*************************************************************************
@RISK: The Consensus Security
Vulnerability Alert
August 21, 2008 Vol.
7. Week 34
*************************************************************************
@RISK is the SANS
community's consensus bulletin summarizing the most important vulnerabilities
and exploits identified during the past week and providing guidance on
appropriate actions to protect your systems (PART I). It also includes a
comprehensive list of all new vulnerabilities discovered in the past week (PART
II).
Summary of Updates and
Vulnerabilities in this Consensus
Platform Number of Updates and
Vulnerabilities
-
------------------------
-------------------------------------
Other Microsoft
Products 1 (#3)
Third Party Windows
Apps 5 (#1, #4)
Linux 6
Unix 1
Cross Platform 15 (#2)
Web Application - Cross
Site Scripting 7
Web Application - SQL
Injection 11
Web Application 16
Network Device 1
*************************************************************************
Table Of Contents
Part I -- Critical
Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Symantec Veritas Storage Foundation Authentication Bypass
(2) HIGH: Opera Multiple
Vulnerabilities
(3) HIGH: Microsoft Visual
Studio MaskedEdit ActiveX Control Buffer Overflow
(4) HIGH: Ipswitch WS_FTP Client and Server Multiple Vulnerabilities
Part II -- Comprehensive
List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
-- Other Microsoft Products
08.34.1 - Microsoft Visual Studio
"Msmask32.ocx" ActiveX Control Remote Buffer Overflow
-- Third Party Windows Apps
08.34.2 - FlashGet FTP
"PWD" Response Remote Buffer Overflow
08.34.3 - Symantec Storage Foundation for Windows
Security Update Circumvention
08.34.4 - Maya Studio eo-video
Playlist File Buffer Overflow
08.34.5 - Ipswitch WS_FTP
Client Format String
08.34.6 - Ipswitch WS_FTP
Server Message Response Buffer Overflow
-- Linux
08.34.7 - Red Hat Network Satellite Server
"manzier.pxt" User Information Disclosure
08.34.8 - HP Linux Imaging and Printing System
Privilege Escalation And Denial of Service Vulnerabilities
08.34.9 - Yelp Invalid URI Format String 08.34.10 - Openwsman Multiple Remote Security Vulnerabilities
08.34.11 - Red Hat yum-rhn-plugin RHN Updates Denial of Service
08.34.12 - Linux Kernel
"dccp_setsockopt_change()" Remote Denial of
Service
-- Unix
08.34.13 - Sympa "sympa.pl" Insecure Temporary File Creation
-- Cross Platform
08.34.14 - Sun Java System
Web Proxy Server FTP Subsystem Denial of Service
08.34.15 - Postfix Local
Information Disclosure and Local Privilege Escalation Vulnerabilities
08.34.16 - HAVP
"sockethandler.cpp" Client Connect Infinite Loop Denial of Service
08.34.17 - xine-lib 1.1.14 Multiple Remote Buffer Overflow
Vulnerabilities
08.34.18 - xine-lib OGG Processing Remote Denial of Service
08.34.19 - MicroWorld Technologies MailScan
Multiple Remote Vulnerabilities 08.34.20 - Neon Digest Authentication Null
Pointer Exception Denial of Service
08.34.21 - GnuTLS "gnutls_handshake()"
Function Remote Denial of Service
08.34.22 - VLC Media
Player "demuxtta.c" TTA File Handling
Buffer Overflow
08.34.23 - ESET Smart
Security "easdrv.sys" Local Privilege Escalation
08.34.24 - EchoVNC Remote Buffer Overflow
08.34.25 - Attachmate
Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
08.34.26 - OllyDBG "ollydbg.ini" Debug Argument Local Buffer
Overflow
08.34.27 - SWIMAGE Encore
Master Password Information Disclosure
08.34.28 - VMware
Workstation "hcmon.sys" Local Denial of Service
-- Web Application - Cross Site Scripting
08.34.29 - Navboard Multiple Local File Include and Cross-Site
Scripting Vulnerabilities 08.34.30 - Openfire
