQL Injection
08.46.98 - TYPO3 advCalendar Extension Unspecified SQL Injection
08.46.99 - TYPO3 CMS Poll System Extension Unspecified SQL Injection
08.46.100 - Joomla! JooBlog Component "PostID" Parameter SQL Injection
08.46.101 - Dizi Portali "film.asp" SQL Injection
08.46.102 - AJPoll Security Bypass and SQL Injection Vulnerabilities
 -- Web Application
08.46.103 - DeltaScripts PHP Classifieds "admin/login.php" Multiple SQL
Injection Vulnerabilities
08.46.104 - DeltaScripts PHP Shop "admin/login.php" Multiple SQL Injection
Vulnerabilities
08.46.105 - TBmnetCMS "index.php" Local File Include
08.46.106 - HP System Management Homepage Unspecified Security Bypass
08.46.107 - Multi Languages WebShop Online Cross-Site Scripting and SQL
Injection Vulnerabilities
08.46.108 - Joomla! Onguma Time Sheet Component Remote File Include
08.46.109 - VirtueMart Google Base (Froogle) Component "admin.googlebase.php"
Remote File Include
08.46.110 - Sitoincludefile in PHP "includefile.php" Local File Include
08.46.111 - Pro Desk Support Center "include_file" Parameter Local File Include
08.46.112 - DHCart Multiple Cross-Site Scripting and HTML Injection
Vulnerabilities
08.46.113 - PTK "file_content.php" Arbitrary Command Execution and Unspecified
Input Validation Vulnerabilities
08.46.114 - Joomla! Dada Mail Manager Component Remote File Include
08.46.115 - Drupal Content Construction Kit Module HTML Injection
Vulnerabilities
08.46.116 - Simple Machines Forum "Themes.php" Local File Include
08.46.117 - CuteNews "config_skin" Parameter Local File Include
08.46.118 - Develop It Easy Photo Gallery Multiple SQL Injection Vulnerabilities
08.46.119 - Arab Portal "file" Parameter Local File Include
08.46.120 - BigDump ".sql" Arbitrary File Upload
08.46.121 - MySQL Quick Admin "actions.php" Local File Include
08.46.122 - LoveCMS "images.php" Arbitrary File Deletion
08.46.123 - U&M Software Multiple Products Authentication Bypass Vulnerabilities
08.46.124 - TestLink Multiple HTML Injection Vulnerabilities
08.46.125 - TurnkeyForms Entertainment Portal Cookie Authentication Bypass
08.46.126 - TurnkeyForms Software Directory SQL Injection and Cross-Site
Scripting Vulnerabilities
08.46.127 - TurnkeyForms Local Classifieds SQL Injection and Cross-Site
Scripting Vulnerabilities
08.46.128 - e-Vision CMS Multiple Local File Include Vulnerabilities
08.46.129 - PrestaShop Prior to 1.1 Beta 2 Multiple Unspecified Security
Vulnerabilities
08.46.130 - Clickheat "mosConfig_absolute_path" Parameter Multiple Remote File
Include Vulnerabilities
08.46.131 - Recly! Competitions Component "mosConfig_absolute_path" Multiple
Remote File Include Vulnerabilities
08.46.132 - Recly Feederator "mosConfig_absolute_path" Multiple Remote File
Include Vulnerabilities
08.46.133 - Indiscripts Enthusiast "show_joined.php" Remote File Include
08.46.134 - MoinMoin Cross-Site Scripting and Information Disclosure
Vulnerabilities
08.46.135 - Multiple V3 Chat Products Cookie Authentication Bypass
08.46.136 - Cyberfolio "theme" Parameter Local File Include
08.46.137 - Zeeways SHAADICLONE "admin/home.php" Authentication Bypass
08.46.138 - Zeeways PHOTOVIDEOTUBE "admin/home.php" Authentication Bypass
08.46.139 - ZEEPROPERTY Arbitrary File Upload and Cross-Site Scripting
Vulnerabilities
08.46.140 - ZEEJOBSITE Arbitrary File Upload
08.46.141 - Trac Denial of Service and Phishing Vulnerabilities
08.46.142 - x10 Automatic MP3 Script "url" Parameter File Disclosure
08.46.143 - TYPO3 "eluna_pagecomments" Extension SQL Injection and Cross-Site
Scripting Vulnerabilities
08.46.144 - IBM Metrica Service Assurance Framework Cross-Site Scripting and
HTML Injection Vulnerabilities
08.46.145 - OTManager "Admin/ADM_Pagina.php" Remote File Include
08.46.146 - TYPO3 Wir ber uns Extension SQL Injection and Cross-Site Scripting
Vulnerabilities
08.46.147 - Free simple PHP guestbook "act.php" Arbitrary Script Injection
08.46.148 - AJ Auction Pro Authentication Bypass Vulnerabilities
 -- Network Device
08.46.149 - Siemens SpeedStream 5200 HTTP Host Spoofing Authentication Bypass
08.46.150 - Multiple 2Wire DSL Routers "xslt" HTTP Request Denial of Service
 -- Hardware
08.46.151 - Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial of
Service

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft XML Core Services Multiple Vulnerabilities (MS08-069)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Office

Description: Microsoft XML Core Services are a collection of components
in various Microsoft products that are used to parse XML content. These
components contain multiple vulnerabilities in their handling of a
variety of XML content. A specially crafted web page containing XML data
could trigger a memory corruption vulnerability leading to remote code
execution with the privileges of the current user. Other vulnerabilities
could lead to information disclosure or cross site scripting
vulnerabilities. Some technical details and a proof-of-concept are
publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
SANS Internet Storm Center Handler's Diary Entry
http://isc.sans.org/diary.html?storyid=2181&rss
Posting by Michal Zalewski
http://www.securityfocus.com/archive/1/455965
Proof-of-Concept (direct link)
http://lcamtuf.coredump.cx/iediex/iediex.html
SecurityFocus BIDs
http://www.securityfocus.com/bid/32204
http://www.securityfocus.com/bid/21872
http://www.securityfocus.com/bid/32155

***************************************************

(2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: SMB is the Server Message Block, the protocol used by
Microsoft Windows to share files, printers, and other operating system
services. SMB is also known as the Common Internet Filesystem (CIFS).
The implementation of SMB on Microsoft Windows supports authenticating
SMB users and servers via NTLM (an authentication protocol originated
on Microsoft Windows NT). Microsoft Windows fails to properly implement
the credential protection mechanisms in NTLM. If a user were tricked
into accessing a malicious SMB server, that server could then
immediately used the provided credentials to access the victim's machine
via SMB (an attack known as "credential reflection"). This would allow
an attacker to execute arbitrary commands and code with the privileges
of the current user. Note that a user must first be convinced to connect
to a malicious SMB server. This could be accomplished via a web page or
email message. A proof-of-concept for this vulnerability is publicly
available. This vulnerability has been publicly known, but not
confirmed, since 2003.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/backrush.patch.
README
http://downloads.securityfocus.com/vulnerabilities/exploits/backrush.patch
Wikipedia Article on Replay Attacks, a similar type of attack
http://en.wikipedia.org/wiki/Replay_attack
SecurityFocus BID
http://www.securityfocus.com/bid/7385

***************************************************

(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions 3.x
Mozilla SeaMonkey versions 1.1.x
Mozilla Thunderbird versions 2.x

Description: Mozilla Firefox contains multiple vulnerabilities in its
handling of a variety of inputs. Flaws in the processing of web pages,
script input, URIs, XML documents, JAR files, and other input can lead
to a variety of vulnerabilities including arbitrary code execution with
the privileges of the current user. Due to the shared codebase among the
various Mozilla products, Mozilla SeaMonkey and Mozilla Thunderbird are
also vulnerable to some of these issues. Full technical details for
these vulnerabilities are publicly available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Mozilla Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-51.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/32281

***************************************************

(4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
Affected:
ClamAV versions prior to 0.94.1

Description: ClamAV (Clam Anti-Virus) is a popular open source antivirus
solution. It is often deployed on mail servers to actively scan email
messages for viruses and other malware. It contains a flaw in its
processing of Microsoft Visual Basic project files. A specially crafted
file could  trigger this flaw, leading to a buffer overflow.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the vulnerable process.
An attacker could exploit this vulnerability by sending an email to a
server known to use ClamAV to process email messages. Full technical
details are publicly available for this vulnerability.

