password
username
Sponsored by CakeMail, an email marketing software.
Newsletter preview


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Novell and RedHat users have substantial challenges to deal with this
week. But look through the 52 new Cross Platform vulnerabilities and
the 41 Web application vulnerabilities in Part II just to verify whether
your software is included. That will remind you to establish a patching
regimen for your non-standard software.
Alan

*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
September 4, 2008 Vol. 7. Week 36
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 10 (#5)
Linux 15
Solaris 1
Novell 3 (#1, #3, #4)
Cross Platform 52 (#2, #6, #7)
Web Application - Cross Site Scripting 9
Web Application - SQL Injection 14
Web Application 18
Network Device 2

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

**************** Sponsored By The SANS Forensics Summit ****************

The Forensics & Incident Response Summit October 13-14 is a
user-to-user, non-commercial conference on What Works in Forensics &
Incident Response. It is the only place where you can learn methods for
ensuring practical and accurate incident response and computer forensics
for incidents, and hear users share the lessons they've learned.
http://www.sans.org/info/32684
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
(2) CRITICAL: Red Hat Directory Server Multiple Vulnerabilities
(3) HIGH: Novell Forum Arbitrary Tcl Command Injection
(4) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
(5) HIGH: Ultra Office ActiveX Control Multiple Vulnerabilities
(6) MODERATE: Multiple VMware Products Multiple Vulnerabilities
(7) MODERATE: libpurple Multiple Vulnerabilities

*************************** Sponsored Links: **************************
1) Join Control System Security peers to learn current issues - Process
Control and SCADA Summit September 8-9.
http://www.sans.org/info/32689
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
-- Third Party Windows Apps
08.36.1 - PureMessage for Microsoft Exchange RTF Multiple Denial of Service Vulnerabilities
08.36.2 - Ultra Office Control "Save()" Method Arbitrary File Overwrite
08.36.3 - Ultra Office Control "HttpUpload()" Method Buffer Overflow
08.36.4 - Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Arbitrary Command Execution
08.36.5 - Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Remote Buffer Overflow
08.36.6 - Najdi.si Toolbar "najdisitoolbar.dll" ActiveX Control Remote Buffer Overflow
08.36.7 - LogMeIn "RACtrl.dll" ActiveX Control Multiple Remote Stack-Based Buffer Overflow Vulnerabilities
08.36.8 - VMware Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
08.36.9 - Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Information Disclosure
08.36.10 - Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Registry Key Manipulation
-- Linux
08.36.11 - APTonCD Insecure Temporary File Creation
08.36.12 - Aegis "aegis.cgi" Insecure Temporary File Creation
08.36.13 - Red Hat Directory Server Crafted Search Pattern Denial of Service
08.36.14 - Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial of Service Vulnerabilities
08.36.15 - Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow
08.36.16 - gdrae Insecure Temporary File Creation
08.36.17 - cman "fence_egenera" Insecure Temporary File Creation
08.36.18 - Debian Feta "to-upgrade" Plugin Insecure Temporary File Creation
08.36.19 - Debian dhis-server Insecure Temporary File Creation
08.36.20 - Debian FML "libexec/mead.pl" Insecure Temporary File Creation
08.36.21 - LinuxTrade Insecure Temporary File Creation Vulnerabilities
08.36.22 - Debian "linux-patch-openswan" Insecure Temporary File Creation Vulnerabilities
08.36.23 - Dreambox Web Interface URI Remote Denial of Service
08.36.24 - Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
08.36.25 - Postfix "epoll" Linux Event Handler Local Denial of Service
-- Solaris
08.36.26 - Sun Solaris Kernel Covert Channel Creation Security Bypass
-- Novell
08.36.27 - Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
08.36.28 - Novell iPrint Client "IppCreateServerRef()" Remote Buffer Overflow
-- Cross Platform
08.36.29 - Honeyd Insecure Temporary File Creation
08.36.30 - HP Enterprise Discovery Unspecified Remote Privilege Escalation
08.36.31 - OpenOffice "rtl_allocateMemory()" Remote Code Execution
08.36.32 - IBM DB2 CLR Stored Procedures Deployment Unspecified Security Issue
08.36.33 - Sharity Unspecified Security Issue
08.36.34 - Tiger "genmsgidx" Insecure Temporary File Creation
08.36.35 - Citadel Insecure Temporary File Creation
08.36.36 - R "javareconf" Insecure Temporary File Creation
08.36.37 - Acoustica Mixcraft ".mx4" Image File Name Buffer Overflow
08.36.38 - aview "asciiview" Insecure Temporary File Creation
08.36.39 - AudioLink Insecure Temporary File Creation
08.36.40 - Amanda CDRW-Taper Insecure Temporary File Creation
08.36.41 - CDcontrol Insecure Temporary File Creation
08.36.42 - Crossfire crossfire-maps Insecure Temporary File Creation
08.36.43 - The ARB software Multiple Insecure Temporary File Creation Vulnerabilities
08.36.44 - Apertium Multiple Insecure Temporary File Creation Vulnerabilities
08.36.45 - Caudium Insecure Temporary File Creation
08.36.46 - DigitalDJ Insecure Temporary File Creation
08.36.47 - GpsDrive Insecure Temporary File Creation
08.36.48 - NetCitadel Firewall Builder Insecure Temporary File Creation
08.36.49 - Debian dist Insecure Temporary File Creation Vulnerabilities
08.36.50 - Debian lustre-tests Insecure Temporary File Creation
08.36.51 - Liquidsoap Insecure Temporary File Creation
08.36.52 - LMbench Insecure Temporary File Creation Vulnerabilities
08.36.53 - Debian konwert-filters "filters/any-UTF8" Insecure Temporary File Creation
08.36.54 - MAFFT Insecure Temporary File Creation
08.36.55 - Debian lazarus-src "create_lazarus_export_tgz.sh" Insecure Temporary File Creation
08.36.56 - OpenOffice "senddoc" Insecure Temporary File Creation
08.36.57 - Mgetty "faxspool" Insecure Temporary File Creation
08.36.58 - Plait Insecure Temporary File Creation
08.36.59 - MySpell Insecure Temporary File Creation
08.36.60 - NetMRG "rrdedit" Insecure Temporary File Creation
08.36.61 - QEMU "qemu-make-debian-root" Insecure Temporary File Creation
08.36.62 - newsgate "mkmailpost" Insecure Temporary File Creation
08.36.63 - VMware ISAPI Extension Remote Denial of Service
08.36.64 - VMware OpenProcess Local Privilege Escalation
08.36.65 - VMware Consolidated Backup (VCB) User Password Information Disclosure
08.36.66 - HP TCP/IP Services for OpenVMS Finger Client Format String
08.36.67 - Radiance Insecure Temporary File Creation Vulnerabilities
08.36.68 - Debian rancid-util "getipacctg" Insecure Temporary File Creation
08.36.69 - Debian rccp Insecure Temporary File Creation
08.36.70 - Parallels Plesk Shortnames Open Email Relay
08.36.71 - WordNet Multiple Buffer Overflow Vulnerabilities
08.36.72 - Newsbeuter Crafted URI Remote Arbitrary Shell Command Injection
08.36.73 - SNG Insecure Temporary File Creation
08.36.74 - Cadsoft Video Disk Recorder Insecure Temporary File Creation
08.36.75 - Debian realtimebattle-common Insecure Temporary File Creation
08.36.76 - Debian scilab-bin Insecure Temporary File Creation Vulnerabilities
08.36.77 - Debian scratchbox2 Insecure Temporary File Creation Vulnerabilities
08.36.78 - Siemens Gigaset WLAN Camera Insecure Default Password
08.36.79 - Google Chrome Remote Denial of Service
08.36.80 - AVTECH PageR Enterprise Directory Traversal
-- Web Application - Cross Site Scripting
08.36.81 - IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting Vulnerabilities
08.36.82 - AbleSpace "adv_cat.php" Cross-Site Scripting
08.36.83 - Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
08.36.84 - Advanced Electron Forum "username" Parameter Cross Site Scripting
08.36.85 - Blogn Multiple Unspecified Cross-Site Scripting Vulnerabilities
08.36.86 - vtiger CRM Multiple Cross-Site Scripting Vulnerabilities
08.36.87 - GenPortal "buscarCat.php" Cross-Site Scripting
08.36.88 - IDevSpot BizDirectory "page" Parameter Cross-Site Scripting
08.36.89 - Open Media Collectors Database Multiple Cross Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.36.90 - YourOwnBux "memberstats.php" SQL Injection
08.36.91 - phpMyRealty Multiple SQL Injection Vulnerabilities
08.36.92 - SourceWorkshop Web directory script "index.php" SQL Injection
08.36.93 - MyioSoft EasyClassifields "index.php" SQL Injection
08.36.94 - Websens CMSbright "page.php" SQL Injection
08.36.95 - myPHPNuke "printfeature.php" SQL Injection
08.36.96 - Reciprocal Links Manager "site" Parameter SQL Injection
08.36.97 - PHP Coupon Script "index.php" SQL Injection
08.36.98 - Full PHP Emlak Script "landsee.php" SQL Injection
08.36.99 - AJ HYIP Acme "comment.php" SQL Injection
08.36.100 - AJ HYIP Acme "readarticle.php" SQL Injection
08.36.101 - CS-Cart "core/user.php" SQL Injection
08.36.102 - Spice Classifieds "index.php" SQL Injection
08.36.103 - eliteCMS "page" Parameter SQL Injection
-- Web Application
08.36.104 - Mono "System.Web" HTTP Header Injection
08.36.105 - BitlBee Unspecified Security Bypass
08.36.106 - Ampache Insecure Temporary File Creation
08.36.107 - Carmosa PHPCart "phpcart.php" Multiple Cross-Site Scripting Vulnerabilities
08.36.108 - Carmosa PHPCart Order Modification Data Integrity
08.36.109 - Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
08.36.110 - impose+ Insecure Temporary File Creation
08.36.111 - Novell Forum Unspecified Tcl Command Injection
08.36.112 - Invision Power Board Multiple Remote Security Vulnerabilities
08.36.113 - dotProject Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.36.114 - Acoustica Beatcraft ".bcproj" Instrument Title Buffer Overflow
08.36.115 - myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
08.36.116 - Brim SQL Injection and HTML Injection Vulnerabilities
08.36.117 - WeBid Multiple Input Validation Vulnerabilities
08.36.118 - WeBid "config.php" Arbitrary File Upload
08.36.119 - Novell IDM Cross Site Scripting and HTML Injection Vulnerabilities
08.36.120 - AlcoveBook sgml2x Insecure Temporary File Creation
08.36.121 - Kyocera Command Center Directory Traversal
-- Network Device
08.36.122 - HP OpenView Network Node Manager Multiple Denial of Service Vulnerabilities
08.36.123 - 3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial of Service

