*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
July 31, 2008
Vol. 7. Week 31
*************************************************************************
@RISK is the SANS
community's consensus bulletin summarizing the most
important vulnerabilities
and exploits identified during the past week
and providing guidance on
appropriate actions to protect your systems
(PART I). It also includes a
comprehensive list of all new
vulnerabilities discovered
in the past week (PART II).
Summary of Updates and
Vulnerabilities in this Consensus
Platform
Number of Updates and Vulnerabilities
-
------------------------
-------------------------------------
Third Party Windows
Apps
11 (#2, #3)
Linux
3
Unix
2
Cross Platform
13 (#1)
Web Application - Cross Site
Scripting 15
Web Application - SQL
Injection
24
Web Application
44
Network Device
1
*************************************************************************
Table Of
Contents
Part I -- Critical
Vulnerabilities from TippingPoint (http://www.tippingpoint.com/)
Widely Deployed
Software
(1) CRITICAL: RealPlayer
Multiple Vulnerabilities
(2) HIGH: Trend Micro OfficeScan ActiveX Control Multiple
Vulnerabilities
(3) MODERATE: HP OVIS Probe
Builder Arbitrary Process Kill Vulnerability
Part II -- Comprehensive
List of Newly Discovered Vulnerabilities from
Qualys (http://www.qualys.com/)
-- Third Party Windows
Apps
08.31.1 - EMC Dantz
Retrospect Backup Client "retroclient.exe" Remote Memory
Corruption
08.31.2 - PowerDVD
".m3u" and ".pls" File Multiple Buffer Overflow
Vulnerabilities
08.31.3 - Outpost Security Suite Pro Filename
Parsing Security Bypass
08.31.4 - RealNetworks
RealPlayer SWF File Heap-Based Buffer Overflow
08.31.5 - Cygwin
"setup.exe" Installation and Update Process Mirror Authenticity
Verification
08.31.6 - RealNetworks
RealPlayer "rmoc3260.dll" ActiveX Control Multiple Memory Corruption
Vulnerabilities
08.31.7 - RealPlayer "rjbdll.dll" ActiveX
Control "Import" Method Stack Buffer Overflow
08.31.8 - Trend Micro OfficeScan "ObjRemoveCtrl.dll" ActiveX Control Multiple
Stack Overflow Vulnerabilities
08.31.9 - AVG Anti-Virus UPX File Parsing Denial
of Service
08.31.10 - CoolPlayer M3U File Buffer Overflow
08.31.11 - Eyeball MessengerSDK "CoVideoWindow.ocx" ActiveX Control Remote
Buffer Overflow
-- Linux
08.31.12 - openSUSE "libxcrypt" Insecure
Password Hash Weakness
08.31.13 - SUSE openSUSE x86_64 Kernel Unspecified Buffer
Overflow
08.31.14 - GNU Coreutils "pam_succeed_if" PAM
Local Authentication Bypass
-- Unix
08.31.15 - vsftpd FTP Server Pluggable Authentication Module (PAM)
Remote Denial of Service
08.31.16 - reSIProcate Multiple Unspecified Memory Corruption
Vulnerabilities
-- Cross Platform
08.31.17 - EMC Retrospect
Backup Client Password Hash Information Disclosure
08.31.18 - EMC Retrospect
Backup Client NULL Pointer Remote Denial of Service
08.31.19 - Asterisk IAX
"POKE" Requests Remote Denial of Service
08.31.20 - OpenSSH "X11UseLocalhost" X11 Forwarding Session
Hijacking
08.31.21 - ZDaemon NULL Pointer Remote Denial of
Service
08.31.22 - Multiple Vendor
DNS Protocol Insufficient Transaction ID Randomization DNS
Spoofing
08.31.23 - Asterisk IAX2
Firmware Provisioning Packet Amplification Remote Denial of
Service
08.31.24 - IntelliTamper HTML "Server" Header Parsing Buffer
Overflow
08.31.25 - Minix Psuedo Terminal Denial of
Service
08.31.26 - RealPlayer
Unspecified Local Resource Reference
08.31.27 - European