Status: Vendor confirmed, updates available.

References:
Posting by Moritz Jodeit 
http://www.securityfocus.com/archive/1/498169
Product Home Page
http://www.clamav.net/
SecurityFocus BID
http://www.securityfocus.com/bid/32207

***************************************************

(5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
Affected:
Apple Aperture 2 when running on versions of Mac OS X 10.4.11 or prior 
Apple iLife 8.0 when running on versions of Mac OS X 10.4.11 or prior

Description: Apple Aperture is a popular photograph processing
application for Apple Mac OS X. Apple iLife is a suite of applications
for media management, web publishing, and other tasks for Apple Mac OS
X. These applications contain flaws in the processing of a variety of
image formats when they are installed on Apple Mac OS X versions 10.4.11
or prior. A specially crafted image could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the current user. Some technical details are publicly available for
these vulnerabilities. Note that images are not opened by the vulnerable
applications without prompting by default.

Status: Vendor confirmed, updates available.

References:
Apple Security Bulletin
http://support.apple.com/kb/HT3276
Secunia Advisory
http://secunia.com/advisories/32688/
Product Home Pages
http://www.apple.com/aperture/
http://www.apple.com/ilife/
SecurityFocus BID
http://www.securityfocus.com/bid/30832

***************************************************

(6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability
Affected:
SAP GUI versions 7.x and prior

Description: SAP GUI is a graphical user interface (GUI) to the SAP
Enterprise Resource Planning application. Part of its functionality is
provided via an ActiveX control. This control contains a remote code
execution vulnerability in its handling of input. A malicious web page
that instantiated this control could trigger this vulnerability,
allowing an attacker to execute arbitrary code with the privileges of
the current user.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism, using CLSID
"B01952B0-AF66-11D1-B10D-0060086F6D97". Note that this could affect
normal application functionality.

References:
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/277313
SAP Vulnerability Note
https://websmp130.sap-ag.de/sap/support/notes/1142431
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SAP Home Page
http://www.sap.com
SecurityFocus BID
http://www.securityfocus.com/bid/32186

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________


08.46.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows "UnhookWindowsHookEx" Local Denial of Service
Description: Microsoft Windows 2003 and Windows Vista are exposed to a
local denial of service issue. This issue stems from an error
affecting multiple calls to "UnhookWindowsHookEx" and SwitchDesktop.
Windows 2003 and Windows Vista are affected.
Ref: http://www.securityfocus.com/bid/32206/references
______________________________________________________________________

08.46.2 CVE: CVE-2008-4817
Platform: Third Party Windows Apps
Title: NOS Microsystems getPlus Download Manager ActiveX Control
Buffer Overflow
Description: NOS Microsystems getPlus Download Manager is a download
agent which includes an ActiveX control for Microsoft Windows clients.
The getPlus ActiveX control is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. getPlus Download Manager version 1.2.2.50 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
______________________________________________________________________

08.46.3 CVE: CVE-2008-4387
Platform: Third Party Windows Apps
Title: SAP AG SAPgui "mdrmsap.dll" ActiveX Control Remote Code
Execution
Description: SAP AG SAPgui is a graphical user interface feature
included in various SAP applications. The application is exposed to a
remote code execution issue that occurs in the "mdrmsap.dll".
Ref: http://www.kb.cert.org/vuls/id/277313
______________________________________________________________________

08.46.4 CVE: Not Available
Platform: Linux
Title: Linux Kernel "hfsplus_find_cat()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly bounds check data before copying it
to an insufficiently sized memory buffer. The problem occurs in the
"hfsplus_find_cat()" function of the "fs/hfsplus/catalog.c" source
file. Linux kernel versions prior to 2.6.28-rc1 are affected.
Ref:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
______________________________________________________________________

08.46.5 CVE: Not Available
Platform: Linux
Title: Linux Kernel "tvaudio.c" Operations NULL Pointer Dereference
Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. This vulnerability stems from potential NULL pointer
dereference exception errors in the source code file
"drivers/video/tvaudio.c". Attackers can exploit this issue to crash
the affected kernel, denying service to legitimate users. Linux kernel
versions prior to 2.6.25.19 are affected.
Ref:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=
5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1
______________________________________________________________________

08.46.6 CVE: Not Available
Platform: Linux
Title: Linux Kernel "hfsplus_block_allocate()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly check return values before
proceeding with further operations. The problem occurs in the
"hfsplus_block_allocate()" function of the "fs/hfsplus/bitmap.c"
source file. The function fails to properly validate return values
from calls to "read_mapping_page()" before using them in memory
mapping operations. Linux kernel versions prior to 2.6.28-rc1 are
affected.
Ref:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
______________________________________________________________________

08.46.7 CVE: CVE-2008-3527
Platform: Linux
Title: Linux Kernel VDSO Unspecified Privilege Escalation
Description: The Linux Kernel is exposed to a local privilege
escalation issue. This issue results from insufficient bounds checking
in the "syscall()" and "syscall_nopage32()" function calls in the
Virtual Dynamic Shared Object (VDSO) implementation. Linux kernel
versions prior to 2.6.20-git5 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=460251
______________________________________________________________________

08.46.8 CVE: CVE-2008-4395
Platform: Linux
Title: Linux Kernel "ndiswrapper" Remote Buffer Overflow
Description: "ndiswrapper" is a driver wrapper for Linux Kernel that
enables the use of Microsoft Windows drivers for wireless network
devices. The Linux Kernel is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. kernel version 2.6.27 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=239371
______________________________________________________________________

08.46.9 CVE: Not Available
Platform: Linux
Title: Linux Kernel "__scm_destroy()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly close sockets under specific
circumstances. The problem occurs in the "__scm_destroy()" function of
the "/net/core/scm.c" source code file and is related to recursive
function calls when closing a socket via the "fput()" function call.
The Linux kernel versions 2.6.26 and earlier are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470201
______________________________________________________________________

08.46.10 CVE: Not Available
Platform: Linux
Title: cluster Multiple Insecure Temporary File Creation
Vulnerabilities
Description: The cluster program is a freely available application for
creating clusters on Linux systems. Multiple components of the
application are exposed to a security issue that allows attackers to
create temporary files in an insecure manner. cluster versions prior
to 2.03.09 are affected.
Ref: http://www.securityfocus.com/bid/32179
______________________________________________________________________

08.46.11 CVE: Not Available
Platform: Solaris
Title: Sun Solaris DHCP Denial of Service And Remote Code Execution
Vulnerabilities
Description: DHCP daemon is used for dynamically assigning IP
addresses to network devices. The DHCP server daemon in Sun Solaris is
exposed to multiple issues when handling specially crafted DHCP
requests. Attackers can exploit these issues to execute arbitrary code
with root privileges or cause the DHCP server daemon to crash.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243806-1
______________________________________________________________________

08.46.12 CVE: Not Available
Platform: Solaris
Title: Sun Solstice X.25 "/dev/xty" Local Denial of Service
Description: Solstice X.25 is an application used for communicating
across X.25 networks. Solstice X.25 is exposed to a denial of service
issue. Specifically, a local user with read privileges to the
"/dev/xty" file may panic a system with multiple CPUs. X.25 version
9.2 on both x86 and SPARC platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243106-1
______________________________________________________________________

08.46.13 CVE: CVE-2008-4989
Platform: Unix
Title: GnuTLS X.509 Certificate Chain Security Bypass
Description: GNU Transport Layer Security Library (GnuTLS) is a
library that implements the TLS 1.0 and SSL 3.0 protocols. It is
maintained by GNU and is available for UNIX and Linux variants. GnuTLS
is exposed to a security bypass issue because it fails to properly
validate chained X.509 certificates. GnuTLS versions prior to 2.6.1
are affected.
Ref: http://www.gnu.org/software/gnutls/security.html
______________________________________________________________________

08.46.14 CVE: CVE-2008-4414
Platform: Cross Platform
Title: HP Tru64 UNIX AdvFS "showfile" Command Local Privilege
Escalation
Description: The AdvFS "showfile" command displays attributes of AdvFS
files and directories. HP Tru64 UNIX is exposed to a local privilege
escalation issue affecting the AdvFS "showfile" command. HP Tru64 UNIX
versions v5.1B-4 and v5.1B-3 are affected.
Ref: http://www.securityfocus.com/archive/1/498113
______________________________________________________________________