______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Novell eDirectory Multiple Vulnerabilities
Affected:
Novell eDirectory versions prior to 8.8 SP3
Description: Novell eDirectory is Novell's Lightweight Directory Access
Protocol (LDAP) directory server. It contains multiple vulnerabilities
in its handling of user input, including several buffer overflows and
memory corruption vulnerabilities. A specially crafted request could
trigger one of these vulnerabilities, allowing an attacker to execute
arbitrary code with the privileges of the vulnerable process. Several
cross-site-scripting, denials-of-service and other issues were addressed
in this update. Some technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Novell Changelog
http://www.novell.com/support/viewContent.do?externalId=3426981
Product Home Page
http://www.novell.com/products/edirectory/
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/30947
***********************************************************
(2) CRITICAL: Red Hat Directory Server Multiple Vulnerabilities
Affected:
Red Hat Directory Server versions prior to 7.1 service pack 7
Description: Red Hat Directory Server is Red Hat's Lightweight Directory
Access Protocol (LDAP) directory server. It contains multiple buffer
overflow and cross-site-scripting vulnerabilities in its web interface.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process (usually root). Additionally, several vulnerabilities in the
processing of LDAP requests can lead to denial-of-service conditions.
Red Hat Directory Server is the commercialized version of the Fedora
Directory Server, which is open source. Therefore, technical details for
these vulnerabilities may be publicly available via source code
analysis. Note that Red Hat Directory Server is available for multiple
operating systems.
Status: Vendor confirmed, updates available.
References:
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2008-0596.html
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Product Home Page
http://www.redhat.com/directory_server/
SecurityFocus BIDs
http://www.securityfocus.com/bid/30869
http://www.securityfocus.com/bid/30870
***********************************************************
(3) HIGH: Novell Forum Arbitrary Tcl Command Injection
Affected:
Novell Forum versions 8.0 and prior
Description: Novell Forum is a popular team conferencing solution. It
contains an input validation vulnerability in its handling of user
input. A specially crafted request can bypass input validation and allow
the injection of arbitrary Tcl programming language commands. These
commands would be executed within the context of the vulnerable process,
and allow arbitrary code execution with the privileges of the vulnerable
process. Some technical details are publicly available for this
vulnerability.
Status: Vendor confirmed, updates available.
References:
Novell Patch Information
http://download.novell.com/Download?buildid=6k-5X-UPnrM~
Product Home Page
http://www.novell.com/promo/sitescape.html
Tcl Home Page
http://www.tcl.tk/
SecurityFocus BID
http://www.securityfocus.com/bid/30909
***********************************************************
(4) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
Affected:
Novell iPrint Client versions prior to 5.08
Description: Novell iPrint is a popular enterprise printing solution.
Part of its client's functionality is provided by an ActiveX control.
This control contains a buffer overflow in its handling of several
methods. A specially crafted web page that instantiates this control and
calls these methods could trigger this buffer overflow. Successfully
exploiting this buffer overflow would allow an attacker to execute
arbitrary code with the privileges of the current user. Technical
details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism. Note that this will affect normal
application functionality.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-33/advisory/
Novell Changelog
http://download.novell.com/Download?buildid=dv_yn4TOPmQ~
Product Home Page
http://www.novell.com/products/openenterpriseserver/iprint.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/30986
***********************************************************
(5) HIGH: Ultra Office ActiveX Control Multiple Vulnerabilities
Affected:
Ultra Office ActiveX Control versions 2.x
Description: The Ultra Office ActiveX control is used to integrate web
and other applications with Microsoft Office. It contains multiple
vulnerabilities in its handling of several methods. A specially crafted
web page that instantiates this control could exploit one of these
vulnerabilities to overwrite arbitrary files on a victim's system, or
execute arbitrary code with the privileges of the current user. Full
technical details and proofs-of-concept are available for these
vulnerabilities.
Status: Vendor has not confirmed, no updates available.
References:
Proofs-of-Concept
http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html
http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html
Product Home Page
http://www.ultrashareware.com/Ultra-Office-Control.htm
SecurityFocus BIDs
http://www.securityfocus.com/bid/30863
http://www.securityfocus.com/bid/30861
***********************************************************
(6) MODERATE: Multiple VMware Products Multiple Vulnerabilities
Affected:
VMware ESX Server
VMware Fusion
VMware ACE
VMware Player
VMware Server
VMware Workstation
Description: Multiple vulnerabilities have been discovered in multiple
VMware products. Several products use ActiveX controls that have
potential remote code execution vulnerabilities; a malicious web page
that instantiates one of these controls could exploit one of these
vulnerabilities to potentially execute arbitrary code with the
privileges of the current user. Additionally, several products have been
shown to use older versions of various libraries that are themselves
vulnerable to a variety of attacks, most notably, libpng. Various other
denial-of-service vulnerabilities and information disclosure
vulnerabilities have been discovered.
Status: Vendor confirmed, updates available.
References:
VMware Security Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
VMware Home Page
http://www.vmware.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/30937
http://www.securityfocus.com/bid/30936
http://www.securityfocus.com/bid/30935
http://www.securityfocus.com/bid/30934
***********************************************************
(7) MODERATE: libpurple Multiple Vulnerabilities
Affected:
libpurple versions prior to those distributed with Pidgin 2.4.3
Description: Libpurple is a library implementing the Microsoft Network
(MSN) Messenger protocol, which is used for instant messaging.
Libpurple's implementation of this protocol is used by numerous clients,
including Pidgin and Audium. The library contains multiple integer
overflows in its processing of messages; a specially crafted message
could trigger one of these overflows, allowing an attacker to execute
arbitrary code with the privileges of the current user. Note that Pidgin
is installed by default on numerous Linux, Unix, and Unix-like operating
systems, and Audium is a popular instant messaging application for Apple
Mac OS X. Other applications using this library may also be vulnerable.
Because this library is open source, full technical details are publicly
available via source code analysis.
Status: Vendor confirmed, updates available.
References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-054/
Pidgin Security Advisory
http://www.pidgin.im/news/security/?id=25
Pidgin Home Page
http://www.pidgin.im/
Audium Home Page
http://www.audiumx.com
SecurityFocus BID
http://www.securityfocus.com/bid/29956
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.36.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: PureMessage for Microsoft Exchange RTF Multiple Denial of
Service Vulnerabilities
Description: PureMessage for Microsoft Exchange is an email scanning
and filtering product for Microsoft Exchange. PureMessage for
Microsoft Exchange is exposed to multiple remote denial of service
issues because it fails to properly process certain
messages. PureMessage for Microsoft Exchange version 3.0 is affected.
Ref: http://www.sophos.com/support/knowledgebase/article/44385.html
______________________________________________________________________

