Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
October 16, 2008                                          Vol. 7. Week 42
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                       8 (#1, #2, #3, #6, #8, #9)
Microsoft Office                              3 (#7)
Other Microsoft Products                      8
Third Party Windows Apps                      9 (#11)
Mac Os                                       10 (#5)
Linux                                         3
Unix                                          2
Cross Platform                               29 (#4, #10)
Web Application - Cross Site Scripting        2
Web Application - SQL Injection              24
Web Application                              21
Network Device                                3

*********** Sponsored By Rapid7 Inc. *********** 

NeXpose Unified Vulnerability Management offers the broadest, deepest
and most accurate vulnerability scanning across networks, databases and
Web applications, helping companies understand the risk certain
vulnerabilities can have on its IT environment and ensure its network
complies with governmental regulations and corporate security policies.
Get more information and a free 20 day evaluation.
http://www.sans.org/info/34243

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
******************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Active Directory Remote Code Execution (MS08-060)
(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-058)
(3) CRITICAL: Microsoft Host Integration Server RPC Service Remote Code
Execution (MS08-059)
(4) CRITICAL: Apple CUPS Remote Code Execution Vulnerability
(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
(6) CRITICAL: Computer Associates ARCServe Backup Multiple Vulnerabilities
(7) HIGH:  Microsoft Excel Multiple Vulnerabilities (MS08-057)
(8) HIGH: Microsoft Windows Internet Printing Service Remote Code Execution
(MS08-062)
(9) HIGH: Microsoft Message Queueing Service Remote Code Execution (MS08-065)
(10) HIGH: Sun Java System Web Proxy Server Buffer Overflow
(11) MODERATE: Adobe CS3 SWF Parsing Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.42.1  - Microsoft Windows Active Directory LDAP Request Handling Remote Code
Execution
08.42.2  - Microsoft Windows SMB Buffer Underflow Code Execution
08.42.3  - Microsoft Windows Kernel Window Creation Local Privilege Escalation
08.42.4  - Microsoft Windows Kernel Memory Corruption Local Privilege Escalation
08.42.5  - Microsoft Windows Kernel Unhandled System Call Local Privilege
Escalation
08.42.6  - Microsoft Windows AFD Driver Local Privilege Escalation
08.42.7  - Microsoft Windows VAD Local Privilege Escalation
08.42.8  - Microsoft Windows Internet Printing Service Integer Overflow
 -- Microsoft Office
08.42.9  - Microsoft Excel Calendar Object Validation Remote Code Execution
08.42.10 - Microsoft Excel BIFF File Format Parsing Remote Code Execution
08.42.11 - Microsoft Excel Formula Parsing Remote Code Execution
 -- Other Microsoft Products
08.42.12 - Microsoft PicturePusher "PipPPush.dll" ActiveX Control Arbitrary File
Download
08.42.13 - Microsoft Internet Explorer HTML Element Cross-Domain Security Bypass
08.42.14 - Microsoft Internet Explorer Event Handling Cross-Domain Security
Bypass
08.42.15 - Microsoft Internet Explorer Uninitialized Object Remote Memory
Corruption
08.42.16 - Microsoft Internet Explorer HTML Objects Uninitialized Memory
Corruption
08.42.17 - Microsoft Host Integration Server RPC Remote Code Execution
08.42.18 - Microsoft Message Queuing Service RPC Query Heap Corruption
08.42.19 - Microsoft Internet Explorer Cross-Domain Information Disclosure
 -- Third Party Windows Apps
08.42.20 - PC Tools Spyware Doctor Unspecified Denial of Service
08.42.21 - Avaya one-X Desktop Edition SIP Remote Denial of Service
08.42.22 - Cisco Unity Remote Administration Authentication Bypass
08.42.23 - Cisco Unity 7.0 Multiple Remote Vulnerabilities
08.42.24 - WinFTP Server "NLIST" Command Remote Denial of Service
08.42.25 - Lenovo Rescue and Recovery "tvtumon.sys" Heap Overflow
08.42.26 - RaidenFTPD "MLST" Command Remote Denial of Service
08.42.27 - Husdawg System Requirements Lab ActiveX Control Unspecified Remote
Code Execution
08.42.28 - Titan FTP Server "SITE WHO" Command Remote Denial of Service
 -- Mac Os
08.42.29 - Apple OS X QuickLook Excel File Integer Overflow
08.42.30 - Apple Mac OS X "hosts.equiv" Security Bypass
08.42.31 - Apple Mac OS X "configd" EAPOLController Plugin Local Heap Based
Buffer Overflow
08.42.32 - Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow
08.42.33 - Apple Script Editor Unspecified Insecure Temporary File Creation
08.42.34 - Apple Mac OS X Server Weblog Access Control List Security Bypass
08.42.35 - Apple PSNormalizer PostScript Buffer Overflow
08.42.36 - Apple Finder Denial of Service
08.42.37 - Apple Mac OS X 10.5 Postfix Security Bypass
08.42.38 - Apple Mac OS X 10.5 "launchd" Unspecified Security Bypass
 -- Linux
08.42.39 - Gentoo "sys-apps/portage" Search Path Local Privilege Escalation
08.42.40 - Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service
08.42.41 - Debian chm2pdf Insecure Temporary File Creation
 -- Unix
08.42.42 - CUPS "HP-GL/2" Filter Remote Code Execution
08.42.43 - CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
 -- Cross Platform
08.42.44 - HP OpenView Network Node Manager "ovtopmd" Variant Unspecified Denial
of Service
08.42.45 - Hero DVD Player ".m3u" File Buffer Overflow
08.42.46 - Opera Web Browser Remote Code Execution and Security Bypass
Vulnerabilities
08.42.47 - Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities
08.42.48 - Avaya IP Softphone Remote Denial of Service
08.42.49 - Avaya Communication Manager Web Server Configuration Unauthorized
Access
08.42.50 - Opera Cached Java Applet Privilege Escalation
08.42.51 - DFFFrameworkAPI "DFF_config[dir_include]" Parameter Multiple Remote
File Include Vulnerabilities
08.42.52 - Graphviz Graph Parser Remote Stack Buffer Overflow
08.42.53 - Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
08.42.54 - YaCy Multiple Unspecified Vulnerabilities
08.42.55 - Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
08.42.56 - Sun Java System Web Proxy Server FTP Subsystem Heap Based Buffer
Overflow
08.42.57 - OpenSSL "zlib" Compression Memory Leak Remote Denial of Service
08.42.58 - KDE Konqueror JavaScript "load" Function Denial of Service
08.42.59 - NoticeWare Email Server NG "PASS" Command Remote Denial of Service
08.42.60 - Apache Tomcat "RemoteFilterValve" Security Bypass
08.42.61 - Ruby "resolv.rb" Predictable Transaction ID and Source Port DNS
Spoofing
08.42.62 - Nokia Web Browser for S60 Infinite Array Sort Denial of Service
08.42.63 - GuildFTPd "LIST" Command Heap Overflow
08.42.64 - XM Easy Personal FTP Server "NSLT" Command Remote Denial of Service
08.42.65 - Oracle Database Server "CREATE ANY DIRECTORY" Privilege Escalation
08.42.66 - Websense Reporter "CreateDbInstall.log" Local Information Disclosure
08.42.67 - Mozilla Firefox ".url" Shortcut Processing Information Disclosure
08.42.68 - IBM ENOVIA Security Bypass
08.42.69 - Sun Solstice AdminSuite "sadmind" "adm_build_path()" Remote Stack
Buffer Overflow
08.42.70 - Etype Eserv FTP "ABOR" Command Remote Stack-Based Buffer Overflow
08.42.71 - VLC Media Player XSPF Playlist Memory Corruption
08.42.72 - Oracle Weblogic Server Apache Connector Stack-Based Buffer Overflow
 -- Web Application - Cross Site Scripting
08.42.73 - Microsoft Office CDO Protocol Cross-Site Scripting
08.42.74 - EEB-CMS "index.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.42.75 - Pre News Manager "news_detail.php" SQL Injection
08.42.76 - GForge Multiple SQL Injection Vulnerabilities
08.42.77 - TorrentTrader Classic Edition "completed-advance.php" SQL Injection
08.42.78 - Built2Go Real Estate Listings "event_detail.php" SQL Injection
08.42.79 - Brain Book Software AdMan "editCampaign.php" SQL Injection
08.42.80 - HispaH Text Link ADS "index.php" SQL Injection
08.42.81 - Joomtracker "id" Parameter SQL Injection
08.42.82 - IranMC Arad Center "news.php" SQL Injection
08.42.83 - Stash "news.php" SQL Injection
08.42.84 - Ayco Okul Portali "default.asp" SQL Injection
08.42.85 - Easynet4u Forum Host "forum.php" SQL Injection
08.42.86 - Easynet4u Faq Host "faq.php" SQL Injection
08.42.87 - Joomla! and Mambo Mad4Joomla Mailforms Component SQL Injection
08.42.88 - Ignite Gallery "gallery" Parameter SQL Injection
08.42.89 - Easynet4u Link Host "directory.php" SQL Injection
08.42.90 - Real Estate Classifieds "index.php" SQL Injection
08.42.91 - Absolute Poll Manager "xlacomments.asp" SQL Injection
08.42.92 - OwnBiblio Joomla! Component "catid" Parameter SQL Injection
08.42.93 - NewLife Blogger "nlb3" Cookie SQL Injection
08.42.94 - "com_jeux" Joomla! Component "id" Parameter SQL Injection
08.42.95 - IndexScript "sug_cat.php" SQL Injection
08.42.96 - ParsBlogger "links.asp" SQL Injection
08.42.97 - XOOPS xhresim Module "index.php" SQL Injection
08.42.98 - Webscene eCommerce "productlist.php" SQL Injection
 -- Web Application
08.42.99 - Drupal Multiple Remote Access Validation Vulnerabilities and
Weaknesses
08.42.100 - Proxim Tsunami MP.11 2411 Wireless Access Point "system.sysName.0"
SNMP HTML Injection
08.42.101 - Kusaba "paint_save.php" Remote Code Execution
08.42.102 - Avaya Communication Manager Web Administration Multiple Security
Vulnerabilities
08.42.103 - WebBiscuits Modules Controller Multiple Local and Remote File
Include Vulnerabilities
08.42.104 - Drupal Multiple Modules Security Bypass Vulnerabilities
08.42.105 - HP System Management Homepage (SMH) for Linux and Windows Cross-Site
Scripting
08.42.106 - ModSecurity Transformation Caching Security Bypass
08.42.107 - Kusaba "load_receiver.php" Remote Code Execution
08.42.108 - Camera Life SQL Injection and Cross-Site Scripting Vulnerabilities
08.42.109 - Scriptsez Easy Image Downloader "main.php" Local File Include
08.42.110 - Scriptsez Mini Hosting Panel "members.php" Local File Include
08.42.111 - My PHP Indexer "index.php" Directory Traversal
08.42.112 - Globsy "globsy_edit.php" Arbitrary File Overwrite
08.42.113 - LokiCMS "index.php" Information Disclosure
08.42.114 - mini-pub Multiple Information Disclosure Vulnerabilities
08.42.115 - mini-pub "cat.php" Remote Command Execution
08.42.116 - SlimCMS "redirect.php" Security Bypass
08.42.117 - LokiCMS "admin.php" Local File Include
08.42.118 - WP Comment Remix 1.4.3 SQL Injection and HTML Injection
Vulnerabilities
08.42.119 - SezHoo "SezHooTabsAndActions.php" Parameter Remote File Include
 -- Network Device
08.42.120 - Nortel Networks Multimedia Communications Server Authentication
Bypass
08.42.121 - Linksys WAP4400N Marvell Wireless Chipset Driver Remote Denial of
Service
08.42.122 - Multiple Telecom Italia Routers Authentication Bypass