08.46.15 CVE: CVE-2008-2992
Platform: Cross Platform
Title: Adobe Reader "util.printf()" JavaScript Function Stack Buffer
Overflow
Description: Adobe Reader is an application for viewing PDF files.
Adobe Reader is exposed to a stack based buffer overflow issue because
the application fails to perform adequate boundary checks on
user-supplied data. 
Ref: http://www.securityfocus.com/archive/1/498027
______________________________________________________________________

08.46.16 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg "libswscale" Buffer Overflow
Description: FFmpeg is an open source solution for handling audio and
video data. The "libswscale" component is a video scaling library. The
"libswscale" library is exposed to a buffer overflow that occurs in
the "swscale.c" source file when malformed height values are used with
the "yuv2rgb" converter.
Ref:
http://git.mplayerhq.hu/?p=libswscale;a=commitdiff;h=
72ba9cadc4e2c23e3763a03fc06c1993ec280f08
______________________________________________________________________

08.46.17 CVE: Not Available
Platform: Cross Platform
Title: libsamplerate Buffer Overflow
Description: libsamplerate (Secret Rabbit Code) is a sample rate
converter library. The library is exposed to a buffer overflow that
occurs when handling low conversion ratios. Successful exploits may
allow attackers to execute arbitrary code within the context of an
affected application.
Ref: http://www.mega-nerd.com/SRC/index.html
______________________________________________________________________

08.46.18 CVE: CVE-2008-4812, CVE-2008-4813, CVE-2008-4814,
CVE-2008-4815
Platform: Cross Platform
Title: Adobe Acrobat and Reader 8.1.2 Multiple Security
Vulnerabilities
Description: Adobe Acrobat and Reader are freely available,
proprietary applications to handle PDF documents. Adobe Acrobat and
Reader are exposed to multiple security issues. Attackers can exploit
these issues to execute arbitrary code, elevate privileges, or cause a
denial of service condition.
Ref: http://www.securityfocus.com/archive/1/498058
______________________________________________________________________

08.46.19 CVE: Not Available
Platform: Cross Platform
Title: XWork "ParameterInterceptor" Class OGNL Security Bypass
Description: XWork is a command pattern framework; it is used in
Apache Struts 2 and other applications. XWork is exposed to a security
bypass issue because it fails to adequately handle user-supplied
input. XWork versions prior to 2.0.6 are affected.
Ref: http://jira.opensymphony.com/browse/XW-641
______________________________________________________________________

08.46.20 CVE: Not Available
Platform: Cross Platform
Title: Aruba Networks ArubaOS SNMP Community String Information
Disclosure
Description: ArubaOS is the operating system used by various Aruba
Networks network devices, including the Aruba Mobility Controller.
ArubaOS is exposed to a remote information disclosure issue related to
its implementation of the Simple Network Management Protocol.
ArubaOS version 3.3.2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/498033
______________________________________________________________________

08.46.21 CVE: CVE-2008-4816
Platform: Cross Platform
Title: getPlus Download Manager Unauthorized Access
Description: getPlus Download Manager is an application that manages
internet file downloads. getPlus Download Manager is exposed to a
security issue that may allow unauthorized modifications of Internet
options on affected computers.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-19.html
______________________________________________________________________

08.46.22 CVE: Not Available
Platform: Cross Platform
Title: Novell Access Manager Local Browser Security Bypass
Description: Novell Access Manager is an identity management product
that provisions user/password management for the enterprise. The
application is exposed to a security bypass issue when configured to
use X.509 authentication. This issue is the result of the web
browser's SSL cache not being properly cleared when the user logs out
of Access Manager.
Ref: http://www.novell.com/support/viewContent.do?externalId=7001788
______________________________________________________________________

08.46.23 CVE: Not Available
Platform: Cross Platform
Title: libcdaudio "cddb.c" Remote Heap Buffer Overflow
Description: libcdaudio is a library for CD audio playback. It
includes support for data lookups against a CDDB server. The
application is exposed to a remote heap buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input before copying it to an insufficiently sized buffer. libcdaudio
version 0.99.12p2 is affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&
atid=389442
______________________________________________________________________

08.46.24 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player Multiple Stack Based Buffer Overflow
Vulnerabilities
Description: VLC is a cross platform media player. VLC is exposed to
multiple stack based buffer overflow issues because it fails to
perform adequate checks on user-supplied input. These issues occur
when parsing CUE image files and RealText subtitle files. VLC media
player versions prior to 0.9.6 are affected.
Ref: http://www.videolan.org/security/sa0810.html
______________________________________________________________________

08.46.25 CVE: Not Available
Platform: Cross Platform
Title: Multiple Pre Projects Products Cookie Authentication Bypass
Description: Multiple Pre Projects products are exposed to an
authentication bypass issue because they fail to adequately verify
user-supplied input used for cookie based authentication. Attackers
can exploit this vulnerability to gain administrative access to the
affected applications, which may aid in further attacks.
Ref: http://www.securityfocus.com/bid/32126
______________________________________________________________________

08.46.26 CVE: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820,
CVE-2008-4821, CVE-2008-4822, CVE-2008-4823
Platform: Cross Platform
Title: Adobe Flash Player Multiple Security Vulnerabilities
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player
is exposed to multiple security issues. Attackers can exploit these
issues to disclose sensitive information, steal cookie based
authentication credentials, control how web pages are rendered, or
execute arbitrary script code in the context of the application. Adobe
Flash Player versions 9.0.124.0 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-20.html
______________________________________________________________________

08.46.27 CVE: CVE-2008-4831
Platform: Cross Platform
Title: Adobe ColdFusion Local Information Disclosure and Local
Privilege Escalation
Description: Adobe ColdFusion is an application for developing
websites; it is available for various operating systems. The
application is exposed to an issue that can result in
privilege escalation or information disclosure. ColdFusion versions 8,
8.0.1 and ColdFusion MX 7.0.2 Solution are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-21.html
______________________________________________________________________

08.46.28 CVE: Not Available
Platform: Cross Platform
Title: CuteNews aj-fork "path" Parameter Remote File Include
Description: CuteNews aj-fork is a PHP based news and web-blog
application. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"path" parameter of the "example.php" script. CuteNews aj-fork version
167 final is affected.
Ref: http://www.securityfocus.com/bid/32141
______________________________________________________________________

08.46.29 CVE: Not Available
Platform: Cross Platform
Title: Sun System Firmware Unspecified Local Information Disclosure
Description: Sun System Firmware is exposed to a local information
disclosure issue due to an unspecified error. Successful exploits may
allow local privileged attackers in one logical domain to gain access
to memory in another logical domain.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1
______________________________________________________________________

08.46.30 CVE: Not Available
Platform: Cross Platform
Title: Nagios Unspecified Privilege Escalation
Description: Nagios is an open source application designed to monitor
networks and services for interruptions and to notify administrators
when various events occur. The software is exposed to an unspecified
privilege escalation issue related to the creation of custom forms or
browser add-ons. Nagios version 3.0.5 is affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1143
______________________________________________________________________

08.46.31 CVE: Not Available
Platform: Cross Platform
Title: Wi-Fi Protected Access (WPA) Encryption Standard TKIP
Encryption Bypass
Description: Wi-Fi Protected Access (WPA) Encryption Standard is a
security technology for wireless networking. WPA Encryption Standard
is exposed to an encryption bypass issue that affects the Temporal Key
Integrity Protocol (TKIP) key. The key can broken by unspecified
mathematical techniques in 12 to 15 minutes.
Ref: http://www.securityfocus.com/bid/32164
______________________________________________________________________

08.46.32 CVE: CVE-2008-4915
Platform: Cross Platform
Title: VMware Products Trap Flag In-Guest Privilege Escalation
Description: VMware is a set of server emulation applications
available for several platforms. Various VMware products are exposed
to a privilege escalation issue due to an error in the CPU hardware
emulation. Specifically, the virtual CPU may incorrectly handle the
Trap flag.
Ref: http://www.securityfocus.com/archive/1/498138
______________________________________________________________________

