Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
October 23, 2008                                          Vol. 7. Week 43
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Windows                               1 (#1)
Other Microsoft Products                        1 
Third Party Windows Apps                        4 (#4, #5) 
Linux                                           2 
Unix                                            1 
Cross Platform                                 19 (#2, #3) 
Web Application - Cross Site Scripting          7 
Web Application - SQL Injection                31 
Web Application                                18 

*********************** Sponsored By Sourcefire, Inc. ******************* 
 
Best of Open Source Security (BOSS) Conference  
February 8-10, 2009   Flamingo Las Vegas  
 
Be sure to register the first IT security conference dedicated to
promoting open source security (OSS) technologies and the commercial
products that embrace them.

This long overdue conference will bring together passionate OSS
advocates and vendors under the same roof to share ideas and
experiences.

For more information, visit http://www.sans.org/info/34513 

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of 
evening sessions: http://www.sans.org/cdi08/
- - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
******************************************************************

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint 

(www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer Overflow
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
(5) HIGH: Hummingbird Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products 
08.43.1  - Microsoft Outlook Web Access for Exchange Server "redir.asp" URI
Redirection 
 -- Third Party Windows Apps 
08.43.2  - Hummingbird HostExplorer ActiveX Control "PlainTextPassword()" Buffer
Overflow 
08.43.3  - Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX Control
Multiple Security Vulnerabilities 
08.43.4  - Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll" Buffer
Overflow 
08.43.5  - Symantec Altiris Deployment Solution Client User Interface Local
Privilege Escalation 
 -- Linux 
08.43.6  - Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory
Corruption 
08.43.7  - Linux Kernel SCTP Protocol Violation Remote Denial of Service 
 -- Unix 
08.43.8  - Symantec Veritas File System "qioadmin" Local Information Disclosure 
 -- Cross Platform 
08.43.9  - Adobe Flash CS3 Professional SWF File Remote Code Execution 
08.43.10 - jhead versions Prior to 2.84 Multiple Vulnerabilities 
08.43.11 - Hewlett-Packard Systems Insight Manager Unspecified Unauthorized
Access 
08.43.12 - Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service 
08.43.13 - Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service 
08.43.14 - Apache HTTP Server OS Fingerprinting Unspecified Security 
08.43.15 - Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access 
08.43.16 - Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service 
08.43.17 - VLC Media Player TY File Stack Based Buffer Overflow 
08.43.18 - "nfs-utils" Package "hosts_ctl()" Security Bypass 
08.43.19 - MUSCLE "Message::AddToString()" Buffer Overflow 
08.43.20 - FireGPG Insecure Temporary File Creation 
08.43.21 - Symantec Veritas File System "qiomkfile" Local Information
Disclosure 
08.43.22 - Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture 
08.43.23 - RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution 
08.43.24 - Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities 
08.43.25 - IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities 
08.43.26 - F-Secure Multiple Products RPM File Integer Overflow 
08.43.27 - Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure 
 -- Web Application - Cross Site Scripting 
08.43.28 - Elxis CMS "index.php" Multiple Cross-Site Scripting and Session
Fixation Vulnerabilities 
08.43.29 - Habari "habari_username" Parameter Cross-Site Scripting 
08.43.30 - WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities 
08.43.31 - cpCommerce Multiple Cross-Site Scripting Vulnerabilities 
08.43.32 - Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting 
08.43.33 - MyNETS Unspecified Cross-Site Scripting 
08.43.34 - Wysi Wiki Wyg "index.php" Cross-Site Scripting 
 -- Web Application - SQL Injection 
08.43.35 - AstroSPACES "profile.php" SQL Injection 
08.43.36 - PhpWebGallery "comments.php" SQL Injection and Code Execution
Vulnerabilities 
08.43.37 - MyPHPDating "success_story.php" SQL Injection 
08.43.38 - myStats Security Bypass and SQL Injection Vulnerabilities 
08.43.39 - myEvent "viewevent.php" SQL Injection 
08.43.40 - SweetCMS "index.php" SQL Injection 
08.43.41 - WEB//NEWS Multiple SQL Injection Vulnerabilities 
08.43.42 - Drupal Node Vote Module Cast Vote SQL Injection 
08.43.43 - IP Reg "locationdel.php" SQL Injection 
08.43.44 - Mosaic Commerce "category.php" SQL Injection 
08.43.45 - CafeEngine "id" Parameter Multiple SQL Injection Vulnerabilities 
08.43.46 - CafeEngine Easy Cafe Engine "itemid" Parameter SQL Injection 
08.43.47 - ShiftThis Newsletter WordPress Plugin "stnl_iframe.php" SQL
Injection 
08.43.48 - Zeeproperty "bannerclick.php" SQL Injection 
08.43.49 - XOOPS GesGaleri Module "index.php" SQL Injection 
08.43.50 - Meeting Room Booking System "month.php" SQL Injection 
08.43.51 - myWebland miniBloggie "del.php" SQL Injection 
08.43.52 - Nice Talk Joomla! Component "tagid" Parameter SQL Injection 
08.43.53 - DS-Syndicate Joomla! Component "feed_id" Parameter SQL Injection 
08.43.54 - Woltlab Burning Board rGallery Plugin "itemID" Parameter SQL
Injection 
08.43.55 - e107 CMS 
08.43.56 - Jetbox CMS Multiple SQL Injection Vulnerabilities 
08.43.57 - PHP-Nuke Sarkilar Module "id" Parameter SQL Injection 
08.43.58 - Makale XOOPS Module "makale.php" SQL Injection 
08.43.59 - Limbo CMS "open.php" SQL Injection 
08.43.60 - TYPO3 JobControl Extension Unspecified SQL Injection 
08.43.61 - TYPO3 Econda Plugin Extension Unspecified SQL Injection 
08.43.62 - TYPO3 Frontend Users View Extension Unspecified SQL Injection 
08.43.63 - TYPO3 Mannschaftsliste Extension Unspecified SQL Injection 
08.43.64 - TYPO3 M1 Intern Extension Unspecified SQL Injection 
08.43.65 - TYPO3 Simple survey Extension Unspecified SQL Injection 
 -- Web Application 
08.43.66 - myPHPNuke "displayCategory.php" Multiple Remote File Include
Vulnerabilities 
08.43.67 - Drupal Node Clone Module Information Disclosure 
08.43.68 - Kure Multiple Local File Include Vulnerabilities 
08.43.69 - Mic_blog SQL Injection and Unauthorized Access Vulnerabilities 
08.43.70 - Mantis "manage_proj_page.php" PHP Code Injection 
08.43.71 - Calendars for the Web Security Bypass 
08.43.72 - XOOPS "hisa_cart" Module Remote Information Disclosure 
08.43.73 - Post Affiliate Pro "index.php" Local File Include 
08.43.74 - Slaytanic Scripts Content Plus Version 2.1.1 Multiple Unspecified
Vulnerabilities 
08.43.75 - FlashChat "connection.php" Role Filter Security Bypass 
08.43.76 - phpFastNews Cookie Authentication Bypass 
08.43.77 - FCKeditor "command.php" Arbitrary File Upload 
08.43.78 - Vivvo Article Management "classified_path" Parameter Remote File
Include 
08.43.79 - HP SiteScope SNMP Trap HTML Injection 
08.43.80 - Fast Click SQL Lite "init.php" Remote File Include 
08.43.81 - Midgard Components Framework Multiple Unspecified Vulnerabilities 
08.43.82 - yappa-ng "album" Parameter Local File Include 
08.43.83 - Opera Web Browser HTML Injection and Cross-Site Scripting
Vulnerabilities 
  
