password

username

• Newsletters
• Senders
• Contribute
• Faq

Newsletter preview

Date:

Thu, May 08, 2008 10:16:35 PM

From:

The SANS Institute

Subject:

@RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A really light week. Enjoy it; next week will be much busier.
Alan
*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
May 8, 2008 Vol. 7. Week 19
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 5 (#1)
Mac Os 3
Linux 3
Solaris 2
Cross Platform 19 (#2, #3)
Web Application - Cross Site Scripting 15
Web Application - SQL Injection 14
Web Application 26
************************** Sponsored By SANS ****************************

How can I improve my pen testing regimen? What are the best and latest
techniques for detailed reconnaissance? How can I leverage free tools
with commercial tools for maximum effect? Find out at the Penetration
Testing and Ethical Hacking Summit June 2-3 - Las Vegas.
http://www.sans.org/info/28659

*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
with many bonus sessions and a big exhibition of security products:
http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
http://www.sans.org/secureeurope08
- - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - and in 100 other cites and on line any time: www.sans.org

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Yahoo! Assistant ActiveX Control Memory Corruption
(2) MODERATE: rdesktop Multiple Vulnerabilities
(3) MODERATE: PHP Multiple Vulnerabilities

************************** SPONSORED LINK *******************************
1) Get on top of security and compliance concerns with log management
and integrated change monitoring
http://www.sans.org/info/28664
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
08.19.1 - Castle Rock Computing SNMPc Community String Stack-Based Buffer Overflow
08.19.2 - Akamai Download Manager ActiveX Control Remote Code Execution
08.19.3 - Nortel Multimedia PC Client Remote Packet Flood Denial of Service
08.19.4 - WonderWare SuiteLink "slssvc.exe" Remote Denial of Service
08.19.5 - Yahoo! Assistant "yNotifier.dll" ActiveX Control Memory Corruption
-- Mac Os
08.19.6 - Apple Mac OS X CoreFoundation Remote Buffer Overflow
08.19.7 - Apple Mac OS X Iodbcadmintool Local Privilege Escalation
08.19.8 - Apple Mac OS X Passwordserver Local Privilege Escalation
-- Linux
08.19.9 - Linux Kernel "dnotify.c" Local Race Condition
08.19.10 - Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass
08.19.11 - Linux Kernel Tehuti Network Driver "BDX_OP_WRITE" Memory Corruption
-- Solaris
08.19.12 - Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service
08.19.13 - Sun Solaris SCTP Network Flooding Remote Denial of Service
-- Cross Platform
08.19.14 - IBM WebSphere Application Server Java Plugin Security Bypass
08.19.15 - Apple QuickTime QTIF Image Processing Remote Heap Overflow
08.19.16 - Apple QuickTime GIF Image Processing Remote Heap Overflow
08.19.17 - Apple QuickTime TIFF Image Processing Remote Integer Overflow
08.19.18 - Apple QuickTime TIFF Image Processing Strips/Bands Integer Overflow
08.19.19 - Apple QuickTime TGA Image Processing Remote Buffer Overflow
08.19.20 - Apple QuickTime TGA Image Processing Remote Integer Overflow
08.19.21 - Apple QuickTime TGA Image Processing Remote Integer Underflow
08.19.22 - Multiple Vendors Malformed BGP "UPDATE" Message Remote Denial of Service
08.19.23 - PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
08.19.24 - GraphicsMagick Unspecified Security Bypass
08.19.25 - Apple Safari Remote Directory Traversal
08.19.26 - Apple Safari WebKit Unspecified Heap Overflow
08.19.27 - Animal Shelter Manager Improper Access Restriction Security Bypass
08.19.28 - Call of Duty Malformed "stats" command Denial of Service
08.19.29 - WebMod Multiple Remote Security Vulnerabilities
08.19.30 - IBM Rational Build Forge Remote Denial of Service
08.19.31 - CDF (Common Data Format) Library "src/lib/cdfread64.c" Stack-Based Buffer Overflow
08.19.32 - SIPp Multiple Remote Buffer Overflow Vulnerabilities
-- Web Application - Cross Site Scripting
08.19.33 - C-News "install.php" Cross-Site Scripting
08.19.34 - AstroCam "pic.php" Cross-Site Scripting
08.19.35 - MJGUEST "mjguest.php" Cross-Site Scripting
08.19.36 - CoronaMatrix phpAddressBook "username" Cross-Site Scripting
08.19.37 - QT-cute Quicktalk Guestbook Multiple Cross-Site Scripting Vulnerabilities
08.19.38 - BlackBook Multiple Cross-Site Scripting Vulnerabilities
08.19.39 - LifeType "admin.php" Cross-Site Scripting
08.19.40 - Zomplog "category.php" Cross-Site Scripting
08.19.41 - ChiCoMaS "index.php" Cross-Site Scripting
08.19.42 - Ilient SysAid "searchField" Parameter Cross-Site Scripting
08.19.43 - Typo3 Powermail Extension Unspecified Cross-Site Scripting
08.19.44 - GEDCOM_to_MySQL2 Multiple Cross-Site Scripting Vulnerabilities
08.19.45 - LifeType 1.2.8 "admin.php" Cross-Site Scripting
08.19.46 - Maian Uploader Multiple Cross-Site Scripting Vulnerabilities
08.19.47 - osCommerce Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.19.48 - Joomla! and Mambo Webhosting Component "catid" Parameter SQL Injection
08.19.49 - BlogMe PHP "comments.php" SQL Injection
08.19.50 - SmartBlog "index.php" SQL Injection
08.19.51 - Scout Portal Toolkit "ParentId" Parameter SQL Injection
08.19.52 - pnEncyclopedia PostNuke module "id" Parameter SQL Injection
08.19.53 - Online-rent.com Property Rental Script "pid" Parameter SQL Injection
08.19.54 - AnServ Auction XL "viewfaqs.php" SQL Injection
08.19.55 - BackLinkSpider "cat_id' Multiple SQL Injection Vulnerabilities
08.19.56 - BatmanPorTaL "id" Multiple SQL Injection Vulnerabilities
08.19.57 - phpDirectorySource Multiple SQL Injection Vulnerabilities
08.19.58 - iGaming CMS "poll_vote.php" SQL Injection
08.19.59 - Intesync LLC Miniweb 2.0 Blog Writer Module "historymonth" Parameter SQL Injection
08.19.60 - Pre Shopping Mall "search.php" SQL Injection
08.19.61 - PHPEasyData "annuaire.php" SQL Injection
-- Web Application
08.19.62 - Interchange Unspecified Denial Of Service
08.19.63 - WebGUI Data Form Unspecified Security
08.19.64 - PBCS Multiple Input Validation Vulnerabilities
08.19.65 - OxYProject Edit Chat History Remote Code Execution
08.19.66 - Harris Wap Chat "sysFileDir" Parameter Multiple Remote File Include Vulnerabilities
08.19.67 - Interact Multiple Remote File Include Vulnerabilities
08.19.68 - VWar 1.6.1 R2 Multiple Remote Vulnerabilities
08.19.69 - vlbook Cross Site Scripting and Local File Include Vulnerabilities
08.19.70 - ActualScripts ActualAnalyzer Lite "admin.php" Local File Include
08.19.71 - MyKnowledgeQuest KnowledgeQuest Administration Multiple Authentication Bypass Vulnerabilities
08.19.72 - Robocode AWT Event Queue Security Bypass
08.19.73 - Project Alumni SQL Injection and Cross-Site Scripting Vulnerabilities
08.19.74 - Zen Cart "keyword" parameter SQL Injection and Cross-Site Scripting Vulnerabilities
08.19.75 - OpenAutoClassifieds Multiple SQL Injection Vulnerabilities
08.19.76 - iTCms "boxpop.php" Remote File Include
08.19.77 - SiteXS CMS "upload.php" Arbitrary File Upload
08.19.78 - Maian Script World Multiple Scripts SQL Injection and Cross-Site Scripting Vulnerabilities
08.19.79 - cpLinks Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.19.80 - Kmita Tellfriend "htmlcode.php" Remote File Include
08.19.81 - SmartBlog Multiple Input Validation Vulnerabilities
08.19.82 - Kmita Mail "htmlcode.php" Remote File Include
08.19.83 - TLM CMS "index.php" Multiple SQL Injection Vulnerabilities
08.19.84 - ScorpNews "example.php" Remote File Include
08.19.85 - DeluxeBB SQL Injection And PHP Injection Vulnerabilities
08.19.86 - Power Editor Multiple Input Validation Vulnerabilities
08.19.87 - QTO File Manager "qtofm.php" Arbitrary File Upload