Performance Systems Probe Builder Unspecified Denial of
Service
08.31.28 - Links "only
proxies" Unspecified Security
08.31.29 - @Mail Multiple
Local Information Disclosure Vulnerabilities
-- Web Application - Cross Site
Scripting
08.31.30 - EasyBookMarker "ajaxp_backend.php" Cross-Site
Scripting
08.31.31 - Maran PHP Blog "comments.php" Cross-Site
Scripting
08.31.32 - XOOPS Local File
Include and Cross-Site Scripting Vulnerabilities
08.31.33 - VisualPic Cross-Site Scripting
08.31.34 - Multiple Century
System XR Routers Cross-Site Request Forgery
08.31.35 - Claroline Prior to 1.8.11 Multiple Cross-Site Scripting
Vulnerabilities
08.31.36 - PunBB Multiple Cross-Site Scripting
Vulnerabilities
08.31.37 - Geeklog Forum Plugin Cross-Site
Scripting
08.31.38 - Pure Software
Lore Multiple Cross-Site Scripting Vulnerabilities
08.31.39 - Web Wiz Forum
"mode" Parameter Multiple Cross-Site Scripting
Vulnerabilities
08.31.40 - Trac Unspecified Wiki Engine Cross-Site
Scripting
08.31.41 - MyBB "search.php" Cross-Site Scripting
08.31.42 - Web Wiz Rich Text
Editor "RTE_popup_link.asp" Cross-Site Scripting
08.31.43 - Owl Intranet
Engine "register.php" Cross-Site Scripting
08.31.44 - phpMyAdmin Multiple Cross-Site Scripting
Vulnerabilities
-- Web Application - SQL
Injection
08.31.45 - DigiLeave "info_book.asp" SQL
Injection
08.31.46 - HRS Multi
"picture_pic_bv.asp" SQL Injection
08.31.47 - phpKF "forum_duzen.php" SQL Injection
08.31.48 - MojoPersonals "mojoClassified.cgi" SQL
Injection
08.31.49 - E-topbiz Shopcart DX
"product_detail.php" SQL Injection
08.31.50 - SocialEngine Multiple SQL Injection
Vulnerabilities
08.31.51 - Pre Survey
Generator "default.asp" SQL Injection
08.31.52 - EMC Centera Universal Access "username" Parameter SQL
Injection
08.31.53 - Camera Life
"sitemap.xml.php" SQL Injection
08.31.54 - FizzMedia "comment.php" SQL Injection
08.31.55 - PhpTest "picture.php" SQL Injection
08.31.56 - FipsCMS R Parameter "index.asp" SQL
Injection
08.31.57 - IceBB SQL Injection
08.31.58 - Mobius Web Publishing Software Multiple SQL Injection
Vulnerabilities
08.31.59 - phpLinkat SQL Injection and Cookie Authentication Bypass
Vulnerabilities
08.31.60 - phpwebnews-mysql Multiple SQL Injection
Vulnerabilities
08.31.61 - Willoughby TriO SQL Injection
08.31.62 - EPShop "pid" Parameter "index.php"
SQL Injection
08.31.63 - Greatclone Getacoder Clone
"search_form.php" SQL Injection
08.31.64 - Greatclone GC Auction Platinum "category.php" SQL
Injection
08.31.65 - SiteAdmin CMS "art" Parameter "line2.php" SQL
Injection
08.31.66 - Greatclone Youtuber Clone
"ugroups.php" SQL Injection
08.31.67 - ViArt Shop "products_rss.php" SQL
Injection
08.31.68 - Gregarius "ajax.php" SQL Injection
-- Web Application
08.31.69 - Jobbex JobSite "search_result.cfm"
Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
08.31.70 - EasyDynamicPages Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
08.31.71 - EasyPublish "read" Parameter Multiple SQL Injection and
Cross-Site Vulnerabilities
08.31.72 - MyBlog Multiple Remote Information Disclosure
Vulnerabilities
08.31.73 - EZWebAlbum "download.php" Local File
Include
08.31.74 - Flip "config.php"
Remote File Include
08.31.75 - Interact
"help.php" Multiple Local File Include Vulnerabilities
08.31.76 - IntelliTamper HTML "href" Parsing
Buffer Overflow
08.31.77 - EMC Retrospect
Weak Hash Algorithm Insecure Password Weakness
08.31.78 - HiFriend "cgi-bin/hifriend.pl"
Open Email Relay