08.46.33 CVE: CVE-2008-4281
Platform: Cross Platform
Title: VMware VirtualCenter Directory Traversal
Description: VMware VirtualCenter is an application for monitoring and
management of visualized IT environments. VMware VirtualCenter is
exposed to a directory traversal vulnerability due to an unspecified
input validation error. ESXi 3.5 versions prior to
ESXe350-200810401-O-UG are affected.
Ref: http://www.securityfocus.com/archive/1/498138
______________________________________________________________________

08.46.34 CVE: Not Available
Platform: Cross Platform
Title: IBM Hardware Management Console RMC Daemon Remote Denial of
Service
Description: IBM Hardware Management Console is software used to
manage virtualized systems. It includes a Resource Monitoring and
Control (RMC) daemon which provides a framework for monitoring system
resources. The RMC daemon is exposed to a remote denial of service
issue because it fails to handle malformed data. Hardware Management
Console versions V7R3.3.0 SP2 and V7R3.2.0 SP1 are affected.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4441
______________________________________________________________________

08.46.35 CVE: Not Available
Platform: Cross Platform
Title: Orb Networks Orb Unspecified Directory Traversal
Description: Orb is an application that allows users to access media
stored on remote computers. The application is exposed to an
unspecified directory traversal issue because it fails to sufficiently
sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32187
______________________________________________________________________

08.46.36 CVE: Not Available
Platform: Cross Platform
Title: Openfire Multiple Input Validation Vulnerabilities
Description: Openfire is an open source XMPP (Jabber) server
implemented in Java. The application is exposed to multiple input
validation issues. A successful exploit of these issues may allow an
attacker to gain unauthorized access to the affected application.
Openfire version 3.6.0a is affected.
Ref: http://www.securityfocus.com/archive/1/498162
______________________________________________________________________

08.46.37 CVE: Not Available
Platform: Cross Platform
Title: Multiple ISecSoft Products Multiple IOCTL Request Local
Privilege Escalation Vulnerabilities
Description: ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are
security products for the Microsoft Windows operating system. The
applications are exposed to multiple local privilege escalation issues
that result from drivers failing to properly validate userspace input
to IOCTL requests. Anti-Trojan Elite versions 4.2.1 and earlier and
Anti-Keylogger Elite 3.3.0 and earlier are affected.
Ref: http://www.ntinternals.org/ntiadv0802/ntiadv0802.html
______________________________________________________________________

08.46.38 CVE: Not Available
Platform: Cross Platform
Title: ClamAV "get_unicode_name()" Off-By-One Heap Based Buffer
Overflow
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. ClamAV is exposed to an off-by-one heap based
buffer overflow issue because the application fails to perform
adequate boundary checks on user-supplied data. The vulnerability
occurs in the "get_unicode_name()" function of the
"libclamav/vba_extract.c" source file. ClamAV versions prior to 0.94.1
are affected.
Ref: http://www.securityfocus.com/archive/1/498169
______________________________________________________________________

08.46.39 CVE: Not Available
Platform: Cross Platform
Title: Collabtive Multiple Remote Vulnerabilities
Description: Collabtive is an open source collaboration software. The
application is exposed to multiple remote issues. A successful exploit
of these issues may allow an attacker to gain access to sensitive
information. Collabtive version 0.4.8 is affected.
Ref: http://www.securityfocus.com/archive/1/498186
______________________________________________________________________

08.46.40 CVE: Not Available
Platform: Cross Platform
Title: rtgdictionary for TYPO3 Arbitrary File Upload
Description: The rtgdictionary extension is a dictionary application
for the TYPO3 content manager. The application is exposed to an issue
that lets remote attackers upload and execute arbitrary script code on
an affected computer with the privileges of the web server process. The
issue occurs because the software fails to properly sanitize
user-supplied input. rtgdictionary versions 0.1.9 and earlier are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
______________________________________________________________________

08.46.41 CVE: Not Available
Platform: Cross Platform
Title: FreshScripts Fresh Email Script Session Fixation and Remote
File Include Vulnerabilities
Description: FreshScripts Fresh Email Script is a tool for uploading
files via email. FreshScripts Fresh Email Script is exposed to multiple
issues. An attacker may leverage the session fixation issue to hijack a
session of an unsuspecting user. FreshScripts Fresh Email Script
versions 1.0 to 1.11 are affected.
Ref: http://www.securityfocus.com/bid/32241
______________________________________________________________________

08.46.42 CVE: Not Available
Platform: Cross Platform
Title: Multiple phpstore.info Scripts Arbitrary File Upload
Description: Multiple phpstore.info scripts are exposed to an issue
that lets remote attackers upload and execute arbitrary script code on
an affected computer within the context of the web server process. This
issue occurs because the applications fail to sufficiently sanitize
file extensions before accepting uploaded files.
Ref: http://www.securityfocus.com/bid/32242
______________________________________________________________________

08.46.43 CVE: CVE-2008-4986
Platform: Cross Platform
Title: WIMS Insecure Temporary File Creation Vulnerabilities
Description: WWW Interactive Multipurpose Server (WIMS) is an
interactive mathematics application for the web. WIMS creates
temporary files in an insecure manner. Specifically, the issues affect
the "bin/account.sh" and "public_html/bin/coqweb" scripts. WIMS
version 3.64 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496387
______________________________________________________________________

08.46.44 CVE: Not Available
Platform: Cross Platform
Title: Yosemite Backup "DtbClsLogin()" Remote Buffer Overflow
Description: Yosemite Backup is a backup and recovery solution
available for various platforms. The application is exposed to a
buffer overflow issue. Specifically, the vulnerability occurs in the
"DtbClsLogin()" function in the "ytwindtb.dll" file on Windows systems
and in the "libytlindtb.so" file on Linux systems. Yosemite Backup
version 8.70 is affected.
Ref: http://www.securityfocus.com/bid/32246
______________________________________________________________________

08.46.45 CVE: Not Available
Platform: Cross Platform
Title: sISAPILocation HTTP Header Rewrite Security Bypass
Description: sISAPILocation is an Internet Server Application Program
Interface (ISAPI) filter for IIS. The application is exposed to a
security bypass issue due to which an attacker can bypass HTTP header
rewrite function. sISAPILocation versions 1.0.2.1 and earlier are
affected.
Ref: http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000076.html
______________________________________________________________________

08.46.46 CVE: CVE-2008-4931
Platform: Web Application - Cross Site Scripting
Title: firmCHANNEL Indoor & Outdoor Digital SIGNAGE Cross-Site
Scripting
Description: firmCHANNEL Indoor & Outdoor Digital SIGNAGE is an
advertising display appliance managed with a web-based interface. The
device's management application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied data to
the "login" parameter of the "index.php" script. firmCHANNEL Indoor &
Outdoor Digital SIGNAGE version 3.24 is affected.
Ref: http://www.securityfocus.com/archive/1/498042
______________________________________________________________________

08.46.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Simple Machines Forum Cross-Site Request Forgery
Description: Simple Machine Forum is a PHP based message board. The
application is exposed to a cross-site request forgery issue.
Attackers can upload arbitrary PHP code to the affected application as
an attachment. Simple Machines Forum version 1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/32119
______________________________________________________________________

08.46.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pre ADS Portal Cross-Site Scripting Vulnerabilities and
Authentication Bypass
Description: Pre ADS Portal is a web application. The application is
exposed to multiple remote issues. An attacker can exploit the
cross-site scripting issues to execute arbitrary script code within
the context of the affected site and steal cookie-based authentication
credentials. Pre Projects Pre ADS Portal version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32151
______________________________________________________________________

08.46.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Silva "fulltext" Parameter Cross-Site Scripting
Description: Silva is a PHP based content manager. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "fulltext" parameter
of the Silva Find component.
Ref: http://holisticinfosec.org/content/view/91/45/
______________________________________________________________________

08.46.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Parallels Plesk Billing "new_language" Parameter Cross-Site
Scripting
Description: Parallels Plesk Billing is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"new_language" parameter of the "index.php" script when the "op"
attribute is set to "login". Parallels Plesk Billing version 4.4 is
affected.
Ref: http://www.securityfocus.com/bid/32185
______________________________________________________________________