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: Yahoo! Assistant ActiveX Control Memory Corruption
Affected:
Yahoo! Assistant 'yNotifier.dll' ActiveX Control

Description: Yahoo! Assistant is a Browser Helper Object (BHO) for
Microsoft Internet Explorer. It provides users of Internet Explorer with
a variety of useful features. Part of its functionality is provided by
the "yNotifier.dll" library. This library contains multiple exported
objects, including some that were not designed to be instantiated within
Internet Explorer. A malicious web page that instantiates these objects
within Internet Explorer could trigger a memory corruption condition.
Successfully exploiting these vulnerabilities could potentially allow
an attacker to execute arbitrary code with the privileges of the current
user. Full technical details and a simple proof-of-concept are publicly
available for these vulnerabilities.

Status: Yahoo! confirmed, updates available. Users can mitigate the
impact of these vulnerabilities by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"2283BB66-A15D-4AC8-BA72-9C8C9F5A1691".

References:
Secway Advisory
http://secway.org/advisory/AD20080506EN.txt
Wikipedia Article on the Yahoo! Assistant
http://en.wikipedia.org/wiki/Yahoo!_Assistant
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/29065

***********************************************************

(2) MODERATE: rdesktop Multiple Vulnerabilities
Affected:
rdesktop versions 1.5.0 and prior

Description: Rdesktop is a popular open source client for the Remote
Desktop Protocol (RDP), used most commonly by Microsoft Windows for
desktop sharing. Rdesktop contains multiple vulnerabilities in its
handling of RDP traffic. A malicious RDP server could send specially
crafted traffic to a connected user to exploit one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the current user. Full technical details for these vulnerabilities
are available via source code analysis. Note that, to be vulnerable, a
user would have to connect to a malicious RDP server.

Status: Vendor confirmed, updates available.

