Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
November 6, 2008                                          Vol. 7. Week 45
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                       11 (#2, #3)
Linux                                           1
Unix                                            1
Cross Platform                                  9 (#1) 
Web Application - Cross Site Scripting         13
Web Application - SQL Injection                38
Web Application                                35
Network Device                                  1 (#4)

************************** Sponsored By SANS ****************************

How vulnerable are my industrial control system? How are attackers
penetrating my defenses? How can I mitigate this threat? These are some
of the topics of the SCADA & Process Control Security Summit. Learn
about the most promising commercial and governmental solutions and how
other have used them. February 2-3 - Orlando.
http://www.sans.org/info/35004

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - London (12/1- 12/9) http://sans.org/london08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
- - Las Vegas (1/24-2/01) http://sans.org/securitywest09/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Adobe Acrobat Multiple Vulnerabilities
(2) CRITICAL: IBM Tivoli Storage Manager Buffer Overflow
(3) MODERATE: NOS Microsystems getPlus Download Manager Buffer Overflow
(4) LOW: SonicWALL Universal Script Injection

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
08.45.1  - Aztec ActiveX "Aztec.dll" ActiveX Control Multiple Arbitrary File
Overwrite Vulnerabilities
08.45.2  - MW6 Technologies Barcode ActiveX "Barcode.dll" Multiple Arbitrary
File Overwrite Vulnerabilities
08.45.3  - MW6 DataMatrix "DataMatrix.dll" ActiveX Control Multiple Arbitrary
File Overwrite Vulnerabilities
08.45.4  - MW6 PDF417 "MW6PDF417.dll" ActiveX Control Multiple Arbitrary File
Overwrite Vulnerabilities
08.45.5  - Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite
08.45.6  - DjVu "DjVu_ActiveX_MSOffice.dll" ActiveX Component Heap Buffer
Overflow
08.45.7  - Microsoft DebugDiag "CrashHangExt.dll" ActiveX Control Remote Denial
of Service
08.45.8  - Adobe PageMaker "AldFs32.dll" Key Strings Stack-Based Buffer Overflow
08.45.9  - Chilkat Crypt ActiveX Control "ChilkatCrypt2.dll" Arbitrary File
Overwrite
08.45.10 - Microsoft Windows Media Player Unspecified DAT File Parsing Denial of
Service
08.45.11 - Network-Client FTP Now Heap Buffer Overflow
 -- Linux
08.45.12 - htop Hidden Process Name Input Filtering
 -- Unix
08.45.13 - Dovecot Invalid Message Address Parsing Denial of Service
 -- Cross Platform
08.45.14 - Quassel Core CTCP Ping Input Validation
08.45.15 - Adobe PageMaker Font Structure Multiple Buffer Overflow
Vulnerabilities
08.45.16 - Python Imageop Module "imageop.crop()" Buffer Overflow
08.45.17 - IBM Tivoli Storage Manager Client Buffer Overflow
08.45.18 - Absolute Live Support .Net Cookie Authentication Bypass
08.45.19 - Opera Web Browser 9.62 History Search Input Validation
08.45.20 - Net-SNMP GETBULK Remote Denial of Service
08.45.21 - Dns2tcp "dns_decode.c" Remote Buffer Overflow
08.45.22 - University of Washington IMAP "tmail" and "dmail" Local Buffer
Overflow Vulnerabilities
 -- Web Application - Cross-Site Scripting
08.45.23 - KKE Info Media Kmita Gallery Multiple Cross-Site Scripting
Vulnerabilities
08.45.24 - Opera Web Browser History Search and Links Panel Cross-Site Scripting
Vulnerabilities
08.45.25 - Dorsa CMS "Default_.aspx" Cross-Site Scripting
08.45.26 - SonicWALL Content Filtering Error Page Cross-Site Scripting
08.45.27 - CompactCMS "admin/index.php" Multiple Cross-Site Scripting
Vulnerabilities
08.45.28 - cPanel Cross-Site Scripting Vulnerabilities and Local File Include
08.45.29 - Fortinet Fortigate Unspecified Cross-Site Scripting
08.45.30 - Camera Life Multiple Cross-Site Scripting Vulnerabilities
08.45.31 - Tribiq CMS "template_path" Parameter Cross-Site Scripting
08.45.32 - MyGallery "gallery.inc.php" Parameter Cross-Site Scripting
08.45.33 - SignMe "signme.inc.php" Cross-Site Scripting
08.45.34 - RateMe "rate" Parameter Cross-Site Scripting
08.45.35 - Matpo.de Link "view.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.45.36 - WebCards "admin.php" Login Page SQL Injection
08.45.37 - Harlandscripts Pro Traffic One "trg" Parameter SQL Injection
08.45.38 - Harlandscripts Pro Traffic One "id" Parameter SQL Injection
08.45.39 - MyPHP Forum "post.php" and "member.php" Multiple SQL Injection
Vulnerabilities
08.45.40 - e107 Lyrics Plugin "lyrics_song.php" SQL Injection
08.45.41 - phpWebSite "links.php" SQL Injection
08.45.42 - SpitFire Photo Pro "pages.php" SQL Injection
08.45.43 - Interact "email_user_key" Parameter SQL Injection
08.45.44 - Multiple Scripts For Sites Products "directory.php" SQL Injection
08.45.45 - Logz podcast CMS "add_url.php" SQL Injection
08.45.46 - Article Publisher Pro "admin.php" SQL Injection
08.45.47 - Scripts For Sites EZ Hotscripts SQL Injection
08.45.48 - EZ Webring "category.php" SQL Injection
08.45.49 - EZ BIZ PRO "track.php" SQL Injection
08.45.50 - Scripts For Sites EZ Link Directory "links.php" SQL Injection
08.45.51 - Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection
08.45.52 - Scripts For Sites EZ Career "content.php" SQL Injection
08.45.53 - Scripts For Sites EZ Top Sites "topsite.php" SQL Injection
08.45.54 - Scripts For Sites EZ e-store "searchresults.php" SQL Injection
08.45.55 - Bloggie Lite Cookie SQL Injection
08.45.56 - 1st News "id" Parameter SQL Injection
08.45.57 - Maran Project Maran PHP Shop "prodshow.php" SQL Injection
08.45.58 - Maran Project Maran PHP Shop "prod.php" SQL Injection
08.45.59 - YourFreeWorld Shopping Cart Script "c" Parameter SQL Injection
08.45.60 - YourFreeWorld Downline Builder Script "id" Parameter SQL Injection
08.45.61 - YourFreeWorld Downline Builder Pro "id" Parameter SQL Injection
08.45.62 - deV!L'z Clanportal "users" Parameter SQL Injection
08.45.63 - AJ Article "index.php" SQL Injection
08.45.64 - YourFreeWorld Blog Blaster Script "id" Parameter SQL Injection
08.45.65 - YourFreeWorld Autoresponder Hosting Script "id" Parameter SQL
Injection
08.45.66 - YourFreeWorld Scrolling Text Ads Script "id" Parameter SQL Injection
08.45.67 - YourFreeWorld Reminder Service Script "id" Parameter SQL Injection
08.45.68 - YourFreeWorld Classifieds Blaster Script "id" Parameter SQL Injection
08.45.69 - YourFreeWorld Classifieds Hosting Script "id" Parameter SQL Injection
08.45.70 - ASP Forum "iFor" Parameter SQL Injection
08.45.71 - BosClassifieds "cat_id" Parameter SQL Injection
08.45.72 - Matpro.de Link "view.php" SQL Injection
08.45.73 - Dragan Mitic Apoll "admin/index.php" SQL Injection
 -- Web Application
08.45.74 - Sepal SPBOARD "board.cgi" Remote Command Execution
08.45.75 - 7-Shop "imageupload.php" Arbitrary File Upload
08.45.76 - Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary File
Upload
08.45.77 - Instinct WP e-Commerce "image_processing.php" Arbitrary File Upload
08.45.78 - IBM Lotus Connections Multiple Remote Vulnerabilities
08.45.79 - Venalsur Booking Centre SQL Injection and Cross-Site Scripting
Vulnerabilities
08.45.80 - Typo SQL Injection and HTML Injection Vulnerabilities
08.45.81 - Agora "MysqlfinderAdmin.php" Remote File Include
08.45.82 - Tribiq CMS Cookie Authentication Bypass
08.45.83 - Absolute File Send .Net Cookie Authentication Bypass
08.45.84 - Absolute Podcast .NET Cookie Authentication Bypass
08.45.85 - Absolute Poll Manager XE Cookie Authentication Bypass
08.45.86 - Absolute Form Processor .Net Cookie Authentication Bypass
08.45.87 - ComingChina.com U-Mail "edit.php" Arbitrary File Upload
08.45.88 - Tribiq CMS "template_path" Parameter Local File Include
08.45.89 - Absolute Banner Manager .NET Cookie Authentication Bypass
08.45.90 - Absolute News Manager .Net Cookie Authentication Bypass
08.45.91 - Absolute Control Panel XE Cookie Authentication Bypass
08.45.92 - Absolute Content Rotator Cookie Authentication Bypass
08.45.93 - Absolute News Feed Cookie Authentication Bypass
08.45.94 - Absolute FAQ Manager .NET Cookie Authentication Bypass
08.45.95 - Absolute Newsletter Cookie Authentication Bypass
08.45.96 - Sharedlog CMS Remote File Include
08.45.97 - Joomla! Flash Tree Gallery Component Remote File Include
08.45.98 - Maran Project Maran PHP Shop Cookie Authentication Bypass
08.45.99 - NetRisk SQL Injection and Cross-Site Scripting Vulnerabilities
08.45.100 - Joovili Cookie Authentication Bypass
08.45.101 - Article Publisher PRO Cookie Authentication Bypass
08.45.102 - Micro CMS "microcms-admin-home.php" Security Bypass
08.45.103 - Apartment Search Script Arbitrary File Upload and Cross-Site
Scripting Vulnerabilities
08.45.104 - GeSHi "geshi.php" Remote Code Execution
08.45.105 - Acc Scripts Acc PHP eMail Cookie Authentication Bypass
08.45.106 - Acc Scripts Real Estate and Statistics Cookie Authentication Bypass
08.45.107 - Acc Scripts Acc Autos Cookie Authentication Bypass
08.45.108 - Agavi "cmplang" Parameter Directory Traversal
 -- Network Device
08.45.109 - A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML
Injection Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Adobe Acrobat Multiple Vulnerabilities
Affected:
Adobe Acrobat versions prior to 9