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Active Directory Remote Code Execution (MS08-060)
Affected:
Microsoft Windows 2000

Description: Active Directory is Microsoft's implementation of the
Lightweight Directory Access Protocol (LDAP) and is an integral part of
several Microsoft products and operating systems. It contains a buffer
overflow vulnerability in its handling of LDAP requests. A specially
crafted LDAP request could trigger this vulnerability, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process (SYSTEM). Some technical details are publicly available for this
vulnerability. Note that only systems running Microsoft Windows 2000 and
that are configured to be domain controllers are vulnerable.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Microsoft Active Directory Home Page
http://www.microsoft.com/windowsserver2003/technologies/directory/
activedirectory/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/31609

******************************************************

(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-058)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: Microsoft Internet Explorer contains multiple
vulnerabilities in its handling of a variety of HTML and web scripting
constructs. A specially crafted web page could trigger one of these
vulnerabilities, leading to a variety of remote code execution
vulnerabilities, cross-site scripting and information disclosure
vulnerabilities, and information disclosure vulnerabilities. Any remote
code execution would be with the privileges of the current user. Some
technical details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
TippingPoint Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-069/
SecurityFocus BIDs
http://www.securityfocus.com/bid/31618
http://www.securityfocus.com/bid/31617
http://www.securityfocus.com/bid/31654
http://www.securityfocus.com/bid/31616
http://www.securityfocus.com/bid/31615
http://www.securityfocus.com/bid/29960

******************************************************

(3) CRITICAL: Microsoft Host Integration Server RPC Service Remote Code
Execution (MS08-059)
Affected:
Microsoft Host Integration Server 2000
Microsoft Host Integration Server 2004
Microsoft Host Integration Server 2006

Description: The Microsoft Host Integration Server is a platform
designed to aid in the integration of various applications and data
sources on the Microsoft Windows platform. This product exports a Remote
Procedure Call (RPC) interface. This interface contains an input
validation error in its handling of RPC requests. A specially crafted
request could execute arbitrary commands with the privileges of the
vulnerable process. Technical details are publicly available for this
vulnerability, and a proof-of-concept is publicly available.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31620.rb
Wikipedia Article on Microsoft Remote Procedure Call
http://www.microsoft.com/hiserver/default.mspx
Product Home Page
http://www.microsoft.com/hiserver/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/31620

******************************************************

(4) CRITICAL: Apple CUPS Remote Code Execution Vulnerability
Affected:
Apple CUPS versions prior to 1.3.9

Description: CUPS is the Common Unix Printing System, a cross-platform
printer server and access system. The software was purchased by Apple,
and it is an integral part of Apple Mac OS X, but it is available and
installed by default on a number of Unix and Linux systems. It contains
a flaw in its handling of certain input when processing HP-GL (HP
Graphics Language) requests. A specially crafted print request
containing malformed HP-GL data could trigger this vulnerability.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the vulnerable process.
Full technical details for this vulnerability are available via source
code analysis; a proof-of-concept is also publicly available.

Status: Vendor confirmed, updates available.

References:
TippingPoint Zero Day Initiative
http://zerodayinitiative.com/advisories/ZDI-08-067/
Apple Security Advisory
http://support.apple.com/kb/HT3216
CUPS Change Log
http://www.cups.org/articles.php?L575
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31688.rb
Product Home Page
http://www.cups.org
SecurityFocus BID
http://www.securityfocus.com/bid/31688

******************************************************

(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
Affected:
Apple Mac OS X versions 10.5.5 and prior
Apple Mac OS X Server versions 10.5.5 and prior

Description: Apple Mac OS X contains multiple vulnerabilities in a
variety of components. Most of the vulnerabilities stem from older
versions of third-party components installed as part of the operating
system. However, vulnerabilities in the parsing of Microsoft Excel files
and certain image file formats could trigger remote code execution
vulnerabilities when the files are opened. The user may not be prompted
before opening or viewing a malicious file. Vulnerabilities in
third-party components range from remote code execution to cross-site
scripting. Numerous local-only vulnerabilities are also addressed in
this update. Note that this update also addresses the CUPS
vulnerability, discussed above.

Status: Vendor confirmed, updates available.

References:
Apple Security Bulletin
http://support.apple.com/kb/HT3216
Product Home Page
http://www.apple.com/macosx
SecurityFocus BID
http://www.securityfocus.com/bid/31681

******************************************************

(6) CRITICAL: Computer Associates ARCServe Backup Multiple Vulnerabilities
Affected:
Computer Associates ARCServe Backup versions prior to r12.0 SP 1

Description: Computer Associates ARCServe Backup, a popular enterprise
backup solution, contains multiple vulnerabilities. A flaw in the
processing of Remote Procedure Call (RPC) requests can result in
arbitrary command execution with the privileges of the vulnerable
process. Additional vulnerabilities can lead to denials-of-service for
a variety of subsystems. There are unconfirmed reports of an additional
authentication bypass vulnerability. A working proof-of-concept for the
remote command execution vulnerability is publicly available.

Status: Vendor confirmed, updates available.