"login.jsp" Cross-Site Scripting
08.34.31 - Mambo Multiple
Cross-Site Scripting Vulnerabilities
08.34.32 - FlexCMS "inc-core-admin-editor-previouscolorsjs.php"
Cross-Site Scripting
08.34.33 - AWStats "awstats.pl" Cross-Site Scripting
08.34.34 - Ovidentia "index.php" Cross-Site Scripting
08.34.35 - Sun Java System
Portal Server Portlets Cross-Site Scripting
-- Web Application - SQL Injection
08.34.36 - PHP Realty
"dpage.php" SQL Injection
08.34.37 - PHP-Fusion
"readmore.php" SQL Injection
08.34.38 - E-Shop Shopping
Cart Script "search_results.php" SQL Injection
08.34.39 - ZEEJOBSITE
"bannerclick.php" SQL Injection 08.34.40 - FipsCMS
"forum/neu.asp" SQL Injection
08.34.41 - phpArcadeScript "cat" Parameter SQL Injection
08.34.42 - Quick Poll
"code.php" SQL Injection
08.34.43 - PromoProducts "view_product.php" Multiple SQL
Injection Vulnerabilities
08.34.44 - PHPBasket "pro_id"
Parameter SQL Injection
08.34.45 - NewsHOWLER Cookie Data SQL Injection
08.34.46 - cyberBB Multiple SQL Injection Vulnerabilities
-- Web Application
08.34.47 - Gelato CMS
"classes/imgsize.php" Local File Include
08.34.48 - Meet#Web "root_path"
Parameter Multiple Remote File Include Vulnerabilities
08.34.49 - Ventrilo "type 0" Packet NULL Pointer Dereference
Denial of Service 08.34.50 - Freeway Multiple Input Validation Vulnerabilities
08.34.51 - Cardinal CMS
"upload.php" Arbitrary File Upload
08.34.52 - Nukeviet "admin/login.php" Cookie Authentication
Bypass
08.34.53 - YapBB "class_yapbbcooker.php" Remote File Include
08.34.54 - CyBoards PHP Lite Multiple Remote
Vulnerabilities
08.34.55 - dotCMS "id" Parameter Multiple Local File Include
Vulnerabilities
08.34.56 - mUnky "index.php" Remote Code Execution
08.34.57 - Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery
and Security Bypass Vulnerabilities
08.34.58 - PHPizabi "id" Parameter Local File Include
08.34.59 - XNova Project XNova
"todofleetcontrol.php" Remote File Include 08.34.60 - VidiScript Remote File Upload
08.34.61 - PHP Live Helper
Multiple Input Validation Vulnerabilities
08.34.62 - Freeway
"language" Parameter Multiple Local File Include Vulnerabilities
-- Network Device
08.34.63 - Nokia 6131
Multiple Vulnerabilities
*************************************************************************
PART I Critical
Vulnerabilities
Part I for this issue has
been compiled by Rob King at TippingPoint, a division
of 3Com, as a by-product of that company's continuous effort to ensure that its
intrusion prevention products effectively block exploits using known
vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve large
organizations who confidentially share with SANS the specific actions they have
taken to protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Symantec Veritas Storage Foundation Authentication Bypass
Affected:
Symantec Veritas Storage Foundation versions 5.1 and prior
Description: Symantec Veritas Storage Foundation is a popular enterprise storage
management system. Its management console exports a Remote Procedure Call (RPC)
interface that exposes several scheduling functions. This RPC interface can be
accessed using NULL authentication, meaning any user can connect and execute
these procedures. Calling these procedures would allow an attacker to execute
arbitrary code with the privileges of the vulnerable process (usually SYSTEM).
This vulnerability represents another exploitation vector for an issue
discussed in a previous edition of @RISK. That vector was patched and is no
longer vulnerable. Technical details are publicly available for this
vulnerability.
Status: Vendor confirmed,
updates available.