08.36.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ultra Office Control "Save()" Method Arbitrary File Overwrite
Description: Ultra Office Control is an ActiveX control that allows
users to open, view and edit Microsoft Office documents in a web
browser. Ultra Office Control is exposed to an issue that lets
attackers overwrite files. Ultra Office Control version 2.0.2008.501
is affected.
Ref:
http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php
______________________________________________________________________

08.36.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ultra Office Control "HttpUpload()" Method Buffer Overflow
Description: Ultra Office Control is an ActiveX control that allows
users to open, view and edit Microsoft Office documents in a web
browser. Ultra Office Control is exposed to a buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. Ultra Office Control version 2.0.2008.501 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Arbitrary Command Execution
Description: Friendly Technologies provides tools to facilitate
network connectivity between Internet Service Providers and their
customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to an issue that lets attackers execute arbitrary commands.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Remote
Buffer Overflow
Description: Friendly Technologies provides tools to facilitate
network connectivity between Internet Service Providers and their
customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to a heap-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Najdi.si Toolbar "najdisitoolbar.dll" ActiveX Control Remote
Buffer Overflow
Description: Najdi.si Toolbar is an ActiveX control that contains a
built in search engine. Najdi.si Toolbar is exposed to a buffer
overflow issue because it fails to perform adequate
boundary checks on user-supplied date. Najdi.si Toolbar version
2.0.4.1 is affected.
Ref: http://www.securityfocus.com/archive/1/495837
______________________________________________________________________

08.36.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: LogMeIn "RACtrl.dll" ActiveX Control Multiple Remote Stack-Based
Buffer Overflow Vulnerabilities
Description: LogMeIn "RACtrl.dll" ActiveX control is a remote access
utility. LogMeIn "RACtrl.dll" ActiveX control is exposed to multiple
stack-based buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.8 CVE: CVE-2008-3691, CVE-2008-3692, CVE-2008-3693,
CVE-2008-3694, CVE-2008-3695, CVE-2008-3696
Platform: Third Party Windows Apps
Title: VMware Multiple ActiveX Controls Multiple Unspecified Security
Vulnerabilities
Description: Multiple VMware ActiveX controls are exposed to multiple
unspecified vulnerabilities. Please refer to the link below for
further information.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control
Information Disclosure
Description: Friendly Technologies provides tools to facilitate
network connectivity between Internet Service Providers and their
customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to an issue that lets attackers read arbitrary local files.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control
Registry Key Manipulation
Description: Friendly Technologies provides tools to facilitate
network connectivity between Internet Service Providers and their
customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is
exposed to a registry-key-manipulation issue.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.36.11 CVE: Not Available
Platform: Linux
Title: APTonCD Insecure Temporary File Creation
Description: APTonCD is a tool for creating a removable repository of
packages obtained with APT-GET. APTonCD creates temporary files in an
insecure manner. The issue occurs because the
"/usr/share/aptoncd/xmlfile.py" script creates files in an insecure
manner. APTonCD version 0.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.12 CVE: Not Available
Platform: Linux
Title: Aegis "aegis.cgi" Insecure Temporary File Creation
Description: Aegis is a transaction-based application for software
configuration management. Aegis creates temporary files in an insecure
manner. The issue occurs because the "aegis.cgi" script creates files
in an insecure manner. Aegis version 4.2.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
______________________________________________________________________

08.36.13 CVE: CVE-2008-2930
Platform: Linux
Title: Red Hat Directory Server Crafted Search Pattern Denial of
Service
Description: Red Hat Directory Server is an LDAPv3-compliant
identity-management solution. Red Hat Directory Server is exposed to a
denial of service issue because the server fails to handle specially
crafted search patterns. Red Hat Directory Server versions 7.1 and 8
are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________

08.36.14 CVE: CVE-2008-3283
Platform: Linux
Title: Red Hat Directory Server LDAP Memory Leak Multiple Remote
Denial of Service Vulnerabilities
Description: Red Hat Directory Server is an LDAPv3-compliant
authentication solution. Directory Server is exposed to multiple
remote denial of service vulnerabilities due to memory leaks. An
attacker may exploit these issues during the authentication / bind
phases of an LDAP session, or by making LDAP search requests.
Directory Server versions 7.1, 8 EL4, and 8 EL5 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________

08.36.15 CVE: CVE-2008-2928
Platform: Linux
Title: Red Hat Directory Server Accept Language HTTP Headers Buffer
Overflow
Description: Red Hat Directory Server is a centralization server based
on the Lightweight Directory Access Protocol (LDAP). The server is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. Red Hat Directory
Server version 7.1 is affected. It also affects adminutil packages
shipped in Red Hat Directory Server 8 and Fedora Directory
Server, prior to adminutil version 1.1.7.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________

08.36.16 CVE: Not Available
Platform: Linux
Title: gdrae Insecure Temporary File Creation
Description: gdrae is a standalone graphical user interface (GUI)
application that allows users to query the Real Academia Espanola
dictionary. gdrae creates temporary files in an insecure manner. The
issue occurs because the "gdrae" script creates files in an insecure
manner. gdrae version 0.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.17 CVE: Not Available
Platform: Linux
Title: cman "fence_egenera" Insecure Temporary File Creation
Description: cman is a component of the cluster2 Cluster Manager
system. cman creates temporary files in an insecure manner. The issue
occurs because the "/usr/sbin/fence_egenera" script creates files in
an insecure manner. The "cman" component of cluster2 2.03.07 is
vulnerable; other versions may also be affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410
______________________________________________________________________

08.36.18 CVE: Not Available
Platform: Linux
Title: Debian Feta "to-upgrade" Plugin Insecure Temporary File
Creation
Description: Debian Feta is a front end to multiple package management
tools including dpkg, APT, and debconf. Feta creates temporary files
in an insecure manner. The issue occurs because the
"plugins/to-upgrade" script creates files in an insecure manner.
Debian Feta version 1.4.16 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397
______________________________________________________________________

08.36.19 CVE: Not Available
Platform: Linux
Title: Debian dhis-server Insecure Temporary File Creation
Description: Debian dhis-server is an open source server application.
It provides dynamic host information services. dhis-server creates
temporary files in an insecure manner. The issue occurs because the
"dhis-dummy-log-engine" script creates files in an insecure manner.
Debian dhis-server version 5.3 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496388
______________________________________________________________________

08.36.20 CVE: Not Available
Platform: Linux
Title: Debian FML "libexec/mead.pl" Insecure Temporary File Creation
Description: Debian FML is a front end to multiple package management
tools including dpkg, APT, and debconf. FML creates temporary files in
an insecure manner. The issue occurs because the "libexec/mead.pl"
script creates files in an insecure manner. Debian FML version 4.0.3
is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
______________________________________________________________________