References:
Post by cocoruder (includes proof-of-concept)
http://www.securityfocus.com/archive/1/497281
Computer Associates Security Notice
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
SecurityFocus BID
http://www.securityfocus.com/bid/31684

******************************************************

(7) HIGH:  Microsoft Excel Multiple Vulnerabilities (MS08-057)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Excel Viewer
Microsoft Office SharePoint Server 2007
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Open XML File Format Converter for Mac 

Description: Microsoft Office contains multiple vulnerabilities in its
handling of Excel spreadsheet files. A specially crafted Excel file
could trigger one of these vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the current user. Note
that, on recent versions of Microsoft Office, Excel files are not opened
upon receipt without first prompting the user, by default. Some
technical details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx
TippingPoint Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-068/
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746
SecurityFocus BIDs
http://www.securityfocus.com/bid/31706
http://www.securityfocus.com/bid/31702
http://www.securityfocus.com/bid/31705

******************************************************

(8) HIGH: Microsoft Windows Internet Printing Service Remote Code Execution
(MS08-062)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft WIndows Server 2008

Description: The Microsoft Windows Internet Printing Service is
Microsoft's implementation of the Internet Printing Protocol (IPP). IPP
is an open protocol used to access printers over a network. Microsoft
IIS implements IPP as a service. This implementation contains an integer
overflow vulnerability in its processing of IPP responses. A specially
crafted request to an ISS server could cause it to connect to a
malicious server, and thus exploit this vulnerability. Successfully
exploiting this vulnerability would allow an attacker to execute
arbitrary code with the privileges of the vulnerable process. Note that
authentication is required to exploit this vulnerability in IIS's
default configuration.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx
Wikipedia Article on IPP
http://en.wikipedia.org/wiki/Internet_Printing_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/31682

******************************************************

(9) HIGH: Microsoft Message Queueing Service Remote Code Execution (MS08-065)
Affected:
Microsoft Windows 2000

Description: The Microsoft Message Queueing Service (MSMQ) provides an
interprocess and inter-system ability to send messages. This services
exports a Remote Procedure Call (RPC) interface. This interface contains
a heap-based buffer overflow. Successfully exploiting this buffer
overflow would allow an attacker to execute arbitrary code with the
privileges of the SYSTEM user. Extensive technical details are publicly
available for this vulnerability. Note that the vulnerable subsystem is
neither installed nor enabled by default.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx
TippingPoint DVLabs Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
Microsoft Security Vulnerability Research and Defense Article
http://blogs.technet.com/swi/archive/2008/10/14/ms08-065-exploitable-for-remote-
code-execution.aspx
Product Home Page
http://www.microsoft.com/windowsserver2003/technologies/msmq/default.mspx
Wikipedia Article on Microsoft Remote Procedure Call
http://www.microsoft.com/hiserver/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/31637

******************************************************

(10) HIGH: Sun Java System Web Proxy Server Buffer Overflow
Affected:
Sub Java Web Proxy Server versions 4.0.7 and prior

Description: The Sun Java Web Proxy Server is a component of the Sun
Java System collection of server applications. It provides a proxying
server for a variety of protocols. It fails to properly handle certain
conditions in the processing of FTP resources. A specially crafted HTTP
request to the server could cause it to issue an FTP request, triggering
the vulnerability. Successfully exploiting this vulnerability would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process. Some technical details for this vulnerability are
publicly available.

Status: Vendor confirmed, updates available.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1
Product Home Page
http://www.sun.com/software/products/web_proxy/
Wikipedia Article on Web Proxies
http://en.wikipedia.org/wiki/Proxy_server#Web_proxy
SecurityFocus BID
http://www.securityfocus.com/bid/31691

******************************************************

(11) MODERATE: Adobe CS3 SWF Parsing Multiple Vulnerabilities
Affected:
Adobe CS3 Professional
Adobe Flash MX 2004

Description: Adobe CS3 (Creative Suite 3) is Adobe's suite for authoring
rich internet content using the Adobe Flash platform. It contains
multiple flaws in its parsing of SWF (commonly called "Flash") files. A
specially crafted SWF file could trigger one of these vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the current
user. Note that, depending upon configuration, malicious files may be
opened by the vulnerable application upon receipt. The Adobe Flash
Player, used by web browsers, was not found to be vulnerable. Currently
only Adobe CS3 for Microsoft Windows is confirmed vulnerable.

Status: Vendor confirmed, updates available.

References:
Advisory from Security-Assessment.com
http://www.security-assessment.com/files/advisories/2008-10-
16_Multiple_Flash_Authoring_Heap_Overflows.pdf
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-09.html
Product Home Page
http://tryit.adobe.com/us/cs4/flash/index.html?sdid=DOXQZ
SecurityFocus BID
http://www.securityfocus.com/bid/31769

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 42, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.42.1 CVE: CVE-2008-4023
Platform: Windows
Title: Microsoft Windows Active Directory LDAP Request Handling Remote
Code Execution
Description: Lightweight Directory Access Protocol (LDAP) is a
protocol that allows authorized users to view or update data in a meta
directory. Active Directory is exposed to a remote code execution
issue that arises because the application fails to handle specially
crafted LDAP or LDAP over SSL (LDAPS) requests and fails to allocate
memory in a proper manner.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
______________________________________________________________________

08.42.2 CVE: CVE-2008-4038
Platform: Windows
Title: Microsoft Windows SMB Buffer Underflow Code Execution
Description: Microsoft Windows is exposed to a remote code execution
issue. This is due to a buffer underflow condition in the SMB (Server
Message Block) protocol implementation. The condition is caused by
insufficient validation of particular file name lengths that are
supplied by the client.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx
______________________________________________________________________

08.42.3 CVE: CVE-2008-2250
Platform: Windows
Title: Microsoft Windows Kernel Window Creation Local Privilege
Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue because the kernel fails to properly handle input
passed from a parent window to a child window when a new window is
created. An attacker can exploit this issue to execute arbitrary code
with kernel-level privileges.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
______________________________________________________________________

08.42.4 CVE: CVE-2008-2252
Platform: Windows
Title: Microsoft Windows Kernel Memory Corruption Local Privilege
Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that occurs in the Windows kernel. This issue occurs
because the software fails to sufficiently validate user-supplied
input passed from user mode to kernel mode.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
______________________________________________________________________

08.42.5 CVE: CVE-2008-2251
Platform: Windows
Title: Microsoft Windows Kernel Unhandled System Call Local Privilege
Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that occurs in the Windows kernel. This issue occurs
because the kernel fails to handle certain unspecified system calls
from multiple threads.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
______________________________________________________________________

08.42.6 CVE: CVE-2008-3464
Platform: Windows
Title: Microsoft Windows AFD Driver Local Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that resides in the Ancillary Function Driver
("afd.sys"). The AFD component is responsible for managing the Winsock
TCP/IP protocol. Since it is a system driver, it must run in kernel
mode.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
______________________________________________________________________

08.42.7 CVE: CVE-2008-4036
Platform: Windows
Title: Microsoft Windows VAD Local Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue because of an error in how the system memory manager
handles memory allocation in relation to Virtual Address Descriptors
(VAD). A successful exploit will let a local attacker completely
compromise an affected computer.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx
______________________________________________________________________

08.42.8 CVE: CVE-2008-1446
Platform: Windows
Title: Microsoft Windows Internet Printing Service Integer Overflow
Description: Microsoft Windows Internet Printing Protocol (IPP) is a
standardized protocol for remotely managing print jobs. Microsoft
Internet Printing Service is exposed to an integer overflow issue
because the software fails to adequately handle malformed IPP data.
Ref: http://www.securityfocus.com/bid/31682
______________________________________________________________________

08.42.9 CVE: CVE-2008-3477
Platform: Microsoft Office
Title: Microsoft Excel Calendar Object Validation Remote Code
Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote code
execution issue when parsing malformed compiled VBA projects
containing Calendar objects. Successful exploits may allow attackers
to execute arbitrary code with the privileges of the user running the
application.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
______________________________________________________________________

08.42.10 CVE: CVE-2008-3471
Platform: Microsoft Office
Title: Microsoft Excel BIFF File Format Parsing Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote code
execution issue when parsing malformed Excel files. This issue occurs
because the application fails to validate record values in Excel BIFF
files.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-068/
______________________________________________________________________

08.42.11 CVE: CVE-2008-4019
Platform: Microsoft Office
Title: Microsoft Excel Formula Parsing Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote code
execution issue when parsing malformed Excel files. This issue occurs
when the application tries to process malformed formulas stored in
spreadsheet cells.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
______________________________________________________________________