08.46.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mini Web Calendar Local File Include and Cross-Site Scripting
Vulnerabilities
Description: Mini Web Calendar is a web-based application. Mini Web
Calendar is exposed to multiple input validation issues. An attacker
can exploit the local file include vulnerability using
directory traversal strings to execute local script code in the
context of the application. Mini Web Calendar version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32196
______________________________________________________________________

08.46.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting
Vulnerabilities
Description: IBM Lotus Quickr is web-based collaboration software. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied inputs. Lotus Quickr
version 8.1 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013341
______________________________________________________________________

08.46.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SoftComplex PHP Image Gallery Multiple SQL Injection
Vulnerabilities
Description: SoftComplex PHP Image Gallery is a PHP based web
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "login" and "password" parameters of the "index.php" script when
called with the "action" parameter set to "login". PHP Image Gallery
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32159
______________________________________________________________________

08.46.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Links "admin/adm_login.php" Multiple SQL
Injection Vulnerabilities
Description: DeltaScripts PHP Links is a PHP based web application.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the
"admin_username" and "admin_password" parameters of the
"admin/adm_login.php" script. PHP Links version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32163
______________________________________________________________________

08.46.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WEBBDOMAIN post Card "choosecard.php" SQL Injection
Description: WEBBDOMAIN post Card is an ecard application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "catid" parameter of
the "choosecard.php" script before using it in an SQL query.
WEBBDOMAIN post Card versions 1.01 and 1.02 are affected.
Ref: http://www.securityfocus.com/bid/32097
______________________________________________________________________

08.46.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vibro-CMS "pId" and "nId" Parameters Multiple SQL Injection
Vulnerabilities
Description: Vibro-CMS is a PHP based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32106
______________________________________________________________________

08.46.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple WEBBDOMAIN Products Login Screen SQL Injection
Description: Multiple WEBBDOMAIN products are exposed to an SQL
injection issue because they fail to sufficiently sanitize
user-supplied data to the "Username" parameter of the login screen
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32108
______________________________________________________________________

08.46.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NicLOR Vibro-School-CMS "view_news.php" SQL Injection
Description: NicLOR Vibro-School-CMS is a content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "nID" parameter of the
"view_news.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32109
______________________________________________________________________

08.46.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MicroHellas ToursManager "cityview.php" SQL Injection
Description: MicroHellas ToursManager is a travel directory
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cityid" parameter of the "cityview.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32110
______________________________________________________________________

08.46.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NicLOR CMS-School 2005 "showarticle.php" SQL Injection
Description: NicLOR CMS-School 2005 is a content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "aID" parameter of the
"showarticle.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32112
______________________________________________________________________

08.46.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Document Management System "login.php" SQL Injection
Description: Simple Document Management System is a web-based document
storage system. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"pass" parameter of the "login.php" script before using it in an SQL
query. Simple Document Management System version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32114
______________________________________________________________________

08.46.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tr Script News "admin/login.php" SQL Injection
Description: Tr Script News is a PHP based news application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "login_ad" parameter
of the "admin/login.php" script before using it in an SQL query. Tr
Script News versions 2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32116
______________________________________________________________________

08.46.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpBB2 Small ShoutBox Module "shoutbox_view.php" Multiple SQL
Injection Vulnerabilities
Description: Small ShoutBox is a PHP based shoutbox module for phpBB2
forum software. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied input
to the "id" parameter of the "shoutbox_view.php" script when called
with the "mode" parameter set to either "edit" or "delete". Small
ShoutBox version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/32123
______________________________________________________________________

08.46.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Podcast Portal "Tour.php" SQL Injection
Description: Pre Podcast Portal is a PHP based application for
managing podcasts. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "Tour.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32124
______________________________________________________________________

08.46.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Multi-Vendor Shopping Malls "buyer_detail.php" Multiple SQL
Injection Vulnerabilities
Description: Pre Multi-Vendor Shopping Malls is a PHP based ecommerce
platform. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"cid" and "sid" parameters of the "buyer_detail.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32127
______________________________________________________________________

08.46.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Auto Listings Script "moreinfo.php" SQL Injection
Description: PHP Auto Listings Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "itemno" parameter of
the "moreinfo.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32131
______________________________________________________________________

08.46.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Simple CMS "adminlogin.php" SQL Injection
Description: Pre Simple CMS is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" field of the
"adminlogin.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32132
______________________________________________________________________

08.46.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Job Board SQL Injection
Description: Pre Job Board is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "Admin" field of the administration
panel before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32133
______________________________________________________________________

08.46.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Real Estate Listings SQL Injection
Description: Pre Real Estate Listings is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Admin" field of the
administration panel before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32134
______________________________________________________________________

08.46.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Five Dollar Scripts Drinks Script "index.php" SQL Injection
Description: The Five Dollar Scripts Drinks script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"recid" parameter of the "index.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32137
______________________________________________________________________

08.46.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Airline Ticket Script "info.php" SQL Injection
Description: Mole Group Airline Ticket Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"flight" parameter of the "info.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32138
______________________________________________________________________

08.46.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Taxi Dist-Calc Script "login.php" SQL Injection
Description: Mole Group Taxi Dist-Calc Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"user" field of the "login.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32140
______________________________________________________________________

08.46.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy News And Article System Multiple SQL Injection
Vulnerabilities
Description: Develop It Easy News And Article System is a PHP based
web application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Develop It Easy News And Article System version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/32144
______________________________________________________________________

08.46.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy Membership System Multiple SQL Injection
Vulnerabilities
Description: Develop It Easy Membership System is a PHP based web
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Develop It Easy Membership System version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32147
______________________________________________________________________

08.46.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy Event Calendar Multiple SQL Injection
Vulnerabilities
Description: Develop It Easy Event Calendar is a web-based calendar
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Develop It Easy Event Calendar version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32148
______________________________________________________________________

08.46.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NICE PHP FAQ Script "Admin Panel" SQL Injection
Description: NICE PHP FAQ Script is a knowledge base script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pass" field of the
"Admin Panel" page.
Ref: http://www.securityfocus.com/bid/32150
______________________________________________________________________

08.46.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Pizza Script "index.php" SQL Injection
Description: Pizza Script is a PHP-based application for food delivery
services. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"manufacturers_id" parameter of the "index.php" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/32165
______________________________________________________________________

08.46.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TurnkeyForms Business Survey Pro "survey_results_text.php" SQL
Injection
Description: Business Survey Pro is a PHP-based application for
creating surveys. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "survey_results_text.php" script before using it
in an SQL query. Business Survey Pro version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32169
______________________________________________________________________

08.46.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Domain Shop "admin.php" SQL Injection
Description: E-topbiz Domain Shop is a PHP-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the password form field in
the "admin.php" script before using it in an SQL query. E-topbiz
Domain Shop version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32170
______________________________________________________________________

08.46.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Slide Popups "admin.php" SQL Injection
Description: E-topbiz Slide Popups is a PHP-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the password form field in
the "admin.php" script before using it in an SQL query. E-topbiz Slide
Popups version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32171
______________________________________________________________________

08.46.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EC-CUBE "image" Parameter Multiple SQL Injection
Vulnerabilities
Description: EC-CUBE is an open source system for creating shopping
sites. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"image" parameter of the "html/products/detail_image.php" script in
versions 1.x and the
"data/class/pages/products/LC_Page_Products_DetailImage.php" script in
version 2.x before using it in an SQL query. EC-CUBE versions 1.x and
2.x are affected.
Ref: http://www.securityfocus.com/bid/32177
______________________________________________________________________

08.46.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SoftComplex PHP Image Gallery
Description: SoftComplex PHP Image Gallery is a web-based photo album
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ctg" parameter of the "index.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32182
______________________________________________________________________

08.46.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Online Store "login.php" SQL Injection
Description: E-topbiz Online Store is an ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the password form field in
the "login.php" script before using it in an SQL query. E-topbiz
Online Store version 1 is affected.
Ref: http://www.securityfocus.com/bid/32188
______________________________________________________________________

08.46.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Classifieds "detail.php" SQL Injection
Description: DeltaScripts PHP Classifieds is a PHP-based web
advertisement application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "siteid" parameter of the "detail.php"
script before using it in an SQL query. DeltaScripts PHP Classifieds
version 7.5 is affected.
Ref: http://www.securityfocus.com/bid/32191
______________________________________________________________________