References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=698
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696
Rdesktop Patch Report
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?annotate=1.20&diff_format=h&pathrev=HEAD#l101
Wikipedia Article on the Remote Desktop Protocol
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
Rdesktop Home Page
http://www.rdesktop.org/
SecurityFocus BID
http://www.securityfocus.com/bid/29097

***********************************************************

(3) MODERATE: PHP Multiple Vulnerabilities
Affected:
PHP versions prior to 5.2.6

Description: PHP is an extremely popular language for web development,
included by default in a large variety of Unix, Unix-like, and Linux
operating system distributions. It contains multiple vulnerabilities in
its handling of a variety of PHP code constructs and remote input
processing. A specially crafted PHP script could trigger one of these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable process. An additional flaw in the handling
of multibyte characters may lead to command injection from external
sources, though this is not confirmed. Full technical details for these
vulnerabilities are publicly available via source code analysis. Note
that users of hosting providers often have permission to upload PHP
scripts to shared servers.

Status: PHP confirmed, updates available.

References:
PHP Change Log
http://www.php.net/ChangeLog-5.php#5.2.6
PHP Home Page
http://www.php.net
SecurityFocus BID
http://www.securityfocus.com/bid/29009

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________
08.19.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Castle Rock Computing SNMPc Community String Stack-Based Buffer
Overflow
Description: Castle Rock Computing SNMPc is an application for
monitoring networks. It is available for Microsoft Windows. The
application is exposed to a stack-based buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input to
the community string sent in SNMP TRAP packets. SNMPc version 7.1.1 is affected.
Ref:
http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/
______________________________________________________________________

08.19.2 CVE: CVE-2007-6339
Platform: Third Party Windows Apps
Title: Akamai Download Manager ActiveX Control Remote Code Execution
Description: The Akamai Download Manager ActiveX control is a
web-based file download manager. The application is exposed to a
remote code execution issue. Akamai Download Manager versions prior to
2.2.3.5 are affected.
Ref: http://www.securityfocus.com/archive/1/491516
______________________________________________________________________

08.19.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nortel Multimedia PC Client Remote Packet Flood Denial of
Service
Description: Nortel Multimedia PC Client is a network-based
communications application for Microsoft Windows operating systems.
The application is exposed to a remote denial of service issue due to
its inability to properly handle unexpected network traffic.
Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
______________________________________________________________________

08.19.4 CVE: CVE-2008-2005
Platform: Third Party Windows Apps
Title: WonderWare SuiteLink "slssvc.exe" Remote Denial of Service
Description: SuiteLink is a network protocol similar to TCP/IP. The
application is exposed to a remote denial of service issue that occurs
in the Wonderware SuiteLink Service ("slsvc.exe") when allocating
memory. Wonderware SuiteLink versions prior to 2.0 Patch 01 are
affected.
Ref: http://www.securityfocus.com/archive/1/491623
______________________________________________________________________

08.19.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo! Assistant "yNotifier.dll" ActiveX Control Memory
Corruption
Description: Yahoo! Assistant is a Browser Helper Object for Internet
Explorer. Yahoo! Assistant "yNotifier.dll" ActiveX control is exposed
to a memory corruption issue. Yahoo! Assistant versions 3.6 and
earlier are affected.
Ref: http://secway.org/advisory/AD20080506EN.txt
______________________________________________________________________

08.19.6 CVE: CVE-2005-2757
Platform: Mac Os
Title: Apple Mac OS X CoreFoundation Remote Buffer Overflow
Description: CoreFoundation is a framework that provides C APIs for
applications. The application is exposed to a buffer overflow issue
because it fails to perform boundary checks prior to copying
user-supplied data into sensitive process buffers.
Ref: http://www.securityfocus.com/bid/16882
______________________________________________________________________

08.19.7 CVE: CVE-2005-3700
Platform: Mac Os
Title: Apple Mac OS X Iodbcadmintool Local Privilege Escalation
Description: iodbcadmintool is a helper tool for the ODBC
Administrator utility. The application is exposed to a local privilege
escalation issue. It can allow attackers to gain elevated privileges
on an affected computer.
Ref: http://www.securityfocus.com/bid/16903
______________________________________________________________________

08.19.8 CVE: CVE-2005-3701
Platform: Mac Os
Title: Apple Mac OS X Passwordserver Local Privilege Escalation
Description: passwordserver is exposed to a local privilege escalation
issue. This issue can allow local attackers on Open Directory master
servers to gain elevated privileges.
Ref: http://www.securityfocus.com/bid/16904
______________________________________________________________________

08.19.9 CVE: CVE-2008-1375
Platform: Linux
Title: Linux Kernel "dnotify.c" Local Race Condition
Description: The Linux kernel is exposed to a local race condition
issue. It occurs in the "fcntl_dirnotify()" function of the
"dnotify.c" source file. A local attacker may exploit this issue to
crash the computer or to gain elevated privileges on the affected
computer.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
______________________________________________________________________

08.19.10 CVE: CVE-2008-1294
Platform: Linux
Title: Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security
Bypass
Description: The Linux kernel is exposed to a local security bypass
issue because it fails to properly handle certain RLIMIT_CPU time
limitations. This issue resides in the "sys.c" source file and occurs
when the CPU resource limit is set to zero. Linux kernel versions
prior to 2.6.22 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419706
______________________________________________________________________

08.19.11 CVE: CVE-2008-1675
Platform: Linux
Title: Linux Kernel Tehuti Network Driver "BDX_OP_WRITE" Memory
Corruption
Description: The Linux kernel is exposed to a memory corruption issue
due to insufficient boundary checks in the Tehuti network driver. This
issue affects the "drivers/net/tehuti.c" source file, and can be
exploited with specially-crafted "BDX_OP_WRITE" IOCTL calls. Linux
kernel versions prior to 2.6.25.1 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
______________________________________________________________________