08.31.79 - MyReview Remote Information Disclosure
08.31.80 - EasyE-Cards SQL Injection Vulnerability and Multiple
Cross-Site Scripting Vulnerabilities
08.31.81 - RunCMS Multiple Remote File Include
Vulnerabilities
08.31.82 - eSyndiCat "admin_lng" Cookie
Parameter Authentication Bypass
08.31.83 - AlphAdmin CMS "aa_login" Cookie
Parameter Authentication Bypass
08.31.84 - AtomatiCMS "upload.php" Arbitrary File
Upload
08.31.85 - Ceica Groupware Multiple Remote File Upload
Vulnerabilities
08.31.86 - EZWebAlbum Cookie Authentication
Bypass
08.31.87 - YouTube Blog
Multiple Input Validation Vulnerabilities
08.31.88 - TamperData Firefox Plugin HTML
Injection
08.31.89 - PunBB Unspecified Arbitrary SMTP Command
Injection
08.31.90 - Moodle "etitle" Parameter HTML
Injection
08.31.91 - Mantis
"account_prefs_update.php" Local File Include
08.31.92 - Drupal Session Fixation
08.31.93 - ibase "download.php" Local File
Include
08.31.94 - WordPress Wp Downloads Manager
Module "upload.php" Arbitrary File Upload
08.31.95 - XRMS 1.99.2
Multiple Remote Vulnerabilities
08.31.96 - CMScout "common.php" Local File
Include
08.31.97 - TalkBack "help.php" Local File Include
08.31.98 - Pixelpost "index.php" Local File
Include
08.31.99 - Trac Unspecified Quickjump
Function URI Redirection
08.31.100 - Jamroom Cookie Authentication Bypass Vulnerability and
Multiple Unspecified Security Vulnerabilities
08.31.101 - ATutor "import.php" Remote File
Include
08.31.102 - IDevSpot BizDirectory Multiple SQL
Injection and Cross-Site Scripting Vulnerabilities
08.31.103 - Cerberus Content
Management System "cerberus_user" Cookie Parameter
HTML Injection
08.31.104 - miniBB RSS Plugin Multiple Remote File Include
Vulnerabilities
08.31.105 - HTTrack URI Parsing Remote Buffer
Overflow
08.31.106 - Unreal
Tournament 2004 NULL Pointer Remote Denial of Service
08.31.107 - JnSHosts PHP Hosting Directory "admin.php" Remote File
Include
08.31.108 - ScrewTurn Software ScrewTurn
Wiki
08.31.109 - Unreal
Tournament 3 Denial of Service And Memory Corruption
Vulnerabilities
08.31.110 - PhpWebGallery Information Disclosure
08.31.111 - InfoMining BookMine SQL Injection
and Cross-Site Scripting Vulnerabilities
08.31.112 - Unica Affinium Campaign Multiple
Remote Vulnerabilities
-- Network Device
08.31.113 - Axesstel AXW-D800 Multiple Remote Authentication Bypass
Vulnerabilities
______________________________________________________________________
PART I Critical
Vulnerabilities
Part I for this issue has
been compiled by Rob King at TippingPoint,
a
division of 3Com, as a
by-product of that company's continuous effort
to ensure that its intrusion
prevention products effectively block
exploits using known
vulnerabilities. TippingPoint's analysis
is
complemented by input from a
council of security managers from twelve
large organizations who
confidentially share with SANS the specific
actions they have taken to
protect their systems. A detailed description
of the process may be found
at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed
Software
*****************************
(1) CRITICAL: RealPlayer
Multiple Vulnerabilities
Affected:
RealPlayer versions prior to
11
Description: RealPlayer is a
popular media playing application for
multiple operating systems.
It contains multiple vulnerabilities in its
handling of a variety of
media formats. Additionally, on Microsoft
Windows platforms, multiple
RealPlayer ActiveX controls contain
vulnerabilities.