References:
Zero Day Initiative
Advisory
http://zerodayinitiative.com/advisories/ZDI-08-052/
TippingPoint DVLabs Advisory (previous
vector)
http://dvlabs.tippingpoint.com/advisory/TPTI-07-08
Previous @RISK Entry
https://www2.sans.org/newsletters/risk/display.php?v=6&i=24#widely3
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2008.08.14a.html
SecurityFocus BID
http://www.securityfocus.com/bid/30596
******************************************************************
(2) HIGH: Opera Multiple
Vulnerabilities
Affected:
Opera versions prior to
9.52
Description: Opera is a
popular cross-platform web browser and internet application suite. It contains
multiple vulnerabilities in its handling of a variety of user inputs. A
malicious web page or RSS feed could exploit these vulnerabilities to execute
arbitrary code with the privileges of the current user, perform
cross-site-scripting attacks, retrieve sensitive information, or spoof website
locations. Some technical details for these vulnerabilities are publicly
available.
Status: Vendor confirmed,
updates available.
References:
Opera Security Advisories
http://www.opera.com/support/search/view/892/
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
Opera Home Page
SecurityFocus BID
http://www.securityfocus.com/bid/30768
******************************************************************
(3) HIGH: Microsoft Visual
Studio MaskedEdit ActiveX Control Buffer Overflow
Affected:
Microsoft Visual Studio MaskedEdit ActiveX control versions prior to 6.0.48.18
Description: The MaskedEdit ActiveX control, a component of Microsoft Visual
Studio, contains a buffer overflow vulnerability in its handling of its
"mask" parameter. A specially crafted web page that instantiates this
control could trigger this vulnerability, allowing an attacker to execute
arbitrary code with the privileges of the current user. A proof-of-concept is
publicly available for this vulnerability, as are technical details.
Status: Vendor confirmed,
updates available. Users can mitigate the impact of this vulnerability by
disabling the affected control via Microsoft's "kill bit" mechanism,
using CLSID "C932BA85-4374-101B-A56C-00AA003668DC". Note that this
may affect normal application functionality.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/30674.js
Microsoft Knowledge Base
Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
MaskedEdit Documentation
http://msdn.microsoft.com/en-us/library/11405hcf(VS.71).aspx
Product Home Page
http://msdn.microsoft.com/en-us/vstudio/default.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/30674
******************************************************************
(4) HIGH: Ipswitch WS_FTP Client and Server Multiple Vulnerabilities
Affected:
Ipswitch WS_FTP Pro versions 8.0.3 and prior
Description: Ipswitch WS_FTP is a popular File Transfer Protocol (FTP)
client and server for Microsoft Windows. The server contains a buffer overflow
vulnerability in its handling of user responses. An attacker could exploit this
vulnerability to execute arbitrary code with the privileges of the vulnerable
process (often SYSTEM). Also, the client contains a format string flaw in its
parsing of server responses; a malicious server could exploit this
vulnerability to execute arbitrary code with the privileges of the current
user. Note that the user would have to connect to a malicious server to be
vulnerable. A proof-of-concept for the client side vulnerability is publicly
available.
Status: Vendor has not
confirmed, no updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/30720.py
Product Home Page
SecurityFocus BIDs
http://www.securityfocus.com/bid/30720
http://www.securityfocus.com/bid/30728
*******************************************************
Part II: Weekly
Comprehensive List of Newly Discovered Vulnerabilities Week 34, 2008
This list is compiled by Qualys ( www.qualys.com
) as part of that company's ongoing effort to ensure its vulnerability
management web service tests for all known vulnerabilities that can be scanned.
As of this week Qualys scans for 5549 unique
vulnerabilities. For this special SANS community listing, Qualys
also includes vulnerabilities that cannot be scanned remotely.