08.19.12 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 Unspecified SCTP Protocol Processing Remote
Denial of Service
Description: Sun Solaris 10 is exposed to an unspecified denial of
service issue because of SCTP (Stream Control Transmission Protocol)
protocol processing. The Solaris 10 operating system is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236321-1
______________________________________________________________________

08.19.13 CVE: Not Available
Platform: Solaris
Title: Sun Solaris SCTP Network Flooding Remote Denial of Service
Description: Sun Solaris is exposed to a denial of service issue that
occurs in SCTP (Stream Control Transmission Protocol) processing. The
Solaris 10 operating system is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236521-1
______________________________________________________________________

08.19.14 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Java Plugin Security Bypass
Description: IBM WebSphere Application Server Java plugin is exposed
to an unspecified security bypass issue which may allow a malicious
applet to gain elevated privileges. WebSphere Application Server
version 5.0.2 is affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1PK65161
______________________________________________________________________

08.19.15 CVE: CVE-2005-2340
Platform: Cross Platform
Title: Apple QuickTime QTIF Image Processing Remote Heap Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. The application is exposed to a
remote heap-based issue because the application fails to perform
boundary checks before copying user-supplied data into sensitive
process buffers. QuickTime versions prior to 7.0.4 are affected.
Ref: http://www.securityfocus.com/archive/1/421561
______________________________________________________________________

08.19.16 CVE: CVE-2005-3713
Platform: Cross Platform
Title: Apple QuickTime GIF Image Processing Remote Heap Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime as well as other media files. The application is exposed
to a remote heap-based overflow issue because the application fails to
perform boundary checks before copying user-supplied data into
sensitive process buffers. QuickTime versions prior to 7.0.4 are
affected.
Ref: http://www.securityfocus.com/archive/1/421566
______________________________________________________________________

08.19.17 CVE: CVE-2005-3710
Platform: Cross Platform
Title: Apple QuickTime TIFF Image Processing Remote Integer Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime as well as other media files. The application is exposed
to a remote integer overflow issue because it fails to perform
boundary checks prior to copying user-supplied data into sensitive
process buffers. QuickTime versions prior to 7.0.4 are affected.
Ref: http://www.securityfocus.com/bid/16867/info
______________________________________________________________________

08.19.18 CVE: CVE-2005-3711
Platform: Cross Platform
Title: Apple QuickTime TIFF Image Processing Strips/Bands Integer
Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. The application is exposed to a
remote integer overflow issue because the application fails to perform
boundary checks before copying user-supplied data into sensitive
process buffers. QuickTime versions prior to 7.0.4 are affected.
Ref: http://www.securityfocus.com/archive/1/421831
______________________________________________________________________

08.19.19 CVE: CVE-2005-3707
Platform: Cross Platform
Title: Apple QuickTime TGA Image Processing Remote Buffer Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime as well as other media files. The application is exposed
to a remote buffer overflow issue because the application fails to
perform boundary checks prior to copying user-supplied data into
sensitive process buffers. QuickTime versions prior to 7.0.4 are
affected.
Ref: http://www.securityfocus.com/bid/16872
______________________________________________________________________

08.19.20 CVE: CVE-2005-3708
Platform: Cross Platform
Title: Apple QuickTime TGA Image Processing Remote Integer Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. The application is exposed to a
remote integer overflow issue because the application fails to perform
boundary checks before copying user-supplied data into sensitive
process buffers. QuickTime versions prior to 7.0.4 are affected.
Ref: http://www.securityfocus.com/bid/16873
______________________________________________________________________

08.19.21 CVE: CVE-2005-3709
Platform: Cross Platform
Title: Apple QuickTime TGA Image Processing Remote Integer Underflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime as well as other media files. The application is exposed
to a remote integer underflow issue because the application fails to
perform boundary checks prior to copying user-supplied data into
sensitive process buffers. QuickTime versions prior to 7.0.4 are
affected.
Ref: http://www.securityfocus.com/bid/16875
______________________________________________________________________

08.19.22 CVE: CVE-2007-6372
Platform: Cross Platform
Title: Multiple Vendors Malformed BGP "UPDATE" Message Remote Denial
of Service
Description: Multiple vendors' BGP implementations are exposed to a
remote denial of service issue that arises when the software handles
specially crafted BGP packets. A remote attacker can exploit this
issue to cause a denial of service between synchronized BGP peers.
Ref: http://www.kb.cert.org/vuls/id/929656
______________________________________________________________________

08.19.23 CVE: CVE-2008-0599
Platform: Cross Platform
Title: PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to multiple security issues. PHP versions
5.2.5 and earlier are affected.
Ref: http://www.php.net/ChangeLog-5.php#5.2.6
______________________________________________________________________

08.19.24 CVE: Not Available
Platform: Cross Platform
Title: GraphicsMagick Unspecified Security Bypass
Description: GraphicsMagick is an image-processing application
available for multiple platforms. It was originally derived from
ImageMagick version 5.5.2. The application is exposed to a security
bypass issue because it fails to properly process file extensions.
GraphicsMagick versions prior to 1.1.12 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=595544
______________________________________________________________________