Successfully exploiting these vulnerabilities would
allow an attacker to execute
arbitrary code with the privileges of the
current user. Generally,
malicious content would be opened upon receipt
automatically by the
vulnerable application, without first prompting the
user. Full technical details
are publicly available for several of these
vulnerabilities.
Status: Vendor confirmed,
updates available. The ActiveX vulnerabilities
can be mitigated by
disabling the affected controls via Microsoft's
"kill bit" mechanism. Lists
of vulnerable CLSIDs are available in the
Zero Day Initiative
advisories.
References:
Zero Day Initiative
Advisories
http://zerodayinitiative.com/advisories/ZDI-08-046/
http://zerodayinitiative.com/advisories/ZDI-08-047/
Real Security
Advisory
http://service.real.com/realplayer/security/07252008_player/en/
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home
Page
SecurityFocus
BIDs
http://www.securityfocus.com/bid/30376
http://www.securityfocus.com/bid/30378
http://www.securityfocus.com/bid/28157
http://www.securityfocus.com/bid/30370
http://www.securityfocus.com/bid/30379
***************************************************
(2) HIGH: Trend Micro OfficeScan ActiveX Control Multiple
Vulnerabilities
Affected:
Trend Micro OfficeScan versions 7.3 and prior
Description: Trend Micro
OfficeScan is a popular antivirus
solution.
Part of its functionality is
provided by an ActiveX control. This
control contains multiple
buffer overflows in its handling of various
parameters. A malicious web
page that instantiates this control would
allow an attacker to exploit
one of these buffer overflows. Successfully
exploiting one of these
buffer overflows would allow an attacker to
execute arbitrary code with
the privileges of the current user. Full
technical details and a
proof-of-concept are publicly available for
these
vulnerabilities.
Status: Vendor has not
confirmed, no updates available. Users can
mitigate the impact of this
vulnerability by disabling the affected
control via Microsoft's
"kill bit" mechanism using CLSID
"5EFE8CB1-D095-11D1-88FC-0080C859833B". Note that this
may affect normal
application
functionality.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6152
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home
Page
http://uk.trendmicro.com/uk/products/enterprise/index.html
SecurityFocus
BID
http://www.securityfocus.com/bid/30407
***************************************************
(3) MODERATE: HP OVIS Probe
Builder Arbitrary Process Kill Vulnerability
Affected:
HP OVIS Probe Builder
versions 2.2 and prior
Description: HP OVIS Probe
Builder, also known as HP Internet Services
and European Performance
Systems Probe Builder, is a popular enterprise
network architecture
management system. It contains a vulnerability in
its handling of remote
procedure calls. An unauthenticated user could
call an exported procedure
that can kill (terminate) a user-specified
process on the vulnerable
host. A user could cause a complete system
shutdown by killing a
Microsoft Windows system process, or kill other
applications running on the
vulnerable system. Some technical details
are publicly available for
this vulnerability.
Status: Vendor confirmed,
updates available. Users can mitigate the
impact of this vulnerability
by blocking TCP port 32968 at the network
perimeter, if
possible.
References:
iDefense
Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728
HP Support
Document
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01511225
SecurityFocus
BID
http://www.securityfocus.com/bid/30403
*******************************************************
Part II: Weekly
Comprehensive List of Newly Discovered Vulnerabilities
Week 31,
2008
This list is compiled by
Qualys ( http://www.qualys.com/ ) as part of
that
company's ongoing effort to
ensure its vulnerability management web
service tests for all known
vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this
special
SANS community listing,
Qualys also includes vulnerabilities that
cannot
be scanned
remotely.
______________________________________________________________________
08.31.1 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: EMC Dantz Retrospect Backup Client "retroclient.exe"
Remote
Memory
Corruption
Description: EMC Dantz Retrospect Backup Client is an application
that
allows users to back up and
restore files. The application is exposed
to a remote memory
corruption issue that occurs in the
"retroclient.exe" processes
listening on TCP port 497 by default.
Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
______________________________________________________________________
08.31.2 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: PowerDVD ".m3u" and ".pls" File
Multiple Buffer Overflow
Vulnerabilities
Description: PowerDVD is an application for playing DVDs; it
is
available for Microsoft
Windows. The application is exposed to
multiple buffer overflow
issues because it fails to perform adequate
boundary checks on
user-supplied input. These issues occur when
handling malformed ".m3u"
and ".pls" files. PowerDVD
version 8.0 is
affected.