Description: Adobe Acrobat is the most popular viewer for the Portable
Document Format (PDF) on the internet. Flaws in the handling of
JavaScript and other data embedded in PDF files could trigger one of a
variety of flaws. Successfully exploiting one of these flaws would allow
an attacker to execute arbitrary code with the privileges of the current
user. Note that PDF documents are often opened by the vulnerable
application upon receipt, without first prompting the user. Some
technical details are publicly available for this vulnerability, and it
is believed that at least some of these vulnerabilities are similar to
vulnerabilities in other PDF processing products, expanding the area of
available information. Multiple proofs-of-concept are publicly available
for these vulnerabilities. It is believed that at least one of these
vulnerabilities is being actively exploited in the wild.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-074/
http://zerodayinitiative.com/advisories/ZDI-08-073/
http://zerodayinitiative.com/advisories/ZDI-08-072/
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-19.html
Proofs-of-Concept
http://www.securityfocus.com/data/vulnerabilities/exploits/30035.zip
http://www.securityfocus.com/data/vulnerabilities/exploits/30035.c
http://www.securityfocus.com/data/vulnerabilities/exploits/2008-HI2.pdf
Vendor Home Page
http://www.adobe.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/30035
http://www.securityfocus.com/bid/29420
http://www.securityfocus.com/bid/32100
http://www.securityfocus.com/bid/32105
http://www.securityfocus.com/bid/32103

***************************************************

(2) CRITICAL: IBM Tivoli Storage Manager Buffer Overflow
Affected:
IBM Tivoli Storage Manager Express for Microsoft SQL

