Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
October 9, 2008                                           Vol. 7. Week 41
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                        1
Third Party Windows Apps                       6 (#4)
Mac Os                                         1
Linux                                          5
HP-UX                                          1
Cross Platform                                27 (#1, #2, #3)
Web Application - Cross Site Scripting        12
Web Application - SQL Injection               21
Web Application                               25

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
(2) CRITICAL: Opera Multiple Vulnerabilities
(3) HIGH: Multiple TCP Implementations Denial-of-Service
(4) HIGH: mIRC Private Message Handling Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.41.1  - Microsoft Windows Vista Local Denial of Service
 -- Third Party Windows Apps
08.41.2  - Debian xsabre Insecure Temporary File Creation
08.41.3  - ESET SysInspector "esiadrv.sys" Local Privilege Escalation
08.41.4  - mIRC "PRIVMSG" Buffer Overflow
08.41.5  - Vba32 Personal Antivirus Archive Parsing Denial of Service
08.41.6  - AyeView GIF Image Handling Denial of Service
08.41.7  - iseemedia "LPControl.dll" LPViewer ActiveX Control Multiple Buffer
Overflow Vulnerabilities
 -- Mac Os
08.41.8  - Apple Mail S/MIME Draft Message Encryption Weakness
 -- Linux
08.41.9  - Linux kernel "fs/direct-io.c" Local Denial of Service
08.41.10 - Fedora 8/9 Linux Kernel "utrace_control" NULL Pointer Dereference
Denial of Service
08.41.11 - Linux Kernel LDT Selector Local Privilege Escalation and Denial of
Service
08.41.12 - Linux Kernel "generic_file_splice_write()" Local Privilege Escalation
08.41.13 - Debian mon "alert.d/test.alert" Insecure Temporary File Creation
 -- HP-UX
08.41.14 - HP-UX NFS/ONCplus Unspecified Remote Denial of Service
 -- Cross Platform
08.41.15 - Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation
Address Spoofing
08.41.16 - Trend Micro OfficeScan and Worry-Free Business Security Multiple
Vulnerabilities
08.41.17 - vxFtpSrv CWD Command Buffer Overflow
08.41.18 - Xerces-C++ "maxOccurs" XML Parsing Remote Denial of Service
08.41.19 - Adobe Flash Player SWF Version Null Pointer Dereference Denial of
Service
08.41.20 - TCP/IP Protocol Stack Unspecified Remote Denial of Service
08.41.21 - Apple QuickTime "STSZ" Atoms Memory Corruption
08.41.22 - Apple QuickTime PICT Denial of Service
08.41.23 - Novell eDirectory Multiple Buffer Overflow And Denial of Service
Vulnerabilities
08.41.24 - libxml2 Denial of Service
08.41.25 - RhinoSoft Serv-U FTP Server "sto con:1" Denial of Service
08.41.26 - Serv-U FTP Server "rnto" Command Directory Traversal
08.41.27 - VMware Products In-Guest Privilege Escalation and Information
Disclosure Vulnerabilities
08.41.28 - OpenNMS HTTP Response Splitting
08.41.29 - Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
08.41.30 - Simple Machines Forum HTTP POST Request Filter Security Bypass
08.41.31 - MetaGauge Web Server Directory Traversal
08.41.32 - Lighttpd URI Rewrite/Redirect Information Disclosure
08.41.33 - Lighttpd "mod_userdir" Case Sensitive Comparison Security Bypass
08.41.34 - D-Bus "dbus_signature_validate()" Type Signature Denial of Service
08.41.35 - Internet Download Manager File Parsing Buffer Overflow
08.41.36 - KDE Konqueror Font Color Assertion Denial of Service
08.41.37 - Mozilla Firefox Internet Shortcut Same Origin Policy Violation
08.41.38 - PHP FastCGI Module File Extension Denial of Service Vulnerabilities
08.41.39 - Skype Toolbars Extension for Firefox BETA Clipboard Security Weakness
08.41.40 - Condor Prior to 7.0.5 Multiple Security Vulnerabilities
08.41.41 - Adobe Flash Player Unspecified Clickjacking
 -- Web Application - Cross Site Scripting
08.41.42 - Celoxis Multiple Cross-Site Scripting Vulnerabilities
08.41.43 - H-Sphere WebShell "actions.php" Multiple Cross-Site Scripting
Vulnerabilities
08.41.44 - WikyBlog Multiple Cross-Site Scripting Vulnerabilities
08.41.45 - Blosxom "blosxom.cgi" Cross-Site Scripting
08.41.46 - Dreamcost HostAdmin "index.php" Cross-Site Scripting
08.41.47 - OpenNMS "surveillanceView.htm" Cross-Site Scripting
08.41.48 - MediaWiki "useskin" Cross-Site Scripting
08.41.49 - Blue Coat WebFilter ICAP Patience Page Cross-Site Scripting
08.41.50 - AutoNessus "bulk_update.pl" Cross-Site Scripting
08.41.51 - Website Directory "index.php" Cross-Site Scripting
08.41.52 - VeriSign Kontiki Delivery Management System "action" Parameter
Cross-Site Scripting
08.41.53 - Nucleus CMS EUC-JP Cross-Site Scripting
 -- Web Application - SQL Injection
08.41.54 - ASPapp Knowledge Base "catid" Parameter SQL Injection
08.41.55 - Discussion Forums 2k Multiple SQL Injection Vulnerabilities
08.41.56 - noName CMS Multiple SQL Injection Vulnerabilities
08.41.57 - BMForum "plugins.php" SQL Injection
08.41.58 - eZoneScripts Link Trader Script "ratelink.php" SQL Injection
08.41.59 - OpenX "bannerid" SQL Injection
08.41.60 - AdaptCMS Lite "check_user.php" SQL Injection
08.41.61 - Full PHP Emlak Script "arsaprint.php" SQL Injection
08.41.62 - IP Reg "login.php" SQL Injection
08.41.63 - XAMPP for Windows "cds.php" SQL Injection
08.41.64 - PHP-Fusion "triscoop_race_system" Module "raceid" Parameter SQL
Injection
08.41.65 - PHP-Fusion "recept" Module "kat_id" Parameter SQL Injection
08.41.66 - PHP-Fusion "raidtracker_panel" Module "INFO_RAID_ID" Parameter SQL
Injection
08.41.67 - PHP-Fusion "manuals" Module "manual" Parameter SQL Injection
08.41.68 - geccBBlite "leggi.php" Parameter SQL Injection
08.41.69 - XAMPP for Windows "phonebook.php" SQL Injection
08.41.70 - AmpJuke "index.php" SQL Injection
08.41.71 - Galerie "pic" Parameter SQL Injection
08.41.72 - PHP Auto's "searchresults.php" SQL Injection
08.41.73 - Select Development Solutions Multiple Products "view_cat.php" SQL
Injection
08.41.74 - YourOwnBux "usNick" Cookie Parameter SQL Injection
 -- Web Application
08.41.75 - Crux Gallery "index.php" Local File Include
08.41.76 - MySQL Quick Admin "index.php" Local File Include
08.41.77 - phpScheduleIt "reserve.php" Remote Code Execution
08.41.78 - RPortal "file_op" Parameter Remote File Include
08.41.79 - phpscripts Ranking Script Cookie Authentication Bypass
08.41.80 - Juniper ScreenOS HTML Injection
08.41.81 - MediaWiki "$wgGroupPermissions" Configuration Security Bypass
08.41.82 - Bux.to Clone Script Cookie Authentication Bypass
08.41.83 - OLIB7 WebView "infile" Parameter Local File Include
08.41.84 - Drupal Brilliant Gallery Module SQL Injection and Cross-Site
Scripting Vulnerabilities
08.41.85 - CCMS "skin" Parameter Multiple Local File Include Vulnerabilities
08.41.86 - Kwalbum "UploadItems" Parameter Arbitrary File Upload
08.41.87 - pPIM "id" Parameter Local File Include
08.41.88 - JMweb "src" Parameter Multiple Local File Include Vulnerabilities
08.41.89 - FOSS Gallery Arbitrary File Upload
08.41.90 - phpAbook Cookie Local File Include
08.41.91 - Fastpublish CMS Local File Include and SQL Injection Vulnerabilities
08.41.92 - K9 Web Protection Authentication Bypass Vulnerabilities
08.41.93 - Phorum Image Tag HTML Injection
08.41.94 - PHP Web Explorer Multiple Local File Include Vulnerabilities
08.41.95 - asiCMS "_ENV[asicms][path]" Parameter Multiple Remote File Include
Vulnerabilities
08.41.96 - Yerba "mod" Local File Include
08.41.97 - IBM Quickr Denial of Service and Security Bypass Vulnerabilities
08.41.98 - Atarone Version 1.2.0 Multiple Input Validation Vulnerabilities
08.41.99 - Yerba SACphp 6.3 Multliple Remote Vulnerabilities