______________________________________________________________________
08.34.1 CVE: Not Available
Platform: Other Microsoft
Products
Title: Microsoft Visual
Studio "Msmask32.ocx" ActiveX Control Remote Buffer Overflow
Description: Microsoft
Visual Studio is a suite of software development tools. The MaskedEdit
ActiveX control is a part of this suite. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. "Msmask32.ocx" version 6.0.81.69 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.34.2 CVE: Not Available
Platform: Third Party
Windows Apps
Title: FlashGet
FTP "PWD" Response Remote Buffer Overflow
Description: FlashGet is a freeware download manager for Microsoft
Windows. The application is exposed to a stack-based buffer overflow issue
because it fails to properly validate the "PWD" response in FTP connections
before copying it into an insufficiently sized buffer.
FlashGet version 1.9 is affected.
Ref: http://www.securityfocus.com/bid/30685
______________________________________________________________________
08.34.3 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Symantec Storage
Foundation for Windows Security Update Circumvention
Description: Symantec
Storage Foundation for Windows is a networked storage management tool. The application
is exposed to a security update circumvention issue in the Volume Manager
Scheduler Service.
Storage Foundation for
Windows versions 5.0, 5.0 RP1, and 5.1 are affected.
Ref: http://www.securityfocus.com/archive/1/495487
______________________________________________________________________
08.34.4 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Maya Studio eo-video Playlist File Buffer Overflow
Description: eo-video is a media player for Microsoft Windows platforms.
The application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. The issue arises when
the application handles a playlist (.eop) file with a
large string value in the "<name>" field. eo-video
version
1.36 is affected.
Ref: http://www.securityfocus.com/bid/30717
______________________________________________________________________
08.34.5 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Ipswitch
WS_FTP Client Format String
Description: Ipswitch WS_FTP client is an FTP implementation that is
available for Microsoft Windows operating systems. The application is exposed
to a format string issue because it fails to properly sanitize user-supplied
input before passing it as the format specifier to a
formatted-printing function.
Ref: http://www.securityfocus.com/bid/30720
______________________________________________________________________
08.34.6 CVE: Not Available
Platform: Third Party
Windows Apps
Title: Ipswitch
WS_FTP Server Message Response Buffer Overflow
Description: Ipswitch WS_FTP is an FTP implementation that is available
for Microsoft Windows operating systems. The application is exposed to a remote
buffer overflow issue because it fails to perform adequate boundary-checks on
user-supplied data.
Ref: http://www.securityfocus.com/bid/30728
______________________________________________________________________
08.34.7 CVE: CVE-2008-2369
Platform: Linux
Title: Red Hat Network
Satellite Server "manzier.pxt" User Information Disclosure
Description: Red Hat
Network Satellite Server is a server application that allows users to perform
Red Hat Network updates on computers that are not directly attached to the
Internet. The application is exposed to an information disclosure issue because
it ships with a hard-coded authentication key.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0630.html
______________________________________________________________________
08.34.8 CVE:
CVE-2008-2940, CVE-2008-2941
Platform: Linux
Title: HP Linux Imaging
and Printing System Privilege Escalation And Denial of Service Vulnerabilities
Description: HP Linux
Imaging and Printing System (HPLIP) is a Linux based application to print,
scan, and fax with HP inkjet and laser based printers. The application is
exposed to the multiple issues: a privilege escalation issue occurs in the
alert-mailing functionality of the application; and a local denial of service
issue exists in the "hpssd" message parser.
HPLIP version 1.6.7 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0818.html
______________________________________________________________________
08.34.9 CVE: CVE-2008-3533
Platform: Linux
Title: Yelp Invalid URI
Format String
Description: Yelp is a
Gnome's help program. The application is exposed to a remote format string
issue because it fails to properly sanitize user-supplied input before
including it in the format-specifier argument of a
formatted-printing function. Yelp version 2.23.1 is affected.
Ref: http://bugzilla.gnome.org/show_bug.cgi?id=546364
______________________________________________________________________
08.34.10 CVE:
CVE-2008-2234, CVE-2008-2233
Platform: Linux
Title: Openwsman
Multiple Remote Security Vulnerabilities
Description: Openwsman is a system management platform that implements
the Web Services Management protocol (WS-Management). The application is
exposed to multiple remote security issues. Two buffer overflow issues affect
the basic HTTP authentication decoding mechanism, and an SSL session replay
vulnerability may affect some clients.