************************  Sponsored Link:  ****************************** 
1) Learn about data leakage, PCI compliance, identity theft, botnets, 
crimeware, security trends, and more. Register Today  
http://www.sans.org/info/34518
*************************************************************************

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a 
division of 3Com, as a by-product of that company's continuous effort to 
ensure that its intrusion prevention products effectively block exploits 
using known vulnerabilities. TippingPoint's analysis is complemented by 
input from a council of security managers from twelve large organizations 
who confidentially share with SANS the specific actions they have taken 
to protect their systems. A detailed description of the process may be 
found at http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft has provided advanced notification of a
vulnerability in a Remote Procedure Call (RPC) service. The
vulnerability was deemed severe enough to warrant an out-of-cycle
security update from Microsoft. The exact details of the vulnerability
have yet to be released, but are expected to be released sometime on
October 23rd, with a question-and-answer session via webcast. The
vulnerability allows for unauthenticated users to execute arbitrary code
on vulnerable systems.  Microsoft believes that the vulnerability could
be exploited in such a way as to provide creation of a worm.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Microsoft Webcast Information
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103239
3978&EventCategory=4&culture=en-US&CountryCode=US
Microsoft Security Bulletin Update
http://go.microsoft.com/fwlink/?LinkId=130719
Microsoft Advanced Notification
http://blogs.technet.com/sus/archive/2008/10/23/microsoft-security-
bulletin-advance-notification-for-october-2008.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/31874

***************************************************************
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
Affected:
libspf2 versions prior to 1.2.8
Description: SPF is the Sender Policy Framework (formerly "Sender 
Permitted From"). SPF is a mechanism to help prevent unauthorized or 
undesired email messages ("spam") by indicating from what servers a 
domain can send email. Receiving mail servers can check SPF records 
exported via DNS records to determine if a server sending email from a 
domain is legitimately doing so. LibSPF2 is a popular implementation of 
the SPF protocol and is used by a variety of mail and DNS products. It 
contains a buffer overflow in its processing of SPF records exported from 
DNS. A specially crafted SPF record could trigger this vulnerability. In 
most common scenarios, an attacker could exploit this vulnerability by 
simply sending an email message to a sever known to check SPF records.; 
therefore no user interaction is required. Successfully exploiting this 
vulnerability would allow an attacker to execute arbitrary code with the 
privileges of the vulnerable process, often a high-privilege account. 
Full technical details and a proof-of-concept are publicly available for 
this vulnerability.
Status: Vendor confirmed, updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31881.pl
Documentation by Dan Kaminsky
http://www.doxpara.com/?page_id=1256
Wikipedia Article on Sender Policy Framework
http://en.wikipedia.org/wiki/Sender_Policy_Framework
Vendor Home Page
http://www.libspf2.org/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31881

***************************************************************
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer 
Overflow
Affected:
Multiple F-Secure products; see vendor advisory
Description: The RPM Package Manager (formerly the Red Hat Package 
Manager, commonly "RPM") is a package manager used by a number of Linux- 
and Unix-based operating systems. Its packages are distributed in files 
referred to as "RPMs". A number of F-Secure malware scanning products 
contain an integer overflow when processing RPM packages. A specially 
crafted RPM package could trigger this overflow, leading to arbitrary 
code execution with the privileges of the vulnerable process. In 
situations where the vulnerable product is used to scan email messages, 
it is sufficient to have an email message transiting the server to 
trigger the vulnerability; no user interaction is necessary. Some 
technical details are publicly available for this vulnerability. 
Additionally, the RPM file format is open and well documented, making it 
amenable to fuzzing.
Status: Vendor confirmed, updates available.
References:
Vendor Security Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml
Wikipedia Article on RPM
http://en.wikipedia.org/wiki/RPM_Package_Manager
RPM Home Page
http://www.rpm.org
Vendor Home Page
http://www.f-secure.com/
SecurityFocus BID
http://www.securityfocus.com/bid/31846

***************************************************************
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
Affected:
Trend Microsoft OfficeScan versions 8.0 SP1 and prior
Description: Trend Micro OfficeScan is a popular enterprise malware 
scanning application. It provides administrative and other facilities via 
a web interface, using the Common Gateway Interface (CGI). Some of the 
web interface CGI programs contain buffer overflow vulnerabilities in 
their handling of HTTP requests. A specially crafted request to the web 
interface could trigger one of these buffer overflows, allowing an 
attacker to execute arbitrary code with the privileges of the vulnerable 
process. Some technical details are publicly available for these 
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-40/
Vendor Security Advisory
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_Critica
lPatch_B3110_readme.txt
Wikipedia Article on the Common Gateway Interface
http://en.wikipedia.org/wiki/Common_Gateway_Interface
Vendor Home Page
http://www.trendmicro.com
SecurityFocus BID
http://www.securityfocus.com/bid/31859