______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
Affected:
Novell eDirectory versions prior to 8.7.3 SP10 FTF1
Description: Novell eDirectory is Novell's implementation of the
Lightweight Directory Access Protocol (LDAP). It contains multiple
buffer and integer overflows in a variety of subsystems. A specially
crafted request to the server could exploit one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process (usually SYSTEM). The vulnerabilities exist
in the server's SOAP interface and Core Protocol interface. Technical
details for these vulnerabilities are publicly available.
Status: Vendor confirmed, updates available.
References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-066/
http://zerodayinitiative.com/advisories/ZDI-08-065/
http://zerodayinitiative.com/advisories/ZDI-08-064/
http://zerodayinitiative.com/advisories/ZDI-08-063/
Novell Changelog
http://www.novell.com/support/viewContent.do?externalId=3477912
Wikipedia Article on LDAP 
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Wikipedia Article on the Netware Core Protocol
http://en.wikipedia.org/wiki/NetWare_Core_Protocol
Wikipedia Article on SOAP
http://en.wikipedia.org/wiki/SOAP
Vendor Home Page
http://www.novell.com
SecurityFocus BID
http://www.securityfocus.com/bid/31553
**********************************************************
(2) CRITICAL: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.60
Description: Opera is a popular cross-platform web browser and suite of
internet applications. It contains multiple vulnerabilities in its
handling of addresses and Java applets. A specially crafted address used
in a redirection can result in a buffer overflow vulnerability.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the current user. Full
technical details for this vulnerability are publicly available.
Additionally, a flaw in the handling of Java applets can result in an
information-disclosure vulnerability.
Status: Vendor confirmed, updates available.
References:
Matasano Advisory
http://www.matasano.com/log/1182/i-broke-opera/
Opera Security Advisories
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
Vendor Home Page
http://www.opera.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/31643
http://www.securityfocus.com/bid/31631
**********************************************************
(3) HIGH: Multiple TCP Implementations Denial-of-Service
Affected:
Multiple TCP implementations
Description: TCP is the Transmission Control Protocol, one of the
fundamental protocols of the Internet. Reports have surfaced indicating
that several common implementations of the protocol suffer from a
denial-of-service condition. No concrete details have been released for
this vulnerability, but speculation has lead to various guesses and
attempts. Current reports indicate that at least Microsoft WIndows,
Apple Mac OS X, and Linux are vulnerable. It is unknown if firewalls can
mitigate this vulnerability. Details of the vulnerability are expected
to be revealed at the T2 security conference in mid-October.
Status: No confirmation.
References:
Post from Outpost24
http://www.outpost24.com/news/news-2008-10-02.html
T2 Security Conference Talk
http://www.t2.fi/schedule/2008/#speech8
Slashdot Story
http://it.slashdot.org/article.pl?sid=08/10/01/0127245
SecurityFocus BID
Not yet available.
**********************************************************
(4) HIGH: mIRC Private Message Handling Buffer Overflow
Affected:
mIRC versions 6.34 and prior
Description: mIRC is a popular Internet Relay Chat (IRC) client for
Microsoft Windows. It contains a buffer overflow in its handling of the
IRC "private message" (PRIVMSG) command. A specially crafted PRIVMSG
command sent to a vulnerable client could trigger this buffer overflow,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Full technical details and a proof-of-concept are
publicly available for this vulnerability. Private messages can be sent
unsolicited in some networks.
Status: Vendor has not confirmed, no updates available.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6666
Wikipedia Article on Internet Relay Chat
http://en.wikipedia.org/wiki/Internet_Relay_Chat
Vendor Home Page
http://www.mirc.com/
SecurityFocus BID
Not yet available.
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 41, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.41.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Vista Local Denial of Service
Description: Microsoft Windows Vista is exposed to a local denial of
service issue that arises due to an access violation in the exception
handling routines of the operating system. Windows Vista Home Premium
and Ultimate editions are affected.
Ref: http://www.securityfocus.com/bid/31570
______________________________________________________________________

08.41.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Debian xsabre Insecure Temporary File Creation
Description: Debian xsabre is a game for the X11 windows system. Debian
xsabre creates temporary files in an insecure manner. Specifically,
the script "XRunSabre" writes to the file "/tmp/sabre.log" in an
insecure fashion. Debian xsabre version 0.2.4b-23 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433996
______________________________________________________________________