08.36.21 CVE: Not Available
Platform: Linux
Title: LinuxTrade Insecure Temporary File Creation Vulnerabilities
Description: LinuxTrade is a stock streamer application for Linux.
LinuxTrade creates temporary files in an insecure manner. The issues
affect the following scripts: "bin/linuxtrade.bwkvol",
"bin/linuxtrade.wn" and "bin/moneyam.helper". LinuxTrade version 3.65
is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496372
______________________________________________________________________

08.36.22 CVE: Not Available
Platform: Linux
Title: Debian "linux-patch-openswan" Insecure Temporary File Creation
Vulnerabilities
Description: Debian "linux-patch-openswan" is a package which contains
the patches for the Linux kernel to implement necessary kernel support
to use Openswan. The issue occurs because the
"/usr/src/kernel-patches/all/openswan/packaging/utils/maysnap" and
"/usr/src/kernel-patches/all/openswan/packaging/utils/maytest" scripts
create files in an insecure manner. Debian "linux-patch-openswan"
version 2.4.12+dfsg-1.1 is affected.
Ref: http://packages.debian.org/sid/linux-patch-openswan
______________________________________________________________________

08.36.23 CVE: Not Available
Platform: Linux
Title: Dreambox Web Interface URI Remote Denial of Service
Description: Dreambox is a Linux-based DVB satellite and digital cable
decoder. Dreambox is exposed to a remote denial of service issue that
occurs in the devices web interface. This issue occurs when handling
URIs larger than 512 bytes. Dreambox version DM500C is affected.
Ref: http://www.securityfocus.com/archive/1/495837
______________________________________________________________________

08.36.24 CVE: Not Available
Platform: Linux
Title: Ogle DVD Player Insecure Temporary File Creation
Vulnerabilities
Description: Ogle DVD Player is a multimedia application for Linux.
Ogle creates temporary files in an insecure manner. Ogle version 0.9.2
is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.25 CVE: Not Available
Platform: Linux
Title: Postfix "epoll" Linux Event Handler Local Denial of Service
Description: Postfix is an open source mail transfer agent. The
application uses "epoll" input/output event handlers for the Linux 2.6
kernel. Postfix is exposed to a local denial of service issue because
of an "epoll" file descriptor leak when it executes non-Postfix
commands from a user's "$HOME/.forward" file. Postfix versions 2.4 and
later for Linux kernel 2.6 platforms are affected.
Ref: http://www.securityfocus.com/archive/1/495894
______________________________________________________________________

08.36.26 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Kernel Covert Channel Creation Security Bypass
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
Solaris kernel is exposed to a security bypass issue that allows two
processes to establish a covert communication channel. This issue
occurs because of issues in unspecified system calls.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240706-1
______________________________________________________________________

08.36.27 CVE: Not Available
Platform: Novell
Title: Novell eDirectory Multiple Buffer Overflow And Cross-Site
Scripting Vulnerabilities
Description: Novell eDirectory is an X.500-compatible directory
service product for centrally managing access to resources on multiple
servers and computers within a given network. Novell eDirectory is
exposed to four heap-based buffer overflow issues because it fails to
perform adequate boundary checks on user-supplied data. Novell
eDirectory versions prior to 8.8 SP3 are affected.
Ref: http://www.novell.com/support/viewContent.do?externalId=3426981
______________________________________________________________________

08.36.28 CVE: CVE-2008-2436
Platform: Novell
Title: Novell iPrint Client "IppCreateServerRef()" Remote Buffer
Overflow
Description: Novell iPrint Client is a client application for printing
over the Internet. The application is exposed to a remote buffer
overflow issue because it fails to properly bounds check user-supplied
input. iPrint Client versions 4.36, 5.04 and 5.06 are affected.
Ref: http://secunia.com/secunia_research/2008-33/advisory/
______________________________________________________________________

08.36.29 CVE: Not Available
Platform: Cross Platform
Title: Honeyd Insecure Temporary File Creation
Description: Honeyd is honeypot software that simulates virtual hosts
on IP addresses that are not in use. It is available for various
UNIX/Linux derivatives. Honeyd creates temporary files in an insecure
manner. The issue occurs because the "test.sh" script creates files in
an insecure manner. Honeyd version 1.5c is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365
______________________________________________________________________

08.36.30 CVE: CVE-2008-3538
Platform: Cross Platform
Title: HP Enterprise Discovery Unspecified Remote Privilege Escalation
Description: HP Enterprise Discovery is an application suite that
automatically discovers and keeps track of all networked devices and
software on an enterprise network. The application is exposed to an
unspecified remote privilege escalation issue.
Ref: http://www.securityfocus.com/archive/1/495786
______________________________________________________________________

08.36.31 CVE: CVE-2008-3282
Platform: Cross Platform
Title: OpenOffice "rtl_allocateMemory()" Remote Code Execution
Description: OpenOffice is a suite of office applications for multiple
operating platforms. OpenOffice is exposed to a remote code execution
issue because of errors in memory allocation. OpenOffice version 2.41
is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0835.html
______________________________________________________________________

08.36.32 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 CLR Stored Procedures Deployment Unspecified Security Issue
Description: IBM DB2 is a Database Management System. IBM DB2 is
exposed to an unspecified security issue that occurs when deploying
CLR stored procedures from IBM Database Add-ins for Visual Studio. IBM
DB2 versions prior to 9.5 Fixpak 2 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21293566
______________________________________________________________________

08.36.33 CVE: Not Available
Platform: Cross Platform
Title: Sharity Unspecified Security Issue
Description: Sharity is a daemon that enables UNIX machines to connect
to Windows, CIFS, and Samba servers. The application is exposed to an
unspecified issue. Sharity versions 3.0 to 3.4 are affected.
Ref: http://www.obdev.at/products/sharity/releasenotes.html
______________________________________________________________________

08.36.34 CVE: Not Available
Platform: Cross Platform
Title: Tiger "genmsgidx" Insecure Temporary File Creation
Description: Tiger is a security tool for performing security audits
and may also be used as an intrusion detection system. Tiger creates
temporary files in an insecure manner. The issue occurs because the
"genmsgidx" script creates files in an insecure manner. Tiger version
3.2.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
______________________________________________________________________

08.36.35 CVE: Not Available
Platform: Cross Platform
Title: Citadel Insecure Temporary File Creation
Description: Citadel is an open-source server application. It is
designed to provide email and communications services. Citadel creates
temporary files in an insecure manner. The issue occurs because the
"migrate_aliases.sh" script creates files in an insecure manner.
Citadel version 7.37 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496359
______________________________________________________________________

08.36.36 CVE: Not Available
Platform: Cross Platform
Title: R "javareconf" Insecure Temporary File Creation
Description: R is a free software environment for statistical
computing and graphics. R creates temporary files in an insecure
manner. The issue occurs because the "javareconf" script creates files
in an insecure manner. R version 2.7.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496363
______________________________________________________________________

08.36.37 CVE: Not Available
Platform: Cross Platform
Title: Acoustica Mixcraft ".mx4" Image File Name Buffer Overflow
Description: Acoustica Mixcraft is multi-track audio and MIDI
recording software. Acoustica Mixcraft is exposed to a buffer overflow
issue because it fails to bounds check user-supplied data before
copying it into an insufficiently sized buffer. Acoustica Mixcraft
version 4.2 is affected.
Ref: http://www.securityfocus.com/bid/30879
______________________________________________________________________

08.36.38 CVE: Not Available
Platform: Cross Platform
Title: aview "asciiview" Insecure Temporary File Creation
Description: aview is an ascii-art image (pnm) browser and
animation (fli/flc) player. aview creates temporary files in an
insecure manner. The issue occurs because the "asciiview" script
creates files in an insecure manner. aview version 1.3.0 RC1 is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
______________________________________________________________________

08.36.39 CVE: Not Available
Platform: Cross Platform
Title: AudioLink Insecure Temporary File Creation
Description: AudioLink is a tool for searching music on local storage
media. AudioLink creates temporary files in an insecure manner. The
issue occurs because the "/usr/bin/audiolink" script creates files in
an insecure manner. AudioLink version 0.05 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496433
______________________________________________________________________