***************************************************************
(5) HIGH: Hummingbird Multiple Vulnerabilities
Affected:
Hummingbird Deployment Wizard 10 ActiveX Control
Hummingbird Host Explorer ActiveX Control versions 8.0 and prior
Description: Hummingbird Host Explorer is a popular terminal access 
solution for remote systems, and the Hummingbird Deployment Wizard is a 
product used to deploy other Hummingbird products. Both products provide 
some of their functionality via ActiveX controls. These controls contain 
various vulnerabilities, including buffer overflow and input validation 
vulnerabilities. A specially crafted web page that instantiated one of 
these controls could trigger one of these vulnerabilities, allowing an 
attacker to execute arbitrary code with the privileges of the current 
user. Technical details are publicly available for these vulnerabilities. 
A proof-of-concept is also publicly available.
Status: No confirmed updates available. Users can disable the affected 
controls via Microsoft's "kill bit' mechanism. Note that this will affect 
normal application functionality.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6776
Vendor Home Page
http://connectivity.hummingbird.com/home/connectivity.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/31799
http://www.securityfocus.com/bid/31783

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that 
company's ongoing effort to ensure its vulnerability management web 
service tests for all known vulnerabilities that can be scanned. As of 
this week Qualys scans for 5549 unique vulnerabilities. For this special 
SANS community listing, Qualys also includes vulnerabilities that cannot 
be scanned remotely.

08.43.1 CVE: CVE-2008-1547 
Platform: Other Microsoft Products 
Title: Microsoft Outlook Web Access for Exchange Server "redir.asp" 
URI Redirection 
Description: Outlook Web Access (OWA) is a web mail component of 
Microsoft Exchange Server. Outlook Web Access is exposed to a remote 
URI redirection issue because it fails to properly sanitize 
user-supplied input in the "URL" parameter of the "redir.asp" script. 
Outlook Web Access version 6.5 SP 2 is affected. 
Ref: http://www.securityfocus.com/archive/1/497374
______________________________________________________________________ 
 
08.43.2 CVE: Not Available 
Platform: Third Party Windows Apps 
Title: Hummingbird HostExplorer ActiveX Control "PlainTextPassword()" 
Buffer Overflow 
Description: Hummingbird HostExplorer is terminal emulation software. 
HostExplorer includes an ActiveX control for Microsoft Windows 
clients. The application is exposed to a buffer overflow issue because 
it fails to perform adequate boundary checks on user-supplied input. 
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________ 
 
08.43.3 CVE: Not Available 
Platform: Third Party Windows Apps 
Title: Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX 
Control Multiple Security Vulnerabilities 
Description: Hummingbird Deployment Wizard 10 ActiveX control is an 
application used by Hummingbird products to aid in software 
installation and configuration. The ActiveX control provided by the 
"DeployRun.dll" file is exposed to multiple issues that attackers can 
exploit to run arbitrary code. Hummingbird Deployment Wizard version 
10 10.0.0.44 is affected. 
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________ 
 
08.43.4 CVE: Not Available 
Platform: Third Party Windows Apps 
Title: Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll" 
Buffer Overflow 
Description: PowerTCP FTP for ActiveX is an ActiveX control that 
utilizes an FTP client. The application is exposed to a buffer 
overflow issue because it fails to perform adequate boundary checks on 
user-supplied input. PowerTCP FTP for ActiveX version 2.0.2.0 
is affected. 
Ref: http://www.securityfocus.com/bid/31814
______________________________________________________________________ 
 
08.43.5 CVE: Not Available 
Platform: Third Party Windows Apps 
Title: Symantec Altiris Deployment Solution Client User Interface 
Local Privilege Escalation 
Description: Symantec Altiris Deployment Solution is software for 
deploying and managing servers, desktops, notebooks, thin clients, and 
handheld devices from a centralized location. It is available for 
Microsoft Windows. The application is exposed to a local privilege 
escalation issue. The problem occurs in the client graphical user 
interface (GUI). 
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
______________________________________________________________________ 
 
08.43.6 CVE: CVE-2008-3831 
Platform: Linux 
Title: Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory 
Corruption 
Description: The Linux kernel is exposed to a memory corruption issue 
because of insufficient boundary checks in the i915 driver.  This 
issue affects the "drivers/char/drm/i915_dma.c" source file and can be 
exploited with specially-crafted "DRM_I915_HWS_ADDR" IOCTL calls. 
Linux kernel versions 2.6.24.6 and earlier are affected. 
Ref: http://www.securityfocus.com/bid/31792
______________________________________________________________________ 
 
08.43.7 CVE: CVE-2008-4618 
Platform: Linux 
Title: Linux Kernel SCTP Protocol Violation Remote Denial of Service 
Description: The Linux kernel is exposed to a remote denial of service 
issue because it fails to handle SCTP protocol violations. This issue 
occurs when handling certain SCTP protocol violations resulting from 
invalid parameter lengths. Linux kernel versions prior to 2.6.27 are 
affected. 
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1079
______________________________________________________________________ 
 
08.43.8 CVE: Not Available 
Platform: Unix 
Title: Symantec Veritas File System "qioadmin" Local Information 
Disclosure 
Description: Symantec Veritas File System (VxFS) is a commercial 
filesystem available for Unix and Unix like operating systems. The 
application is exposed to a local information disclosure issue that is 
present in the "qioadmin" utility for the Quick I/O for Database 
feature. 
Ref: http://seer.entsupport.symantec.com/docs/310872.htm
______________________________________________________________________ 
 
08.43.9 CVE: CVE-2008-4473 
Platform: Cross Platform 
Title: Adobe Flash CS3 Professional SWF File Remote Code Execution 
Description: Adobe Flash CS3 Professional is an application for 
creating Flash media files. Flash CS3 Professional is exposed to a 
remote code execution issue when processing specially crafted SWF 
files. Flash CS3 Professional for Microsoft Windows is affected. 
Ref: http://www.securityfocus.com/archive/1/497397
______________________________________________________________________ 
 
08.43.10 CVE: CVE-2008-4575 
Platform: Cross Platform 
Title: jhead versions Prior to 2.84 Multiple Vulnerabilities 
Description: jhead is an exif jpeg header manipulation tool. jhead is 
exposed to multiple remote issues. Attackers can exploit these issues 
to execute arbitrary code within the context of the affected 
application, crash the affected application, perform symbolic link 
attacks and overwrite arbitrary files on the affected computer. jhead 
versions prior to 2.84 are affected. 
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 
______________________________________________________________________ 
 