08.46.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Auto Listings Script "adminlogin.php" SQL Injection
Description: PHP Auto Listings Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" and "pass"
parameter of the "adminlogin.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32193
______________________________________________________________________

08.46.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Rental Script "admin/login.php" SQL Injection
Description: Mole Group Rental Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "admin/login.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32195
______________________________________________________________________

08.46.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz eStore "index.php" SQL Injection
Description: E-topbiz eStore is an ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "index.php" script before using it in an SQL query. E-topbiz
eStore version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32197
______________________________________________________________________

08.46.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Number Links 1 "admin/admin_catalog.php" SQL Injection
Description: E-topbiz Number Links 1 is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"admin/admin_catalog.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32198
______________________________________________________________________

08.46.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple MyioSoft Products Login Screen SQL Injection
Description: Multiple MyioSoft products are exposed to an SQL
injection issue because they fail to sufficiently sanitize
user-supplied data to the "Username" parameter of the login screen
before using it in an SQL query. Ajax Portal version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32199
______________________________________________________________________

08.46.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyioSoft EasyBookMarker "bookmarker_backend.php" SQL Injection
Description: EasyBookMarker is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Parent" parameter of
the "bookmarker_backend.php" script before using it in an SQL query.
EasyBookMarker version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32200
______________________________________________________________________

08.46.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Domain Seller Pro "index.php" SQL Injection
Description: Domain Seller Pro is PHP-based application designed for
reselling domain names to users. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "index.php" script
before using it in an SQL query. Domain Seller Pro version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/32201
______________________________________________________________________

08.46.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MemHT Portal "lang/english.php" SQL Injection
Description: MemHT Portal is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"lang/english.php" script when the "op" parameter is set to
"readArticle" before using it in an SQL query. MemHT Portal version
4.0 is affected.
Ref: http://www.securityfocus.com/bid/32210
______________________________________________________________________

08.46.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: V3 Chat Profiles/Dating Script SQL Injection Vulnerabilities
Description: V3 Chat Profiles/Dating Script is a web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "username"
and "password" fields of the administrative section. V3 Chat
Profiles/Dating Script version 3.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32214
______________________________________________________________________

08.46.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Digiappz DigiAffiliate Script SQL Injection Vulnerabilities
Description: DigiAffiliate is a web application implemented in ASP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "admin" and
"password" fields of the "login.asp" script. DigiAffiliate versions
1.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32217
______________________________________________________________________

08.46.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Airline Ticket Script "username" SQL Injection
Description: Mole Group Airline Ticket Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"username" field of the administration panel before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32219
______________________________________________________________________

08.46.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Exocrew ExoPHPDesk "username" SQL Injection
Description: ExoPHPDesk is a web-based helpdesk application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" field of
the administration panel before using it in an SQL query. ExoPHPDesk
version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32220
______________________________________________________________________

08.46.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZEEMATRI "bannerclick.php" SQL Injection
Description: ZEEMATRI is web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "adid" parameter of the
"bannerclick.php" script before using it in an SQL query. ZEEMATRI
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32221
______________________________________________________________________

08.46.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 advCalendar Extension Unspecified SQL Injection
Description: TYPO3 advCalendar ("advcalendar") is an extension for the
TYPO3 content manager. The extension is not a part of the TYPO3
default installation. The extension is exposed to an SQL injection
issue because it fails to sufficiently sanitize input before using it
in an SQL query. TYPO3 advCalendar version 0.3.1 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
______________________________________________________________________

08.46.99 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 CMS Poll System Extension Unspecified SQL Injection
Description: TYPO3 CMS Poll system ("cms_poll") is an extension for
the TYPO3 content manager. The extension is not a part of the TYPO3
default installation. The extension is exposed to an SQL injection
issue because it fails to sufficiently sanitize input before using it
in an SQL query. TYPO3 CMS Poll system versions prior to 0.1.1 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.46.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! JooBlog Component "PostID" Parameter SQL Injection
Description: JooBlog is a plugin that provides blog functionality for
the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "PostID" parameter of the "com_jb2"
component before using it in an SQL query. JooBlog version 0.1.1 is
affected.
Ref: http://www.securityfocus.com/bid/32236
______________________________________________________________________

08.46.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dizi Portali "film.asp" SQL Injection
Description: Dizi Portali is an ASP based web portal. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "film" parameter of the "film.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32239
______________________________________________________________________

08.46.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJPoll Security Bypass and SQL Injection Vulnerabilities
Description: AJPoll is a PHP-based application used to manage polls.
The application is exposed to multiple security issues. Exploiting the
security bypass issue may allow an attacker to bypass certain security
restrictions and perform unauthorized actions.
Ref: http://www.securityfocus.com/bid/32245
______________________________________________________________________

08.46.103 CVE: Not Available
Platform: Web Application
Title: DeltaScripts PHP Classifieds "admin/login.php" Multiple SQL
Injection Vulnerabilities
Description: DeltaScripts PHP Classifieds is a PHP-based web
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "admin_username" and "admin_password" parameters of the
"admin/login.php" script. PHP Classifieds version 7.3 is affected.
Ref: http://www.securityfocus.com/bid/32161
______________________________________________________________________

08.46.104 CVE: Not Available
Platform: Web Application
Title: DeltaScripts PHP Shop "admin/login.php" Multiple SQL Injection
Vulnerabilities
Description: DeltaScripts PHP Shop is a PHP-based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the
"admin_username" and "admin_password" parameters of the
"admin/login.php" script. PHP Shop version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32162
______________________________________________________________________

08.46.105 CVE: Not Available
Platform: Web Application
Title: TBmnetCMS "index.php" Local File Include
Description: TBmnetCMS is a PHP-based content manager.
TBmnetCMS is exposed to a local file include issue because it fails to
properly sanitize user-supplied input to the "content" parameter of
the "index.php" script. TBmnetCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32087
______________________________________________________________________

08.46.106 CVE: CVE-2008-4413
Platform: Web Application
Title: HP System Management Homepage Unspecified Security Bypass
Description: HP System Management Homepage (SMH) is a web-based
interface used to simplify the management of servers. The application
is exposed to a security bypass issue caused by an unspecified error.
HP System Management Homepage (SMH) versions 2.2.6 and earlier running
on HP-UX B.11.11 and B.11.23 are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01586921
______________________________________________________________________

08.46.107 CVE: Not Available
Platform: Web Application
Title: Multi Languages WebShop Online Cross-Site Scripting and SQL
Injection Vulnerabilities
Description: Multi Languages WebShop Online is a PHP-based ecommerce
application. Since it fails to sufficiently sanitize user-supplied
data, Multi Languages Webshop Online is exposed to multiple input
validation issues.
Ref:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
______________________________________________________________________

08.46.108 CVE: Not Available
Platform: Web Application
Title: Joomla! Onguma Time Sheet Component Remote File Include
Description: Onguma Time Sheet is a time sheet component for the
Joomla! content manager. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "mosConfig_absolute_path" parameter of the component's
"onguma.class.php" script. Onguma Time Sheet version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32095
______________________________________________________________________

08.46.109 CVE: Not Available
Platform: Web Application
Title: VirtueMart Google Base (Froogle) Component
"admin.googlebase.php" Remote File Include
Description: VirtueMart Google Base (Froogle) Component is a bulk
upload utility for the Joomla! content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "mosConfig_absolute_path"
parameter of the
"administrator/components/com_googlebase/admin.googlebase.php" script.
VirtueMart Google Base (Froogle) Component version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32098
______________________________________________________________________

08.46.110 CVE: Not Available
Platform: Web Application
Title: Sitoincludefile in PHP "includefile.php" Local File Include
Description: Sitoincludefile in PHP is a web-based script.
Sitoincludefile in PHP is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"page_file" parameter of the "includefile.php" script.
Ref: http://www.securityfocus.com/bid/32111
______________________________________________________________________

08.46.111 CVE: Not Available
Platform: Web Application
Title: Pro Desk Support Center "include_file" Parameter Local File
Include
Description: Pro Desk Support Center is a customer support plugin for
the Mambo and Joomla! content managers. Pro Desk Support Center is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "include_file"  parameter of the
"com_pro_desk" module. Pro Desk Support Center versions 1.0 and 1.2
are affected.
Ref: http://www.securityfocus.com/bid/32113
______________________________________________________________________