Description: IBM Tivoli Storage Manager provides storage and backup
management for a variety of platforms. A buffer overflow exists in its
backup client for Microsoft SQL. A specially crafted request to this
service could trigger this buffer overflow, allowing an attacker to
execute arbitrary code with the privileges of the vulnerable process
(SYSTEM). Some technical details are publicly available for this
vulnerability. An additional, possibly related, vulnerability exists in
the client's scheduling code.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-071/
IBM Security Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21322623
SecurityFocus BID
http://www.securityfocus.com/bid/31988

***************************************************

(3) MODERATE: NOS Microsystems getPlus Download Manager Buffer Overflow
Affected:
NOS Microsytems getPlus Download Manager  ActiveX Control

Description: NOS Microsytems getPlus Download Manager is a popular
software update manager, used by vendors including Adobe for Adobe's
Acrobat product. The getPlus Download Manager contains a buffer overflow
in its handling of user input. A specially crafted web page that
instantiates the control could trigger this buffer overflow, allowing
an attacker to execute arbitrary code with the privileges of the current
user. Some technical details are publicly available for this
vulnerability. Note that the known exploit case requires that a
malicious file be sourced from a domain ending in "adobe.com". This may
significantly complicate exploitation, though at least one workaround
is publicly known. When the ActiveX control is distributed by vendors
other than Adobe, this restriction will likely not be present.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7". Note that this will affect
normal application functionality.

References:
iDefense Security Advisory
'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.nosltd.com/get.html
SecurityFocus BID
http://www.securityfocus.com/bid/32105

***************************************************

(4) LOW: SonicWALL Universal Script Injection
Affected:
SonicWALL Pro versions prior to 4.0.1.1

Description: SonicWALL Pro is a popular content security appliance. It
can be used to block access to web sites based on a variety of filtering
rules. It fails to properly sanitize some blocked URLs. A specially
crafted URL that leads to a blocked website could inject arbitrary
JavaScript into the error page returned by the appliance. This would
allow an attacker to execute arbitrary JavaScript code in what users may
think is a trusted web page. A proof-of-concept for this vulnerability
is publicly available.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-070/
SonicWALL Release Notes
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31998.html
Vendor Home Page
http://www.sonicwall.com
SecurityFocus BID
http://www.securityfocus.com/bid/31998

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 45, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________


08.45.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aztec ActiveX "Aztec.dll" ActiveX Control Multiple Arbitrary
File Overwrite Vulnerabilities
Description: Aztec ActiveX is an ATL based control for handling Aztec
2D barcode. Aztec ActiveX is exposed to multiple issues that allow
attackers to overwrite files with arbitrary, attacker-supplied
content. Aztec ActiveX version 3.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 Technologies Barcode ActiveX "Barcode.dll" Multiple
Arbitrary File Overwrite Vulnerabilities
Description: Barcode ActiveX is an ATL based control for creating
device independent barcodes. Barcode ActiveX control is exposed to
multiple issues that allow attackers to overwrite files with
arbitrary, attacker-supplied content. Barcode ActiveX version 3.0.0.1
is affected.
Ref: http://www.securityfocus.com/bid/31979
______________________________________________________________________

08.45.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 DataMatrix "DataMatrix.dll" ActiveX Control Multiple
Arbitrary File Overwrite Vulnerabilities
Description: MW6 DataMatrix ActiveX control is an application for
handling barcode data. The application is exposed to multiple issues
that allow attackers to overwrite files with arbitrary,
attacker-supplied content. MW6 DataMatrix ActiveX control version
3.0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31979
______________________________________________________________________

08.45.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 PDF417 "MW6PDF417.dll" ActiveX Control Multiple Arbitrary
File Overwrite Vulnerabilities
Description: MW6 PDF417 ActiveX control is an application for handling
barcode data. The application is exposed to multiple issues that allow
attackers to overwrite files with arbitrary, attacker supplied
content. MW6 PDF417 ActiveX control version 3.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File
Overwrite
Description: Visagesoft eXPert PDF Viewer ActiveX control is an
application for viewing PDF documents. The application is exposed to
an issue that allows attackers to overwrite files with arbitrary,
attacker-supplied content. Visagesoft eXPert PDF Viewer ActiveX
control version 3.0.990.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: DjVu "DjVu_ActiveX_MSOffice.dll" ActiveX Component Heap Buffer
Overflow
Description: The DjVu ActiveX handles files in the DjVu digital
document format. The application is exposed to a heap based buffer
overflow issue because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized memory buffer. The
DjVu ActiveX control version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/31987
______________________________________________________________________

08.45.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft DebugDiag "CrashHangExt.dll" ActiveX Control Remote
Denial of Service
Description: Microsoft DebugDiag "CrashHangExt.dll" ActiveX control is
a tool to assist in troubleshooting Windows applications. The
application is exposed to a denial of service issue because of a
NULL pointer dereference error. Microsoft DebugDiag version 1.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/497943
______________________________________________________________________

08.45.8 CVE: CVE-2007-6432
Platform: Third Party Windows Apps
Title: Adobe PageMaker "AldFs32.dll" Key Strings Stack-Based Buffer
Overflow
Description: Adobe PageMaker is a desktop publishing application. The
application is exposed to a stack based buffer overflow issue because
it fails to bounds check user-supplied data before copying it into an
insufficiently sized buffer. This issue can occur when a specially
crafted .PMD file is opened with a vulnerable application.
Adobe PageMaker version 7.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497952
______________________________________________________________________

08.45.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat Crypt ActiveX Control "ChilkatCrypt2.dll" Arbitrary
File Overwrite
Description: Chikat Crypt ActiveX control is used to encrypt, hash and
sign data. Chilkat Crypt ActiveX control is exposed to an issue that
allows attackers to overwrite files with arbitrary, attacker-supplied
content. This issue occurs in the of the "WriteFile()" method of the
"hilkatCrypt2.dll" ActiveX control. Chikat Crypt ActiveX control
version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/32073
______________________________________________________________________