08.42.12 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft PicturePusher "PipPPush.dll" ActiveX Control
Arbitrary File Download
Description: Microsoft PicturePusher ActiveX control is for sharing
images. The control is exposed to an issue that lets attackers
download arbitrary files. This vulnerability leverages the "AddString"
and "Post" attributes of the "PipPPush.dll" ActiveX control.
"PipPPush.dll" version 7.00.0709 is affected.
Ref:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=774845&poid=
______________________________________________________________________

08.42.13 CVE: CVE-2008-3472
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer HTML Element Cross-Domain Security
Bypass
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The browser is exposed to a cross-domain
security bypass issue because it fails to enforce the same-origin
policy. The issue occurs when handling an unspecified HTML element.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
______________________________________________________________________

08.42.14 CVE: CVE-2008-3473
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Event Handling Cross-Domain
Security Bypass
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The browser is exposed to a cross-domain
security bypass issue because it fails to enforce the same-origin
policy. The issue occurs when handling unspecified events within a
window object.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
______________________________________________________________________

08.42.15 CVE: CVE-2008-3475
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Uninitialized Object Remote Memory
Corruption
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote memory
corruption issue when handling an object that has not been properly
initialized or has been deleted.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-069/
______________________________________________________________________

08.42.16 CVE: CVE-2008-3476
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory
Corruption
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote memory
corruption issue when handling HTML objects that have not been
properly initialized.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
______________________________________________________________________

08.42.17 CVE: CVE-2008-3466
Platform: Other Microsoft Products
Title: Microsoft Host Integration Server RPC Remote Code Execution
Description: Microsoft Host Integration Server is exposed to a remote
code execution issue caused by an unspecified error in the Systems
Network Architecture (SNA) service through a remote procedure call
(RPC). Successfully exploiting this issue would allow an attacker to
execute arbitrary code on an affected computer.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
______________________________________________________________________

08.42.18 CVE: CVE-2008-3479
Platform: Other Microsoft Products
Title: Microsoft Message Queuing Service RPC Query Heap Corruption
Description: Microsoft Message Queuing (MSMQ) is a messaging protocol
that allows applications running on disparate servers to communicate
in a failsafe manner. The flaw occurs within an RPC function that
fails to carry out sufficient sanity checks before using user-supplied
data to calculate a heap allocation.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
______________________________________________________________________

08.42.19 CVE: CVE-2008-3474
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Cross-Domain Information Disclosure
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The browser is exposed to a cross-domain
information disclosure issue because it fails to enforce the
same-origin policy.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
______________________________________________________________________

08.42.20 CVE: Not Available
Platform: Third Party Windows Apps
Title: PC Tools Spyware Doctor Unspecified Denial of Service
Description: Spyware Doctor scans a PC for spyware. Spyware Doctor is
exposed to an unspecified denial of service issue. This issue is
triggered when attempting to remove certain threats from an infected
system.  Spyware Doctor version 6.0 is affected.
Ref:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-050114-4908-99
______________________________________________________________________

08.42.21 CVE: Not Available
Platform: Third Party Windows Apps
Title: Avaya one-X Desktop Edition SIP Remote Denial of Service
Description: Avaya one-X Desktop Edition is a softphone application
that enables SIP-based (Session Initiation Protocol) endpoints on
computers running the Microsoft Windows operating system. The
application is exposed to a remote denial of  service issue that
occurs in SIP. Avaya one-X Desktop Edition version 2.1 is affected.
Ref:
http://www.voipshield.com/research-details.php?id=124&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.42.22 CVE: CVE-2008-3814
Platform: Third Party Windows Apps
Title: Cisco Unity Remote Administration Authentication Bypass
Description: Cisco Unity is a voice and messaging platform for
Microsoft Windows. Cisco Unity is exposed to an authentication bypass
issue in its web administration interface. This issue occurs when the
Unity server is configured to use anonymous authentication.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml
______________________________________________________________________

08.42.23 CVE: Not Available
Platform: Third Party Windows Apps
Title: Cisco Unity 7.0 Multiple Remote Vulnerabilities
Description: Cisco Unity is a voice and messaging platform for
Microsoft Windows. Cisco Unity is affected to multiple remote issues.
Multiple unspecified denial of service issues are reported in the
Unity server. Cisco Unity version 7.0 is affected.
Ref:
http://www.voipshield.com/research-details.php?id=129&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.42.24 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinFTP Server "NLIST" Command Remote Denial of Service
Description: WinFTP Server is a multithreaded FTP server for Microsoft
Windows. The application is exposed to a remote denial of
service issue. Specifically, in the "PASV" mode, if an attacker
supplies maliciously crafted data to the "NLIST" command, the issue is
triggered. WinFTP version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/31686
______________________________________________________________________

08.42.25 CVE: Not Available
Platform: Third Party Windows Apps
Title: Lenovo Rescue and Recovery "tvtumon.sys" Heap Overflow
Description: Lenovo Rescue and Recovery is an application for
Microsoft Windows. Lenovo Rescue and Recovery is exposed to a
heap-based overflow issue that resides in the "tvtumon.sys" device
driver. Lenovo Rescue and Recover version 4.20 is affected.
Ref: http://www.securityfocus.com/archive/1/497277
______________________________________________________________________

08.42.26 CVE: Not Available
Platform: Third Party Windows Apps
Title: RaidenFTPD "MLST" Command Remote Denial of Service
Description: RaidenFTPD is an FTP server for Microsoft Windows.
RaidenFTPD is exposed to a remote denial of service issue that occurs
in the handling of the "MLST" command when used in conjunction with
the "CWD" command and malicious arguments. RaidenFTPD version 2.4
build 3620 is affected.
Ref: http://www.securityfocus.com/bid/31741
______________________________________________________________________

08.42.27 CVE: CVE-2008-4385
Platform: Third Party Windows Apps
Title: Husdawg System Requirements Lab ActiveX Control Unspecified
Remote Code Execution
Description: Husdawg System Requirements Lab ActiveX control is a
browser component that is used to analyze hardware and software on the
computer it runs. The control is exposed to a remote code execution
issue due to unspecified errors.
Ref: http://www.microsoft.com/technet/security/advisory/956391.mspx
______________________________________________________________________

08.42.28 CVE: Not Available
Platform: Third Party Windows Apps
Title: Titan FTP Server "SITE WHO" Command Remote Denial of Service
Description: Titan FTP Server is an FTP server application available
for Microsoft Windows. Titan FTP Server is exposed to a remote denial
of service issue that occurs when handling malformed data passed to
the "SITE WHO" FTP server command. Titan FTP Server version 6.26 build
630 is affected.
Ref: http://www.securityfocus.com/bid/31757
______________________________________________________________________

08.42.29 CVE: CVE-2008-4211
Platform: Mac Os
Title: Apple OS X QuickLook Excel File Integer Overflow
Description: Apple OS X QuickLook is a file preview feature. The
application is exposed to an integer overflow issue because it fails
to perform adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/31707
______________________________________________________________________

08.42.30 CVE: CVE-2008-4212
Platform: Mac Os
Title: Apple Mac OS X "hosts.equiv" Security Bypass
Description: Apple Mac OS X is an operating system for Apple
computers. Apple Mac OS X is exposed to a security bypass issue that
may allow remote attackers unexpected access to affected computers.
Attackers may exploit this issue to login as the root user without
authentication from specific trusted hosts.
Ref: http://www.securityfocus.com/bid/31708
______________________________________________________________________

08.42.31 CVE: CVE-2008-3645
Platform: Mac Os
Title: Apple Mac OS X "configd" EAPOLController Plugin Local Heap
Based Buffer Overflow
Description: Apple Mac OS X is exposed to a local heap-based buffer
overflow issue because it fails to adequately bounds check
user-supplied input. This issue affects the Inter-Process
Communication (IPC) component of the EAPOLController plugin of the
"configd" daemon.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.32 CVE: CVE-2008-3642
Platform: Mac Os
Title: Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow
Description: Apple Mac OS X is exposed to a remote buffer overflow
issue that occurs in ColorSync. This issue occurs because the
application fails to perform adequate boundary checks on user-supplied
data. The vulnerability occurs when handling malformed image files
that contain an embedded ICC profile.
Ref: http://www.securityfocus.com/bid/31715
______________________________________________________________________

08.42.33 CVE: CVE-2008-4214
Platform: Mac Os
Title: Apple Script Editor Unspecified Insecure Temporary File
Creation
Description: Apple Script Editor is an editor for Apple Script code
for the Mac OS X operating system. Apple Script Editor is exposed to
an insecure temporary file creation issue related to application
scripting dictionary files.
Ref: http://www.securityfocus.com/bid/31716
______________________________________________________________________