08.43.11 CVE: CVE-2008-4412 
Platform: Cross Platform 
Title: Hewlett-Packard Systems Insight Manager Unspecified 
Unauthorized Access 
Description: Hewlett Packard Systems Insight Manager (SIM) is a tool 
for managing HP servers. SIM is exposed to an unspecified unauthorized 
access issue. A remote attacker may exploit this issue to gain 
unauthorized access to data. SIM versions prior to 5.2 SP2 are 
affected. 
Ref: http://www.securityfocus.com/bid/31777
______________________________________________________________________ 
 
08.43.12 CVE: Not Available 
Platform: Cross Platform 
Title: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of 
Service 
Description: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client are 
exposed to a denial of service issue that occurs when the applications 
are configured to report JP1 events. 
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-019/
index.html 
______________________________________________________________________ 
 
08.43.13 CVE: Not Available 
Platform: Cross Platform 
Title: Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service 
Description: Hitachi XFIT/S/JCA and XFIT/S/ZGN are exposed to an 
unspecified denial of service issue because they fail to properly 
handle unexpected data. 
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-020/
index.html 
______________________________________________________________________ 
 
08.43.14 CVE: Not Available 
Platform: Cross Platform 
Title: Apache HTTP Server OS Fingerprinting Unspecified Security 
Description: Apache is an HTTP server available for various operating 
systems. The application is exposed to an unspecified security issue 
related to OS fingerprinting at the application level. Apache version 
2.2.9 is affected. 
Ref: http://www.securityfocus.com/archive/1/497506
______________________________________________________________________ 
 
08.43.15 CVE: Not Available 
Platform: Cross Platform 
Title: Hitachi JP1/File Transmission Server/FTP File Modification 
Unauthorized Access 
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise 
FTP application. Hitachi JP1/File Transmission Server/FTP is exposed 
to an issue that may allow attackers to modify file permissions. 
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-018/
index.html 
______________________________________________________________________ 
 
08.43.16 CVE: Not Available 
Platform: Cross Platform 
Title: Hitachi JP1/File Transmission Server/FTP Unspecified Denial of 
Service 
Description: Hitachi JP1/File Transmission Server/FTP is exposed to an 
unspecified denial of service issue because it fails to properly 
handle unexpected data. 
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vu
s/HS08-017/index.html 
______________________________________________________________________ 
 
08.43.17 CVE: Not Available 
Platform: Cross Platform 
Title: VLC Media Player TY File Stack-Based Buffer Overflow 
Description: VLC is a cross-platform media player. VLC is exposed to a 
stack-based buffer overflow issue because it fails to perform adequate 
checks on user-supplied input. This occurs when the application parses 
specially-crafted TY files. VLC Media Player versions prior to 0.9.0 
up to and including 0.9.4 are affected. 
Ref: http://www.securityfocus.com/archive/1/497587
______________________________________________________________________ 
 
08.43.18 CVE: CVE-2008-4552 
Platform: Cross Platform 
Title: "nfs-utils" Package "hosts_ctl()" Security Bypass 
Description: The "nfs-utils" package provides a daemon for the kernel 
NFS server and related tools. The application is exposed to a security 
bypass issue because of an error in the implementation of TCP 
wrappers. This issue is caused due to a wrong number of arguments 
passed to the "hosts_ctl()" function, causing TCP Wrappers to ignore 
netgroups. "nfs-utils" package version 1.0.9 is affected. 
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458676 
______________________________________________________________________ 
 
08.43.19 CVE: Not Available 
Platform: Cross Platform 
Title: MUSCLE "Message::AddToString()" Buffer Overflow 
Description: MUSCLE (Multi User Server Client Linkage Environment) is 
a cross-platform client server messaging system. The library is 
exposed to a buffer overflow issue because it fails to perform 
adequate boundary checks on user-supplied data. MUSCLE version 4.30 is 
affected. 
Ref: https://public.msli.com/lcs/muscle/muscle/HISTORY.txt 
______________________________________________________________________ 
 
08.43.20 CVE: Not Available 
Platform: Cross Platform 
Title: FireGPG Insecure Temporary File Creation 
Description: FireGPG is an add on providing GNU Privacy Guard (GPG) 
functionality for the Firefox web browser. FireGPG creates temporary 
files in an insecure manner. Specifically, when decrypting email, 
FireGPG creates temporary files with predictable names for the 
encrypted content, the decrypted content, and the user passphrase. 
FireGPG versions prior to 6.0 are affected. 
Ref: http://www.securityfocus.com/archive/1/497547
______________________________________________________________________ 
 
08.43.21 CVE: CVE-2008-3248 
Platform: Cross Platform 
Title: Symantec Veritas File System "qiomkfile" Local Information 
Disclosure 
Description: Symantec Veritas File System (VxFS) is a commercial 
filesystem available for Unix and Unix like operating systems. The 
application is exposed to an information disclosure issue which may 
result in sensitive information being made available to local 
attackers. Veritas File System versions prior to 5.0 MP3 are affected. 
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20.html
______________________________________________________________________ 
 
08.43.22 CVE: Not Available 
Platform: Cross Platform 
Title: Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic 
Emanation Capture 
Description: Keyboards from multiple vendors are exposed to an 
information disclosure issue because the devices do not adequately 
shield electromagnetic emanations. This issue affects USB, PS/2, and 
laptop keyboards manufactured between 2001 and 2008. 
Ref: http://www.securityfocus.com/bid/31831
______________________________________________________________________ 
 
08.43.23 CVE: Not Available 
Platform: Cross Platform 
Title: RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution 
Description: RealVNC (Virtual Network Computing) allows users to 
access remote computers for administration purposes. RealVNC Viewer is 
exposed to a remote code execution issue because it fails to 
adequately handle certain encoding types. RealVNC Free Edition 
versions prior to 4.1.3 are affected. 
Ref: http://www.realvnc.com/products/free/4.1/release-notes.html
______________________________________________________________________ 
 
08.43.24 CVE: Not Available 
Platform: Cross Platform 
Title: Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities 
Description: Wireshark (formerly Ethereal) is an application for 
analyzing network traffic; it is available for Microsoft Windows and 
UNIX like operating systems. Wireshark is exposed to multiple denial 
of service issues when handling certain types of packets and protocols 
in varying conditions. Wireshark versions 0.10.3 up to and including 
1.0.3 are affected. 
Ref: http://www.wireshark.org/security/wnpa-sec-2008-06.html
______________________________________________________________________ 
 