08.41.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: ESET SysInspector "esiadrv.sys" Local Privilege Escalation
Description: ESET SysInspector is a diagnostic tool for the Windows NT
operating system. ESET SysInspector is exposed to a local privilege
escalation issue. This issue is a result of the application failing to
sufficiently validate user-supplied pointers passed to input/output
control (IOCTL) functions. ESET SysInspector version 1.1.1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31521/references
______________________________________________________________________

08.41.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: mIRC "PRIVMSG" Buffer Overflow
Description: mIRC is a chat client for the IRC protocol. It is
designed for Microsoft Windows based operating systems. mIRC is
exposed to a buffer overflow issue that arises when the client handles
a malformed "PRIVMSG" request from a server. mIRC version 6.34 is
affected.
Ref: http://www.securityfocus.com/bid/31552
______________________________________________________________________

08.41.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Vba32 Personal Antivirus Archive Parsing Denial of Service
Description: Vba32 Personal Antivirus is an antivirus application for
the Microsoft Windows platform. The application is exposed to a denial
of service issue due to an unspecified memory corruption error. An
attacker can exploit this issue by supplying a malicious archive file.
Vba32 Personal Antivirus versions in the 3.12.8 branch are affected.
Ref: http://www.securityfocus.com/bid/31560
______________________________________________________________________

08.41.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: AyeView GIF Image Handling Denial of Service
Description: AyeView is an image viewer, converter and browser. It is
available for Microsoft Windows platforms. AyeView is exposed to a
remote denial of service issue. A specially-crafted GIF image may
result in a crash when viewed in the application. AyeView version 2.20
is affected.
Ref: http://www.securityfocus.com/archive/1/497045
______________________________________________________________________

08.41.7 CVE: CVE-2008-4384
Platform: Third Party Windows Apps
Title: iseemedia "LPControl.dll" LPViewer ActiveX Control Multiple
Buffer Overflow Vulnerabilities
Description: iseemedia LPViewer is an ActiveX component included in
the file "LPControl.dll". This ActiveX component was formerly
developed by MGI Software and Roxio. The application is exposed to
multiple buffer overflow issues because it fails to perform adequate
boundary checks on user-supplied data.
Ref: http://www.kb.cert.org/vuls/id/848873
______________________________________________________________________

08.41.8 CVE: Not Available
Platform: Mac Os
Title: Apple Mail S/MIME Draft Message Encryption Weakness
Description: Apple Mail is an email client application for OS X. Apple
Mail is exposed to a weakness related to its implementation of the
S/MIME email encryption standard. When Mail is configured to store
draft messages on an IMAP or Exchange email server in addition to
using S/MIME encryption, draft messages are stored in an unencrypted
format. Mail version 3.5 (929.4/929.2) is affected.
Ref: http://www.securityfocus.com/archive/1/497057
______________________________________________________________________

08.41.9 CVE: CVE-2007-6716
Platform: Linux
Title: Linux kernel "fs/direct-io.c" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue caused by a design error in the "fs/direct-io.c" driver.
Specifically, the driver fails to properly zero-out the "dio"
structure. Linux kernel versions prior to 2.6.23 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0885.html
______________________________________________________________________

08.41.10 CVE: CVE-2008-3832
Platform: Linux
Title: Fedora 8/9 Linux Kernel "utrace_control" NULL Pointer
Dereference Denial of Service
Description: Fedora 8 and 9 Linux kernel is exposed to a local denial
of service issue. This issue is due to a NULL-pointer dereference
exception in the "utrace_control(2)" utility. An unprivileged local
attacker can cause the kernel to crash by tracing the "init" process.
Fedora 8 versions prior to kernel-2.6.26.5-28 and Fedora 9 versions
prior to kernel-2.6.26.5-45 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3832
______________________________________________________________________

08.41.11 CVE: Not Available
Platform: Linux
Title: Linux Kernel LDT Selector Local Privilege Escalation and Denial
of Service
Description: The Linux kernel is exposed to a local issue that may
result in privilege escalation or a denial of service. This issue
involves LDT (Local Descriptor Table) selectors in the VMI (Virtual
Machine Interface). This issue occurs in the "vmi_write_ldt_entry()"
function in the "arch/x86/kernel/vmi_32.c" source file. Linux kernel
versions prior to 2.6.27-rc8-git5 running as a VMI guest are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1010
______________________________________________________________________

08.41.12 CVE: CVE-2008-3833
Platform: Linux
Title: Linux Kernel "generic_file_splice_write()" Local Privilege
Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue. This issue occurs because the
"generic_file_splice_write()" function in the "fs/splice.c" source
file fails to remove the S_ISUID and S_ISGID flags when splicing
inodes. Linux kernel versions prior to 2.6.19-rc3 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=464450
______________________________________________________________________

08.41.13 CVE: CVE-2008-4477
Platform: Linux
Title: Debian mon "alert.d/test.alert" Insecure Temporary File
Creation
Description: Debian mon is a tool for monitoring the availability of
services running on a computer. Debian mon creates temporary files in
an insecure manner. Specifically, the issue affects the
"alert.d/test.alert" script.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496398
______________________________________________________________________

08.41.14 CVE: CVE-2008-3543
Platform: HP-UX
Title: HP-UX NFS/ONCplus Unspecified Remote Denial of Service
Description: HP-UX is a UNIX-based operating system. HP-UX is exposed
to a remote denial of service issue due to an unspecified error
related to NFS/ONCplus. The issue affects HP-UX B.11.31 running
NFS/ONCplus version B.11.31_04 or earlier.
Ref: http://www.securityfocus.com/archive/1/497104
______________________________________________________________________

08.41.15 CVE: CVE-2008-2476
Platform: Cross Platform
Title: Multiple Vendors IPv6 Neighbor Discovery Protocol
Implementation Address Spoofing
Description: Neighbor Discovery Protocol (NDP) is a protocol used in
IPv6 to detect and locate routers and other "on-link" devices.
Multiple vendors' IPv6 Neighbor Discovery Protocol (NDP)
implementations are exposed to a security issue. The issue occurs when
an affected router receives a neighbor solicitation request (ICMPv6
type 135 message) that is using a spoofed source IPv6 address and it
is coming from a computer or device that is considered "on-link".
Ref: http://www.kb.cert.org/vuls/id/472363
______________________________________________________________________