08.46.112 CVE: Not Available
Platform: Web Application
Title: DHCart Multiple Cross-Site Scripting and HTML Injection
Vulnerabilities
Description: DHCart is a PHP based shopping cart. The application is
exposed to multiple cross-site scripting and HTML injection issues
because it fails to sufficiently sanitize user-supplied data. DHCart
version 3.84 is affected.
Ref: http://www.securityfocus.com/bid/32116
______________________________________________________________________

08.46.113 CVE: Not Available
Platform: Web Application
Title: PTK "file_content.php" Arbitrary Command Execution and
Unspecified Input Validation Vulnerabilities
Description: PTK is a graphical interface for the Sleuthkit Interface
computer forensics tool. PTK is exposed to an issue that lets
attackers execute arbitrary commands because it fails to properly
sanitize user-supplied input. This issue is due to a "shell_exec()"
system call on unsanitized input in the "ptk/lib/file_content.php"
script. PTK versions prior to 1.0.1 are affected.
Ref: http://www.securityfocus.com/archive/1/498081
______________________________________________________________________

08.46.114 CVE: Not Available
Platform: Web Application
Title: Joomla! Dada Mail Manager Component Remote File Include
Description: Dada Mail Manager is a component for the Joomla! content
manager. The application component for Joomla! is exposed to a remote
file include issue because it fails to sufficiently sanitize
user-supplied input to the "GLOBALS[mosConfig_absolute_path]"
parameter of the component's "config.dadamail.php" script.
Ref: http://www.securityfocus.com/bid/32135
______________________________________________________________________

08.46.115 CVE: Not Available
Platform: Web Application
Title: Drupal Content Construction Kit Module HTML Injection
Vulnerabilities
Description: Content Construction Kit is a third party component for
Drupal. The application is exposed to an HTML injection issue because it
fails to properly sanitize user-supplied input to unspecified field
labels and content type names before using it in dynamically generated
content. Content Construction Kit versions prior to 5.x-1.10 and prior
to 6.x-2.0 are affected.
Ref: http://drupal.org/node/330546
______________________________________________________________________

08.46.116 CVE: Not Available
Platform: Web Application
Title: Simple Machines Forum "Themes.php" Local File Include
Description: Simple Machines Forum is a web-based application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "theme_dir" parameter
of the "Themes.php" script. Simple Machines Forum up to and including
version 1.1.6 are affected.
Ref: http://www.securityfocus.com/bid/32139
______________________________________________________________________

08.46.117 CVE: Not Available
Platform: Web Application
Title: CuteNews "config_skin" Parameter Local File Include
Description: CuteNews is a PHP-based news management system. CuteNews
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "config_skin" parameter of the
"register.php" script. CuteNews version 1.4.6 is affected.
Ref: http://www.securityfocus.com/bid/32142
______________________________________________________________________

08.46.118 CVE: Not Available
Platform: Web Application
Title: Develop It Easy Photo Gallery Multiple SQL Injection
Vulnerabilities
Description: Develop It Easy Photo Gallery is a PHP-based web
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Photo Gallery version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32145
______________________________________________________________________

08.46.119 CVE: Not Available
Platform: Web Application
Title: Arab Portal "file" Parameter Local File Include
Description: Arab Portal is a web portal application. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "file" parameter of the "mod.php"
script when the "mod" parameter is set to "html". Arab Portal version
2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/498092
______________________________________________________________________

08.46.120 CVE: Not Available
Platform: Web Application
Title: BigDump ".sql" Arbitrary File Upload
Description: BigDump is a PHP-based, staggered MySQL dump importer
application. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code on an affected
computer with the privileges of the web server process. The issue
occurs because the software fails to properly sanitize user-supplied
input in the "bigdump.php" script. BigDump version 0.29b is affected.
Ref: http://www.securityfocus.com/archive/1/498093
______________________________________________________________________

08.46.121 CVE: Not Available
Platform: Web Application
Title: MySQL Quick Admin "actions.php" Local File Include
Description: MySQL Quick Admin is a web-based MySQL management
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"lang" parameter of the "actions.php" script. MySQL Quick Admin
version 1.5.5 is affected.
Ref: http://www.securityfocus.com/bid/32157
______________________________________________________________________

08.46.122 CVE: Not Available
Platform: Web Application
Title: LoveCMS "images.php" Arbitrary File Deletion
Description: LoveCMS is a PHP-based content manager. The application
is exposed to an issue that allows attackers to delete arbitrary files
because it fails to properly sanitize user-supplied input to the
"delete" parameter of the "images.php" script. LoveCMS version 1.6.2
is affected.
Ref: http://www.securityfocus.com/bid/32158
______________________________________________________________________

08.46.123 CVE: Not Available
Platform: Web Application
Title: U&M Software Multiple Products Authentication Bypass
Vulnerabilities
Description: U&M Software products, including JustBookIt,
JustListIt, and Signup are web-based applications. The applications
are exposed to multiple authentication bypass issues. U&M Software
products versions JustBookIt 1.0, JustListIt 1.0 and Signup
1.0 are affected.
Ref: http://www.securityfocus.com/bid/32166
______________________________________________________________________

08.46.124 CVE: Not Available
Platform: Web Application
Title: TestLink Multiple HTML Injection Vulnerabilities
Description: TestLink is a PHP-based testing suite. The application is
exposed to multiple HTML injection issues because it fails to properly
sanitize user-supplied input to the "Testcaseprefixes" field of the
"projectview.tpl" script and also user-supplied input to the
"Testproject Names" and "Testplan Names" fields of the "planEdit.php"
script. TestLink versions prior to 1.8 RC1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=638751
______________________________________________________________________

08.46.125 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Entertainment Portal Cookie Authentication Bypass
Description: TurnkeyForms Entertainment Portal a web-based
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie based authentication. Entertainment Portal version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/32174
______________________________________________________________________

08.46.126 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Software Directory SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: TurnkeyForms Software Directory is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cid" parameter of the "showcategory.php" script. Software Directory
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32175
______________________________________________________________________

08.46.127 CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Local Classifieds SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: TurnkeyForms Local Classifieds is a web-based
application. The application is exposed to an SQL injection issue and
a cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data to the "r" parameter of the "listtest.php" script.
Ref: http://www.securityfocus.com/bid/32176
______________________________________________________________________

08.46.128 CVE: Not Available
Platform: Web Application
Title: e-Vision CMS Multiple Local File Include Vulnerabilities
Description: e-Vision CMS is a PHP-based content manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. e-Vision CMS
version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32180
______________________________________________________________________

08.46.129 CVE: Not Available
Platform: Web Application
Title: PrestaShop Prior to 1.1 Beta 2 Multiple Unspecified Security
Vulnerabilities
Description: PrestaShop is a PHP-based ecommerce application. The
application is exposed to multiple remote security issues caused by
unspecified errors. PrestaShop versions prior to 1.1 beta 2 are
affected.
Ref: http://www.prestashop.com/download/changelog_1.1.0.1.txt
______________________________________________________________________

08.46.130 CVE: Not Available
Platform: Web Application
Title: Clickheat "mosConfig_absolute_path" Parameter Multiple Remote
File Include Vulnerabilities
Description: Clickheat is a module for the Mambo and Joomla! content
manager. The application is exposed to multiple remote file include
issues because it fails to sufficiently sanitize user-supplied input.
Clickheat version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32190
______________________________________________________________________

08.46.131 CVE: Not Available
Platform: Web Application
Title: Recly! Competitions Component "mosConfig_absolute_path"
Multiple Remote File Include Vulnerabilities
Description: Recly! Competitions Component is a text-based contest
application for the Joomla! content manager. The application is
exposed to multiple remote file include issues because it fails to
properly sanitize user-supplied input. Recly! Competitions Component
version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/32192
______________________________________________________________________

08.46.132 CVE: Not Available
Platform: Web Application
Title: Recly Feederator "mosConfig_absolute_path" Multiple Remote File
Include Vulnerabilities
Description: Recly Feederator is a RSS manager component for the
Joomla! content manager. The application is exposed to multiple remote
file include issues because it fails to properly sanitize
user-supplied input. Recly Feederator version 1.0.5 is affected.
Ref: http://www.securityfocus.com/bid/32194
______________________________________________________________________