Ref: http://www.securityfocus.com/bid/30341
______________________________________________________________________
08.31.3 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Outpost Security
Suite Pro Filename Parsing Security Bypass
Description: Outpost
Security Suite Pro is a security application that
provides firewall,
antivirus, and other threat protection for
Windows-based computers. The
application is exposed to an issue that
allows an unauthorized
attacker to bypass antivirus and firewall
rules. This issue occurs
because the application fails to adequately
sanitize user-supplied
input. Outpost Security Suite Pro 2009 is
affected.
Ref: http://www.securityfocus.com/archive/1/494660
______________________________________________________________________
08.31.4 CVE:
CVE-2007-5400
Platform: Third Party
Windows Apps
Title: RealNetworks RealPlayer SWF File Heap-Based Buffer
Overflow
Description: RealNetworks RealPlayer is an application that
allows
users to play various media
formats. The application is exposed to a
heap-based buffer overflow
issue because it fails to perform adequate
boundary checks on
user-supplied data. The issue stems from a
frame-handling error when
processing SWF (Shockwave Flash) files.
RealPlayer version 10.5
Build 6.0.12.1483 is affected.
Ref: http://www.securityfocus.com/archive/1/494749
______________________________________________________________________
08.31.5 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Cygwin "setup.exe" Installation and Update Process
Mirror
Authenticity
Verification
Description: Cygwin is a Linux-style operating environment
for
Microsoft Windows. Cygwin "setup.exe" is exposed to an issue caused
by
inadequate verification of
mirror authenticity. Cygwin
"setup.exe"
versions prior to 2.573.2.3
are affected.
Ref: http://www.securityfocus.com/archive/1/494756
______________________________________________________________________
08.31.6 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: RealNetworks RealPlayer "rmoc3260.dll" ActiveX Control
Multiple
Memory Corruption
Vulnerabilities
Description: RealNetworks RealPlayer is an application that
allows
users to play various media
formats. RealPlayer "rmoc3260.dll" ActiveX
control is exposed to
multiple heap-based memory corruption issues.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0460.html
______________________________________________________________________
08.31.7 CVE:
CVE-2008-3066
Platform: Third Party
Windows Apps
Title: RealPlayer
"rjbdll.dll" ActiveX Control "Import" Method Stack
Buffer
Overflow
Description: RealPlayer is
an application that allows users to play
various media formats. The
application is exposed to a stack-based
buffer overflow issue
because it fails to perform adequate boundary
checks on user-supplied
input before copying it to an insufficiently
sized memory
buffer.
Ref: http://www.kb.cert.org/vuls/id/461187
______________________________________________________________________
08.31.8 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Trend Micro OfficeScan "ObjRemoveCtrl.dll" ActiveX
Control
Multiple Stack Overflow
Vulnerabilities
Description: Trend Micro
OfficeScan is an integrated
enterprise-level
security product that
protects against viruses, spyware, worms, and
blended threats. The control
is exposed to multiple stack-based buffer
overflow issues because it
fails to properly bounds check
user-supplied input. OfficeScan version 7.3 build 1343 is
affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0509.html
______________________________________________________________________
08.31.9 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: AVG Anti-Virus UPX
File Parsing Denial of Service
Description: AVG Anti-Virus
is an antivirus application for the
Microsoft Windows platform.
The application is exposed to a denial of
service issue by supplying a
malicious UPX packed file. When the AVG
Anti-Virus scanning engine
scans this file a divide-by-zero error will
occur. AVG Anti-Virus
versions prior to 8.0.156 are affected.
Ref:
______________________________________________________________________
08.31.10 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: CoolPlayer M3U File Buffer Overflow
Description: CoolPlayer is a media player application for the
Windows
operating system. The
application is exposed to a buffer overflow
issue because it fails to
perform adequate boundary checks on
user-supplied
data.