08.41.16 CVE: CVE-2008-2439
Platform: Cross Platform
Title: Trend Micro OfficeScan and Worry-Free Business Security
Multiple Vulnerabilities
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. Trend Micro OfficeScan and Worry-Free Business
Security are exposed to multiple issues.
Ref: http://secunia.com/advisories/31343/
______________________________________________________________________

08.41.17 CVE: Not Available
Platform: Cross Platform
Title: vxFtpSrv CWD Command Buffer Overflow
Description: vxFtpSrv is an FTP server application available for 
Windows CE, Pocket PC and Windows Mobile. vxFtpSrv is exposed to a
buffer overflow issue because it fails to sufficiently sanitize
user-supplied input. The issue occurs when handling excessively large
amounts of data passed to the "CWD" FTP command. vxFtpSrv version
2.0.3 is affected.
Ref: http://www.securityfocus.com/bid/31532
______________________________________________________________________

08.41.18 CVE: Not Available
Platform: Cross Platform
Title: Xerces-C++ "maxOccurs" XML Parsing Remote Denial of Service
Description: Xerces-C++ is a freely available XML parser implemented
in C++. Xerces-C++ is exposed to a denial of service issue because it
fails to handle specially crafted XML files when an overly large
"maxOccurs" value is included in an XML schema. This issue occurs in
the "ContentSpecNode::~ContentSpecNode()" function of the
"ContentSpecNode.hpp" source file, and can be triggered when a
"maxOccurs" value exceeds 200000. Xerces-C++ versions prior to 3.0.0
are affected.
Ref: http://xerces.apache.org/xerces-c/releases.html
______________________________________________________________________

08.41.19 CVE: Not Available
Platform: Cross Platform
Title: Adobe Flash Player SWF Version Null Pointer Dereference Denial
of Service
Description: Adobe Flash Player Plugin is a web browser plugin for
playing Flash media files. The application is exposed to a denial of
service issue. Specifically, a NULL-pointer dereference error occurs
when handling SWF files containing distinct version numbers. Adobe
Flash Player Plugin versions 9.0.45.0, 9.0.112.0, 9.0.124.0 and
10.0.12.10 are affected.
Ref: http://www.securityfocus.com/archive/1/496929
______________________________________________________________________

08.41.20 CVE: Not Available
Platform: Cross Platform
Title: TCP/IP Protocol Stack Unspecified Remote Denial of Service
Description: The core TCP/IP protocol is exposed to a remote denial
of service issue. The cause of this issue is unknown. Exploiting this
issue allows remote attackers to trigger denial of service conditions.
This issue affects multiple vendors' implementations of the TCP/IP
stack.
Ref: https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

______________________________________________________________________

08.41.21 CVE: CVE-2008-3626
Platform: Cross Platform
Title: Apple QuickTime "STSZ" Atoms Memory Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption issue
that arises when it handles specially crafted movie files. The problem
occurs because of insufficient bounds checking of "STSZ" atoms. This
issue affects QuickTime versions prior to 7.5.5 for OS X 10.4 and
10.5, for Microsoft Windows Vista, and for Windows XP SP2 and SP3. The
issue also affects Apple TV versions from 1.0 up to and including 2.1.
Ref: http://www.securityfocus.com/archive/1/496162
______________________________________________________________________

08.41.22 CVE: CVE-2008-3629
Platform: Cross Platform
Title: Apple QuickTime PICT Denial of Service
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a denial of service issue.
QuickTime versions prior to 7.5.5 are affected.
Ref: http://www.securityfocus.com/bid/31548
______________________________________________________________________

08.41.23 CVE: Not Available
Platform: Cross Platform
Title: Novell eDirectory Multiple Buffer Overflow And Denial of
Service Vulnerabilities
Description: Novell eDirectory is a Lightweight Directory Access
Protocol (LDAP) server that also implements NCP (NetWare Core
Protocol). Novell eDirectory is exposed to multiple issues. Successful
exploits may allow attackers to execute arbitrary code within the
context of the affected application or cause denial of service
conditions. eDirectory versions prior to 8.7.3 SP10 FTF1 are affected.
Ref: http://www.novell.com/support/viewContent.do?externalId=3477912
______________________________________________________________________

08.41.24 CVE: CVE-2008-4422
Platform: Cross Platform
Title: libxml2 Denial of Service
Description: The libxml2 library is a freely available package that is
used to parse and create XML content. The libxml2 library is exposed
to a denial of service issue due to an error when handling files using
entities in entity definitions. The libxml2 versions 2.7 prior to
2.7.2 are affected.
Ref: http://bugzilla.gnome.org/show_bug.cgi?id=554660#c1
______________________________________________________________________

08.41.25 CVE: Not Available
Platform: Cross Platform
Title: RhinoSoft Serv-U FTP Server "sto con:1" Denial of Service
Description: Serv-U FTP Server is designed for use with Microsoft
Windows operating systems. Serv-U FTP server is exposed to an
unspecified denial of service issue. This issue occurs when handling a
malformed "sto con:1" command. Serv-U FTP server version 7.2.0.1 is
affected.
Ref: http://www.securityfocus.com/bid/31556
______________________________________________________________________

08.41.26 CVE: Not Available
Platform: Cross Platform
Title: Serv-U FTP Server "rnto" Command Directory Traversal
Description: Serv-U FTP server is designed for use with Microsoft
Windows operating systems. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. This issue occurs because the application fails
to sanitize directory traversal strings (..) passed to the "rnto"
command. Serv-U FTP server version 7.2.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31563
______________________________________________________________________

08.41.27 CVE: Not Available
Platform: Cross Platform
Title: VMware Products In-Guest Privilege Escalation and Information
Disclosure Vulnerabilities
Description: VMware is a set of server-emulation applications that are
available for several platforms. Various VMware products are exposed to
multiple issues that may allow attackers to gain elevated privileges in
a guest operating system and disclose sensitive information.
VirtualCenter versions prior to 2.5 Update 3 build 119838 are affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html
______________________________________________________________________

08.41.28 CVE: Not Available
Platform: Cross Platform
Title: OpenNMS HTTP Response Splitting
Description: OpenNMS is an enterprise grade network management
platform developed under the open source model. The application is
exposed to an HTTP response splitting issue because it fails to
sufficiently sanitize input to the "Location" item before using it in
the HTTP headers. OpenNMS versions prior to 1.5.94 are affected.
Ref: http://www.securityfocus.com/archive/1/497072
______________________________________________________________________