08.42.34 CVE: CVE-2008-4215
Platform: Mac Os
Title: Apple Mac OS X Server Weblog Access Control List Security
Bypass
Description: Apple Mac OS X Server is an operating system for Apple
computers. Apple Mac OS X Server Weblog is exposed to a
security bypass issue because it may fail to properly save ACLs
(Access Control Lists). Mac OS X Server versions 10.4 through 10.4.11
is affected.
Ref: http://www.securityfocus.com/bid/31718
______________________________________________________________________

08.42.35 CVE: CVE-2008-3647
Platform: Mac Os
Title: Apple PSNormalizer PostScript Buffer Overflow
Description: PSNormalizer is an application for processing PostScript
files. The application is exposed to a buffer overflow issue that
arises when the application handles specially-crafted PostScript
files. Specifically, the issue is caused by PSNormalizer's handling of
the bounding-box comment in PostScript files.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.36 CVE: CVE-2008-3643
Platform: Mac Os
Title: Apple Finder Denial of Service
Description: Apple Finder is responsible for the overall
user-management of files, disks, network volumes and the launching of
other applications on Mac systems. The application is exposed to a
denial of service issue. Specifically, this vulnerability occurs when
the application attempts to create an icon for maliciously crafted
files which are located on the desktop. Mac OS X versions v10.5.5 and
Mac OS X Server v10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.37 CVE: CVE-2008-3646
Platform: Mac Os
Title: Apple Mac OS X 10.5 Postfix Security Bypass
Description: Apple Mac OS X Postfix is an open-source email server.
The application is exposed to a security bypass issue that arises
because Postfix remains accessible from the network for a period of
one minute after a local command-line tool is used to send mail. Mac
OS X v10.5 is affected.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.38 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X 10.5 "launchd" Unspecified Security Bypass
Description: Apple Mac OS X "launchd" is an open-source email server.
An application's request to execute in a sandbox may fail due to an
unspecified issue in "launchd". Mac OS X v10.5 is affected.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.39 CVE: CVE-2008-4394
Platform: Linux
Title: Gentoo "sys-apps/portage" Search Path Local Privilege
Escalation
Description: Gentoo "sys-apps/portage" is a package manager for
installing, compiling, and updating packages through the Gentoo rsync
tree. Gentoo sys-app/portage is exposed to a local privilege
escalation issue. This issue occurs because the application fails to
change the current working directory when using the "emerge" command
line tool.
Ref: http://www.securityfocus.com/bid/31670
______________________________________________________________________

08.42.40 CVE: Not Available
Platform: Linux
Title: Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of
Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to handle mismatched SCTP AUTH extension
settings between peers. This issue occurs when certain INIT-ACK
packets are received, indicating that the peer doesn't support AUTH.
Linux kernel versions prior to 2.6.27-rc6-git6 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1039
______________________________________________________________________

08.42.41 CVE: Not Available
Platform: Linux
Title: Debian chm2pdf Insecure Temporary File Creation
Description: Debian chm2pdf  is a python script for converting CHM
files into PDF files. The application creates temporary directories in
an insecure manner. Successfully mounting a symlink attack may allow
the attacker to delete or corrupt sensitive files, which may result in
a denial of service. chm2pdf version 0.9.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
______________________________________________________________________

08.42.42 CVE: CVE-2008-3641
Platform: Unix
Title: CUPS "HP-GL/2" Filter Remote Code Execution
Description: CUPS, Common UNIX Printing System, is a widely used set
of printing utilities for UNIX-based systems. CUPS is exposed to a
remote code execution issue due  to an error in the "HP-GL/2" filter.
CUPS versions prior to 1.3.9 are affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-067/
______________________________________________________________________

08.42.43 CVE: Not Available
Platform: Unix
Title: CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. CUPS is exposed to
multiple issues because it fails to perform adequate boundary checks
on user-supplied data before using it to allocate memory buffers. CUPS
versions prior to 1.3.9 are affected.
Ref: http://www.securityfocus.com/bid/31689
______________________________________________________________________

08.42.44 CVE: CVE-2008-3545
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovtopmd" Variant Unspecified
Denial of Service
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. The application is exposed to an
unspecified denial of service issue affecting the "ovtopmd"
component. HP OpenView Network Node Manager versions 7.01, 7.51, and
7.53 are affected.
Ref: http://www.securityfocus.com/archive/1/497187
______________________________________________________________________

08.42.45 CVE: Not Available
Platform: Cross Platform
Title: Hero DVD Player ".m3u" File Buffer Overflow
Description: Hero DVD Player is a media file player. The application
is exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. Specifically, this
issue occurs in the "Mplayer.exe" file when it fails to handle
malformed ".m3u" files. Hero DVD Player version 3.0.8 is affected.
Ref: http://www.securityfocus.com/bid/31627
______________________________________________________________________

08.42.46 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser Remote Code Execution and Security Bypass
Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. Opera is exposed to the multiple security issues.
Opera versions prior to 9.60 are affected.
Ref: http://www.opera.com/support/search/view/901/
______________________________________________________________________

08.42.47 CVE: Not Available
Platform: Cross Platform
Title: Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities
Description: Nortel Multimedia Communications Server (MCS) 5100 is
exposed to multiple denial of service issues. These issues result from
a failure to handle certain UNIStem File Transfer Protocol (UFTP)
data. MCS 5100 versions in the 3.0 series are affected.
Ref:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=774845&poid=
______________________________________________________________________

08.42.48 CVE: Not Available
Platform: Cross Platform
Title: Avaya IP Softphone Remote Denial of Service
Description: Avaya IP Softphone is a commercially available IP
telephony application. Avaya IP Softphone is exposed to a denial of
service issue that occurs when handling large amounts of data. This
issue occurs when the application binds to a group of five consecutive
TCP ports. Avaya IP Softphone version 6.0 SP4 is affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm
______________________________________________________________________

08.42.49 CVE: Not Available
Platform: Cross Platform
Title: Avaya Communication Manager Web Server Configuration
Unauthorized Access
Description: Avaya Communication Manager is a messaging application.
Avaya Communication Manager is exposed to an unauthorized access issue
caused by a configuration error in the application's web server.
Ref:
http://www.voipshield.com/research-details.php?id=123&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.42.50 CVE: Not Available
Platform: Cross Platform
Title: Opera Cached Java Applet Privilege Escalation
Description: Opera is a web browser application available for various
operating systems. A security bypass issue may allow attackers to
execute cached Java applets. As a result, the applet can run in the
local context. Opera versions prior to 9.60 are affected.
Ref: http://www.opera.com/support/search/view/902/
______________________________________________________________________

08.42.51 CVE: Not Available
Platform: Cross Platform
Title: DFFFrameworkAPI "DFF_config[dir_include]" Parameter Multiple
Remote File Include Vulnerabilities
Description: DFFFrameworkAPI is an application programming interface
for developing price comparison shopping sites. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31644
______________________________________________________________________

08.42.52 CVE: Not Available
Platform: Cross Platform
Title: Graphviz Graph Parser Remote Stack Buffer Overflow
Description: Graphviz is graph visualization software. Graphviz is
exposed to a remote buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue occurs in
the "push_subg()" function in the "lib/graph/parser.y" source file.
Graphviz version 2.20.2 is affected.
Ref: http://www.securityfocus.com/archive/1/497150
______________________________________________________________________

08.42.53 CVE: Not Available
Platform: Cross Platform
Title: Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The EveryBlog module is used for
creating blogs. The EveryBlog module for Drupal is exposed to multiple
issues. EveryBlog up to and including version 2.0 is affected.
Ref: http://drupal.org/node/318746
______________________________________________________________________

08.42.54 CVE: Not Available
Platform: Cross Platform
Title: YaCy Multiple Unspecified Vulnerabilities
Description: YACY is a peer-to-peer search engine application
implemented in Java. It is freely available under the GNU public
license. The application is exposed to multiple issues due to
unspecified errors. YaCy versions prior to 0.61 are affected.
Ref:
http://freshmeat.net/projects/yacy/?branch_id=51198&release_id=286006
______________________________________________________________________

08.42.55 CVE: CVE-2008-4397, CVE-2008-4398, CVE-2008-4399,
CVE-2008-4400
Platform: Cross Platform
Title: Computer Associates ARCserve Backup Multiple Remote
Vulnerabilities
Description: Computer Associates ARCserve Backup products provide
backup and restore protection for Windows, NetWare, Linux, and UNIX
servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS
clients. The application is exposed to multiple remote issues.
Ref:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
______________________________________________________________________