Ref: http://www.securityfocus.com/bid/30418
______________________________________________________________________
08.31.11 CVE: Not
Available
Platform: Third Party
Windows Apps
Title: Eyeball MessengerSDK "CoVideoWindow.ocx" ActiveX Control
Remote
Buffer
Overflow
Description: Eyeball MessengerSDK is a VoIP, video telephony
and
instant messaging API. The
"CoVideoWindow.ocx" ActiveX control of
Eyeball MessengerSDK is exposed to a stack-based buffer overflow
issue
because it fails to perform
adequate boundary checks on user-supplied
input. Eyeball MessengerSDK "CoVideoWindow.ocx control
version
5.0.907.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/494756
______________________________________________________________________
08.31.12 CVE: Not
Available
Platform:
Linux
Title: openSUSE "libxcrypt" Insecure
Password Hash Weakness
Description: openSUSE is exposed to an insecure password
hash
weakness. This issue stems
from a design error when "libxcrypt"
is
used to calculate password
hashes. The "libxcrypt" library
facilitates the use of DES,
MD5, or "blowfish" algorithms for creating
password
hashes.
Ref: http://www.securityfocus.com/bid/30301
______________________________________________________________________
08.31.13 CVE:
CVE-2008-3247
Platform:
Linux
Title: SUSE openSUSE x86_64 Kernel Unspecified Buffer
Overflow
Description: The openSUSE x86_64 kernel is exposed to an
unspecified
buffer overflow issue
because it fails to perform adequate boundary
checks on user-supplied
data. The vulnerability occurs in the Local
Descriptor Table (LDT)
handling code. openSUSE kernel version
2.6.25
is
affected.
Ref: http://www.securityfocus.com/bid/30351
______________________________________________________________________
08.31.14 CVE:
CVE-2008-1946
Platform:
Linux
Title: GNU Coreutils "pam_succeed_if" PAM
Local Authentication Bypass
Description: GNU Coreutils is a set of basic utilities
for
manipulating files, text,
etc. The application is exposed to a local
authentication bypass issue
because of a design error in the
"pam_succeed_if" Pluggable Authentication Module (PAM).
Successfully
exploiting this issue may
lead to other attacks.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0780.html
______________________________________________________________________
08.31.15 CVE:
CVE-2008-2375
Platform:
Unix
Title: vsftpd FTP Server Pluggable Authentication Module (PAM)
Remote
Denial of
Service
Description: The "vsftpd" FTP server (Very Secure File
Transfer
Protocol Daemon) is an FTP
server for UNIX-like platforms. The
application is exposed to a
remote denial of service issue when used
with Pluggable
Authentication Modules (PAM). The issue is caused by a
memory leak that occurs when
an invalid authentication attempt is
made. vsftpd versions prior to 2.0.5 are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0579.html
______________________________________________________________________
08.31.16 CVE: Not
Available
Platform:
Unix
Title: reSIProcate Multiple Unspecified Memory
Corruption
Vulnerabilities
Description: reSIProcate is an implementation of the SIP
(Session
Initiation Protocol) stack;
it includes various application
components. The application
is exposed to multiple unspecified memory
corruption issues. This
issue will allow attackers to consume all the
stack memory. reSIProcate versions prior to 1.3.4 are
affected.
Ref: http://www.resiprocate.org/ReSIProcate_1.3.4_Release
______________________________________________________________________
08.31.17 CVE: Not
Available
Platform: Cross
Platform
Title: EMC Retrospect Backup
Client Password Hash Information
Disclosure
Description: EMC Retrospect
is a secured online backup system for Mac
OS X and Windows. The
Retrospect Backup Client is exposed to an
information disclosure issue
when the client processes a specially
crafted packet. The client
responds by sending information that
includes a password hash in
plain text. Retrospect Backup Client
version 7.5.116 is
affected.
Ref: http://www.securityfocus.com/archive/1/494560
______________________________________________________________________
08.31.18 CVE: Not
Available
Platform: Cross
Platform
Title: EMC Retrospect Backup
Client NULL Pointer Remote Denial of
Service
Description: EMC Retrospect
Backup Client is an application that
allows users to back up and
restore files. The application is exposed
to a remote denial of
service issue because of a design error that
causes a NULL-pointer
exception.
Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
______________________________________________________________________
08.31.19 CVE:
CVE-2008-3263
Platform: Cross
Platform
Title: Asterisk IAX "POKE"
Requests Remote Denial of Service
Description: Asterisk is a
PBX and telephony application for multiple
operating platforms.
Asterisk supports the IAX VoIP protocol. The IAX
control "POKE" is used as a
"ping"-style command. The application is
exposed to a remote denial
of service issue because it fails to handle
multiple "POKE" requests in
quick succession.
Ref: http://downloads.digium.com/pub/security/AST-2008-010.html
______________________________________________________________________
08.31.20 CVE: Not
Available
Platform: Cross
Platform
Title: OpenSSH "X11UseLocalhost" X11 Forwarding Session
Hijacking
Description: OpenSSH is a free implementation of the Secure
Shell
protocol suite. It is
available for various operating systems. The
application is exposed to an
issue that allows attackers to hijack
forwarded X connections.
OpenSSH version 5.0 is affected.
Ref: http://www.openssh.com/txt/release-5.1
______________________________________________________________________
08.31.21 CVE: Not
Available
Platform: Cross
Platform
Title: ZDaemon NULL Pointer Remote Denial of
Service
Description: ZDaemon is a Doom source port based on ZDoom. The
application is exposed to a
remote denial of service issue because it
fails to handle NULL-pointer
exceptions. Specifically, the issue
occurs when sending crafted
data with type "0x06" commands. ZDaemon
versions 1.08.07 and earlier
are affected.
Ref: http://aluigi.altervista.org/adv/zdaemonull-adv.txt
______________________________________________________________________
08.31.22 CVE:
CVE-2008-1447
Platform: Cross
Platform
Title: Multiple Vendor DNS
Protocol Insufficient Transaction ID
Randomization DNS
Spoofing
Description: Multiple
vendors' implementations of the DNS protocol are
exposed to a DNS-spoofing
issue because the software fails to securely
implement random values when
performing DNS queries. Microsoft Windows
DNS Clients and Servers, ISC
BIND 8 and 9, and multiple Cisco IOS
releases are
affected.
Ref: http://www.securityfocus.com/archive/1/494716
______________________________________________________________________
08.31.23 CVE:
CVE-2008-3264
Platform: Cross
Platform
Title: Asterisk IAX2
Firmware Provisioning Packet Amplification Remote
Denial of
Service
Description: Asterisk is a
private branch exchange (PBX) application
available for Linux, BSD,
and Mac OS X platforms. The application is
exposed to remote denial of
service attacks. This issue is caused by a
flaw in the IAX2 firmware
download protocol.
Ref: http://downloads.digium.com/pub/security/AST-2008-011.html
______________________________________________________________________
08.31.24 CVE: Not
Available
Platform: Cross
Platform
Title: IntelliTamper HTML "Server" Header Parsing Buffer
Overflow
Description: IntelliTamper is a spider application for
scanning
websites. The application is
exposed to a buffer overflow issue
because the application
fails to perform adequate boundary checks on
user-supplied data. IntelliTamper version 2.07 is
affected.
Ref: http://www.securityfocus.com/bid/30356
______________________________________________________________________
08.31.25 CVE: Not
Available
Platform: Cross
Platform
Title: Minix Psuedo Terminal Denial of
Service
Description: Minix is light weight operating system. The
application
is exposed to a denial of
service issue. A problem in the
"drivers/tty/tty.c" source file can be
exploited to consume all
available psuedo terminals, subsequently resulting in
future
connections to be denied.
Minix version 3.1.2a is
affected.
Ref: http://www.securityfocus.com/bid/30357
______________________________________________________________________
08.31.26 CVE:
CVE-2008-3064
Platform: Cross
Platform
Title: RealPlayer
Unspecified Local Resource Reference
Description: RealPlayer
allows users to stream various media files
through their browser. The
application is exposed to an unspecified
issue. Please refer to the
link below for further details.