Ref: http://www.securityfocus.com/bid/30694
______________________________________________________________________
08.34.11 CVE:
CVE-2008-3270
Platform: Linux
Title: Red Hat yum-rhn-plugin RHN Updates Denial of Service
Description: The yum-rhn-plugin allows the yum package manager to access the Red
Hat Network (RHN) for package updates. The plugin is exposed to a denial of
service issue because it fails to adequately validate SSL certifcates
against configured trusted CA certificates when communicating with an RHN
server.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0815.html
______________________________________________________________________
08.34.12 CVE:
CVE-2008-3276
Platform: Linux
Title: Linux Kernel "dccp_setsockopt_change()" Remote Denial of Service
Description: The Linux
kernel is exposed to a remote denial of service issue because it fails to
properly handle user-supplied input. This issue occurs because of inadequate
checks in the "dccp_setsockopt_change()"
function of the "net/dccp/proto.c"
source file. Linux kernel versions since 2.6.17-rc1 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/814
______________________________________________________________________
08.34.13 CVE: Not
Available
Platform: Unix
Title: Sympa
"sympa.pl" Insecure Temporary File Creation
Description: Sympa is open-source mailing list software. Sympa creates temporary files in an insecure manner. The
issue occurs because sympa.pl creates files in an insecure manner when the
"--make_alias_file" option is used. Sympa version 5.4.3 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
______________________________________________________________________
08.34.14 CVE: Not
Available
Platform: Cross Platform
Title: Sun Java System Web
Proxy Server FTP Subsystem Denial of Service
Description: Sun Java
System Web Proxy Server is a proxy server for enterprises. The application is
exposed to a denial of service issue caused by an unspecified error in the FTP
subsystem. Sun Java System Web Proxy Server versions 4.0 through 4.0.5 for
SPARC, x86, Linux, Windows and HP-UX platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240327-1
______________________________________________________________________
08.34.15 CVE:
CVE-2008-2936, CVE-2008-2937
Platform: Cross Platform
Title: Postfix Local
Information Disclosure and Local Privilege Escalation Vulnerabilities
Description: Postfix is
exposed to multiple local issues. Successfully exploiting these issues will
allow attackers to gain access to sensitive information or execute arbitrary
commands with superuser privileges. Postfix versions
prior to 2.5.4 Patchlevel 4 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0839.html
______________________________________________________________________
08.34.16 CVE:
CVE-2008-3688
Platform: Cross Platform
Title: HAVP "sockethandler.cpp"
Client Connect Infinite Loop Denial of Service
Description: HAVP (HTTP
Anti Virus Proxy) is an HTTP proxy intended to be used with ClamAV
to provide anti-virus scanning. The application is exposed to a remote denial
of service issue because unresponsive servers can trigger an infinite loop.
HAVP version 0.88 is affected.
Ref:
https://sourceforge.net/mailarchive/message.php?msg_name=487CDF51.5060201%40endian.com
______________________________________________________________________
08.34.17 CVE: Not
Available
Platform: Cross Platform
Title: xine-lib
1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
Description: The "xine" application is a media player; "xine-lib" is the core library for applications that
use xine. The library is exposed to multiple remote
buffer overflow issues because it fails to perform adequate boundary checks on
user-supplied input. "xine-lib"
versions prior to 1.1.15
are affected.
Ref:
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d7
______________________________________________________________________
08.34.18 CVE:
CVE-2008-3231
Platform: Cross Platform
Title: xine-lib
OGG Processing Remote Denial of Service
Description: The "xine" application is a media player; "xine-lib" is the core library for applications that
use xine. The issue occurs when processing
specially-crafted OGG media files. "xine-lib"
versions prior to 1.1.15 are affected.