08.42.56 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Web Proxy Server FTP Subsystem Heap Based Buffer
Overflow
Description: Sun Java System Web Proxy Server is a proxy server
developed by Sun Microsystems. Sun Java System Web Proxy Server is
exposed to a heap-based buffer overflow issue because the application
fails to check user-supplied data before copying it into an
insufficiently sized buffer. Specifically the issue affects the FTP
subsystem. Sun Java System Web Proxy Server versions 4.0 up to and
including 4.0.7 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1
______________________________________________________________________

08.42.57 CVE: CVE-2008-1678
Platform: Cross Platform
Title: OpenSSL "zlib" Compression Memory Leak Remote Denial of Service
Description: OpenSSL is an open-source cryptography library. This
library is exposed to a remote denial of service issue. Attackers can
leverage this issue to crash an application which uses this library by
consuming available memory, denying service to legitimate users. This
issue is caused by a memory leak in the "zlib_stateful_init()"
function of the "crypto/comp/c_zlib.c" source file. OpenSSL versions
0.9.8f through 0.9.8h are affected.
Ref: http://support.apple.com/kb/HT3216
______________________________________________________________________

08.42.58 CVE: Not Available
Platform: Cross Platform
Title: KDE Konqueror JavaScript "load" Function Denial of Service
Description: KDE Konqueror is a web browser included with the KDE
desktop manager. Konqueror is exposed to a remote denial of service
issue because it fails to handle specially-crafted JavaScript code.
Specifically, the "load" function containing an empty argument can
cause the application to crash. Konqueror version 3.5.9 is affected.
Ref: http://www.securityfocus.com/bid/31696
______________________________________________________________________

08.42.59 CVE: Not Available
Platform: Cross Platform
Title: NoticeWare Email Server NG "PASS" Command Remote Denial of
Service
Description: NoticeWare Email Server NG is an email server for the
Microsoft Windows platform. The application is exposed to a remote
denial of service issue. Specifically, if an attacker supplies an
excessive amount of data to the "PASS" POP3 command, the server may
crash. NoticeWare Email Server NG version 5.1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/31697
______________________________________________________________________

08.42.60 CVE: CVE-2008-3271
Platform: Cross Platform
Title: Apache Tomcat "RemoteFilterValve" Security Bypass
Description: Apache Tomcat is a Java based web server application for
multiple operating systems. Tomcat uses Valve components to process
remote requests. An issue exists with valves derived from the
"RemoteFilterValve" class. Tomcat versions 4.1.0 through 4.1.32 and
5.5.0 are affected.
Ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
______________________________________________________________________

08.42.61 CVE: CVE-2008-3905
Platform: Cross Platform
Title: Ruby "resolv.rb" Predictable Transaction ID and Source Port DNS
Spoofing
Description: Ruby is an object-oriented scripting language. Ruby is
exposed to a DNS-spoofing issue because the software fails to securely
implement random values when performing DNS queries. Specifically,
this issue occurs because "resolv.rb" uses sequential DNS transaction
IDs and fixed source port values for DNS requests.
Ref:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
______________________________________________________________________

08.42.62 CVE: Not Available
Platform: Cross Platform
Title: Nokia Web Browser for S60 Infinite Array Sort Denial of Service
Description: Nokia Web Browser for S60 is a web-browser application
for phones, PDAs, and other mobile devices manufactured by Nokia.
Nokia Browser is exposed to a denial of service issue when handling
malicious HTML files. In particular, this issue occurs when attempting
to process a malicious JavaScript function embedded in a HTML file.
Ref: http://www.securityfocus.com/archive/1/497224
______________________________________________________________________

08.42.63 CVE: Not Available
Platform: Cross Platform
Title: GuildFTPd "LIST" Command Heap Overflow
Description: GuildFTPd is a Windows based FTP server. GuildFTPd is
exposed to a heap-based buffer overflow issue because the application
fails to perform adequate boundary checks on user-supplied data.
GuildFTPd versions 0.999.8.11 and v0.999.14 are affected.
Ref: http://www.securityfocus.com/bid/31729
______________________________________________________________________

08.42.64 CVE: Not Available
Platform: Cross Platform
Title: XM Easy Personal FTP Server "NSLT" Command Remote Denial of
Service
Description: XM Easy Personal FTP Server is an FTP server for
Microsoft Windows. XM Easy Personal FTP Server is exposed to a remote
denial of service issue that occurs in the handling of the "NLST"
command with the "-l" argument. XM Easy Personal FTP Server version
5.6.0 is affected.
Ref: http://www.securityfocus.com/bid/31739
______________________________________________________________________

08.42.65 CVE: Not Available
Platform: Cross Platform
Title: Oracle Database Server "CREATE ANY DIRECTORY" Privilege
Escalation
Description: Oracle Database Server is an enterprise database server
system available for multiple operating platforms. Oracle is exposed
to a privilege escalation issue. A database user with the "CREATE ANY
DIRECTORY" privilege may create a directory pointing to the existing
database password file. Oracle Database versions 10.1, 10.2 and 11g
are affected.
Ref:
http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-
directory-to-sysdba/
______________________________________________________________________

08.42.66 CVE: Not Available
Platform: Cross Platform
Title: Websense Reporter "CreateDbInstall.log" Local Information
Disclosure
Description: Websense Reporter is a reporting system that works with
Websense Enterprise. The application is exposed to a local information
disclosure issue because it fails to securely store sensitive data.
Specifically, the SQL administrator's login and password are stored in
plain-text in the "CreateDbInstall.log" log file. Websense Reporter
version 6.3.2 is affected.
Ref: http://www.securityfocus.com/bid/31746
______________________________________________________________________

08.42.67 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox ".url" Shortcut Processing Information
Disclosure
Description: Mozilla Firefox is exposed to an information disclosure
issue when processing ".url" shortcut files in HTML elements. An
attacker can exploit the issue to disclose sensitive information such
as browser cache files, cookie data or local file system details.
Mozilla Firefox versions 3.0.1, 3.0.2 and 3.0.3 are affected.
Ref: http://liudieyu0.blog124.fc2.com/blog-entry-6.html
______________________________________________________________________

08.42.68 CVE: Not Available
Platform: Cross Platform
Title: IBM ENOVIA Security Bypass
Description: IBM ENOVIA is Product Lifecycle Management software from
IBM. The application is exposed to an unspecified security bypass
issue. ENOVIA versions prior to V5R18 SP5 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27012567
______________________________________________________________________

08.42.69 CVE: Not Available
Platform: Cross Platform
Title: Sun Solstice AdminSuite "sadmind" "adm_build_path()" Remote
Stack Buffer Overflow
Description: Sun Solstice AdminSuite is a set of remote tools used for
system administration. Sun Solstice AdminSuite is exposed to a remote
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input.
Ref: http://www.securityfocus.com/archive/1/497311
______________________________________________________________________

08.42.70 CVE: Not Available
Platform: Cross Platform
Title: Etype Eserv FTP "ABOR" Command Remote Stack-Based Buffer
Overflow
Description: Etype Eserv is a server which handles multiple protocols,
including FTP. Eserv is developed for Microsoft Windows. Eserv is
exposed to a remote stack-based buffer overflow issue that results
from a failure to handle excessively long parameters to the "ABOR"
command. Eserv version 3.26 is affected.
Ref: http://www.securityfocus.com/bid/31753
______________________________________________________________________

08.42.71 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player XSPF Playlist Memory Corruption
Description: VLC is a cross-platform media player. VLC is exposed to a
heap-based memory corruption issue because it fails to perform
adequate checks on user-supplied input. This occurs within the
"demux/playlist/xspf.c" source file when parsing XSPF playlist files.
VLC media player versions prior to 0.9.3 are affected.
Ref: http://www.securityfocus.com/bid/31757
______________________________________________________________________

08.42.72 CVE: CVE-2008-0019
Platform: Cross Platform
Title: Oracle Weblogic Server Apache Connector Stack-Based Buffer
Overflow
Description: Oracle Weblogic Server Apache Connector is an Apache
module used to proxy requests from the Apache web server to Oracle
Weblogic Server. Oracle Weblogic Server Apache Connector is exposed to
a stack-based buffer overflow issue because the application fails to
bounds check user-supplied data before copying it into an
insufficiently sized buffer.
Ref: http://www.iss.net/threats/304.html
______________________________________________________________________