Ref: http://service.real.com/realplayer/security/07252008_player/en/
______________________________________________________________________
08.31.27 CVE:
CVE-2008-1667
Platform: Cross
Platform
Title: European Performance
Systems Probe Builder Unspecified Denial
of
Service
Description: European
Performance Systems (EPS) Probe Builder is an
application designed for use
with HP's OpenView Internet Services.
The
application is exposed to an
unspecified denial of service issue.
Probe Builder versions prior
to A.02.20.901 on Windows are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728
______________________________________________________________________
08.31.28 CVE:
CVE-2008-3329
Platform: Cross
Platform
Title: Links "only proxies"
Unspecified Security
Description: Links is a
text-based web browser. The application is
exposed to an unspecified
security issue related to providing URIs to
external programs. The issue
may be triggered when "only proxies" is
enabled.
Ref: http://links.twibright.com/download/ChangeLog
______________________________________________________________________
08.31.29 CVE: Not
Available
Platform: Cross
Platform
Title: @Mail Multiple Local
Information Disclosure Vulnerabilities
Description: @Mail is an
email server. Since it fails to restrict
access to certain files,
@Mail is exposed to multiple information
disclosure issues.
Specifically, the application fails to restrict
access to the "webmail/libs/Atmail/Config.php"
and
"webmail/webadmin/.htpasswd" files. @Mail
version 5.41 is affected.
Ref: http://www.securityfocus.com/bid/30434
______________________________________________________________________
08.31.30 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: EasyBookMarker "ajaxp_backend.php" Cross-Site
Scripting
Description: EasyBookMarker is a PHP-based tool for
managing
bookmarks. The application
is exposed to a cross-site scripting issue
because it fails to properly
sanitize user-supplied input to the "rs"
parameter of the
"ajaxp_backend.php" script. EasyBookMarker
version
4.0tr is
affected.
Ref: http://www.securityfocus.com/archive/1/494550
______________________________________________________________________
08.31.31 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: Maran PHP Blog "comments.php" Cross-Site
Scripting
Description: Maran PHP Blog is a web-log application. The
application
is exposed to a cross-site
scripting issue because it fails to
sanitize user-supplied input
to the 'id' parameter of the
"comments.php"
script.
Ref: http://www.securityfocus.com/archive/1/494549
______________________________________________________________________
08.31.32 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: XOOPS Local File
Include and Cross-Site Scripting
Vulnerabilities
Description: XOOPS is a
PHP-based content manager. The application is
exposed to a local file
include issue and a cross-site scripting issue
because it fails to properly
sanitize user-supplied input to the "fct"
parameter of the
"/modules/system/admin.php" script. XOOPS version
2.0.18.1 is
affected.
Ref: http://www.securityfocus.com/bid/30330
______________________________________________________________________
08.31.33 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: VisualPic Cross-Site Scripting
Description: VisualPic is a web-based application. The application
is
exposed to a cross-site
scripting issue because it fails to sanitize
user-supplied input to the
"pic" parameter. VisualPic
version 0.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/30334
______________________________________________________________________
08.31.34 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: Multiple Century
System XR Routers Cross-Site Request Forgery
Description: XR routers are
a series of network devices designed for
home and small-office
setups. Multiple Century System XR routers are
exposed to a cross-site
request forgery issue.
Ref: http://jvn.jp/en/jp/JVN67573833/index.html
______________________________________________________________________
08.31.35 CVE: Not
Available
Platform: Web Application -
Cross Site Scripting
Title: Claroline Prior to 1.8.11 Multiple Cross-Site
Scripting
Vulnerabilities
Description: Claroline is a PHP-based online education platform.
The
application is exposed to
multiple cross-site scripting issues because
it fails to sanitize
user-supplied input. Claroline versions prior
to
1.8.11 are
affected.
Ref: http://www.securityfocus.com/archive/1/494655
______________________________________________________________________
08.31.36 CVE:
CVE-2008-3336
Platform: Web Application -
Cross Site Scripting
Title: PunBB Multiple Cross-Site Scripting
Vulnerabilities
Description: PunBB is a PHP-based forum application. The
application
is exposed to multiple
cross-site scripting issues because it fails to
sanitize user-supplied
input. Unspecified parameters of the
"include/parser.php" and
"moderate.php" scripts are affected. PunBB
versions prior to 1.