08.41.29 CVE: Not Available
Platform: Cross Platform
Title: Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
Description: Dovecot is a mail-server application for Linux and
UNIX-like operating systems. Dovecot ACL plugin is exposed to multiple
issues. Attackers can exploit these issues to bypass certain mailbox
restrictions and disclose potentially sensitive data; other attacks are
also possible. Dovecot versions prior to 1.1.4 are affected.
Ref: http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
______________________________________________________________________

08.41.30 CVE: Not Available
Platform: Cross Platform
Title: Simple Machines Forum HTTP POST Request Filter Security Bypass
Description: Simple Machines Forum is online-community software.
Simple Machines Forum (SMF) is exposed to a security bypass issue
because it fails to sufficiently sanitize data contained in an HTTP
POST request before displaying it onto a website. Simple Machine
Forum version 1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/31594
______________________________________________________________________

08.41.31 CVE: CVE-2008-4421
Platform: Cross Platform
Title: MetaGauge Web Server Directory Traversal
Description: MetaGauge is a network monitoring and analysis tool for
Microsoft Windows. MetaGauge includes an HTTP server to display
gathered data. The included webserver is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. MetaGauge versions prior to 1.0.3.38 are exposed.
Ref: http://www.securityfocus.com/archive/1/497039
______________________________________________________________________

08.41.32 CVE: CVE-2008-4359
Platform: Cross Platform
Title: Lighttpd URI Rewrite/Redirect Information Disclosure
Description: Lighttpd is a freely available webserver application.
Lighttpd is exposed to an information disclosure issue because it
performs redirect operations on URIs prior to decoding them. This
issue affects the "url.redirect" and "url.rewrite" configuration
options. Lighttpd versions prior to 1.4.20 are affected.
Ref: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
______________________________________________________________________

08.41.33 CVE: CVE-2008-4360
Platform: Cross Platform
Title: Lighttpd "mod_userdir" Case Sensitive Comparison Security
Bypass
Description: The "lighttpd" program is an open-source webserver
application. The application is exposed to a security bypass issue
that occurs in the "mod_userdir" module. This issue occurs on
operating systems or file systems that perform case sensitive
operations on filenames. "lighttpd" versions prior to 1.4.20 are
affected.
Ref: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
______________________________________________________________________

08.41.34 CVE: CVE-2008-3834
Platform: Cross Platform
Title: D-Bus "dbus_signature_validate()" Type Signature Denial of
Service
Description: D-Bus is a message bus system for applications to talk to
one another. D-Bus is exposed to a local denial of service issue
because the application fails to handle malformed signatures contained
in messages. The issue occurs in the "dbus_signature_validate()"
function of the "dbus-signature.c" source file when validating the
type signature. D-BUS version 1.2.1 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
______________________________________________________________________

08.41.35 CVE: Not Available
Platform: Cross Platform
Title: Internet Download Manager File Parsing Buffer Overflow
Description: Internet Download Manager is an application designed to
increase the speed of downloading files from remote sites. It is
designed to operate on Microsoft Windows operating systems. The
application is exposed to a buffer overflow issue because it fails to
sufficiently sanitize user-supplied input. The vulnerability occurs
when handling excessively large amounts of data within specially
crafted files. Specifically, the "name" and "filename" values may be
affected.
Ref: http://www.securityfocus.com/bid/31603
______________________________________________________________________

08.41.36 CVE: Not Available
Platform: Cross Platform
Title: KDE Konqueror Font Color Assertion Denial of Service
Description: Konqueror is a browser included with the KDE desktop
manager. KDE Konqueror is prone to a remote denial of service issue
because it fails to handle specially crafted HTML "<font>" tags.
Konqueror version 3.5.9 is affected.
Ref: http://www.securityfocus.com/bid/31605
______________________________________________________________________

08.41.37 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Internet Shortcut Same Origin Policy Violation
Description: Mozilla Firefox is exposed to an issue that allows
attackers to violate the same-origin policy. This issue occurs because
the application fails to properly enforce the same-origin policy.
Firefox versions 3.0.1 through 3.0.3 for Microsoft Windows are
affected.
Ref: http://www.securityfocus.com/archive/1/497091
______________________________________________________________________

08.41.38 CVE: CVE-2008-3660
Platform: Cross Platform
Title: PHP FastCGI Module File Extension Denial of Service
Vulnerabilities
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a denial of service issue because it fails to handle
file requests with multiple dots preceding the file extension. PHP
versions 4.4 prior to 4.4.9, and PHP versions 5.2 through 5.2.6 are
affected.
Ref: http://www.openwall.com/lists/oss-security/2008/08/08/2
______________________________________________________________________

08.41.39 CVE: Not Available
Platform: Cross Platform
Title: Skype Toolbars Extension for Firefox BETA Clipboard Security
Weakness
Description: Skype Toolbars Extension for Firefox BETA provides Skype
VOIP features to web browsers. The application is exposed to a
security weakness that allows attackers to inject arbitrary content
into a user's clipboard. This issue affects the
"skype_tool.copy_num()" function, which permits arbitrary content to
be appended to a user's clipboard by using the "+" operator. Skype
Toolbars Extension for Firefox BETA version 2.2.0.95 is affected.
Ref: http://www.securityfocus.com/bid/31613
______________________________________________________________________

08.41.40 CVE: CVE-2008-3826, CVE-2008-3828, CVE-2008-3829,
CVE-2008-3830
Platform: Cross Platform
Title: Condor Prior to 7.0.5 Multiple Security Vulnerabilities
Description: Condor is a workload management system for UNIX and Windows
operating platforms. Condor is exposed to multiple issues. It's exposed
to a vulnerability related to the handling of user submitted jobs. A
malicious user may submit a job such that it is run as an arbitrary
non-root user. Condor versions prior to 7.0.5 are affected.
Ref:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-5
______________________________________________________________________

08.41.41 CVE: Not Available
Platform: Cross Platform
Title: Adobe Flash Player Unspecified Clickjacking
Description: Adobe Flash Player is a software application for playing
Flash media files. Adobe Flash Player is exposed to an issue that may
allow an attacker to trick a victim into unknowingly clicking on a
link or dialog.
Ref: http://www.adobe.com/support/security/advisories/apsa08-08.html
______________________________________________________________________

08.41.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Celoxis Multiple Cross-Site Scripting Vulnerabilities
Description: Celoxis is a web-based project management application.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31514
______________________________________________________________________

08.41.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: H-Sphere WebShell "actions.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: H-Sphere WebShell is a PHP-based web application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. H-Sphere
WebShell version 4.3.10 is affected.
Ref: http://www.psoft.net/HSdocumentation/sysadmin/hsphere-webshell.html
______________________________________________________________________