08.19.25 CVE: CVE-2005-3702
Platform: Cross Platform
Title: Apple Safari Remote Directory Traversal
Description: Safari is exposed to a remote directory traversal issue
because the application fails to sanitize user-supplied input. It
allows attackers to place files outside the specified download
directory
Ref: http://www.securityfocus.com/bid/16926
______________________________________________________________________

08.19.26 CVE: CVE-2005-3705
Platform: Cross Platform
Title: Apple Safari WebKit Unspecified Heap Overflow
Description: Apple Safari is a browser available for Mac OS X and
Microsoft Windows. Safari is exposed to a buffer overflow issue
because it fails to properly bounds check user-supplied input before
using it in an insufficiently sized buffer.
Ref: http://www.securityfocus.com/bid/29011
______________________________________________________________________

08.19.27 CVE: Not Available
Platform: Cross Platform
Title: Animal Shelter Manager Improper Access Restriction Security Bypass
Description: Animal Shelter Manager is a computer solution for animal
sanctuaries and shelters. The application is exposed to a security
bypass issue. It occurs because the application fails to restrict
unprivileged users from accessing certain unspecified privileged
functionalities. Animal Shelter Manager version 2.2.1 is affected.
Ref: http://www.securityfocus.com/bid/29022
______________________________________________________________________

08.19.28 CVE: Not Available
Platform: Cross Platform
Title: Call of Duty Malformed "stats" command Denial of Service
Description: Call of Duty is a military first-person-shooter game
distributed by Activision. The application is exposed to a denial of
service issue because the application fails to handle exceptional
conditions. Call of Duty 4 version 1.5 is affected.
Ref: http://www.securityfocus.com/archive/1/491564
______________________________________________________________________

08.19.29 CVE: Not Available
Platform: Cross Platform
Title: WebMod Multiple Remote Security Vulnerabilities
Description: WebMod is a multithreaded HTTP Server embedded into a
MetaMod plugin available for Windows and Linux operating systems.
WebMod is exposed to multiple issues. WebMod version 0.48 is affected.
Ref: http://www.securityfocus.com/archive/1/491585
______________________________________________________________________

08.19.30 CVE: Not Available
Platform: Cross Platform
Title: IBM Rational Build Forge Remote Denial of Service
Description: IBM Rational Build Forge is a software to automate, and
accelerate build, and release processes. The application is exposed to
a denial of service issue. Specifically, the software generates
multiple "bfagent" server processes consuming CPU resources of the
host. IBM Rational Build Forge version 7.0.2 is affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303877
______________________________________________________________________

08.19.31 CVE: CVE-2008-2080
Platform: Cross Platform
Title: CDF (Common Data Format) Library "src/lib/cdfread64.c"
Stack-Based Buffer Overflow
Description: The CDF (Common Data Format) library is a data
abstraction for the storage, manipulation, and access of
multidimensional data sets. CDF was developed by the NASA Goddard
Space Flight Center. The application is exposed to a stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data when processing CDF files. CDF versions
3.2 and earlier are affected.
Ref: http://www.coresecurity.com/?action=item&id=2260
______________________________________________________________________

08.19.32 CVE: CVE-2008-2085
Platform: Cross Platform
Title: SIPp Multiple Remote Buffer Overflow Vulnerabilities
Description: SIPp is an open-source test tool for the SIP protocol.
The application is exposed to multiple buffer overflow issues because
it fails to perform adequate boundary checks on user-supplied input.
SIPp version 3.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479039
______________________________________________________________________

08.19.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: C-News "install.php" Cross-Site Scripting
Description: C-News is a news script. The application is exposed to a
cross-site scripting issue because it fails to sanitize user-supplied
input to the "etape" parameter of the "install.php" script.
Ref: http://www.securityfocus.com/bid/28989
______________________________________________________________________

08.19.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AstroCam "pic.php" Cross-Site Scripting
Description: AstroCam is a UNIX daemon that is used to control remote
cameras. The server can be controlled with a web interface. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "pic.php" script.
AstroCam versions 2.5.0 to 2.7.3 are affected.
Ref: http://www.securityfocus.com/archive/1/491513
______________________________________________________________________

08.19.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MJGUEST "mjguest.php" Cross-Site Scripting
Description: MJGUEST is a guestbook application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "level" parameter of the "mjguest.php"
script. MJGUEST version 6.7 GT is affected.
Ref: http://www.securityfocus.com/archive/1/491523
______________________________________________________________________

08.19.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CoronaMatrix phpAddressBook "username" Cross-Site Scripting
Description: phpAddressBook is a web-based address book. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "username" parameter of
the "index.php" script. phpAddressBook version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491525
______________________________________________________________________

08.19.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: QT-cute Quicktalk Guestbook Multiple Cross-Site Scripting
Vulnerabilities
Description: QT-cute Quicktalk Guestbook is a guestbook application.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input. QT-cute Quicktalk
Guestbook version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/29013
______________________________________________________________________

08.19.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BlackBook Multiple Cross-Site Scripting Vulnerabilities
Description: BlackBook is a guestbook application. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input to the "lang" parameter.
BlackBook version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491549
______________________________________________________________________

08.19.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LifeType "admin.php" Cross-Site Scripting
Description: LifeType is a web blog application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "searchTerms" parameter of the "admin.php"
script when the "op" parameter is set to "editArticleCategories".
LifeType version 1.2.7 is affected.
Ref: http://www.securityfocus.com/archive/1/491550
______________________________________________________________________