08.42.73 CVE: CVE-2008-4020
Platform: Web Application - Cross Site Scripting
Title: Microsoft Office CDO Protocol Cross-Site Scripting
Description: Collaboration Data Objects (CDO) is an API provided by
Microsoft. Microsoft Office is exposed to a cross-site scripting issue
that arises because the software fails to handle specially crafted CDO
protocol URIs in a proper manner. Office XP Service Pack 3 is
affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx
______________________________________________________________________

08.42.74 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EEB-CMS "index.php" Cross-Site Scripting
Description: EEB-CMS is a PHP based application used for content
management. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
"content" parameter of the "index.php" script. EEB-CMS version 0.95 is
affected.
Ref: http://www.securityfocus.com/bid/31732
______________________________________________________________________

08.42.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre News Manager "news_detail.php" SQL Injection
Description: Pre News Manager is a PHP based news-publishing
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"nid" parameter of the "news_detail.php" script before using it in an
SQL query. Pre News Manager version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/497185
______________________________________________________________________

08.42.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GForge Multiple SQL Injection Vulnerabilities
Description: GForge is a PHP-based application for managing source
code. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31674
______________________________________________________________________

08.42.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TorrentTrader Classic Edition "completed-advance.php" SQL
Injection
Description: TorrentTrader Classic Edition is a PHP-based torrent
tracker. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "completed-advance.php" script before using it in an
SQL query. TorrentTrader Classic Edition versions up to and including
1.04 are affected.
Ref: http://www.securityfocus.com/bid/31626
______________________________________________________________________

08.42.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Built2Go Real Estate Listings "event_detail.php" SQL Injection
Description: Built2Go Real Estate Listings is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "event_id"
parameter of the "event_detail.php" script file before using it in an
SQL query. Built2Go Real Estate Listings version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/31628
______________________________________________________________________

08.42.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Brain Book Software AdMan "editCampaign.php" SQL Injection
Description: Brain Book Software AdMan is an advertisement management
server. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"campaignId" parameter of the "editCampaign.php" script before using
it in an SQL query. AdMan version 1.1.20070907 is affected.
Ref: http://www.securityfocus.com/bid/31646
______________________________________________________________________

08.42.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HispaH Text Link ADS "index.php" SQL Injection
Description: HispaH Text Link ADS is a PHP-based advertisement
application. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input to the
"idcat" parameter of the "index.php" script when the "action"
parameter is set to "buy".
Ref: http://www.securityfocus.com/bid/31649
______________________________________________________________________

08.42.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomtracker "id" Parameter SQL Injection
Description: Joomtracker is a PHP based component for bit torrent
tracking for the Joomla! content manager. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query. Joomtracker
version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/31676
______________________________________________________________________

08.42.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IranMC Arad Center "news.php" SQL Injection
Description: IranMC Arad Center is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"news.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31677
______________________________________________________________________

08.42.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Stash "news.php" SQL Injection
Description: Stash is a PHP-based content manager for band web sites.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "post" parameter of
the "admin/news.php" script before using it in an SQL query. Stash
version 1.0.3 is affected.
Ref: http://www.securityfocus.com/bid/31687
______________________________________________________________________

08.42.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ayco Okul Portali "default.asp" SQL Injection
Description: Ayco Okul Portali is a web-based application implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "linkid"
parameter of the "default.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31704
______________________________________________________________________

08.42.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easynet4u Forum Host "forum.php" SQL Injection
Description: Easynet4u Forum Host is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "forum" parameter of
the "forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31709
______________________________________________________________________

08.42.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easynet4u Faq Host "faq.php" SQL Injection
Description: Easynet4u Faq Host is a PHP based frequently asked
questions script. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"faq" parameter of the "faq.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/31710
______________________________________________________________________

08.42.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Mad4Joomla Mailforms Component SQL Injection
Description: Mad4Joomla Mailforms is a PHP-based component for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "jid" parameter of the "com_mad4joomla"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31712
______________________________________________________________________

08.42.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ignite Gallery "gallery" Parameter SQL Injection
Description: Ignite Gallery is a PHP-based image gallery component for
the Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query. Ignite Gallery
version 0.8.3 is affected.
Ref: http://www.securityfocus.com/bid/31714
______________________________________________________________________

08.42.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easynet4u Link Host "directory.php" SQL Injection
Description: Easynet4u Link Host is a PHP-based application for
managing links. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cat_id" parameter of the "directory.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/31717
______________________________________________________________________

08.42.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Real Estate Classifieds "index.php" SQL Injection
Description: Real Estate Classifieds is a PHP-based application for
managing property listings. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "cat" parameter of the "index.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31723
______________________________________________________________________

08.42.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Absolute Poll Manager "xlacomments.asp" SQL Injection
Description: Absolute Poll Manager XE is a web-based survey
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "p" parameter of the "xlacomments.asp"
script before using it in an SQL query. Absolute Poll Manager XE
version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/31724
______________________________________________________________________

08.42.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OwnBiblio Joomla! Component "catid" Parameter SQL Injection
Description: OwnBiblio is a PHP-based component for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter of the "index.php" script when the "option"
parameter is set to "com_ownbiblio". OwnBiblio version 1.5.3 is
affected.
Ref: http://www.milw0rm.com/exploits/6730
______________________________________________________________________

08.42.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NewLife Blogger "nlb3" Cookie SQL Injection
Description: NewLife Blogger is a PHP-based multi-user blogging
system. The application is exposed to an SQL injection issue because
it fails to adequately sanitize user-supplied input to the "nlb3"
cookie parameter in the "system/nlb_user.class.php" script before
using it in an SQL query. NewLife Blogger versions 3.0 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31728
______________________________________________________________________

08.42.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: "com_jeux" Joomla! Component "id" Parameter SQL Injection
Description: "com_jeux" is a PHP-based component for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script when the "option" parameter
is set to "com_jeux".
Ref: http://packetstormsecurity.org/0810-exploits/joomlajeux-sql.txt
______________________________________________________________________

08.42.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IndexScript "sug_cat.php" SQL Injection
Description: IndexScript is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "parent_id" parameter of the
"sug_cat.php" script before using it in an SQL query. IndexScript
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/31744
______________________________________________________________________

08.42.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ParsBlogger "links.asp" SQL Injection
Description: ParsBlogger is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "links.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31745
______________________________________________________________________

08.42.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS xhresim Module "index.php" SQL Injection
Description: xhresim is a PHP based component for the XOOPS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "no"
parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31749
______________________________________________________________________

08.42.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Webscene eCommerce "productlist.php" SQL Injection
Description: Webscene eCommerce is a PHP based ecommerce and shopping
cart application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"level" parameter of the "productlist.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/archive/1/497324
______________________________________________________________________

08.42.99 CVE: Not Available
Platform: Web Application
Title: Drupal Multiple Remote Access Validation Vulnerabilities and
Weaknesses
Description: Drupal is a PHP-based content manager. Drupal is exposed
to multiple issues. Exploiting these issues can allow an attacker to
upload arbitrary files, obtain sensitive information, or perform
unauthorized actions on affected sites. Drupal versions prior to 5.11
and 6.5 are affected.
Ref: http://drupal.org/node/318706
______________________________________________________________________

08.42.100 CVE: Not Available
Platform: Web Application
Title: Proxim Tsunami MP.11 2411 Wireless Access Point
"system.sysName.0" SNMP HTML Injection
Description: The Proxim Tsunami MP.11 2411 is a wireless access point
that includes a web-based administration interface. The Tsunami MP.11
2411 is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Tsunami MP.11 Model 2411 is affected.
Ref: http://www.securityfocus.com/archive/1/497182
______________________________________________________________________

08.42.101 CVE: Not Available
Platform: Web Application
Title: Kusaba "paint_save.php" Remote Code Execution
Description: Kusaba is a PHP-based image board application. The
application is exposed to a remote code execution issue that occurs in
the "paint_save.php" script. Specifically, the application fails to
sufficiently sanitize content contained in images before uploading
them onto the web server. Kusaba version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/31668
______________________________________________________________________

08.42.102 CVE: Not Available
Platform: Web Application
Title: Avaya Communication Manager Web Administration Multiple
Security Vulnerabilities
Description: Avaya Communication Manager is a messaging application.
Avaya Communication Manager is exposed to multiple remote security
issues because it fails to adequately sanitize user-supplied input.
These issues affect the Web Administration Interface and can be
triggered with specially-crafted HTTP POST requests.
Ref:
http://www.voipshield.com/research-details.php?id=121&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.42.103 CVE: Not Available
Platform: Web Application
Title: WebBiscuits Modules Controller Multiple Local and Remote File
Include Vulnerabilities
Description: WebBiscuits Modules Controller is a web-based
application. The application is exposed to multiple input validation
issues. An attacker can exploit these issues to obtain sensitive
information or execute malicious PHP code in the context of the
web server process. WebBiscuits Modules Controller version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/31655
______________________________________________________________________