08.36.40 CVE: Not Available
Platform: Cross Platform
Title: Amanda CDRW-Taper Insecure Temporary File Creation
Description: Amanda CDRW-Taper is an application that allows users to
backup data onto a CD-RW or DVD-RW. Amanda CDRW-Taper creates
temporary files in an insecure manner. The issue occurs because the
"/usr/sbin/amlabel-cdrw" script creates files in an insecure manner.
Amanda CDRW-Taper version 0.4 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.41 CVE: Not Available
Platform: Cross Platform
Title: CDcontrol Insecure Temporary File Creation
Description: CDcontrol is a tool used for writing to multiple CD
writers in parallel. CDcontrol creates temporary files in an insecure
manner. The issue occurs because the
"/usr/lib/cdcontrol/writtercontrol" script creates files in an
insecure manner. CDcontrol version 1.90 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496438
______________________________________________________________________

08.36.42 CVE: Not Available
Platform: Cross Platform
Title: Crossfire crossfire-maps Insecure Temporary File Creation
Description: Crossfire is a multiplayer role-playing game. The
crossfire-maps package provides maps for the game. crossfire-maps
creates temporary files in an insecure manner. The issue occurs
because the "/usr/share/games/crossfire/maps/Info/combine.py" script
creates files in an insecure manner. Crossfire crossfire-maps version
0.11.0-1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.43 CVE: Not Available
Platform: Cross Platform
Title: The ARB software Multiple Insecure Temporary File Creation
Vulnerabilities
Description: The ARB software is an application consisting of various
tools for sequence database handling and data analysis. The ARB
software creates temporary files in an insecure manner. This issue
occurs because the "usr/lib/arb/SH/arb_fastdnaml" and
"/usr/lib/arb/SH/dszmconnect.pl" scripts create files in an insecure
manner. The ARB software version 0.0.20071207 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.44 CVE: Not Available
Platform: Cross Platform
Title: Apertium Multiple Insecure Temporary File Creation
Vulnerabilities
Description: Apertium is a shallow-transfer machine translation
engine. The following programs included with Apertium create temporary
files in an insecure manner: "/usr/bin/apertium-gen-deformat",
"/usr/bin/apertium-gen-reformat" and "/usr/bin/apertium". Apertium
version 3.0.7 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496390
______________________________________________________________________

08.36.45 CVE: Not Available
Platform: Cross Platform
Title: Caudium Insecure Temporary File Creation
Description: Caudium is an open source Web server application written
in Pike and C. Caudium creates temporary files in an insecure manner.
The issue occurs because the "/usr/share/caudium/configvar" script
creates files in an insecure manner. Caudium version 1.4.12 is
affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.46 CVE: Not Available
Platform: Cross Platform
Title: DigitalDJ Insecure Temporary File Creation
Description: DigitalDJ is a front-end application for MP3 players.
DigitalDJ creates temporary files in an insecure manner. The issue
occurs because the "fest.pl" script creates files in an insecure
manner. DigitalDJ version 0.7.5 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496399
______________________________________________________________________

08.36.47 CVE: Not Available
Platform: Cross Platform
Title: GpsDrive Insecure Temporary File Creation
Description: GpsDrive is a GPS navigation application. GpsDrive
creates temporary files in an insecure manner. The issue occurs
because the "gpsdrive-2.10~pre4/scripts/geo-code" script creates files
in an insecure manner. GpsDrive version 2.10pre4 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.48 CVE: Not Available
Platform: Cross Platform
Title: NetCitadel Firewall Builder Insecure Temporary File Creation
Description: Firewall Builder is a firewall configuration and
management tool. Firewall Builder creates temporary files in an
insecure manner. The issue occurs because the "fwb_install" script
creates files in an insecure manner. Firewall Builder version 2.1.19
is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496406
______________________________________________________________________

08.36.49 CVE: Not Available
Platform: Cross Platform
Title: Debian dist Insecure Temporary File Creation Vulnerabilities
Description: Debian dist is a set of tools used for the construction
and maintenance of portable software. Debian dist creates temporary
files in an insecure manner. The issue occurs because the
"/usr/bin/patcil" and "/usr/bin/patdiff" scripts create files in an
insecure manner. dist version 3.5-17-1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.50 CVE: Not Available
Platform: Cross Platform
Title: Debian lustre-tests Insecure Temporary File Creation
Description: lustre-tests is a test suite for the Lustre filesystem.
lustre-tests creates temporary files in an insecure manner. The issue
occurs because the "/usr/lib/lustre/tests/runiozone" script creates
files in an insecure manner. Debian lustre-tests versions 1.6.5 and
1.6.5.1 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496371
______________________________________________________________________

08.36.51 CVE: Not Available
Platform: Cross Platform
Title: Liquidsoap Insecure Temporary File Creation
Description: Liquidsoap is an open-source audio software. Liquidsoap
creates temporary files in an insecure manner. The issue occurs
because the "/var/lib/liguidsoap/liguidsoap.py" script creates files
in an insecure manner. Liquidsoap version 0.3.6 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
______________________________________________________________________

08.36.52 CVE: Not Available
Platform: Cross Platform
Title: LMbench Insecure Temporary File Creation Vulnerabilities
Description: LMbench is a set of tools for performance analysis.
LMbench creates temporary files in an insecure manner. This issue
affects the following scripts: "scripts/rccs" and "scripts/STUFF".
LMbench version 3.0 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496427
______________________________________________________________________

08.36.53 CVE: Not Available
Platform: Cross Platform
Title: Debian konwert-filters "filters/any-UTF8" Insecure Temporary
File Creation
Description: Debian konwert-filters is a set of filters used by
"konwert" for charset conversion. konwert-filters creates temporary
files in an insecure manner. The issue occurs because the
"filters/any-UTF8" script creates files in an insecure manner. Debian
konwert-filters version 1.8-11.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496371
______________________________________________________________________

08.36.54 CVE: Not Available
Platform: Cross Platform
Title: MAFFT Insecure Temporary File Creation
Description: MAFFT is a multiple sequence alignment application. MAFFT
creates temporary files in an insecure manner. The issue occurs
because the "mafft-homologs" script creates files in an insecure
manner. MAFFT version 6.240 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496366
______________________________________________________________________

08.36.55 CVE: Not Available
Platform: Cross Platform
Title: Debian lazarus-src "create_lazarus_export_tgz.sh" Insecure Temporary File Creation
Description: lazarus-src are the class libraries for Free Pascal that
emulate Delphi. lazarus-src creates temporary files in an insecure
manner. The issue occurs because the
"tools/install/create_lazarus_export_tgz.sh" script creates files in
an insecure manner. lazarus-src version 0.9.24-0-9 is affected.
Ref: http://packages.debian.org/lenny/lazarus-src
______________________________________________________________________