Ref: http://www.openwall.com/lists/oss-security/2008/07/13/3
______________________________________________________________________
08.34.19 CVE: Not
Available
Platform: Cross Platform
Title: MicroWorld
Technologies MailScan Multiple Remote Vulnerabilities
Description: MailScan is an AntiVirus/AntiSpam solution for mail servers and is available for
Microsoft Windows. The application is exposed to multiple remote issues that
occur in the web-based administration console ("Server.exe")
listening on TCP port 10043 by default. MailScan
version 5.6.a espatch1 is affected.
Ref: http://www.securityfocus.com/archive/1/495502
______________________________________________________________________
08.34.20 CVE: Not
Available
Platform: Cross Platform
Title: Neon Digest
Authentication Null Pointer Exception Denial of Service
Description: Neon is an
HTTP and WebDAV client library. The library is
exposed to a remote denial of service issue that occurs in the digest
authentication mechanism. This issue occurs in the "merge_paths()"
function of the "src/ne_uri.c" source file.
Neon versions 0.28.0 through 0.28.2 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
______________________________________________________________________
08.34.21 CVE:
CVE-2008-2377
Platform: Cross Platform
Title: GnuTLS
"gnutls_handshake()" Function Remote Denial
of Service
Description: GNU Transport
Layer Security Library (GnuTLS) is a library that implements
the TLS 1.0 and SSL 3.0 protocols. The application is exposed to a remote
denial of service issue that affects the "gnutls_handshake()"
function and arises due to a design error.
Ref: http://www.gnu.org/software/gnutls/
______________________________________________________________________
08.34.22 CVE: Not
Available
Platform: Cross Platform
Title: VLC Media Player
"demuxtta.c" TTA File Handling Buffer
Overflow
Description: VLC is a
cross-platform media player that can be used to serve streaming data. The
application is exposed to a heap-based buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input. This occurs within
the "demuxtta.c"
source file. VLC media
player version 0.8.6i is affected.
Ref: http://www.orange-bat.com/adv/2008/adv.08.16.txt
______________________________________________________________________
08.34.23 CVE: Not
Available
Platform: Cross Platform
Title: ESET Smart Security
"easdrv.sys" Local Privilege Escalation
Description: ESET Smart
Security is security software which integrates anti-virus, anti-spam and a
firewall. ESET Smart Security is exposed to a local privilege escalation issue
in the "easdrv.sys" driver. The problem occurs because the driver
fails to check input and output pointers with the ProbeForRead
or ProbeForWrite functions. ESET Smart Security
version 3.0.667.0 is affected.
Ref: http://www.eset.com/smartsecurity/
______________________________________________________________________
08.34.24 CVE: Not
Available
Platform: Cross Platform
Title: EchoVNC
Remote Buffer Overflow
Description: EchoVNC is a VNC client that allows remote users to access
desktops as if they are local users. It uses EchoServer
as a packet relay server. EchoVNC is affected by a
remote buffer overflow issue because the application fails to properly validate
user-supplied data before copying it into insufficiently sized buffers. EchoVNC for Linux versions prior to 1.1.2 is affected.
Ref: http://www.securityfocus.com/bid/30722
______________________________________________________________________
08.34.25 CVE: Not
Available
Platform: Cross Platform
Title: Attachmate
Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
Description: Attachmate
Reflection for Secure IT is a set of Secure Shell clients and servers for
Windows and UNIX platforms. The application is exposed to multiple security
vulnerabilities that stem from unspecified errors. Secure IT UNIX Client and
Server 7.0 versions prior to Service Pack 1 (SP1) are affected.
Ref:
http://support.attachmate.com/techdocs/2374.html#Security_Updates_in_7.0_SP1
______________________________________________________________________
08.34.26 CVE: Not
Available
Platform: Cross Platform
Title: OllyDBG
"ollydbg.ini" Debug Argument Local Buffer Overflow
Description: OllyDBG is a debugging application. OllyDBG
is exposed to a local buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. The issue affects the
"Argument" data supplied to "ollydbg.ini", and may be
triggered when the application processes data in excess of 262 bytes. OllyDBG v1.10 is affected.