08.45.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Windows Media Player Unspecified DAT File Parsing
Denial of Service
Description: Microsoft Windows Media Player is a multimedia
application available for the Microsoft Windows operating system. The
application is exposed to an unspecified denial of service issue when
processing a malformed DAT file.
Ref: http://www.securityfocus.com/bid/32077
______________________________________________________________________

08.45.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Network-Client FTP Now Heap Buffer Overflow
Description: Network-Client FTP Now is an FTP client application for
Microsoft  Windows. The application is exposed to a heap-based buffer
overflow issue because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized memory buffer.
Network-Client FTP Now version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/32080
______________________________________________________________________

08.45.12 CVE: Not Available
Platform: Linux
Title: htop Hidden Process Name Input Filtering
Description: htop is a process viewer for Linux. htop is exposed to an
input-filtering issue that can result in hidden process names. The
application fails to filter non-printable characters. Certain
characters can be used to corrupt the application's display. htop
version 0.7 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504144
______________________________________________________________________

08.45.13 CVE: Not Available
Platform: Unix
Title: Dovecot Invalid Message Address Parsing Denial of Service
Description: Dovecot is a mail server application for Linux and
UNIX like operating systems. Dovecot is exposed to a remote denial of
service issue because it fails to handle certain specially crafted
email headers. Dovecot versions 1.1.4 and 1.1.5 are
affected.
Ref: http://www.dovecot.org/list/dovecot-news/2008-October/000089.html
______________________________________________________________________

08.45.14 CVE: Not Available
Platform: Cross Platform
Title: Quassel Core CTCP Ping Input Validation
Description: Quassel is a distributed IRC client available for
multiple platforms; Quassel Core is its central hub component. Quassel
Core is exposed to an input validation issue that lets attackers
hijack connections and execute arbitrary IRC commands as a user of the
vulnerable application. Quassel Core versions prior to 3.0.3 are
affected.
Ref: http://quassel-irc.org/node/89
______________________________________________________________________

08.45.15 CVE: CVE-2007-5394, CVE-2007-6021
Platform: Cross Platform
Title: Adobe PageMaker Font Structure Multiple Buffer Overflow
Vulnerabilities
Description: Adobe PageMaker is an application for desktop publishing.
The application is exposed to multiple buffer overflow issues because
it fails to perform adequate boundary checks on user-supplied input.
These issues occur when handling a malformed ".PMD" file with a
specially crafted font structure. Adobe PageMaker version 7.0.1 is
affected.
Ref: http://secunia.com/secunia_research/2007-80/
______________________________________________________________________

08.45.16 CVE: Not Available
Platform: Cross Platform
Title: Python Imageop Module "imageop.crop()" Buffer Overflow
Description: Python is an interpreted dynamic object oriented
programming language that is available for many operating systems.
Python's "imageop" module is exposed to a buffer overflow issue.
Specifically, the function "imageop.crop()" fails to properly
bounds check parameters. Python versions prior to 2.5.2 are affected.
Ref: http://svn.python.org/view?rev=66689&view=rev
______________________________________________________________________

08.45.17 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Storage Manager Client Buffer Overflow
Description: IBM Tivoli Storage Manager is a data backup manager for
enterprises. The IBM Tivoli Storage Manager Client is exposed to an
unspecified buffer overflow issue. This issue affects Client Acceptor
Daemon (CAD), and also the scheduler if using PROMPTED as
the value for the SCHEDMODE option.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-071/
______________________________________________________________________

08.45.18 CVE: Not Available
Platform: Cross Platform
Title: Absolute Live Support .Net Cookie Authentication Bypass
Description: Absolute Live Support .Net is a chat application for
customer support. It is implemented in ASP.Net. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie based
authentication. Absolute Live Chat .Net version 5.1 is affected.
Ref: http://www.securityfocus.com/bid/32010
______________________________________________________________________

08.45.19 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.62 History Search Input Validation
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to an input validation issue
because of the way it stores data used for the History Search feature.
Opera Web Browser version 9.62 is affected.
Ref: http://www.securityfocus.com/bid/32015
______________________________________________________________________

08.45.20 CVE: Not Available
Platform: Cross Platform
Title: Net-SNMP GETBULK Remote Denial of Service
Description: Net-SNMP is an SNMP (Simple Network Management Protocol)
package including multiple applications. Net-SNMP is exposed to an
unspecified remote denial of service issue related to the handling of
"GETBULK" SNMP requests.
Ref: http://sourceforge.net/forum/forum.php?forum_id=882903
______________________________________________________________________

08.45.21 CVE: Not Available
Platform: Cross Platform
Title: Dns2tcp "dns_decode.c" Remote Buffer Overflow
Description: Dns2tcp is a network tool designed to relay TCP
connections through DNS traffic. The application is exposed to a
buffer overflow issue because it fails to properly validate
user-supplied input. This issue affects the "dns_decode()" function of
the "server/dns_decode.c" source file. Dns2tcp versions prior to 0.4.2
are affected.
Ref: http://www.securityfocus.com/bid/32071
______________________________________________________________________

08.45.22 CVE: Not Available
Platform: Cross Platform
Title: University of Washington IMAP "tmail" and "dmail" Local Buffer
Overflow Vulnerabilities
Description: University of Washington "tmail" and "dmail" are mail
deliver agents. "tmail" and "dmail" are exposed to local buffer
overflow issues because they fail to perform adequate boundary checks
on user-supplied data.
Ref: http://www.washington.edu/imap/documentation/RELNOTES.html
______________________________________________________________________

08.45.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: KKE Info Media Kmita Gallery Multiple Cross-Site Scripting
Vulnerabilities
Description: Kmita Gallery is a web-based gallery implemented in PHP.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31970
______________________________________________________________________

08.45.24 CVE: CVE-2008-4795, CVE-2008-4794
Platform: Web Application - Cross Site Scripting
Title: Opera Web Browser History Search and Links Panel Cross-Site
Scripting Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input. Opera Web Browser versions prior to 9.62 are affected.
Ref: http://www.opera.com/support/search/view/906/
______________________________________________________________________