08.36.56 CVE: Not Available
Platform: Cross Platform
Title: OpenOffice "senddoc" Insecure Temporary File Creation
Description: OpenOffice is a suite of office applications for multiple
operating platforms. OpenOffice creates temporary files in an insecure
manner. The issue occurs because the
"/usr/lib/openoffice/program/senddoc" script creates files in an
insecure manner. OpenOffice version 2.4.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.57 CVE: Not Available
Platform: Cross Platform
Title: Mgetty "faxspool" Insecure Temporary File Creation
Description: Mgetty is an application that allows users to send and
receive faxes. Mgetty creates temporary files in an insecure manner.
The issue occurs because the "/usr/bin/faxspool" script creates files
in an insecure manner. Mgetty version 1.1.36 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.58 CVE: Not Available
Platform: Cross Platform
Title: Plait Insecure Temporary File Creation
Description: Plait is a command-line jukebox and music player. Plait
creates temporary files in an insecure manner. The issue occurs
because the "/usr/bin/plaiter" and "/usr/bin/plait" scripts create
files in an insecure manner. Plait version 1.5.2 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.59 CVE: Not Available
Platform: Cross Platform
Title: MySpell Insecure Temporary File Creation
Description: MySpell is a spell checker. The application creates
temporary files in an insecure manner. The issue occurs because the
"/usr/bin/i2myspell" script creates files in an insecure manner.
MySpell version 3.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.60 CVE: Not Available
Platform: Cross Platform
Title: NetMRG "rrdedit" Insecure Temporary File Creation
Description: NetMRG is a tool for network monitoring and reporting.
NetMRG creates temporary files in an insecure manner. The issue occurs
because the "/usr/bin/rrdedit" script creates files in an insecure
manner. NetMRG version 0.20 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.61 CVE: Not Available
Platform: Cross Platform
Title: QEMU "qemu-make-debian-root" Insecure Temporary File Creation
Description: QEMU is a processor emulator used to virtualize computer
systems and to run guest operating systems within a host. QEMU
creates temporary files in an insecure manner. The issue occurs
because the "/usr/sbin/qemu-make-debian-root" script creates files in
an insecure manner. QEMU version 0.9.1 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.62 CVE: Not Available
Platform: Cross Platform
Title: newsgate "mkmailpost" Insecure Temporary File Creation
Description: newsgate is a collection of tools for manipulating mail
messages and news articles. The application creates temporary files in
an insecure manner. The issue occurs because the "/usr/bin/mkmailpost"
script creates files in an insecure manner. newsgate version 1.6 is
affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.36.63 CVE: CVE-2008-3697
Platform: Cross Platform
Title: VMware ISAPI Extension Remote Denial of Service
Description: ISAPI (Internet Server Application Programming Interface)
is an API that extends the functionality of Internet Information
Server (IIS). VMware ISAPI extensions are exposed to a remote denial
of service issue because they fail to properly handle malformed
requests.
Ref: http://www.securityfocus.com/bid/30935
______________________________________________________________________

08.36.64 CVE: CVE-2008-3698
Platform: Cross Platform
Title: VMware OpenProcess Local Privilege Escalation
Description: VMware is a set of server emulation applications that is
available for several platforms. VMware OpenProcess is exposed to a
local privilege escalation issue.
Ref: http://www.securityfocus.com/bid/30936
______________________________________________________________________

08.36.65 CVE: CVE-2008-2101
Platform: Cross Platform
Title: VMware Consolidated Backup (VCB) User Password Information
Disclosure
Description: VMware Consolidated Backup (VCB) is a backup utility for
virtual machines. The application is exposed to an information
disclosure issue. The problem occurs when VCB is started from the
command line, and the password is specified with the "-p" parameter.
Ref: http://www.securityfocus.com/bid/30937
______________________________________________________________________

08.36.66 CVE: Not Available
Platform: Cross Platform
Title: HP TCP/IP Services for OpenVMS Finger Client Format String
Description: The HP OpenVMS finger client is used as a client
application for communications as part of the finger protocol. It is
shipped with HP TCP/IP Services for OpenVMS. The finger client is
exposed to a format-string issue because it fails to properly sanitize
user-supplied input before passing it as the format specifier to a
formatted-printing function. HP TCP/IP Services for OpenVMS version
5.x is affected.
Ref: http://h71000.www7.hp.com/doc/tcpip56.html
______________________________________________________________________

08.36.67 CVE: Not Available
Platform: Cross Platform
Title: Radiance Insecure Temporary File Creation Vulnerabilities
Description: Radiance is a suite of tools for analysis and
visualization of lighting. Radiance creates temporary files in an
insecure manner. The issue occurs because the following scripts
create files in an insecure manner: "optics2rad", "pdelta", "dayfact"
and "raddepend". Radiance version 3R9 is affected.
Ref: http://www.securityfocus.com/bid/30953
______________________________________________________________________

08.36.68 CVE: Not Available
Platform: Cross Platform
Title: Debian rancid-util "getipacctg" Insecure Temporary File
Creation
Description: Debian rancid-util is a toolkit for managing router
configurations. The software creates temporary files in an insecure
manner. The issue occurs because the "getipacctg" script creates files
in an insecure manner. Debian rancid-util version 2.3.2~a8-1 is
affected.
Ref: http://packages.debian.org/sid/rancid-util
______________________________________________________________________

08.36.69 CVE: Not Available
Platform: Cross Platform
Title: Debian rccp Insecure Temporary File Creation
Description: Debian rccp is a text front-end to DCTC and is used to
connect to Direct Connect peer file-sharing network via text console.
Debian rccp creates temporary files in an insecure manner. The issue
occurs because the "/usr/lib/rccp/delqueueask" script creates files in
an insecure manner. Debian rccp version 0.9-2 is affected.
Ref: http://packages.debian.org/etch/rccp
______________________________________________________________________

08.36.70 CVE: Not Available
Platform: Cross Platform
Title: Parallels Plesk Shortnames Open Email Relay
Description: Parallels Plesk is a control panel application for
hosting providers. The application is exposed to an open email relay
issue because it fails to properly restrict login authentication if
the "SHORTNAMES" option is enabled. Parallels Plesk version 8.6.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/495881
______________________________________________________________________

08.36.71 CVE: Not Available
Platform: Cross Platform
Title: WordNet Multiple Buffer Overflow Vulnerabilities
Description: WordNet is a lexical database of English words. WordNet
is exposed to multiple buffer overflow issues because it fails to
properly bounds check user-supplied input. WordNet version 3.0 is
affected
Ref: http://www.securityfocus.com/archive/1/495883
______________________________________________________________________

08.36.72 CVE: Not Available
Platform: Cross Platform
Title: Newsbeuter Crafted URI Remote Arbitrary Shell Command Injection
Description: Newsbeuter is an open-source RSS feed reader for text
terminals. Newsbeuter is exposed to a remote command injection issue
because it fails to adequately sanitize user-supplied input. This
issue affects Newsbeuter version 1.0.
Ref:
http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/
______________________________________________________________________

08.36.73 CVE: Not Available
Platform: Cross Platform
Title: SNG Insecure Temporary File Creation
Description: SNG (Scriptable Network Graphics) is a language designed
to represent the contents of a PNG in an editable form. The script
creates temporary files in an insecure manner. The issue occurs
because the "/usr/bin/sng_regress" script creates files in an insecure
manner. SNG version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/30965
______________________________________________________________________

08.36.74 CVE: Not Available
Platform: Cross Platform
Title: Cadsoft Video Disk Recorder Insecure Temporary File Creation
Description: Cadsoft Video Disk Recorder is software designed for
recording video. The script creates temporary files in an insecure
manner. The issue occurs because the "vdrleaktest" script creates
files in an insecure manner. Cadsoft Video Disk Recorder version 1.6.0
is affected.
Ref: http://www.securityfocus.com/bid/30966
______________________________________________________________________

08.36.75 CVE: Not Available
Platform: Cross Platform
Title: Debian realtimebattle-common Insecure Temporary File Creation
Description: Debian realtimebattle-common is a game application.
Debian realtimebattle-common creates temporary files in an insecure
manner. Specifically, the issue affects the "Robots/perl.robot"
script. Debian realtimebattle-common version 1.0.8-7 is affected.
Ref: http://packages.debian.org/sid/realtimebattle-common
______________________________________________________________________

08.36.76 CVE: Not Available
Platform: Cross Platform
Title: Debian scilab-bin Insecure Temporary File Creation
Vulnerabilities
Description: Debian scilab-bin is a matrix-based scientific software
package resembling Matlab and Xmath. Debian scilab-bin creates
temporary files in an insecure manner. Debian scilab-bin version
4.1.2-5 is affected.
Ref: http://packages.debian.org/unstable/math/scilab-bin
______________________________________________________________________

08.36.77 CVE: Not Available
Platform: Cross Platform
Title: Debian scratchbox2 Insecure Temporary File Creation
Vulnerabilities
Description: Debian scratchbox2 is a transparent cross compiling
environment. Debian scratchbox2 creates temporary files in an insecure
manner. Debian scratchbox2 version 1.99.0.24-1 is affected.
Ref: http://packages.debian.org/sid/scratchbox2
______________________________________________________________________