08.43.25 CVE: Not Available 
Platform: Cross Platform 
Title: IBM WebSphere Application Server Denial of Service And Security 
Bypass Vulnerabilities 
Description: IBM WebSphere Application Server (WAS) is an application 
infrastructure used for service oriented architecture. The application 
is exposed to multiple issues. Successful exploits may allow attackers 
to hang the server causing a denial of service condition or bypass 
certain security restrictions. IBM WebSphere Application Server 
versions prior to 6.0.2.31 are affected. 
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006876
______________________________________________________________________ 
 
08.43.26 CVE: Not Available 
Platform: Cross Platform 
Title: F-Secure Multiple Products RPM File Integer Overflow 
Description: Multiple F-Secure products are exposed to an integer 
overflow issue because the applications fail to properly handle 
user-supplied input. Specifically, the issue occurs when an affected 
application parses a specially-crafted malicious RPM archive file. 
Ref: http://www.f-secure.com/security/fsc-2008-3.shtml
______________________________________________________________________ 
 
08.43.27 CVE: Not Available 
Platform: Cross Platform 
Title: Symantec Altiris Deployment Solution Clear Text Password Local 
Information Disclosure 
Description: Symantec Altiris Deployment Solution is software for 
deploying and managing servers, desktops, and notebooks. The 
application is exposed to a local information disclosure issue because 
it stores Application Identity Account passwords in clear text on the 
affected computer. Symantec Altiris Deployment Solution versions prior 
to 6.9.355 are affected. 
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20b.html
______________________________________________________________________ 
 
08.43.28 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: Elxis CMS "index.php" Multiple Cross-Site Scripting and Session 
Fixation Vulnerabilities 
Description: Elxis CMS is a content manager. The application is 
exposed to multiple cross-site scripting issues because it fails to 
sufficiently sanitize user-supplied input. Elxis CMS version 2006.1 is 
affected. 
Ref: http://www.securityfocus.com/bid/31764
______________________________________________________________________ 
 
08.43.29 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: Habari "habari_username" Parameter Cross-Site Scripting 
Description: Habari is a PHP based content manager. The application is 
exposed to a cross-site scripting issue because it fails to 
sufficiently sanitize user-supplied input to the "habari_username" 
parameter. Habari version 0.5.1 is affected. 
Ref: http://www.securityfocus.com/bid/31794
______________________________________________________________________ 
 
08.43.30 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: WebGUI Security Bypass and Multiple Cross-Site Scripting 
Vulnerabilities 
Description: WebGUI is a web-based content manager. The application is 
exposed to multiple issues. WebGUI version 7.5.25 is affected. 
Ref: http://www.webgui.org/getwebgui/advisories/webgui-7.5.26-stable-released
______________________________________________________________________ 
 
08.43.31 CVE: CVE-2008-4121 
Platform: Web Application - Cross Site Scripting 
Title: cpCommerce Multiple Cross-Site Scripting Vulnerabilities 
Description: cpCommerce is a PHP based e-commerce application. The 
application is exposed to multiple cross-site scripting issues because 
it fails to properly sanitize user-supplied input. cpCommerce versions 
prior to 1.2.4 are affected. 
Ref: http://www.securityfocus.com/archive/1/497545
______________________________________________________________________ 
 
08.43.32 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: Movable Type Prior to Version 4.22 Unspecified Cross-Site 
Scripting 
Description: Movable Type is a web-log application written in PERL. 
Movable Type is exposed to an unspecified cross-site scripting issue 
because it fails to sufficiently sanitize user-supplied data. This 
issue affects the application management section of the application. 
Movable Type versions prior to 4.22 are affected. 
Ref: http://www.securityfocus.com/bid/31826
______________________________________________________________________ 
 
08.43.33 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: MyNETS Unspecified Cross-Site Scripting 
Description: MyNETS is a web-based application. MyNETS is exposed to 
an unspecified cross-site scripting issue because it fails to properly 
sanitize user-supplied input. An attacker may leverage this issue to 
execute arbitrary script code in the browser of an unsuspecting user 
in the context of the affected site. 
Ref: http://www.securityfocus.com/bid/31835
______________________________________________________________________ 
 
08.43.34 CVE: Not Available 
Platform: Web Application - Cross Site Scripting 
Title: Wysi Wiki Wyg "index.php" Cross-Site Scripting 
Description: Wysi Wiki Wyg is a PHP based wiki application. The 
application is exposed to a cross-site scripting issue because it 
fails to sufficiently sanitize user-supplied input passed to the "s" 
parameter of the "index.php" script. 
Ref: http://www.securityfocus.com/bid/31836
______________________________________________________________________ 
 
08.43.35 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: AstroSPACES "profile.php" SQL Injection 
Description: AstroSPACES is a web-based social networking application. 
The application is exposed to an SQL injection issue because it fails 
to sufficiently sanitize user-supplied data to the "id" parameter of 
the "profile.php" script before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31771
______________________________________________________________________ 
 
08.43.36 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: PhpWebGallery "comments.php" SQL Injection and Code Execution 
Vulnerabilities 
Description: PhpWebGallery is a PHP based photo gallery. The 
application is exposed to an SQL injection issue because it fails to 
sufficiently sanitize user-supplied data to the "sort_by" parameter of 
the "comments.php" script before using it in an SQL query. 
PhpWebGallery versions up to and including 1.7.2 are affected. 
Ref: http://www.securityfocus.com/bid/31762
______________________________________________________________________ 
 
08.43.37 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: MyPHPDating "success_story.php" SQL Injection 
Description: MyPHPDating is a PHP based application. The application 
is exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "id" parameter of the 
"success_story.php" script before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31763
______________________________________________________________________ 
 
08.43.38 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: myStats Security Bypass and SQL Injection Vulnerabilities 
Description: myStats is a web-based application. The application is 
exposed to multiple security issues. 
Ref: http://www.securityfocus.com/bid/31772
______________________________________________________________________ 
 
08.43.39 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: myEvent "viewevent.php" SQL Injection 
Description: myEvent is a web-based application. The application is 
exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "eventdate" parameter of the 
"viewevent.php" script before using it in an SQL query. myEvent 
version 1.6 is affected. 
Ref: http://www.securityfocus.com/bid/31773
______________________________________________________________________ 
 