08.41.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WikyBlog Multiple Cross-Site Scripting Vulnerabilities
Description: WikyBlog is a wiki-blog application implemented in PHP
and MySQL. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input. These issues
affect the "key", "revNum", "to" and "user" parameters of the
"index.php" script. WikyBlog version 1.7.1 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html
______________________________________________________________________

08.41.45 CVE: CVE-2008-2236
Platform: Web Application - Cross Site Scripting
Title: Blosxom "blosxom.cgi" Cross-Site Scripting
Description: Blosxom is a weblog application. The application is
exposed to cross-site scripting attacks because it fails to
sufficiently sanitize user-supplied input to the "flav" parameter of
the "blosxom.cgi" script. Blosxom versions prior to 2.1.2 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=148044&release_id=630149
______________________________________________________________________

08.41.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dreamcost HostAdmin "index.php" Cross-Site Scripting
Description: Dreamcost HostAdmin is a web hosting automation
application. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input to
the "page" parameter of the "index.php" script. HostAdmin version
3.1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496935
______________________________________________________________________

08.41.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OpenNMS "surveillanceView.htm" Cross-Site Scripting
Description: OpenNMS is a Java-based application for managing networks
and systems. The application is prone to a cross-site scripting
vulnerability because it fails to sufficiently sanitize user-supplied
input to the "viewName" parameter of the "surveillanceView.htm"
script. OpenNMS version 1.5.94 is affected.
Ref: http://www.opennms.org/documentation/ReleaseNotesUnStable.html
______________________________________________________________________

08.41.48 CVE: CVE-2008-4408
Platform: Web Application - Cross Site Scripting
Title: MediaWiki "useskin" Cross-Site Scripting
Description: MediaWiki is a PHP-based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "usekin"
parameter.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
______________________________________________________________________

08.41.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Blue Coat WebFilter ICAP Patience Page Cross-Site Scripting
Description: Blue Coat WebFilter is a URI filtering application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the ICAP
patience page, which is used to notify users that a requested object
is being scanned. Blue Coat WebFilter versions 4.2, 5.2 and 5.3 are
affected.
Ref: http://www.bluecoat.com/support/securityadvisories/icap_patience
______________________________________________________________________

08.41.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AutoNessus "bulk_update.pl" Cross-Site Scripting
Description: AutoNessus is a Perl-based application that automates
Nessus scans. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input to
the "remark" parameter of the "bulk_update.pl" script. AutoNessus
versions prior to 1.2.2 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=2141884&group_id=216367
&atid=1037394
______________________________________________________________________

08.41.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Website Directory "index.php" Cross-Site Scripting
Description: Website Directory is a PHP-based application used for
listing web sites in a gallery style. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "keyword" parameter of the "index.php"
script when the "action" parameter is set to "search".
Ref: http://www.securityfocus.com/archive/1/496967
______________________________________________________________________

08.41.52 CVE: CVE-2008-4393
Platform: Web Application - Cross Site Scripting
Title: VeriSign Kontiki Delivery Management System "action" Parameter
Cross-Site Scripting
Description: Kontiki Delivery Management System is used for faster
delivery of high-quality contents. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "action" parameter. Kontiki Delivery
Management System versions 5.0 and prior versions are affected.
Ref: http://seclists.org/fulldisclosure/2008/Oct/0054.html
______________________________________________________________________

08.41.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Nucleus CMS EUC-JP Cross-Site Scripting
Description: Nucleus CMS is a web-based content manager. The
application is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input. Nucleus
version 3.31 SP1 EUC-JP is affected.
Ref: http://japan.nucleuscms.org/item/47
______________________________________________________________________

08.41.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPapp Knowledge Base "catid" Parameter SQL Injection
Description: ASPapp Knowledge Base is an ASP-based knowledge
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "catid" parameter of the "content_by_cat.asp" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/31513
______________________________________________________________________

08.41.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Discussion Forums 2k Multiple SQL Injection Vulnerabilities
Description: Discussion Forums 2k is a PHP-based forum application.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Discussion Forums
2k version 3.3 is affected.
Ref: http://www.securityfocus.com/bid/31518
______________________________________________________________________

08.41.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: noName CMS Multiple SQL Injection Vulnerabilities
Description: noName CMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. noName CMS version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/31519
______________________________________________________________________

08.41.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BMForum "plugins.php" SQL Injection
Description: BMForum is a forum application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "tagname" parameter of the
"plugins.php" script before using it in an SQL query.
BMForum version 5.6 is affected.
Ref: http://www.securityfocus.com/bid/31522
______________________________________________________________________

08.41.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eZoneScripts Link Trader Script "ratelink.php" SQL Injection
Description: eZoneScripts Link Trader Script is a PHP-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"lnkid" parameter of the "ratelink.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/31526
______________________________________________________________________

08.41.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OpenX "bannerid" SQL Injection
Description: OpenX is a web-based ad server. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "bannerid" parameter of the
"www/delivery/ac.php" script before using it in an SQL query. OpenX
version 2.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497111
______________________________________________________________________

08.41.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AdaptCMS Lite "check_user.php" SQL Injection
Description: AdaptCMS Lite is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user_name" parameter of the
"includes/check_user.php" script before using it in an SQL query.
AdaptCMS Lite version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31557
______________________________________________________________________

08.41.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Full PHP Emlak Script "arsaprint.php" SQL Injection
Description: Full PHP Emlak Script is a web-based application. The
application is exposed to an SQL injection issue that affects the "id"
parameter of the "arsaprint.php" script.
Ref: http://www.securityfocus.com/bid/31558
______________________________________________________________________

08.41.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IP Reg "login.php" SQL Injection
Description: IP Reg is an IPAM (IP Address Management) tool to keep
track of assets, and nodes (IP addresses, MAC addresses, DNS aliases)
within different subnets, over different locations or VLANs. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "user_name" parameter
of the "login.php" script. IP Reg version 0.4 is affected.
Ref: http://www.securityfocus.com/bid/31561
______________________________________________________________________

08.41.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XAMPP for Windows "cds.php" SQL Injection
Description: XAMPP for Windows is a package bundle containing the
Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"cds.php" script file before using it in an SQL query. XAMPP version
1.6.8 for Windows is affected.
Ref: http://www.securityfocus.com/bid/31564
______________________________________________________________________

08.41.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "triscoop_race_system" Module "raceid" Parameter SQL
Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue affecting the
"triscoop_race_system" module because it fails to sufficiently
sanitize user-supplied data to the "raceid" parameter of the
"race_details.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31576
______________________________________________________________________