08.36.78 CVE: Not Available
Platform: Cross Platform
Title: Siemens Gigaset WLAN Camera Insecure Default Password
Description: Siemens Gigaset WLAN Camera is a video camera with
wireless support. The application is reportedly exposed to an
insecure default password issue. An attacker may log in via telnet as
the user "root" and a blank password. Siemens Gigaset WLAN Camera
firmware version 1.27 is affected.
Ref: http://www.securityfocus.com/bid/30973
______________________________________________________________________

08.36.79 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Remote Denial of Service
Description: Google Chrome is a web-browser client. The application is
exposed to a remote denial of service issue because the application
fails to gracefully handle certain user-supplied data. Google Chrome
version 0.2.149.27 is affected.
Ref: http://evilfingers.com/advisory/google_chrome_poc.php
______________________________________________________________________

08.36.80 CVE: Not Available
Platform: Cross Platform
Title: AVTECH PageR Enterprise Directory Traversal
Description: AVTECH PageR Enterprise is network device management
software. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input. This
issue occurs in the application's web interface. AVTECH PageR
Enterprise version 4.3.7 is affected.
Ref: http://www.ddifrontline.com/company/secops.php
______________________________________________________________________

08.36.81 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting
Vulnerabilities
Description: IBM Lotus Quickr is web-based collaboration software.
The application is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied input. Lotus
Quickr version 8.1 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013341
______________________________________________________________________

08.36.82 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AbleSpace "adv_cat.php" Cross-Site Scripting
Description: AbleSpace is a community and dating script. The
application is exposed to cross-site scripting attacks because it
fails to sufficiently sanitize user-supplied input to the "find_str"
parameter of the "adv_cat.php" script. AbleSpace version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/30864
______________________________________________________________________

08.36.83 CVE: CVE-2008-2929
Platform: Web Application - Cross Site Scripting
Title: Red Hat Directory Server Multiple Cross-Site Scripting
Vulnerabilities
Description: Red Hat Directory Server is a directory service
based on LDAP (Lightweight Directory Access Protocol). The application
is exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input of "%" escaped characters.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
______________________________________________________________________

08.36.84 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Advanced Electron Forum "username" Parameter Cross-Site
Scripting
Description: Advanced Electron Forum (AEF) is a PHP-based forum
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the
"username" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/30894
______________________________________________________________________

08.36.85 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Blogn Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description: Blogn is a web-log application written in PHP. Blogn is
prone to multiple cross-site scripting vulnerabilities because it
fails to sanitize user-supplied input to unspecified parameters. Blogn
versions prior to 1.9.7 are affected.
Ref: http://www.securityfocus.com/bid/30920
______________________________________________________________________

08.36.86 CVE: CVE-2008-3101
Platform: Web Application - Cross Site Scripting
Title: vtiger CRM Multiple Cross-Site Scripting Vulnerabilities
Description: vtiger CRM is a PHP-based Customer Relationship
Management application. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input to unspecified parameters. vtiger CRM version 5.0.4 is affected.
Ref:
http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5
______________________________________________________________________

08.36.87 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GenPortal "buscarCat.php" Cross-Site Scripting
Description: GenPortal is a web application implemented in PHP. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "palBuscar"
parameter of the "buscarCat.php" script.
Ref: http://www.securityfocus.com/bid/30957
______________________________________________________________________

08.36.88 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IDevSpot BizDirectory "page" Parameter Cross-Site Scripting
Description: IDevSpot BizDirectory is a PHP-based directory for
business listings. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "page" parameter of the "index.php" script.
BizDirectory version 2.04 is affected.
Ref: http://www.securityfocus.com/archive/1/495930
______________________________________________________________________

08.36.89 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Open Media Collectors Database Multiple Cross-Site Scripting
Vulnerabilities
Description: Open Media Collectors Database (OpenDb) is a PHP-based
inventory application. The application is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied input. OpenDb version 1.0.6 is affected.
Ref: http://sourceforge.net/project/showfiles.php?group_id=37089&packa
ge_id=29402&release_id=573315
______________________________________________________________________

08.36.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourOwnBux "memberstats.php" SQL Injection
Description: YourOwnBux is ad link management software. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" parameter of
the "memberstats.php" script before using it in an SQL query.
YourOwnBux versions 3.1 and 3.2 beta are affected.
Ref: http://www.securityfocus.com/bid/30868
______________________________________________________________________

08.36.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMyRealty Multiple SQL Injection Vulnerabilities
Description: phpMyRealty is a PHP-based application for managing
real-estate listings. Since it fails to sufficiently sanitize
user-supplied input, the application is exposed to multiple SQL
injection issues. phpMyRealty versions 1.0.7 and 1.0.9 are affected.
Ref: http://www.securityfocus.com/bid/30862
______________________________________________________________________

08.36.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SourceWorkshop Web directory script "index.php" SQL Injection
Description: Web directory script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "site" parameter of
the "index.php" script before using it in an SQL query. Web directory
script version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/30941
______________________________________________________________________

08.36.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyioSoft EasyClassifields "index.php" SQL Injection
Description: EasyClassifields is PHP-based software for managing
classified ads. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"go" parameter of the "index.php" script before using it in an SQL
query. EasyClassifields version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/30943
______________________________________________________________________

08.36.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Websens CMSbright "page.php" SQL Injection
Description: CMSbright is PHP-based software for managing web content.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id_rub_page"
parameter of the "page.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30946
______________________________________________________________________

08.36.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myPHPNuke "printfeature.php" SQL Injection
Description: MyPHPNuke is a web-based content management system (CMS)
written in PHP. The application is exposed to an SQL injection issue
that affects the "artid" parameter of the "printfeature.php" script.
myPHPNuke versions prior to 1.8.8_8rc2 are affected
Ref: http://sourceforge.net/projects/myphpnuke/
______________________________________________________________________

08.36.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Reciprocal Links Manager "site" Parameter SQL Injection
Description: Reciprocal Links Manager is a link exchange management
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "site"
parameter of the "index.php" script before using it in an SQL query.
Reciprocal Links Manager version 1.1 is affected.
Ref: http://www.sourceworkshop.com/reciprocal_links_manager.html
______________________________________________________________________

08.36.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Coupon Script "index.php" SQL Injection
Description: PHP Coupon Script is a coupon advertisement script
written in PHP. PHP Coupon Script is prone to an SQL injection
vulnerability that affects the "id" parameter of the "index.php"
script. PHP Coupon Script version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/30961
______________________________________________________________________

08.36.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Full PHP Emlak Script "landsee.php" SQL Injection
Description: Full PHP Emlak Script is a web-based application. The
application is exposed to an SQL injection issue that affects the "id"
parameter of the "landsee.php" script. Attackers may exploit this
issue to compromise the application, access or modify data, or exploit
latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/30962
______________________________________________________________________

08.36.99 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ HYIP Acme "comment.php" SQL Injection
Description: AJ HYIP Acme is an HYIP manager implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "artid" parameter of
the "comment.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30974
______________________________________________________________________

08.36.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ HYIP Acme "readarticle.php" SQL Injection
Description: AJ HYIP Acme is an HYIP manager implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "artid" parameter of
the "readarticle.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30978
______________________________________________________________________

08.36.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CS-Cart "core/user.php" SQL Injection
Description: CS-Cart is a PHP-based shopping cart application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the
"cs_cookies[customer_user_id]" parameter of the "core/user.php" script
before using it in an SQL query. CS-Cart version 1.3.5 is affected.
Ref: http://www.securityfocus.com/archive/1/495907
______________________________________________________________________

08.36.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Spice Classifieds "index.php" SQL Injection
Description: Spice Classifieds is a PHP-based classifieds application.
Spice Classifieds is exposed to an SQL injection issue that affects
the "cat_path" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/30985
______________________________________________________________________

08.36.103 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eliteCMS "page" Parameter SQL Injection
Description: eliteCMS is a web-based content manager. The application
is exposed to an SQL injection issue that affects the "page" parameter
of the "index.php" script. eliteCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30990
______________________________________________________________________