08.43.40 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: SweetCMS "index.php" SQL Injection 
Description: SweetCMS is a web-based content manager. The application 
is exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "page" parameter of the "index.php" 
script before using it in an SQL query. SweetCMS version 1.5.2 is 
affected. 
Ref: http://www.securityfocus.com/bid/31774
______________________________________________________________________ 
 
08.43.41 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: WEB//NEWS Multiple SQL Injection Vulnerabilities 
Description: WEB//NEWS is a web-based news script. The application is 
exposed to multiple SQL injection issues because it fails to 
sufficiently sanitize user-supplied input. 
WEB//NEWS versions prior to 1.4.1a are affected. 
Ref: http://www.securityfocus.com/archive/1/497399
______________________________________________________________________ 
 
08.43.42 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Drupal Node Vote Module Cast Vote SQL Injection 
Description: Drupal Node Vote is a voting module for the Drupal 
content manager. The application is exposed to an SQL injection issue 
because it fails to sufficiently sanitize user-supplied data. This 
issue occurs in an unspecified field when changing a previous cast 
vote. 
Ref: http://drupal.org/node/321685
______________________________________________________________________ 
 
08.43.43 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: IP Reg "locationdel.php" SQL Injection 
Description: IP Reg is an IPAM tool to keep track of assets and nodes 
(IP addresses, MAC addresses, DNS aliases) within different subnets 
over different locations or VLANs. The application is exposed to an 
SQL injection issue because it fails to properly sanitize 
user-supplied input to the "location_id" parameter of the 
"locationdel.php" script before using it in SQL queries. IP Reg 
version 0.4 is affected. 
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________ 
 
08.43.44 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Mosaic Commerce "category.php" SQL Injection 
Description: Mosaic Commerce is a PHP based e-commerce application. 
The application is exposed to an SQL injection issue because it fails 
to sufficiently sanitize user-supplied data to the "cid" parameter of 
the "category.php" script before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31782
______________________________________________________________________ 
 
08.43.45 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: CafeEngine "id" Parameter Multiple SQL Injection 
Vulnerabilities 
Description: CafeEngine is online cafe management software. The 
application is exposed to multiple SQL injection issues because it 
fails to sufficiently sanitize user-supplied data to the "id" 
parameter of these scripts: "dish.php" and "menu.php". 
Ref: http://www.securityfocus.com/bid/31786
______________________________________________________________________ 
 
08.43.46 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: CafeEngine Easy Cafe Engine "itemid" Parameter SQL Injection 
Description: CafeEngine Easy Cafe Engine is a PHP-based application 
for managing cafe web pages. The application is exposed to an SQL 
injection issue because it fails to sufficiently sanitize 
user-supplied data to the "itemid" parameter of the "index.php" script 
before using it in an SQL query. Easy Cafe Engine version 1.1 is 
affected. 
Ref: http://www.securityfocus.com/bid/31788
______________________________________________________________________ 
 
08.43.47 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: ShiftThis Newsletter WordPress Plugin "stnl_iframe.php" SQL 
Injection 
Description: ShiftThis Newsletter is a plugin for the WordPress web log 
application. The plugin is exposed to an SQL injection issue because 
it fails to sufficiently sanitize user-supplied data to the 
"newsletter" parameter of the "plugins/st_newsletter/stnl_iframe.php" 
script before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31806
______________________________________________________________________ 
 
08.43.48 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Zeeproperty "bannerclick.php" SQL Injection 
Description: Zeeproperty is a real estate portal application. The 
application is exposed to an SQL injection issue because it fails to 
sufficiently sanitize user-supplied data to the "adid" parameter of 
the "bannerclick.php" script before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31807
______________________________________________________________________ 
 
08.43.49 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: XOOPS GesGaleri Module "index.php" SQL Injection 
Description: GesGaleri is a gallery module for the XOOPS content 
management system. The application is exposed to an SQL injection 
issue because it fails to sufficiently sanitize user-supplied data to 
the "kategorino" parameter of the "index.php" script before using it 
in an SQL query. 
Ref: http://www.securityfocus.com/bid/31808
______________________________________________________________________ 
 
08.43.50 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Meeting Room Booking System "month.php" SQL Injection 
Description: Meeting Room Booking System is a web-based application. 
The application is exposed to an SQL injection issue because it fails 
to sufficiently sanitize user-supplied data to the "area" parameter of 
the "month.php" script before using it in an SQL query. Meeting Room 
Booking System version 1.4 is affected. 
Ref: http://www.securityfocus.com/bid/31809
______________________________________________________________________ 
 
08.43.51 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: myWebland miniBloggie "del.php" SQL Injection 
Description: miniBloggie is a web log application. The application is 
exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "post_id" parameter of the 
"del.php" script before using it in an SQL query. miniBloggie version 
1.0 is affected. 
Ref: http://www.securityfocus.com/bid/31810
______________________________________________________________________ 
 
08.43.52 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Nice Talk Joomla! Component "tagid" Parameter SQL Injection 
Description: Nice Talk is a PHP-based component for the Joomla! 
content manager. The application is exposed to an SQL injection issue 
because it fails to sufficiently sanitize user-supplied data to the 
"tagid" parameter. 
Ref: http://www.securityfocus.com/bid/31818
______________________________________________________________________ 
 
08.43.53 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: DS-Syndicate Joomla! Component "feed_id" Parameter SQL 
Injection 
Description: DS-Syndicate is a PHP-based component for the Joomla! 
content manager. The application is prone to an SQL injection 
vulnerability because it fails to sufficiently sanitize user-supplied 
data to the "feed_id" parameter. 
Ref: http://www.securityfocus.com/bid/31819
______________________________________________________________________ 
 
08.43.54 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Woltlab Burning Board rGallery Plugin "itemID" Parameter SQL 
Injection 
Description: The rGallery plugin for Woltlab Burning Board is a 
web-based application. The application is exposed to an SQL injection 
issue because it fails to sufficiently sanitize user-supplied data to 
the "itemID" parameter of the "RGalleryImageWrapper" page. rGallery 
version 1.09 is affected. 
Ref: http://www.securityfocus.com/bid/31820
______________________________________________________________________ 
 