08.19.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zomplog "category.php" Cross-Site Scripting
Description: Zomplog is a web-log application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "catname" parameter of the "category.php"
script when the "addcat" parameter is set to "Submit". Zomplog version
3.8.2 is affected.
Ref: http://www.securityfocus.com/archive/1/491553
______________________________________________________________________

08.19.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ChiCoMaS "index.php" Cross-Site Scripting
Description: ChiCoMaS is a content management application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "q" parameter of the
"index.php" script. ChiCoMaS version 2.0.4 is affected.
Ref: http://www.securityfocus.com/archive/1/491562
______________________________________________________________________

08.19.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ilient SysAid "searchField" Parameter Cross-Site Scripting
Description: SysAid is a web-based Help Desk Software. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "searchField" parameter of the
"SystemList.jsp" script. SysAid version 5.1.08 is affected.
Ref: http://www.securityfocus.com/bid/29037
______________________________________________________________________

08.19.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Typo3 Powermail Extension Unspecified Cross-Site Scripting
Description: Powermail is an Extension for Typo3. The application is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. Powermail Extension version
1.1.9 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080505-2/
______________________________________________________________________

08.19.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GEDCOM_to_MySQL2 Multiple Cross-Site Scripting Vulnerabilities
Description: GEDCOM_to_MySQL2 is a PHP-based application to convert
files to a GEDCOM MySQL database. The application is exposed to
multiple cross-site scripting issues because it fails to sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/29048
______________________________________________________________________

08.19.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LifeType 1.2.8 "admin.php" Cross-Site Scripting
Description: LifeType is a weblog application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "newBlogUserName" HTTP POST parameter of
the "admin.php" script when the "op" parameter is set to
"editArticleCategories". LifeType version 1.2.8 is affected.
Ref: http://www.securityfocus.com/archive/1/491600
______________________________________________________________________

08.19.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Maian Uploader Multiple Cross-Site Scripting Vulnerabilities
Description: Maian Uploader is a file uploader application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. Maian Uploader
version 4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491599
______________________________________________________________________

08.19.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: osCommerce Multiple Cross-Site Scripting Vulnerabilities
Description: osCommerce is a web-based shopping cart application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied data to the following
scripts and parameters: "categories.php: pID, page" and "orders.php:
cID". osCommerce versions 2.2 RC1 and 2.2 RC2a are affected.
Ref: http://www.securityfocus.com/bid/29055
______________________________________________________________________

08.19.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Webhosting Component "catid" Parameter SQL
Injection
Description: Webhosting Component is an application for the Joomla!
and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "com_webhosting"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29000
______________________________________________________________________

08.19.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlogMe PHP "comments.php" SQL Injection
Description: BlogMe PHP is a web-log application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"comments.php" script before using it in an SQL query.
BlogMe PHP version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29030
______________________________________________________________________

08.19.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SmartBlog "index.php" SQL Injection
Description: SmartBlog is a PHP-based weblog application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "idt" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29033
______________________________________________________________________

08.19.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scout Portal Toolkit "ParentId" Parameter SQL Injection
Description: Scout Portal Toolkit is a collection of web tools. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "ParentId" parameter
of the "SPT--BrowseResources.php" script before using it in an SQL
query. Scout Portal Toolkit version 1.4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491611
______________________________________________________________________

08.19.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pnEncyclopedia PostNuke module "id" Parameter SQL Injection
Description: pnEncyclopedia is an encyclopedia creation module for the
PostNuke content manager. The module is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "pnEncyclopedia" module before using it in
an SQL query. pnEncyclopedia version 0.2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491606
______________________________________________________________________

08.19.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Online-rent.com Property Rental Script "pid" Parameter SQL
Injection
Description: Online-rent.com Property Rental Script is a PHP-based
booking application for rental properties. Online-rent.com Property
Rental Script is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pid" parameter of the
"index.php" script before using it in an SQL query. Property Rental
Script version 4.5 is affected.
Ref: http://www.securityfocus.com/archive/1/491607
______________________________________________________________________

08.19.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AnServ Auction XL "viewfaqs.php" SQL Injection
Description: AnServ Auction XL is a PHP-based auction application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"viewfaqs.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/491608
______________________________________________________________________

08.19.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BackLinkSpider "cat_id' Multiple SQL Injection Vulnerabilities
Description: BackLinkSpider is a PHP-based weblog application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "cat_id"
parameter of various unspecified scripts.
Ref: http://www.securityfocus.com/bid/29054
______________________________________________________________________

08.19.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BatmanPorTaL "id" Multiple SQL Injection Vulnerabilities
Description: BatmanPorTaL is a ASP-based web portal application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the following scripts: "uyeadmin.asp" and "profil.asp".
Ref: http://www.securityfocus.com/bid/29057
______________________________________________________________________

08.19.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpDirectorySource Multiple SQL Injection Vulnerabilities
Description: phpDirectorySource is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the following
scripts and parameters: "show.php: lid" and "admin.php: login".
phpDirectorySource version 1.1.06 is affected.
Ref: http://www.securityfocus.com/bid/29039
______________________________________________________________________

08.19.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iGaming CMS "poll_vote.php" SQL Injection
Description: iGaming CMS is a PHP-based content manager for gaming
web sites. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "poll_vote.php" script before using it in an SQL
query. iGaming CMS version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/29059
______________________________________________________________________