08.45.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dorsa CMS "Default_.aspx" Cross-Site Scripting
Description: Dorsa CMS is a web-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "search" parameter of
the "Default_.aspx" script when the "Page_" parameter is set to
"search".
Ref: http://www.securityfocus.com/bid/31992
______________________________________________________________________

08.45.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SonicWALL Content Filtering Error Page Cross-Site Scripting
Description: SonicWALL Content Filtering is a network security
application. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input when
displaying URI address data in the default error page. SonicWALL
Content Filtering on SonicOS Enhanced versions prior to 4.0.1.1 are
affected.
Ref: http://www.securityfocus.com/archive/1/497948
______________________________________________________________________

08.45.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CompactCMS "admin/index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: CompactCMS is a content-management system. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. CompactCMS version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/32007
______________________________________________________________________

08.45.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: cPanel Cross-Site Scripting Vulnerabilities and Local File
Include
Description: cPanel is a web hosting control panel. The application is
exposed to multiple input validation issues because it fails to
sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/497964
______________________________________________________________________

08.45.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Fortinet Fortigate Unspecified Cross-Site Scripting
Description: Fortinet Fortigate is a series of antivirus firewall
devices. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input included
in unspecified pages. This issue occurs due to the display of
user-supplied URIs.
Ref: http://www.securityfocus.com/bid/32017
______________________________________________________________________

08.45.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Camera Life Multiple Cross-Site Scripting Vulnerabilities
Description: Camera Life is a web-based photo gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. Camera Life version
2.6.2b8 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.
html
______________________________________________________________________

08.45.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tribiq CMS "template_path" Parameter Cross-Site Scripting
Description: Tribiq CMS is a PHP based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"template_path" parameter of the
"templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php"
script. Tribiq CMS version 5.0.10a is affected.
Ref: http://www.securityfocus.com/bid/32050
______________________________________________________________________

08.45.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyGallery "gallery.inc.php" Parameter Cross-Site Scripting
Description: MyGallery is a PHP based photo gallery. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "mghash" parameter of
the "gallery.inc.php" script. MyGallery version 1.7.2 is affected.
Ref: http://holisticinfosec.org/content/view/86/45/
______________________________________________________________________

08.45.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SignMe "signme.inc.php" Cross-Site Scripting
Description: SignMe is a PHP based photo gallery. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "hash" parameter of
the "signme.inc.php" script. SignMe version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32068
______________________________________________________________________

08.45.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RateMe "rate" Parameter Cross-Site Scripting
Description: RateMe is a web-based application. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "rate" parameter.
RateMe version 1.3.3 is affected.
Ref: http://www.securityfocus.com/bid/32069
______________________________________________________________________

08.45.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Matpo.de Link "view.php" Cross-Site Scripting
Description: Matpo.de Link is a link management application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "thema"
parameter of the "view.php" script. Matpo.de Link version 1.2b is
affected.
Ref: http://www.securityfocus.com/bid/32082
______________________________________________________________________

08.45.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebCards "admin.php" Login Page SQL Injection
Description: WebCards is a PHP based ecard application. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "password" field of the
"admin.php" script when logging in as an administrator.
Ref: http://www.securityfocus.com/bid/31977
______________________________________________________________________

08.45.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Harlandscripts Pro Traffic One "trg" Parameter SQL Injection
Description: Harlandscripts Pro Traffic One is a web traffic
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "trg" parameter of the "mypage.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/archive/1/497946
______________________________________________________________________

08.45.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Harlandscripts Pro Traffic One "id" Parameter SQL Injection
Description: Harlandscripts Pro Traffic One is an application for
managing web traffic. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "poll_results.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31994
______________________________________________________________________

08.45.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHP Forum "post.php" and "member.php" Multiple SQL Injection
Vulnerabilities
Description: MyPHP Forum is a PHP based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. MyPHP Forum version
3.0 is affected.
Ref: http://www.securityfocus.com/bid/31995
______________________________________________________________________

08.45.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 Lyrics Plugin "lyrics_song.php" SQL Injection
Description: The "Lyrics" plugin is a module for the e107 CMS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "l_id"
parameter of the "lyrics_song.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32004
______________________________________________________________________

08.45.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpWebSite "links.php" SQL Injection
Description: phpWebSite is a freely available content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"links.php" script when the "op" parameter is set to "viewlink" before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/497960
______________________________________________________________________

08.45.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SpitFire Photo Pro "pages.php" SQL Injection
Description: SpitFire Photo Pro is PHP based photo album application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "pageId" parameter
of the "pages.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/497959
______________________________________________________________________

08.45.43 CVE: CVE-2008-3867
Platform: Web Application - SQL Injection
Title: Interact "email_user_key" Parameter SQL Injection
Description: Interact is a PHP based application for online learning.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "email_user_key"
parameter of the "spaces/emailuser.php" script before using it in an
SQL query. Interact version 2.4.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497967
______________________________________________________________________

08.45.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Scripts For Sites Products "directory.php" SQL
Injection
Description: EZ Adult Directory is a PHP based script that allows
users to view and rate various adult entertainment sites. EZ Gaming
Directory is a PHP based script that allows users to view and rate
various gambling sites. These applications are exposed to an
SQL injection issue because they fail to sufficiently sanitize
user-supplied data to the "id" parameter of the "directory.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32021
______________________________________________________________________

08.45.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Logz podcast CMS "add_url.php" SQL Injection
Description: Logz podcast CMS is a PHP based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "art" parameter of the
"add_url.php" script before using it in an SQL query. Logz podcast CMS
version 1.3.1 is affected.
Ref: http://www.securityfocus.com/bid/32022
______________________________________________________________________

08.45.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Article Publisher Pro "admin.php" SQL Injection
Description: Article Publisher Pro is a PHP based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the login name field of
the "admin/admin.php" script before using it in an SQL query. Article
Publisher Pro version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32030
______________________________________________________________________

08.45.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Hotscripts SQL Injection
Description: EZ Hotscripts is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cid" parameter of the
"showcategory.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32031
______________________________________________________________________

08.45.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EZ Webring "category.php" SQL Injection
Description: EZ Webring is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat" parameter of the
"webring/category.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32032
______________________________________________________________________