08.41.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "recept" Module "kat_id" Parameter SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue affecting the
"recept" module because it fails to sufficiently sanitize
user-supplied data to the "kat_id" parameter of the "recept.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31578
______________________________________________________________________

08.41.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "raidtracker_panel" Module "INFO_RAID_ID" Parameter
SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue affecting the
"raidtracker_panel" module because it fails to sufficiently sanitize
user-supplied data to the "INFO_RAID_ID" parameter of the
"infusions/raidtracker_panel/thisraidprogress.php" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/31579
______________________________________________________________________

08.41.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "manuals" Module "manual" Parameter SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue affecting the
"manuals" module because it fails to sufficiently sanitize
user-supplied data to the "manual" parameter of the "manuals.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31583
______________________________________________________________________

08.41.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: geccBBlite "leggi.php" Parameter SQL Injection
Description: geccBBlite is PHP-based forum software. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "leggi.php"
script before using it in an SQL query. geccBBlite version 2.0 is
affected.
Ref: http://www.milw0rm.com/exploits/6677
______________________________________________________________________

08.41.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XAMPP for Windows "phonebook.php" SQL Injection
Description: XAMPP for Windows is a package bundle containing the
Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"phonebook.php" script file before using it in an SQL query. XAMPP
version 1.6.8 for Windows is affected.
Ref: http://www.securityfocus.com/bid/31586
______________________________________________________________________

08.41.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AmpJuke "index.php" SQL Injection
Description: AmpJuke is PHP-based application. It is used to manage
and stream music files. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "special" parameter of the "index.php" script file before using it
in an SQL query. AmpJuke version 0.7.5 is affected.
Ref: http://www.securityfocus.com/bid/31592
______________________________________________________________________

08.41.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Galerie "pic" Parameter SQL Injection
Description: Galerie is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "pic" parameter of the
"galerie.php" script file before using it in an SQL query. Galerie
version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/31593
______________________________________________________________________

08.41.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Auto's "searchresults.php" SQL Injection
Description: PHP Auto's is a PHP-based application that is used to
manage used car inventory. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "searchresults.php"
script before using it in an SQL query. PHP Auto's version 2.9.1 is
affected.
Ref: http://www.securityfocus.com/bid/31622
______________________________________________________________________

08.41.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Select Development Solutions Multiple Products "view_cat.php"
SQL Injection
Description: Multiple Select Development Solutions products are prone
to an SQL injection issue because they fail to sufficiently sanitize
user-supplied data to the "v_cat" parameter of the "view_cat.php"
script before using it in an SQL query. PHP Realtor version 1.5.0 and
PHP Auto Dealer version 2.7.0 is affected.
Ref: http://www.securityfocus.com/bid/31623
______________________________________________________________________

08.41.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourOwnBux "usNick" Cookie Parameter SQL Injection
Description: YourOwnBux is PHP-based software for managing ad links.
The application is exposed to an SQL injection vulnerability issue
because it fails to sufficiently sanitize user-supplied data to the
"usNick" cookie parameter of the "referrals.php" script. YourOwnBux
version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/31624
______________________________________________________________________

08.41.75 CVE: Not Available
Platform: Web Application
Title: Crux Gallery "index.php" Local File Include
Description: Crux Gallery is a PHP-based photo gallery. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "theme" parameter of
the "index.php" script. Crux Gallery version 1.32 is affected.
Ref: http://www.securityfocus.com/bid/31516
______________________________________________________________________

08.41.76 CVE: Not Available
Platform: Web Application
Title: MySQL Quick Admin "index.php" Local File Include
Description: MySQL Quick Admin is a web-based MySQL management
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input submitted as
the "language" cookie parameter to the "index.php" script. MySQL Quick
Admin version 1.5.5 is affected.
Ref: http://www.securityfocus.com/bid/31517
______________________________________________________________________

08.41.77 CVE: Not Available
Platform: Web Application
Title: phpScheduleIt "reserve.php" Remote Code Execution
Description: phpScheduleIt is a web-based reservation and scheduling
application implemented in PHP. The application is exposed to an issue
that lets remote attackers execute arbitrary code. The problem occurs
because the application performs an "eval()" function call on
user-supplied input. phpScheduleIt version 1.2.10 is affected.
Ref: http://www.securityfocus.com/bid/31520
______________________________________________________________________

08.41.78 CVE: Not Available
Platform: Web Application
Title: RPortal "file_op" Parameter Remote File Include
Description: RPortal is a PHP-based content manager. The application
is exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "file_op" parameter of the
"index.php" script. RPortal version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496891
______________________________________________________________________

08.41.79 CVE: Not Available
Platform: Web Application
Title: phpscripts Ranking Script Cookie Authentication Bypass
Description: phpscripts Ranking Script is a web-based application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication.
Ref: http://www.milw0rm.com/exploits/6649
______________________________________________________________________

08.41.80 CVE: Not Available
Platform: Web Application
Title: Juniper ScreenOS HTML Injection
Description: ScreenOS is the operating system used by Juniper
Netscreen firewall devices. ScreenOS is exposed to an HTML injection
issue because its administrative web interface fails to sufficiently
sanitize user-supplied input before using it in dynamically generated
content. ScreenOS version 5.4.0r9.0 is affected.
Ref: http://www.layereddefense.com/netscreen01oct.html
______________________________________________________________________

08.41.81 CVE: Not Available
Platform: Web Application
Title: MediaWiki "$wgGroupPermissions" Configuration Security Bypass
Description: MediaWiki is a PHP-based wiki application. The
application is exposed to a security bypass issue because the software
fails to properly restrict access to certain functionality. This issue
occurs because of weak comparisons for the "in_array" value in the
"User::isAllowed()" function. This issue may be triggered when editing
the "$wgGroupPermissions" attribute in the "LocalSettings.php"
configuration file, which is generated during the installation
process. MediaWiki versions prior to 1.13.2 are affected.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
______________________________________________________________________

08.41.82 CVE: Not Available
Platform: Web Application
Title: Bux.to Clone Script Cookie Authentication Bypass
Description: Bux.to Clone Script is a web-based application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication.
Ref: http://www.securityfocus.com/bid/31542
______________________________________________________________________

08.41.83 CVE: Not Available
Platform: Web Application
Title: OLIB7 WebView "infile" Parameter Local File Include
Description: OLIB7 WebView is a web-based application implemented
Perl. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "infile"
parameter. OLIB7 WebView version 2.5.1.1 is affected.
Ref: http://www.securityfocus.com/bid/31544
______________________________________________________________________