08.43.55 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: e107 CMS 
Description: e107 CMS is a PHP-based content manager. The application 
is exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "ue[]" array parameter of the 
"usersettings.php" script before using it in an SQL query. e107 CMS 
versions 0.7.13 and earlier are affected. 
Ref: http://www.securityfocus.com/bid/31821
______________________________________________________________________ 
 
08.43.56 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Jetbox CMS Multiple SQL Injection Vulnerabilities 
Description: Jetbox CMS is a content manager. The application is 
exposed to multiple SQL injection issues because it fails to 
sufficiently sanitize user-supplied data. Jetbox CMS version 2.1 is 
affected. 
Ref: http://www.digitrustgroup.com/advisories/web-application-security-jetbox
______________________________________________________________________ 
 
08.43.57 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: PHP-Nuke Sarkilar Module "id" Parameter SQL Injection 
Description: Sarkilar is a plugin for PHP Nuke. The application is 
exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "id" parameter before using it in 
an SQL query. 
Ref: http://www.securityfocus.com/bid/31830
______________________________________________________________________ 
 
08.43.58 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Makale XOOPS Module "makale.php" SQL Injection 
Description: The "makale" module is a PHP-based application for the 
XOOPS content manager. The application is exposed to an SQL injection 
issue because it fails to sufficiently sanitize user-supplied data to 
the "id" parameter of the "modules/makale/makale.php" script before 
using it in an SQL query. The "makale" XOOPS module update025 is 
affected. 
Ref: http://www.securityfocus.com/bid/31834
______________________________________________________________________ 
 
08.43.59 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: Limbo CMS "open.php" SQL Injection 
Description: Limbo CMS is a content manager. The application is 
exposed to an SQL injection issue because it fails to sufficiently 
sanitize user-supplied data to the "id" parameter in the 
"com_privmsg/open.php" before using it in an SQL query. 
Ref: http://www.securityfocus.com/bid/31837
______________________________________________________________________ 
 
08.43.60 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 JobControl Extension Unspecified SQL Injection 
Description: JobControl is an extension for the TYPO3 content manager. 
JobControl is not a part of the TYPO3 default installation. The 
application is exposed to an SQL injection issue because it fails to 
sufficiently sanitize input before using it in an SQL query. TYPO3 
JobControl versions up to and including 1.15.4 are affected. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.61 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 Econda Plugin Extension Unspecified SQL Injection 
Description: Econda Plugin is an extension for the TYPO3 content 
manager. Econda Plugin is not a part of the TYPO3 default 
installation. The application is exposed to an SQL injection issue 
because it fails to sufficiently sanitize input before using it in an 
SQL query. TYPO3 Econda Plugin versions up to and including 0.0.4 are 
affected. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.62 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 Frontend Users View Extension Unspecified SQL Injection 
Description: Frontend Users View is an extension for the TYPO3 content 
manager. Frontend Users View is not a part of the TYPO3 default 
installation. The application is exposed to an SQL injection issue 
because it fails to sufficiently sanitize input before using it in an 
SQL query. TYPO3 Frontend Users View versions up to and including  
0.1.6 are affected. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.63 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 Mannschaftsliste Extension Unspecified SQL Injection 
Description: Mannschaftsliste is an extension for the TYPO3 content 
manager. Mannschaftsliste is not a part of the TYPO3 default 
installation. The application is exposed to an SQL injection issue 
because it fails to sufficiently sanitize input before using it in an 
SQL query. TYPO3 Mannschaftsliste versions up to and including 1.0.3 
are affected. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.64 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 M1 Intern Extension Unspecified SQL Injection 
Description: M1 Intern is an extension for the TYPO3 content manager. 
M1 Intern is not a part of the TYPO3 default installation. The 
application is exposed to an SQL injection issue because it fails to 
sufficiently sanitize input before using it in an SQL query. TYPO3 M1 
Intern version 1.0.0 is affected. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.65 CVE: Not Available 
Platform: Web Application - SQL Injection 
Title: TYPO3 Simple survey Extension Unspecified SQL Injection 
Description: TYPO3 Simple survey is a PHP-based survey application. 
The application is exposed to an SQL injection issue because it fails 
to sufficiently sanitize input before using it in an SQL query. TYPO3 
Simple survey versions 1.7.0 and prior are vulnerable. 
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________ 
 
08.43.66 CVE: Not Available 
Platform: Web Application 
Title: myPHPNuke "displayCategory.php" Multiple Remote File Include 
Vulnerabilities 
Description: MyPHPNuke is a PHP-based content manager. The application 
is exposed to multiple remote file include issues because it fails to 
sufficiently sanitize user-supplied input to the "basepath" and 
"adminpath" parameters of the "gallery/displayCategory.php" script. 
MyPHPNuke version 188_8 rc2 is affected. 
Ref: http://www.securityfocus.com/bid/31778
______________________________________________________________________ 
 
08.43.67 CVE: Not Available 
Platform: Web Application 
Title: Drupal Node Clone Module Information Disclosure 
Description: Node Clone module is a module for Drupal that allows 
users to copy existing items of content (nodes). The application is 
exposed to an information disclosure issue because it fails to restrict 
access to certain portions of the affected application. 
Ref: http://drupal.org/node/321737
______________________________________________________________________ 
 
08.43.68 CVE: Not Available 
Platform: Web Application 
Title: Kure Multiple Local File Include Vulnerabilities 
Description: Kure is a web log application. The application is exposed 
to multiple local file include issues because it fails to properly 
sanitize user-supplied input to the "post" and "doc" parameters of the 
"index.php" script. Kure version 0.6.3 is affected. 
Ref: http://www.securityfocus.com/bid/31785
______________________________________________________________________ 
 
08.43.69 CVE: Not Available 
Platform: Web Application 
Title: Mic_blog SQL Injection and Unauthorized Access Vulnerabilities 
Description: Mic_blog is a blog application. The application is 
exposed to multiple remote issues. An SQL injection issue  
affects the "cat" parameter of the "category.php" script. An 
unauthorized access issue permits attackers to add administrative 
accounts to the affected application. Mic_blog version 0.0.3 is 
affected. 
Ref: http://www.securityfocus.com/bid/31812
______________________________________________________________________ 
 