08.45.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EZ BIZ PRO "track.php" SQL Injection
Description: EZ BIZ PRO is a link database. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "track.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32033
______________________________________________________________________

08.45.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Link Directory "links.php" SQL Injection
Description: Scripts For Sites EZ Link Directory is a PHP based link
management script. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cat_id" parameter of the "links.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32034
______________________________________________________________________

08.45.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection
Description: Scripts For Sites EZ Auction is a PHP based auction
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "viewfaqs.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6918
______________________________________________________________________

08.45.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Career "content.php" SQL Injection
Description: Scripts For Sites EZ Career is a PHP based job script.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "topic" parameter
of the "content.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/6919
______________________________________________________________________

08.45.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Top Sites "topsite.php" SQL Injection
Description: Scripts For Sites EZ Top Sites is a PHP based web site
search script. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ts" parameter of the "topsite.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6920
______________________________________________________________________

08.45.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ e-store "searchresults.php" SQL Injection
Description: Scripts For Sites EZ e-store is a PHP based shopping
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "where"
parameter of the "searchresults.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6922
______________________________________________________________________

08.45.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bloggie Lite Cookie SQL Injection
Description: Bloggie Lite is a PHP based blog script. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data from cookies before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6925
______________________________________________________________________

08.45.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 1st News "id" Parameter SQL Injection
Description: 1st News is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"products.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32042
______________________________________________________________________

08.45.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Maran Project Maran PHP Shop "prodshow.php" SQL Injection
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "prodshow.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32043
______________________________________________________________________

08.45.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Maran Project Maran PHP Shop "prod.php" SQL Injection
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "prod.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32044
______________________________________________________________________

08.45.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Shopping Cart Script "c" Parameter SQL Injection
Description: The Shopping Cart script is a web-based application. The
script is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "c" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32045
______________________________________________________________________

08.45.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Downline Builder Script "id" Parameter SQL
Injection
Description: The Downline Builder script is a web-based application.
The script is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32046
______________________________________________________________________

08.45.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Downline Builder Pro "id" Parameter SQL Injection
Description: Downline Builder Pro is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32047
______________________________________________________________________

08.45.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: deV!L'z Clanportal "users" Parameter SQL Injection
Description: deV!L'z Clanportal is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "users" parameter of
the "user/index.php" script before using it in an SQL query. deV!L'z
Clanportal versions up to and including 1.4.9.6 are affected.
Ref: http://www.securityfocus.com/bid/32049
______________________________________________________________________

08.45.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Article "index.php" SQL Injection
Description: AJ Article is a knowledgebase system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "username" field of the "index.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32054
______________________________________________________________________

08.45.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Blog Blaster Script "id" Parameter SQL Injection
Description: Blog Blaster Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32055
______________________________________________________________________

08.45.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Autoresponder Hosting Script "id" Parameter SQL
Injection
Description: Autoresponder Hosting Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32056
______________________________________________________________________

08.45.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Scrolling Text Ads Script "id" Parameter SQL
Injection
Description: Scrolling Text Ads Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32060
______________________________________________________________________

08.45.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Reminder Service Script "id" Parameter SQL
Injection
Description: Reminder Service Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32061
______________________________________________________________________

08.45.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Classifieds Blaster Script "id" Parameter SQL
Injection
Description: Classifieds Blaster Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32062
______________________________________________________________________

08.45.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Classifieds Hosting Script "id" Parameter SQL
Injection
Description: Classifieds Hosting Script is a web-based application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "tr.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32064
______________________________________________________________________

08.45.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP Forum "iFor" Parameter SQL Injection
Description: ASP Forum is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "iFor" parameter of
the "forum.asp" script before using it in an SQL query. ASP Forum
version 1.0 is affected.
Ref: http://www.milw0rm.com/exploits/6930
______________________________________________________________________

08.45.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BosClassifieds "cat_id" Parameter SQL Injection
Description: BosClassifieds is a classified ad application.
BosClassifieds is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied input to the "cat_id" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32075
______________________________________________________________________

08.45.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Matpro.de Link "view.php" SQL Injection
Description: Matpro.de Link is a link management application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" field of the
"view.php" script before using it in an SQL query. Matpro.de Link
version 1.2b is affected.
Ref: http://www.securityfocus.com/bid/32076
______________________________________________________________________

08.45.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dragan Mitic Apoll "admin/index.php" SQL Injection
Description: Dragan Mitic Apoll is a PHP-based poll application for
web pages. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"user" parameter of the "admin/index.php" script before using it in an
SQL query. Dragan Mitic Apoll version 0.7 is affected.
Ref: http://www.securityfocus.com/bid/32079
______________________________________________________________________

08.45.74 CVE: Not Available
Platform: Web Application
Title: Sepal SPBOARD "board.cgi" Remote Command Execution
Description: Sepal SPBOARD is a web-based bulletin board implemented
in Perl. The application is exposed to an issue that attackers can
leverage to execute arbitrary commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input to the "file" parameter of the
"board.cgi" script.
Ref: http://www.securityfocus.com/bid/31972
______________________________________________________________________

08.45.75 CVE: Not Available
Platform: Web Application
Title: 7-Shop "imageupload.php" Arbitrary File Upload
Description: 7-Shop is an online shopping cart application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. This issue occurs because the
application fails to sufficiently sanitize file extensions before
uploading files to the web server through the
"includes/imageupload.php" script. 7-Shop version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/31978
______________________________________________________________________

08.45.76 CVE: Not Available
Platform: Web Application
Title: Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary File
Upload
Description: SimpleBoard is a PHP-based message board for the Mambo
and Joomla! content managers. The application is exposed to an issue
that lets remote attackers upload and execute arbitrary script code on
an affected computer with the privileges of the web server process. The
issue occurs because the application fails to check file extensions
properly. SimpleBoard version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31981
______________________________________________________________________

08.45.77 CVE: Not Available
Platform: Web Application
Title: Instinct WP e-Commerce "image_processing.php" Arbitrary File
Upload
Description: WP e-Commerce is a PHP-based shopping cart extension for
WordPress content manager. The application is exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an
affected computer with the privileges of the web server process. WP
e-Commerce version 3.4 is affected.
Ref: http://www.securityfocus.com/bid/31982
______________________________________________________________________