08.36.104 CVE: Not Available
Platform: Web Application
Title: Mono "System.Web" HTTP Header Injection
Description: Mono is a multiplatform open-source implementation of the
Microsoft .NET architecture. Mono is exposed to an issue that allows
the injection of arbitrary HTTP headers because it fails to sanitize
input. This issue is reported in the in the "System.Web" module. Mono
versions 2.0 and earlier are affected.
Ref: https://bugzilla.novell.com/show_bug.cgi?id=418620
______________________________________________________________________

08.36.105 CVE: Not Available
Platform: Web Application
Title: BitlBee Unspecified Security Bypass
Description: BitlBee is an application that enables users to use
Instant Messaging (IM) over Internet Relay Chat (IRC). BitlBee is
exposed to an unspecified security bypass issue. BitlBee versions
prior to 1.2.2 are affected.
Ref: http://bitlbee.org/main.php/changelog.html
______________________________________________________________________

08.36.106 CVE: Not Available
Platform: Web Application
Title: Ampache Insecure Temporary File Creation
Description: Ampache is a PHP-based audio file manager. Ampache
creates temporary files in an insecure manner. The issue occurs
because the "gather-messages.sh" script creates files in an insecure
manner. Ampache version 3.4.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369
______________________________________________________________________

08.36.107 CVE: Not Available
Platform: Web Application
Title: Carmosa PHPCart "phpcart.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Carmosa PHPCart is a web application used to provide
shopping cart functionality to a site. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "quantity", "name" and "address" parameters
of the "phpcart.php" script. PHPCart version 4.6 is affected.
Ref: http://www.securityfocus.com/archive/1/495806
______________________________________________________________________

08.36.108 CVE: Not Available
Platform: Web Application
Title: Carmosa PHPCart Order Modification Data Integrity
Description: Carmosa PHPCart is a web application used to provide
shopping cart functionality to a site. Carmosa PHPCart is exposed to a
data integrity issue because it fails to sufficiently validate
user-supplied input data. PHPCart version 4.6 is affected.
Ref: http://www.securityfocus.com/archive/1/495806
______________________________________________________________________

08.36.109 CVE: Not Available
Platform: Web Application
Title: Debian freeradius-dialupadmin Insecure Temporary File Creation
Vulnerabilities
Description: Debian freeradius-dialupadmin is a set of PHP scripts for
administering a FreeRADIUS server. Debian freeradius-dialupadmin
creates temporary files in an insecure manner. The issues affect the
following scripts: "bin/backup_radacct", "bin/clean_radacct",
"bin/monthly_tot_stats", "bin/tot_stats", and "bin/truncate_radacct".
Debian freeradius-dialupadmin version 2.0.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389
______________________________________________________________________

08.36.110 CVE: Not Available
Platform: Web Application
Title: impose+ Insecure Temporary File Creation
Description: impose+ is a set of PostScript tools. impose+ creates
temporary files in an insecure manner. The issue occurs because the
"impose" script creates files in an insecure manner. impose+ version
0.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496435
______________________________________________________________________

08.36.111 CVE: Not Available
Platform: Web Application
Title: Novell Forum Unspecified Tcl Command Injection
Description: Novell Forum is a web-based forum application. Novell
Forum is exposed to a command injection issue because it fails to
adequately sanitize user-supplied input. Novell Forum versions 8.0 and
earlier are affected.
Ref: http://download.novell.com/Download?buildid=6k-5X-UPnrM~
______________________________________________________________________

08.36.112 CVE: Not Available
Platform: Web Application
Title: Invision Power Board Multiple Remote Security Vulnerabilities
Description: Invision Power Board is a web forum application. Invision
Power Board is exposed to multiple issues. Invision Power Board
version 2.3.5 is affected.
Ref: http://www.securityfocus.com/archive/1/495838
______________________________________________________________________

08.36.113 CVE: Not Available
Platform: Web Application
Title: dotProject Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: dotProject is an open-source, PHP-based project management
tool. The application is prone to multiple input validation issues.
dotProject version 2.1.2 is affected.
Ref: http://www.securityfocus.com/bid/30924
______________________________________________________________________

08.36.114 CVE: Not Available
Platform: Web Application
Title: Acoustica Beatcraft ".bcproj" Instrument Title Buffer Overflow
Description: Acoustica Beatcraft is a drum machine application.
Acoustica Beatcraft is exposed to a buffer overflow issue because it
fails to bounds check user supplied data before copying it into an
insufficiently sized buffer. Acoustica Beatcraft version 1.02 Build 19
is affected.
Ref: http://www.securityfocus.com/bid/30938
______________________________________________________________________

08.36.115 CVE: Not Available
Platform: Web Application
Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: MyPHPNuke is a web-based content management system (CMS).
The application is exposed to multiple input validation issues.
Attackers may exploit the SQL injection issue to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database. myPHPNuke versions prior to 1.8.8_8rc2 are
affected.
Ref: http://www.securityfocus.com/bid/30942
______________________________________________________________________

08.36.116 CVE: Not Available
Platform: Web Application
Title: Brim SQL Injection and HTML Injection Vulnerabilities
Description: Brim is a personal information manager implemented in
PHP. Since it fails to adequately sanitize user-supplied input, Brim
is exposed to multiple input validation issues. Brim version 2.0.0 is
affected.
Ref: http://www.brim-project.org/
______________________________________________________________________

08.36.117 CVE: Not Available
Platform: Web Application
Title: WeBid Multiple Input Validation Vulnerabilities
Description: WeBid is a web-based application implemented in PHP.
Since it fails to adequately sanitize user-supplied input, the
application is exposed to multiple input validation issues. WeBid
version 0.5.4 is affected.
Ref: http://www.securityfocus.com/bid/30945
______________________________________________________________________

08.36.118 CVE: Not Available
Platform: Web Application
Title: WeBid "config.php" Arbitrary File Upload
Description: WeBid is a web-based application implemented in PHP. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. The issue occurs because the
software fails to properly sanitize user-supplied input in the form of
file extensions. WeBid version 0.5.4 is affected.
Ref: http://www.securityfocus.com/bid/30950
______________________________________________________________________

08.36.119 CVE: Not Available
Platform: Web Application
Title: Novell IDM Cross Site Scripting and HTML Injection
Vulnerabilities
Description: Novell User Application and Identity Manager Roles Based
Provisioning Module are user management applications provided by
Novell. These applications are exposed to multiple remote issues.
Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/
readme_5033840.html
______________________________________________________________________

08.36.120 CVE: Not Available
Platform: Web Application
Title: AlcoveBook sgml2x Insecure Temporary File Creation
Description: AlcoveBook sgml2x is a script designed to help applying a
DSSSL stylesheet to an SGML or XML document. The script creates
temporary files in an insecure manner. The issue occurs because the
"bin/rlatex" script creates files in an insecure manner. AlcoveBook
sgml2x version 1.0.0 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496368
______________________________________________________________________

08.36.121 CVE: Not Available
Platform: Web Application
Title: Kyocera Command Center Directory Traversal
Description: Kyocera Command Center is a web-based administration tool
embedded in products such as printers. Command Center is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input. This issue occurs in the application's HTTP
server. Kyocera Command Center included with the FS-1118MFP printer is
affected.
Ref:
http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt
______________________________________________________________________

08.36.122 CVE: CVE-2008-3536, CVE-2008-3537
Platform: Network Device
Title: HP OpenView Network Node Manager Multiple Denial of Service
Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is an automated
network topology application for network administration and analysis.
HP OpenView NNM is exposed to multiple unspecified denial of service
vulnerabilities affecting the "ovalarmsrv" program.
Ref:
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-1191155_4000_100
______________________________________________________________________

08.36.123 CVE: Not Available
Platform: Network Device
Title: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request
Denial of Service
Description: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is
a wireless solution for enterprises. The device is exposed to a denial
of service issue because it fails to handle specially crafted HTTP
POST requests. Specifically, the issue affects the web management
interface.
Ref: http://seclists.org/fulldisclosure/2008/Sep/0058.html
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current
subscription, visit http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjAerYACgkQ+LUG5KFpTkabFQCeID1StUnlujYCJRcJXxEQSV7f
3EcAnj5Qe5fitN582RZMHLo1XNspUnoE
=Aqqh
-----END PGP SIGNATURE-----