08.46.133 CVE: Not Available
Platform: Web Application
Title: Indiscripts Enthusiast "show_joined.php" Remote File Include
Description: Indiscripts Enthusiast is a PHP-based application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "path" parameter of
the "show_joined.php" script. Indiscripts Enthusiast version 3.1.4 is
affected.
Ref: http://www.securityfocus.com/archive/1/498161
______________________________________________________________________

08.46.134 CVE: Not Available
Platform: Web Application
Title: MoinMoin Cross-Site Scripting and Information Disclosure
Vulnerabilities
Description: MoinMoin is a freely available, opensource wiki written
in Python. It is available for Unix and Linux platforms. MoinMoin is
exposed to cross-site scripting and information disclosure issues
because it fails to sanitize user-supplied input. MoinMoin versions
1.5.9 and 1.8.0 are affected.
Ref: http://www.securityfocus.com/archive/1/498166
______________________________________________________________________

08.46.135 CVE: Not Available
Platform: Web Application
Title: Multiple V3 Chat Products Cookie Authentication Bypass
Description: Multiple products from V3 Chat are exposed to an
authentication bypass issue because they fail to adequately verify
user-supplied input used for cookie-based authentication.
Profiles/Dating Script version 3.0.2 and Live Support 3.0.4 are
affected.
Ref: http://v3chat.com/profiles.php
______________________________________________________________________

08.46.136 CVE: Not Available
Platform: Web Application
Title: Cyberfolio "theme" Parameter Local File Include
Description: Cyberfolio is a web-based application. Cyberfolio is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "theme" parameter of the
"portfolio/css.php" script. Cyberfolio versions 7.12.2 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/32218
______________________________________________________________________

08.46.137 CVE: Not Available
Platform: Web Application
Title: Zeeways SHAADICLONE "admin/home.php" Authentication Bypass
Description: Zeeways SHAADICLONE is web-based matrimonial application.
The application is exposed to an authentication bypass issue.
Specifically, this issue affects the "admin/home.php" script because
the application fails to restrict access to it. Zeeways SHAADICLONE
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32222
______________________________________________________________________

08.46.138 CVE: Not Available
Platform: Web Application
Title: Zeeways PHOTOVIDEOTUBE "admin/home.php" Authentication Bypass
Description: Zeeways PHOTOVIDEOTUBE is PHP-based application used to
share photos and videos. The application is exposed to an
authentication bypass issue. Specifically, this issue affects the
"admin/home.php" script because the application fails to restrict
access to it. Zeeways PHOTOVIDEOTUBE version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32223
______________________________________________________________________

08.46.139 CVE: Not Available
Platform: Web Application
Title: ZEEPROPERTY Arbitrary File Upload and Cross-Site Scripting
Vulnerabilities
Description: ZEEPROPERTY is a web-based application. The application
is exposed to an issue that lets attackers upload and execute
arbitrary code. The issue occurs because the software fails to
properly sanitize user-supplied input in the "viewprofile.php" script.
ZEEPROPERTY version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32224
______________________________________________________________________

08.46.140 CVE: Not Available
Platform: Web Application
Title: ZEEJOBSITE Arbitrary File Upload
Description: ZEEJOBSITE is a web-based application. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the software fails to
properly sanitize user-supplied input in the "editresume_next.php"
script. ZEEJOBSITE version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32225
______________________________________________________________________

08.46.141 CVE: Not Available
Platform: Web Application
Title: Trac Denial of Service and Phishing Vulnerabilities
Description: Trac is a web-based project management application. The
application is exposed to multiple issues. Attackers may exploit
these issues to perform phishing attacks or cause a denial of service
condition. Trac versions prior to 0.11.2 are affected.
Ref: http://trac.edgewall.org/wiki/ChangeLog
______________________________________________________________________

08.46.142 CVE: Not Available
Platform: Web Application
Title: x10 Automatic MP3 Script "url" Parameter File Disclosure
Description: x10 Automatic MP3 Script is a PHP-based search engine.
The application is exposed to a file disclosure issue because it fails
to properly sanitize user-supplied input to the "url" parameter of the
"download.php" script. x10 Automatic MP3 Script versions up to and
including 1.6 are affected.
Ref: http://www.securityfocus.com/bid/32227
______________________________________________________________________

08.46.143 CVE: Not Available
Platform: Web Application
Title: TYPO3 "eluna_pagecomments" Extension SQL Injection and Cross-
Site Scripting Vulnerabilities
Description: "eluna_pagecomments" is an extension to TYPO3 content
manager. The extension is exposed to an SQL injection issue and a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data to certain unspecified parameters.
"eluna_pagecomments" extension version 1.1.2 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
______________________________________________________________________

08.46.144 CVE: Not Available
Platform: Web Application
Title: IBM Metrica Service Assurance Framework Cross-Site Scripting
and HTML Injection Vulnerabilities
Description: IBM Metrica Service Assurance Framework is a framework
that implements a distributed, object-oriented J2EE architecture. The
application is exposed to multiple input validation issues.
Attacker supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065520.html
______________________________________________________________________

08.46.145 CVE: Not Available
Platform: Web Application
Title: OTManager "Admin/ADM_Pagina.php" Remote File Include
Description: OTManager is a PHP-based application. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "Tipo" parameter of the
"Admin/ADM_Pagina.php" script. OTManager version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/32235
______________________________________________________________________

08.46.146 CVE: Not Available
Platform: Web Application
Title: TYPO3 Wir ber uns Extension SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Wir ber uns is an extension for the TYPO3 content
manager. The extension is exposed to an SQL injection issue and a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data to certain unspecified parameters. Wir ber uns
extension version 0.0.24 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
______________________________________________________________________

08.46.147 CVE: Not Available
Platform: Web Application
Title: Free simple PHP guestbook "act.php" Arbitrary Script Injection
Description: Free simple PHP guestbook is a PHP-based content manager.
The application is exposed to an arbitrary script injection issue due
to a failure to sanitize user-supplied input to the "message"
parameter of the "act.php" script. An attacker can exploit this issue
to execute arbitrary script code in the context of the web server.
Ref: http://www.securityfocus.com/bid/32240
______________________________________________________________________

08.46.148 CVE: Not Available
Platform: Web Application
Title: AJ Auction Pro Authentication Bypass Vulnerabilities
Description: AJ Auction Pro is a web-based application. The
applications are exposed to multiple authentication bypass issues. An
attacker accessing the scripts can effectively bypass the intended
security measures and gain administrative access to the application.
Ref: http://www.securityfocus.com/bid/32243
______________________________________________________________________

08.46.149 CVE: Not Available
Platform: Network Device
Title: Siemens SpeedStream 5200 HTTP Host Spoofing Authentication
Bypass
Description: Siemens SpeedStream 5200 is a ADSL modem and router
hardware device. The router is exposed to an authentication bypass
issue that may allow attackers to gain access to a router's
administration interface. Successfully exploiting this issue will
allow attackers to gain unauthorized administrative access to the
affected device.
Ref: http://www.securityfocus.com/bid/32203
______________________________________________________________________

08.46.150 CVE: Not Available
Platform: Network Device
Title: Multiple 2Wire DSL Routers "xslt" HTTP Request Denial of
Service
Description: 2Wire DSL routers are networking devices that use a
web-based management interface. Multiple 2Wire DSL routers are exposed
to a denial of service issue because it fails to adequately handle
specially crafted HTTP requests. The issue occurs when the HTTP
service handles requests to "xslt" followed by "%" and a
non-alphanumeric character.
Ref: http://www.securityfocus.com/bid/32211
______________________________________________________________________

08.46.151 CVE: Not Available
Platform: Hardware
Title: Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling
Denial of Service
Description: VTP (VLAN Trunking Protocol) is a Cisco protocol used for
VLAN centralized management. Cisco IOS and Cisco CatOS are exposed to
a remote denial of service issue that occurs when handling specially
crafted VTP packets. Attackers would need local area network access to
the affected computer and the device must be operating using server or
client VTP mode.
Ref:
http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml#status
______________________________________________________________________
[ terug ]