08.41.84 CVE: Not Available
Platform: Web Application
Title: Drupal Brilliant Gallery Module SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Brilliant Gallery is a PHP-based component for Drupal. It
is used for managing images. The application is exposed to SQL
injection and cross-site scripting issues. The SQL injection issues
arise because the application inserts values from URLs directly into
queries. The cross-site scripting issues arise because the application
does not sanitize data supplied through unspecified parameters and
scripts of the application. Brilliant Gallery 5.x versions prior to
5.x-4.2 are affected.
Ref: http://drupal.org/node/315919
______________________________________________________________________

08.41.85 CVE: Not Available
Platform: Web Application
Title: CCMS "skin" Parameter Multiple Local File Include
Vulnerabilities
Description: CCMS is a PHP-based content manager. The application is
exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input. CCMS version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/31566
______________________________________________________________________

08.41.86 CVE: CVE-2008-4279, CVE-2008-4278
Platform: Web Application
Title: Kwalbum "UploadItems" Parameter Arbitrary File Upload
Description: Kwalbum is a web-based photo application. The application
is exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the application fails
to sanitize user-supplied input in the application's image-upload
section. Kwalbum version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/31568
______________________________________________________________________

08.41.87 CVE: Not Available
Platform: Web Application
Title: pPIM "id" Parameter Local File Include
Description: pPIM is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "id" parameter of the "notes.php"
script. pPIM version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/31571
______________________________________________________________________

08.41.88 CVE: Not Available
Platform: Web Application
Title: JMweb "src" Parameter Multiple Local File Include
Vulnerabilities
Description: JMweb is a PHP-based application. The application is
exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the "src" parameter of the
following scripts: "listen.php" and "download.php".
Ref: http://jesse-web.co.cc/?p=30
______________________________________________________________________

08.41.89 CVE: Not Available
Platform: Web Application
Title: FOSS Gallery Arbitrary File Upload
Description: FOSS Gallery is a web-based photo application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. The issue occurs because the
application fails to enforce authentication in a proper manner. FOSS
Gallery versions 1.0 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/497068
______________________________________________________________________

08.41.90 CVE: Not Available
Platform: Web Application
Title: phpAbook Cookie Local File Include
Description: phpAbook is a PHP-based application for managing
addresses and contacts. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input read from the "userInfo" parameter of a stored cookie before
using it in the "include/config.inc.php" script. phpAbook 
versions up to and including 0.8.8b are affected.
Ref: http://www.securityfocus.com/bid/31581
______________________________________________________________________

08.41.91 CVE: Not Available
Platform: Web Application
Title: Fastpublish CMS Local File Include and SQL Injection
Vulnerabilities
Description: Fastpublish CMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input. Fastpublish CMS
version 1.9999 d is affected.
Ref: http://www.securityfocus.com/bid/31582
______________________________________________________________________

08.41.92 CVE: Not Available
Platform: Web Application
Title: K9 Web Protection Authentication Bypass Vulnerabilities
Description: K9 Web Protection is a web-based application to filter
content on home computers. The application is exposed to multiple
authentication bypass issues. Specifically, an attacker can disable
execution of JavaScript in the browser and access the following admin
pages locally: http://127.0.0.1:2372/summary,
http://127.0.0.1:2372/detail,http://127.0.0.1:2372/overrides,and
http://127.0.0.1:2372/pwemail.K9 Web Protection version 4.0.230 Beta
is affected.
Ref: http://seclists.org/fulldisclosure/2008/Oct/0070.html
______________________________________________________________________

08.41.93 CVE: Not Available
Platform: Web Application
Title: Phorum Image Tag HTML Injection
Description: Phorum is a web-based forum application implemented in
PHP. The application is exposed to an HTML injection issue because it
fails to properly sanitize user-supplied input. Specifically, this
issue occurs when processing specially crafted "IMG" tags. Phorum
version 5.2.8 is affected.
Ref: http://www.securityfocus.com/bid/31589
______________________________________________________________________

08.41.94 CVE: Not Available
Platform: Web Application
Title: PHP Web Explorer Multiple Local File Include Vulnerabilities
Description: PHP Web Explorer is a PHP-based file explorer
application. The application is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input. PHP
Web Explorer version 0.99b is affected.
Ref: http://www.securityfocus.com/archive/1/497046
______________________________________________________________________

08.41.95 CVE: Not Available
Platform: Web Application
Title: asiCMS "_ENV[asicms][path]" Parameter Multiple Remote File
Include Vulnerabilities
Description: asiCMS is a PHP-based web development framework. The
application is exposed to multiple remote file include issses because
it fails to sufficiently sanitize user-supplied input. asiCMS version
0.208 is affected.
Ref: http://www.securityfocus.com/bid/31601
______________________________________________________________________

08.41.96 CVE: Not Available
Platform: Web Application
Title: Yerba "mod" Local File Include
Description: Yerba is a portal system. The application is exposed to a
local file include issue because it fails to properly sanitize
user-supplied input to the "mod" parameter before using it in the
"index.php" script. Yerba versions up to and including 6.3 are
affected.
Ref: http://www.securityfocus.com/archive/1/497103
______________________________________________________________________

08.41.97 CVE: Not Available
Platform: Web Application
Title: IBM Quickr Denial of Service and Security Bypass
Vulnerabilities
Description: IBM Lotus Quickr is web-based collaboration software
designed for sharing documents and media. The application is exposed
to a denial of service issue and security bypass issues. IBM Quickr
versions prior to 8.1.0.1 are affected.
Ref: http://www-01.ibm.com/software/lotus/products/quickr/
______________________________________________________________________

08.41.98 CVE: Not Available
Platform: Web Application
Title: Atarone Version 1.2.0 Multiple Input Validation Vulnerabilities
Description: Atarone is a PHP-based content manager. Since it fails to
adequately sanitize user-supplied input, Atarone is exposed to
multiple input validation issues. Atarone version 1.2.0 is affected.
Ref: http://www.securityfocus.com/bid/31610
______________________________________________________________________

08.41.99 CVE: Not Available
Platform: Web Application
Title: Yerba SACphp 6.3 Multliple Remote Vulnerabilities
Description: SACphp is a module for the Yerba portal system. The
application is exposed to multiple remote issues. Attackers can
exploit these issues to gain unauthorized administrative access to the
affected application, compromise the application, and obtain sensitive
information. Yerba SACphp version 6.3 is affected.
Ref: http://www.securityfocus.com/bid/31619
______________________________________________________________________
[ terug ]