08.19.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Intesync LLC Miniweb 2.0 Blog Writer Module "historymonth"
Parameter SQL Injection
Description: Intesync LLC Blog Writer is a PHP-based blogging module
for Miniweb 2.0 content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "historymonth" parameter of the "blogwriter"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29061
______________________________________________________________________

08.19.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Shopping Mall "search.php" SQL Injection
Description: Pre Shopping Mall is a web-based application. It is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "search" parameter of the
"search.php" script. Pre Shopping Mall version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29067
______________________________________________________________________

08.19.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPEasyData "annuaire.php" SQL Injection
Description: PHPEasyData is a PHP-based application that allows users
to display dynamic data and directories. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "cat_id" parameter of the "annuaire.php"
script before using it in an SQL query. PHPEasyData version 1.5.4 is
affected.
Ref: http://www.securityfocus.com/bid/29068
______________________________________________________________________

08.19.62 CVE: Not Available
Platform: Web Application
Title: Interchange Unspecified Denial of Service
Description: Interchange is an ecommerce application implemented in
Perl. The application is exposed to a denial of service issue that
stems from an error when processing certain unspecified HTTP POST
requests. Interchange version 5.2.1 is affected.
Ref: http://www.securityfocus.com/bid/28987
______________________________________________________________________

08.19.63 CVE: Not Available
Platform: Web Application
Title: WebGUI Data Form Unspecified Security
Description: WebGUI is a web application framework and content
manager. The application is exposed to an unspecified issue on the
Data Form list view. WebGUI version 7.4.34 is affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=595907&group_id=51417
______________________________________________________________________

08.19.64 CVE: Not Available
Platform: Web Application
Title: PBCS Multiple Input Validation Vulnerabilities
Description: PBCS (Project Based Calendaring System) is a web-based
calendar application implemented in PHP. The application is exposed to
multiple input validation issues. Project Based Calendaring System
version 0.7.1 is affected.
Ref: http://www.securityfocus.com/bid/28991
______________________________________________________________________

08.19.65 CVE: Not Available
Platform: Web Application
Title: OxYProject Edit Chat History Remote Code Execution
Description: OxYProject is PHP-based chat room application. The
application is exposed to an issue that lets remote attackers execute
arbitrary code because it fails to properly sanitize user-supplied
input to the "Your Message Here" form field parameter of the
"edithistory.php" script. OxYProject version 0.85 is affected.
Ref: http://www.securityfocus.com/bid/28992
______________________________________________________________________

08.19.66 CVE: Not Available
Platform: Web Application
Title: Harris Wap Chat "sysFileDir" Parameter Multiple Remote File
Include Vulnerabilities
Description: Harris Wap Chat is a PHP-based application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/28995
______________________________________________________________________

08.19.67 CVE: Not Available
Platform: Web Application
Title: Interact Multiple Remote File Include Vulnerabilities
Description: Interact is a web-based platform that supports online
learning. The application is exposed to multiple remote file include
issues because it fails to sufficiently sanitize user-supplied input
to the "CONFIG[LANGUAGE_CPATH]" parameter of the
"modules/forum/embedforum.php" script and the "CONFIG[BASE_PATH]"
parameter of the "modules/scorm/lib.inc.php" script. Interact version
2.4.1 is affected.
Ref: http://www.securityfocus.com/bid/28996
______________________________________________________________________

08.19.68 CVE: Not Available
Platform: Web Application
Title: VWar 1.6.1 R2 Multiple Remote Vulnerabilities
Description: VWar is a web-based team organizer. The application is
exposed to multiple remote issues. VWar version 1.6.1 R2 is affected.
Ref: http://www.securityfocus.com/bid/29001
______________________________________________________________________

08.19.69 CVE: Not Available
Platform: Web Application
Title: vlbook Cross-Site Scripting and Local File Include
Vulnerabilities
Description: vlbook is a web-based guestbook application. The
application is exposed to multiple input validation issues. vlbook
version 1.21 is affected.
Ref: http://www.securityfocus.com/archive/1/491519
______________________________________________________________________

08.19.70 CVE: Not Available
Platform: Web Application
Title: ActualScripts ActualAnalyzer Lite "admin.php" Local File
Include
Description: ActualAnalyzer is a web-based application that collects
site statistics. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"style" parameter of the "admin.php" script. ActualAnalyzer Lite
version 2.78 is affected.
Ref: http://www.securityfocus.com/bid/29007
______________________________________________________________________

08.19.71 CVE: Not Available
Platform: Web Application
Title: MyKnowledgeQuest KnowledgeQuest Administration Multiple
Authentication Bypass Vulnerabilities
Description: KnowledgeQuest is a web-based knowledgebase application.
The application is exposed to multiple authentication bypass issues.
The authentication process allows an attacker to bypass authentication
and gain administrative access. KnowledgeQuest version 2.6 is
affected.
Ref: http://www.securityfocus.com/bid/29012
______________________________________________________________________

08.19.72 CVE: Not Available
Platform: Web Application
Title: Robocode AWT Event Queue Security Bypass
Description: Robocode is a Java programming game. The application is
exposed to a security bypass issue. Robots can access the internals of
the Robocode game via specially-crafted calls to the AWT Event Queue.
Robocode versions prior to 1.6.0 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=596393
______________________________________________________________________