Ref: http://www.securityfocus.com/bid/30733
______________________________________________________________________
08.34.27 CVE: Not
Available
Platform: Cross Platform
Title: SWIMAGE Encore
Master Password Information Disclosure
Description: SWIMAGE
Encore is an application for automating server, remote desktop and client
deployments. This product consists of a server application and a client
application (Conductor.exe). An information disclosure issue exists because the
application fails to securely remove authentication credentials from memory.
Ref: http://www.kb.cert.org/vuls/id/778427
______________________________________________________________________
08.34.28 CVE: Not
Available
Platform: Cross Platform
Title: VMware Workstation
"hcmon.sys" Local Denial of Service
Description: VMware
Workstation is virtualization software that supports multiple operating
platforms. VMware Workstation is exposed to a local denial of service issue
because the application fails to handle pointer data sent from usermode with "METHOD_NEITHER". VMware
Workstation version 6.0.0.45731 is affected.
Ref: http://www.securityfocus.com/bid/30737
______________________________________________________________________
08.34.29 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: Navboard
Multiple Local File Include and Cross-Site Scripting Vulnerabilities
Description: Navboard is a PHP-based forum application. The application
is exposed to multiple input validation issues. Multiple local file include
issues affect the "module" parameter of the
"admin_modules.php" and "modules.php" scripts. A cross-site
scripting issue affects the "module" parameter of the
"modules.php"
script. Navboard version 16 is affected.
Ref: http://www.securityfocus.com/bid/30687
______________________________________________________________________
08.34.30 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: Openfire
"login.jsp" Cross-Site Scripting
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to cross-site
scripting attacks because it fails to sufficiently sanitize user-supplied input
to the "type" parameter of the "login.jsp" script.
Openfire version 3.5.2 is affected.
Ref: http://www.igniterealtime.org/issues/browse/JM-629
______________________________________________________________________
08.34.31 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: Mambo Multiple
Cross-Site Scripting Vulnerabilities
Description: Mambo is a
PHP-based content manager. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input. Mambo
version 4.6.2 is affected.
Ref: http://www.securityfocus.com/archive/1/495507
______________________________________________________________________
08.34.32 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: FlexCMS
"inc-core-admin-editor-previouscolorsjs.php" Cross-Site Scripting
Description: FlexCMS is a PHP-based content manager. The application is
exposed to a cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "PreviousColorsString"
parameter of the "inc-core-admin-editor-previouscolorsjs.php" script.
FlexCMS version
2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/495508
______________________________________________________________________
08.34.33 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: AWStats
"awstats.pl" Cross-Site Scripting
Description: AWStats is Perl-based application that provides statistics
on server traffic. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the
"awstats.pl" script. AWStats version
6.8 is affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
______________________________________________________________________
08.34.34 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: Ovidentia
"index.php" Cross-Site Scripting
Description: Ovidentia is a content manager. The application is exposed
to cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "field" parameter of the
"index.php" script. Ovidentia version 6.6.5
is affected.
Ref: http://www.securityfocus.com/archive/1/495562
______________________________________________________________________
08.34.35 CVE: Not
Available
Platform: Web Application
- Cross Site Scripting
Title: Sun Java System
Portal Server Portlets Cross-Site Scripting
Description: Sun Java
System Portal Server is a Java-based framework for developing web applications.
Some unspecified Portlets bundled with Sun Java
System Portal Server are exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input. Sun Java System Portal Server
versions 7.0 and 7.1 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239308-1
______________________________________________________________________
08.34.36 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: PHP Realty "dpage.php"
SQL Injection
Description: PHP Realty is
a real estate classified advertising application. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize user-supplied
data to the "docID" parameter of the
"dpage.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30678
______________________________________________________________________
08.34.37 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: PHP-Fusion
"readmore.php" SQL Injection
Description: PHP-Fusion is
a content management application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize user-supplied data to
the "news_id" parameter of the
"readmore.php" script before using it in an SQL query. PHP-Fusion
version 4.01 is affected.