08.45.78 CVE: Not Available
Platform: Web Application
Title: IBM Lotus Connections Multiple Remote Vulnerabilities
Description: IBM Lotus Connections is a web-based application used for
information sharing between co-workers, partners and customers. The
application is exposed to multiple issues. IBM Lotus Connections
versions prior to 2.0.1 are affected.
Ref: http://www.securityfocus.com/bid/31989
______________________________________________________________________

08.45.79 CVE: Not Available
Platform: Web Application
Title: Venalsur Booking Centre SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Venalsur Booking Centre is an online booking system. The
application is exposed to an SQL injection issue and a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "OfertaID" parameter of the
"cadena_ofertas_ext.php" script.
Ref: http://www.securityfocus.com/bid/31990
______________________________________________________________________

08.45.80 CVE: Not Available
Platform: Web Application
Title: Typo SQL Injection and HTML Injection Vulnerabilities
Description: Typo is a weblog application implemented in PHP. The
application is exposed to multiple input validation issues. The
attacker may exploit the SQL injection issue to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database. Typo version 5.1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/497970
______________________________________________________________________

08.45.81 CVE: Not Available
Platform: Web Application
Title: Agora "MysqlfinderAdmin.php" Remote File Include
Description: Agora is a PHP-based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "_SESSION["PATH_COMPOSANT"]"
parameter of the "modules/Mysqlfinder/MysqlfinderAdmin.php" script.
Agora version 1.4.2 is affected.
Ref: http://www.securityfocus.com/bid/32000
______________________________________________________________________

08.45.82 CVE: Not Available
Platform: Web Application
Title: Tribiq CMS Cookie Authentication Bypass
Description: Tribiq CMS is content management system. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Tribiq CMS version 5.0.9a (beta) is affected.
Ref: http://www.securityfocus.com/bid/32001/references
______________________________________________________________________

08.45.83 CVE: Not Available
Platform: Web Application
Title: Absolute File Send .Net Cookie Authentication Bypass
Description: Absolute File Send .Net is web-based script used for file
sharing. The application is exposed to an authentication bypass issue 
because it fails to adequately verify user-supplied input used for 
cookie based authentication. Absolute File Send .Net 
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32002
______________________________________________________________________

08.45.84 CVE: Not Available
Platform: Web Application
Title: Absolute Podcast .NET Cookie Authentication Bypass
Description: Absolute Podcast .NET is a web-based application used to
create an online audio podcast. The application is exposed to an 
authentication bypass issue because it fails to adequately verify 
user-supplied input used for cookie-based authentication. 
Absolute Podcast .NET version 1.0 is affected.
Ref: http://www.xigla.com/apodcasting/index.htm
______________________________________________________________________

08.45.85 CVE: Not Available
Platform: Web Application
Title: Absolute Poll Manager XE Cookie Authentication Bypass
Description: Absolute Poll Manager XE is a web-based application used
to create surveys. The application is exposed to an authentication bypass 
issue because it fails to adequately verify user-supplied input used for 
cookie based authentication. Absolute Poll Manager XE version 
4.1 is affected.
Ref: http://www.xigla.com/absolutepm/
______________________________________________________________________

08.45.86 CVE: Not Available
Platform: Web Application
Title: Absolute Form Processor .Net Cookie Authentication Bypass
Description: Absolute Form Processor .Net is web-based script used for
forms management. The application is exposed to an authentication bypass 
issue because it fails to adequately verify user-supplied input used for 
cookie based authentication. Absolute Form Processor .Net version 
4.0 is affected.
Ref: http://www.securityfocus.com/bid/32009
______________________________________________________________________

08.45.87 CVE: Not Available
Platform: Web Application
Title: ComingChina.com U-Mail "edit.php" Arbitrary File Upload
Description: ComingChina.com U-Mail is a PHP-based email application.
The application is exposed to an issue that lets remote attackers
upload and execute arbitrary script code on an affected computer with
the privileges of the web server process. The issue occurs because the
software fails to properly sanitize user-supplied input in the
"/webmail/modules/filesystem/edit.php" script. U-Mail version 4.9.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/497961
______________________________________________________________________

08.45.88 CVE: CVE-2008-4309
Platform: Web Application
Title: Tribiq CMS "template_path" Parameter Local File Include
Description: Tribiq CMS is a PHP-based content management system.
Tribiq CMS is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "template_path" 
parameter of the
"templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php"
script. Tribiq CMS version 5.0.10a is affected.
Ref: http://www.securityfocus.com/bid/32018
______________________________________________________________________

08.45.89 CVE: Not Available
Platform: Web Application
Title: Absolute Banner Manager .NET Cookie Authentication Bypass
Description: Absolute Banner Manager .NET is web-based script used for
advertisement management. The application is exposed to an authentication 
bypass issue because it fails to adequately verify user-supplied input 
used for cookie-based authentication. Absolute Banner Manager 
.NET version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32023
______________________________________________________________________

08.45.90 CVE: Not Available
Platform: Web Application
Title: Absolute News Manager .Net Cookie Authentication Bypass
Description: Absolute News Manager .Net is a web log application. 
The application is exposed to an authentication bypass issue because 
it fails to adequately verify user-supplied input used for cookie-based 
authentication. Absolute News Manager .Net version 5.1 is affected.
Ref: http://www.securityfocus.com/bid/32024
______________________________________________________________________

08.45.91 CVE: Not Available
Platform: Web Application
Title: Absolute Control Panel XE Cookie Authentication Bypass
Description: Absolute Control Panel XE is an ASP based application.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication. Absolute Control Panel XE version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/32025
______________________________________________________________________

08.45.92 CVE: Not Available
Platform: Web Application
Title: Absolute Content Rotator Cookie Authentication Bypass
Description: Absolute Content Rotator is web-based script used for
automated content rotation. The application is exposed to an 
authentication bypass issue because it fails to adequately verify 
user-supplied input used for cookie-based authentication. 
Absolute Content Rotator version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/32026
______________________________________________________________________