08.43.70 CVE: Not Available 
Platform: Web Application 
Title: Mantis "manage_proj_page.php" PHP Code Injection 
Description: Mantis is a web-based bug tracking system. Mantis is 
exposed to an issue that lets attackers inject arbitrary PHP code. The 
issue occurs because the application fails to properly sanitize 
user-supplied input to the "sort" parameter of the 
"manage_proj_page.php" script. Mantis versions 1.1.3 and earlier are 
affected. 
Ref: http://www.securityfocus.com/bid/31789
______________________________________________________________________ 
 
08.43.71 CVE: Not Available 
Platform: Web Application 
Title: Calendars for the Web Security Bypass 
Description: Calendars for the Web is a web-based application. The 
application is exposed to a security bypass issue. Specifically, the 
vulnerability exists in the administration page because the 
application saves the past session. Calendars for the Web version 4.01 
is affected. 
Ref: http://www.securityfocus.com/bid/31791
______________________________________________________________________ 
 
08.43.72 CVE: Not Available 
Platform: Web Application 
Title: XOOPS "hisa_cart" Module Remote Information Disclosure 
Description: "hisa_cart" is a module for XOOPS content manager. The 
module is exposed to a remote information disclosure issue due to an 
unspecified error. "hisa_cart" versions prior to 1.29 are affected. 
Ref: http://www.securityfocus.com/bid/31795
______________________________________________________________________ 
 
08.43.73 CVE: Not Available 
Platform: Web Application 
Title: Post Affiliate Pro "index.php" Local File Include 
Description: Post Affiliate Pro is an affiliate management 
application. The application is exposed to a local file include issue 
because it fails to properly sanitize user-supplied input to the "md" 
parameter of the "index.php" script. Post Affiliate Pro version 2.0 is 
affected. 
Ref: http://www.securityfocus.com/bid/31796
______________________________________________________________________ 
 
08.43.74 CVE: Not Available 
Platform: Web Application 
Title: Slaytanic Scripts Content Plus Version 2.1.1 Multiple 
Unspecified Vulnerabilities 
Description: Slaytanic Scripts Content Plus is an enhancement 
distribution for PHP Nuke. The application is exposed to multiple 
issues caused by unspecified errors. Slaytanic Scripts Content Plus 
version 2.1.1 is affected. 
Ref: http://sourceforge.net/project/shownotes.php?release_id=632842
______________________________________________________________________ 
 
08.43.75 CVE: Not Available 
Platform: Web Application 
Title: FlashChat "connection.php" Role Filter Security Bypass 
Description: FlashChat is a chat room application. The application is 
exposed to a security bypass issue that may allow attackers to gain 
administrative access to the affected application. This issue affects 
the "s" parameter of the "connection.php" script. 
Ref: http://www.securityfocus.com/archive/1/497474
______________________________________________________________________ 
 
08.43.76 CVE: Not Available 
Platform: Web Application 
Title: phpFastNews Cookie Authentication Bypass 
Description: phpFastNews is a web-based news application. The 
application is exposed to an authentication bypass issue because it 
fails to adequately verify user-supplied input used for cookie-based 
authentication. phpFastNews version 1.0.0 is affected. 
Ref: http://www.securityfocus.com/bid/31811
______________________________________________________________________ 
 
08.43.77 CVE: Not Available 
Platform: Web Application 
Title: FCKeditor "command.php" Arbitrary File Upload 
Description: FCKeditor is an online text/DHTML editor. FCKeditor is 
exposed to an arbitrary file upload issue because it fails to 
adequately sanitize user-supplied input. This issue affects the  
"editor/filemanager/browser/default/connectors/php/connector.php" 
script. 
Ref: http://www.securityfocus.com/bid/31812
______________________________________________________________________ 
 
08.43.78 CVE: Not Available 
Platform: Web Application 
Title: Vivvo Article Management "classified_path" Parameter Remote 
File Include 
Description: Vivvo Article Management is a content manager. The 
application is exposed to a remote file include issue because it fails 
to properly sanitize user-supplied input to the "classified_path" 
parameter of the "HTML_function.php" script. Vivvo Article Management 
versions 3.2 and earlier are affected. 
Ref: http://www.securityfocus.com/bid/31815
______________________________________________________________________ 
 
08.43.79 CVE: Not Available 
Platform: Web Application 
Title: HP SiteScope SNMP Trap HTML Injection 
Description: HP SiteScope is an agentless distribution system for IT 
infrastructure. The web interface is prone to an HTML injection issue  
because it fails to properly sanitize input from received SNMP trap  
messages. HP SiteScope version 9.0 build 911 is affected. 
Ref: http://www.securityfocus.com/archive/1/497548
______________________________________________________________________ 
 
08.43.80 CVE: Not Available 
Platform: Web Application 
Title: Fast Click SQL Lite "init.php" Remote File Include 
Description: Fast Click SQL Lite is an application that counts web site 
visitors. The application is exposed to a remote file include issue 
because it fails to properly sanitize user-supplied input to the 
"CFG[CDIR]" parameter of the "init.php" script. Fast Click SQL Lite 
version 1.1.7 is affected. 
Ref: http://www.securityfocus.com/bid/31817
______________________________________________________________________ 
 
08.43.81 CVE: Not Available 
Platform: Web Application 
Title: Midgard Components Framework Multiple Unspecified 
Vulnerabilities 
Description: Midgard Components Framework is a PHP based web 
development component library. The library is exposed to multiple 
issues caused by unspecified errors. Midgard Components Framework 
versions prior to 8.09.1 are affected. 
Ref: http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210
______________________________________________________________________ 
 
08.43.82 CVE: Not Available 
Platform: Web Application 
Title: yappa-ng "album" Parameter Local File Include 
Description: yappa-ng is a photo album application. The application is 
exposed to a local file include issue because it fails to properly 
sanitize user-supplied input to the "album" parameter of the 
"index.php" script. yappa-ng version 2.3.2 is affected. 
Ref: http://www.securityfocus.com/bid/31828
______________________________________________________________________ 
 
08.43.83 CVE: Not Available 
Platform: Web Application 
Title: Opera Web Browser HTML Injection and Cross-Site Scripting 
Vulnerabilities 
Description: Opera Web Browser is a browser that runs on multiple 
operating systems. The application is prone to HTML injection and 
cross-site scripting issues because it fails to properly sanitize 
user-supplied input. Opera Web Browser versions prior to 9.61 are 
affected. 
Ref: http://www.opera.com/support/search/view/905/
______________________________________________________________________ 
[ terug ]