08.19.73 CVE: Not Available
Platform: Web Application
Title: Project Alumni SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Project Alumni is a web-based application to track and
display school alumni. The application is exposed to a cross-site
scripting issue and an SQL injection issue because it fails to
sufficiently sanitize user-supplied input. Project Alumni version
1.0.9 is affected.
Ref: http://www.securityfocus.com/archive/1/491552
______________________________________________________________________

08.19.74 CVE: Not Available
Platform: Web Application
Title: Zen Cart "keyword" parameter SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Zen Cart is a web-based calendar application. The
application is exposed to a cross-site scripting issue and an SQL
injection issue because the application fails to sufficiently sanitize
user-supplied input to the "keyword" parameter of the "index.php"
script. Zen Cart 2008 is affected.
Ref: http://www.securityfocus.com/bid/29020
______________________________________________________________________

08.19.75 CVE: Not Available
Platform: Web Application
Title: OpenAutoClassifieds Multiple SQL Injection Vulnerabilities
Description: OpenAutoClassifieds is a web-based classified-ads
application for vehicles. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the following scripts and parameters:
"login.php: username" and "listings.php: id". OpenAutoClassifieds
version 1.4.3b is affected.
Ref: http://www.securityfocus.com/bid/29027
______________________________________________________________________

08.19.76 CVE: Not Available
Platform: Web Application
Title: iTCms "boxpop.php" Remote File Include
Description: iTCms is a PHP-based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input in the "shout" parameter of the
"box/minichat/boxpop.php" script. iTCms version 1.9 is affected.
Ref: http://www.securityfocus.com/bid/29028
______________________________________________________________________

08.19.77 CVE: Not Available
Platform: Web Application
Title: SiteXS CMS "upload.php" Arbitrary File Upload
Description: SiteXS CMS is a PHP-based content manager. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code because it fails to properly
sanitize user-supplied input to the "adm/visual/upload.php" script.
Ref: http://www.securityfocus.com/archive/1/491578
______________________________________________________________________

08.19.78 CVE: Not Available
Platform: Web Application
Title: Maian Script World Multiple Scripts SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: Multiple Maian Script World products are exposed to
cross-site scripting issues and SQL injection issues because the
applications fail to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/491586
______________________________________________________________________

08.19.79 CVE: Not Available
Platform: Web Application
Title: cpLinks Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: cpLinks is a grade links directory script. The
application is exposed to multiple input validation issues. cpLinks
version 1.03 is affected.
Ref: http://www.securityfocus.com/bid/29035
______________________________________________________________________

08.19.80 CVE: Not Available
Platform: Web Application
Title: Kmita Tellfriend "htmlcode.php" Remote File Include
Description: Kmita Tellfriend is a recommendation script. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input in the "file" parameter of
the "htmlcode.php" script. Kmita Tellfriend version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29042
______________________________________________________________________

08.19.81 CVE: Not Available
Platform: Web Application
Title: SmartBlog Multiple Input Validation Vulnerabilities
Description: SmartBlog is a PHP-based weblog application. The
application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied data. SmartBlog version 1.3 is
affected.
Ref: http://www.securityfocus.com/bid/29043
______________________________________________________________________

08.19.82 CVE: Not Available
Platform: Web Application
Title: Kmita Mail "htmlcode.php" Remote File Include
Description: Kmita Mail is a mail form processor. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input in the "file" parameter of the
"htmlcode.php" script. Kmita Mail version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/29044
______________________________________________________________________

08.19.83 CVE: Not Available
Platform: Web Application
Title: TLM CMS "index.php" Multiple SQL Injection Vulnerabilities
Description: TLM CMS is a content manager. The application is exposed
to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data. TLM CMS version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29049
______________________________________________________________________

08.19.84 CVE: Not Available
Platform: Web Application
Title: ScorpNews "example.php" Remote File Include
Description: ScorpNews is a web-based application. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input in the "site" parameter of the
"example.php" script. ScorpNews version 2.0 is affected.
Ref: http://www.milw0rm.com/exploits/5539
______________________________________________________________________

08.19.85 CVE: Not Available
Platform: Web Application
Title: DeluxeBB SQL Injection and PHP Injection Vulnerabilities
Description: DeluxeBB is a web-based forum. DeluxeBB is exposed to
multiple issues because it fails to properly sanitize user-supplied
input. DeluxeBB versions 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29062
______________________________________________________________________

08.19.86 CVE: Not Available
Platform: Web Application
Title: Power Editor Multiple Input Validation Vulnerabilities
Description: Power Editor is a web-based application for editing
files. The application is exposed to multiple input validation issues.
Power Editor version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29063
______________________________________________________________________

08.19.87 CVE: Not Available
Platform: Web Application
Title: QTO File Manager "qtofm.php" Arbitrary File Upload
Description: QTO File Manager is a web-based file management
application. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code because it fails to
properly sanitize user-supplied input to the "qtofm.php" script.
Ref: http://www.securityfocus.com/archive/1/491699
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkgjZnMACgkQ+LUG5KFpTkaJywCeKoEOhbAQ/YkmVHIXhK05dm6L
bkgAn2fGf6DjUcozaSdkvPR6lc40nBQx
=15rV
-----END PGP SIGNATURE-----

 

© 2007 - The Code Kitchen for interface design and text. Newsletter content remains the copyright of the respective publishers.
Contact: info@newsletterarchive.org