08.45.93 CVE: Not Available
Platform: Web Application
Title: Absolute News Feed Cookie Authentication Bypass
Description: Absolute News Feed is an RSS syndication and news
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Absolute News Feed version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/32027
______________________________________________________________________

08.45.94 CVE: Not Available
Platform: Web Application
Title: Absolute FAQ Manager .NET Cookie Authentication Bypass
Description: Absolute FAQ Manager .NET is web-based script used for
FAQ management. The application is exposed to an authentication bypass 
issue because it fails to adequately verify user-supplied input used for 
cookie-based authentication. Absolute FAQ Manager .NET version 6.0 
is affected.
Ref: http://www.securityfocus.com/bid/32028
______________________________________________________________________

08.45.95 CVE: Not Available
Platform: Web Application
Title: Absolute Newsletter Cookie Authentication Bypass
Description: Absolute Newsletter is web-based script used for
marketing. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Absolute Newsletter version 6.1 is
affected.
Ref: http://www.securityfocus.com/bid/32029
______________________________________________________________________

08.45.96 CVE: Not Available
Platform: Web Application
Title: Sharedlog CMS Remote File Include
Description: Sharedlog CMS is a PHP-based content management system.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the
"$GLOBALS['root_dir']" parameter of the
"slideshow_uploadvideo.content.php" script.
Ref: http://www.securityfocus.com/archive/1/497978
______________________________________________________________________

08.45.97 CVE: Not Available
Platform: Web Application
Title: Joomla! Flash Tree Gallery Component Remote File Include
Description: Flash Tree Gallery is an picture gallery component for
the Joomla! content manager. The application is exposed to a remote
file include issue because it fails to sufficiently sanitize
user-supplied input to the "mosConfig_live_site" parameter of the
component's "admin.treeg.php" script.
Ref: http://www.milw0rm.com/exploits/6928
______________________________________________________________________

08.45.98 CVE: Not Available
Platform: Web Application
Title: Maran Project Maran PHP Shop Cookie Authentication Bypass
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication.
Ref: http://www.securityfocus.com/bid/32048
______________________________________________________________________

08.45.99 CVE: Not Available
Platform: Web Application
Title: NetRisk SQL Injection and Cross-Site Scripting Vulnerabilities
Description: NetRisk is a web-based application. The application is
exposed to multiple issues. An SQL injection issue affects the "id"
parameter of the "index.php" script. A cross-site scripting issue
affects the "error" parameter of the "index.php" script. NetRisk
versions up to and including 2.0 are affected.
Ref: http://www.securityfocus.com/bid/32051
______________________________________________________________________

08.45.100 CVE: Not Available
Platform: Web Application
Title: Joovili Cookie Authentication Bypass
Description: Joovili is a content management system. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Joovili version 3.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32058
______________________________________________________________________

08.45.101 CVE: Not Available
Platform: Web Application
Title: Article Publisher PRO Cookie Authentication Bypass
Description: Article Publisher PRO is a content management system. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Article Publisher PRO version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32059
______________________________________________________________________

08.45.102 CVE: Not Available
Platform: Web Application
Title: Micro CMS "microcms-admin-home.php" Security Bypass
Description: Micro CMS is a content management system. The application
is exposed to a security bypass issue because it fails to restrict
access to the "microcms-admin-home.php" script. Micro CMS versions up
to and including 0.3.5 are affected.
Ref: http://www.securityfocus.com/bid/32063
______________________________________________________________________

08.45.103 CVE: Not Available
Platform: Web Application
Title: Apartment Search Script Arbitrary File Upload and Cross-Site
Scripting Vulnerabilities
Description: Apartment Search Script is a web-based application. The
application is exposed to an issue that lets attackers upload and
execute arbitrary code. This  issue occurs because the application
fails to sufficiently sanitize user-supplied input when uploading
images while editing user profiles.
Ref: http://www.securityfocus.com/bid/32065
______________________________________________________________________

08.45.104 CVE: Not Available
Platform: Web Application
Title: GeSHi "geshi.php" Remote Code Execution
Description: GeSHi (Generic Syntax Highlighter) is a PHP-based
application that highlights source code in various colors. The
application is exposed to a remote code execution issue that occurs in
the "geshi.php" script. GeSHi versions prior to 1.0.8.1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=637321
______________________________________________________________________

08.45.105 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Acc PHP eMail Cookie Authentication Bypass
Description: Acc Scripts Acc PHP eMail is a web-based script used for
email subscription management. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. Acc Scripts
Acc PHP eMail version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32074
______________________________________________________________________

08.45.106 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Real Estate and Statistics Cookie Authentication
Bypass
Description: Acc Real Estate is a PHP-based real estate application.
Acc Statistics is a PHP-based website statistics application. The
application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication. Acc Statistics versions 1.1 and Acc Real
Estate 4.0 are affected.
Ref: http://www.securityfocus.com/bid/32078
______________________________________________________________________

08.45.107 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Acc Autos Cookie Authentication Bypass
Description: Acc Scripts Acc Autos is a PHP-based automobile listing
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Acc Autos version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32083
______________________________________________________________________

08.45.108 CVE: Not Available
Platform: Web Application
Title: Agavi "cmplang" Parameter Directory Traversal
Description: Agavi is a PHP application framework. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "cmplang" parameter
of the "index.php" script. Agavi version 1.0.0 beta 5 is affected.
Ref: http://www.securityfocus.com/bid/32086
______________________________________________________________________

08.45.109 CVE: Not Available
Platform: Network Device
Title: A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML
Injection Vulnerabilities
Description: A-Link WL54AP3 and WL54AP2 are wireless routers. A-Link
WL54AP3 and WL54AP2 are exposed to multiple remote issues. 
A cross-site request forgery vulnerability may allow attackers to
change DNS servers, enable the WAN web server, and change usernames and
passwords. An HTML injection vulnerability affects the
'Domain name'"textbox" included in the management interface.
Ref: http://www.louhinetworks.fi/advisory/alink_081028.txt
______________________________________________________________________
[ terug ]