08.42.104 CVE: Not Available
Platform: Web Application
Title: Drupal Multiple Modules Security Bypass Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms, including Microsoft Windows and
UNIX/Linux variants. Multiple Drupal Modules are exposed to security
bypass issues that may allow attackers to gain access to
administrative or sensitive areas of the application without the
appropriate privileges.
Ref: http://www.securityfocus.com/bid/31660
______________________________________________________________________

08.42.105 CVE: CVE-2008-4411
Platform: Web Application
Title: HP System Management Homepage (SMH) for Linux and Windows Cross-Site
Scripting
Description: HP System Management Homepage (SMH) provides a web-based
management interface for ProLiant and Integrity servers. SMH is
exposed to a cross-site scripting issue because it fails to adequately
sanitize user-supplied input. SMH for Linux and Windows versions prior
to 2.1.15.210 are affected.
Ref: http://www.securityfocus.com/bid/31663
______________________________________________________________________

08.42.106 CVE: Not Available
Platform: Web Application
Title: ModSecurity Transformation Caching Security Bypass
Description: ModSecurity is an Apache module that provides firewall
protection for web applications. Some versions of ModSecurity include
a Transformation Caching feature. ModSecurity is exposed to a security
bypass issue related to Transformation Caching. Remote attackers may
be able to take advantage of this issue to bypass certain firewall
rules. ModSecurity versions 2.5.0 through 2.5.5 are affected.
Ref: http://blog.modsecurity.org/2008/08/transformation.html
______________________________________________________________________

08.42.107 CVE: Not Available
Platform: Web Application
Title: Kusaba "load_receiver.php" Remote Code Execution
Description: Kusaba is a PHP-based image board application. The
application is exposed to a remote code execution issue that occurs in
the "load_receiver.php" script. Specifically, the application fails to
sufficiently sanitize content contained in images before uploading
them onto the web server. Kusaba version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/31685
______________________________________________________________________

08.42.108 CVE: Not Available
Platform: Web Application
Title: Camera Life SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Camera Life is a web-based photo gallery application.
Since it fails to adequately sanitize user-supplied input, the
application is exposed to multiple issues. An SQL injection issue
affects the "id" parameter in the "album.php" script. A cross-site
scripting issue affects the "name" parameter in the "topic.php"
script. Camera Life version 2.6.2b4 is affected.
Ref: http://www.securityfocus.com/bid/31689
______________________________________________________________________

08.42.109 CVE: Not Available
Platform: Web Application
Title: Scriptsez Easy Image Downloader "main.php" Local File Include
Description: Scriptsez Easy Image Downloader is a PHP-based image
listing and download script. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "id" parameter of the "main.php" script when the "action"
parameter is set to "download".
Ref: http://www.securityfocus.com/bid/31695
______________________________________________________________________

08.42.110 CVE: Not Available
Platform: Web Application
Title: Scriptsez Mini Hosting Panel "members.php" Local File Include
Description: Scriptsez Mini Hosting Panel is a web-based application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "dir" parameter
of the "members.php".
Ref: http://www.securityfocus.com/bid/31701
______________________________________________________________________

08.42.111 CVE: Not Available
Platform: Web Application
Title: My PHP Indexer "index.php" Directory Traversal
Description: My PHP Indexer is a web-based application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input to the "d" and "f"
parameters of the "index.php" script. My PHP Indexer version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31726
______________________________________________________________________

08.42.112 CVE: Not Available
Platform: Web Application
Title: Globsy "globsy_edit.php" Arbitrary File Overwrite
Description: Globsy is a web-based application. Since it fails to
verify user-supplied input, the software is exposed to an issue that
could permit an attacker to overwrite arbitrary files. Globsy versions
up to and including 1.0 are affected.
Ref: http://www.securityfocus.com/bid/31727
______________________________________________________________________

08.42.113 CVE: Not Available
Platform: Web Application
Title: LokiCMS "index.php" Information Disclosure
Description: LokiCMS is a web-based content manager. The application
is exposed to an information disclosure issue because it fails to
sufficiently sanitize user-supplied input to the "page" parameter of
the "index.php" script. LokiCMS versions 0.3.4 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31730
______________________________________________________________________

08.42.114 CVE: Not Available
Platform: Web Application
Title: mini-pub Multiple Information Disclosure Vulnerabilities
Description: mini-pub is a PHP based web publisher. The application is
exposed to multiple information disclosure issues because it fails to
validate user-supplied input. mini-pub versions 0.3 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31733
______________________________________________________________________

08.42.115 CVE: Not Available
Platform: Web Application
Title: mini-pub "cat.php" Remote Command Execution
Description: mini-pub is a PHP-based web publisher application.
mini-pub is exposed to an issue that attackers can leverage to execute
arbitrary commands in the context of the application. This issue
occurs because the application fails to adequately validate
user-supplied input to the "sFileName" parameter of the "cat.php"
script. mini-pub version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/31734
______________________________________________________________________

08.42.116 CVE: Not Available
Platform: Web Application
Title: SlimCMS "redirect.php" Security Bypass
Description: SlimCMS is a web-based content management system
implemented in PHP. The application is exposed to an issue that allows
an attacker to add an arbitrary new user to the system. This issue is
caused by a failure to sufficiently sanitize user-supplied input to
the "redirect.php" script. SlimCMS version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/31736
______________________________________________________________________

08.42.117 CVE: Not Available
Platform: Web Application
Title: LokiCMS "admin.php" Local File Include
Description: LokiCMS is a PHP based content manager. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language" parameter before using
it in the "admin.php" script. LokiCMS version 0.3.4 is affected.
Ref: http://www.securityfocus.com/bid/31743
______________________________________________________________________

08.42.118 CVE: Not Available
Platform: Web Application
Title: WP Comment Remix 1.4.3 SQL Injection and HTML Injection
Vulnerabilities
Description: WP Comment Remix is a comments plugin for WordPress. The
application is exposed to multiple input validation issues. The
attacker may leverage the HTML injection issues to execute arbitrary
script code in the browser of an unsuspecting user in the context of
the affected site. WP Comment Remix version 1.4.3 is affected.
Ref: http://www.securityfocus.com/archive/1/497313
______________________________________________________________________

08.42.119 CVE: Not Available
Platform: Web Application
Title: SezHoo "SezHooTabsAndActions.php" Parameter Remote File Include
Description: SezHoo is a MediaWiki extension that establishes
reputations for authors of wiki articles. The application is exposed
to a remote file include issue because it fails to properly sanitize
user-supplied input to the "IP" parameter of the
"SezHooTabsAndActions.php" script. SezHoo version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/31756
______________________________________________________________________

08.42.120 CVE: Not Available
Platform: Network Device
Title: Nortel Networks Multimedia Communications Server Authentication
Bypass
Description: Nortel Networks Multimedia Communications Server is an
appliance that provides IP telephony, instant messaging, and
conferencing capabilities. The device is exposed to an unspecified
authentication bypass issue that can allow attackers to perform
unauthorized actions such as spoofing and redirecting calls. Nortel
Networks Multimedia Communications Server version 5100 3.0.13 is
affected.
Ref:
http://www.voipshield.com/research-details.php?id=119&s=1&threats_details=&
threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
______________________________________________________________________

08.42.121 CVE: CVE-2008-4441
Platform: Network Device
Title: Linksys WAP4400N Marvell Wireless Chipset Driver Remote Denial
of Service
Description: Linksys WAP4400N wireless access points are exposed to a
denial of service issue because they fail to adequately verify
user-supplied input. This issue presents itself when the wireless
driver attempts to process malformed association request packets.
Ref: http://www.securityfocus.com/archive/1/497285
______________________________________________________________________

08.42.122 CVE: Not Available
Platform: Network Device
Title: Multiple Telecom Italia Routers Authentication Bypass
Description: AGA, AGB, AG2P-AG3, AGPV-AGPF are wireless routers
developed by Telecom Italia. Multiple Telecom Italia Routers
are exposed to an authentication bypass issue that may allow attackers
to gain access to the router's administration interface and
unauthorized access to certain services. This issue occurs when
handling specially crafted IP packets.
Ref: http://www.securityfocus.com/archive/1/497312
______________________________________________________________________
[ terug ]