Ref: http://www.securityfocus.com/bid/30680
______________________________________________________________________
08.34.38 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: E-Shop Shopping
Cart Script "search_results.php" SQL Injection
Description: E-Shop
Shopping Cart Script is an e-commerce application.
The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "cid" parameter of the
"search_results.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30692
______________________________________________________________________
08.34.39 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: ZEEJOBSITE
"bannerclick.php" SQL Injection
Description: ZEEJOBSITE is
PHP-based job recruitment application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize user-supplied data to
the "adid" parameter of the
"bannerclick.php" script before using it in an SQL query.
ZEEJOBSITE version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/30711
______________________________________________________________________
08.34.40 CVE: Not Available
Platform: Web Application
- SQL Injection
Title: FipsCMS
"forum/neu.asp" SQL Injection
Description: fipsCMS is a content manager implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "kat"
parameter of the "forum/neu.asp" script file before using it in an
SQL query. fipsCMS version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/30712
______________________________________________________________________
08.34.41 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: phpArcadeScript
"cat" Parameter SQL Injection
Description: phpArcadeScript is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of
the "index.php" script before using it in an SQL query. phpArcadeScript version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/30714
______________________________________________________________________
08.34.42 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: Quick Poll "code.php"
SQL Injection
Description: Quick Poll is
voting software. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "code.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30724
______________________________________________________________________
08.34.43 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: PromoProducts
"view_product.php" Multiple SQL Injection Vulnerabilities
Description: PromoProducts is a web-based application. The application
is exposed to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data to the "sub_cat"
and "product_id" parameters of the "view_product" script before using it in an SQL query.
Ref: http://packetstormsecurity.org/0808-exploits/promoproducts-sql.txt
______________________________________________________________________
08.34.44 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: PHPBasket
"pro_id" Parameter SQL Injection
Description: PHPBasket is a PHP-based shopping cart application. The application
is exposed to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "pro_id"
parameter of the "product.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30726
______________________________________________________________________
08.34.45 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: NewsHOWLER
Cookie Data SQL Injection
Description: NewsHOWLER is a PHP-based news posting application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data contained in cookies before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/30732
______________________________________________________________________
08.34.46 CVE: Not
Available
Platform: Web Application
- SQL Injection
Title: cyberBB
Multiple SQL Injection Vulnerabilities
Description: cyberBB is a web-based forum application. The application
is exposed to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/30734
______________________________________________________________________
08.34.47 CVE: Not
Available
Platform: Web Application
Title: Gelato CMS
"classes/imgsize.php" Local File Include
Description: Gelato CMS is
a content manager. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the "img" parameter of the "classes/imgsize.php"
script. Gelato CMS version 0.95 is affected.
Ref: http://www.securityfocus.com/bid/30672
______________________________________________________________________
08.34.48 CVE: Not
Available
Platform: Web Application
Title: Meet#Web
"root_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: Meet#Web is a PHP-based content manager. The application is
exposed to multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "root_path"
parameter. Meet#Web version 0.8 is affected.
Ref: http://www.securityfocus.com/bid/30673
______________________________________________________________________
08.34.49 CVE: Not
Available
Platform: Web Application
Title: Ventrilo
"type 0" Packet NULL Pointer Dereference Denial of Service
Description: Ventrilo is a voice chat application. The application is
exposed to a denial of service issue when handling packets sent to TCP port
3784. This issue occurs when handling a "type 0" packet containing an
incorrect version followed by a packet containing malicious data. Ventrilo version 3.0.2 is affected.
Ref: http://www.securityfocus.com/archive/1/495448
______________________________________________________________________
08.34.50 CVE: Not
Available
Platform: Web Application
Title: Freeway Multiple
Input Validation Vulnerabilities
Description: Freeway is an
open source e-commerce platform. The application is exposed to multiple issues
because it fails to properly sanitize user-supplied input. Freeway version
1.4.1.171 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=619467
______________________________________________________________________
08.34.51 CVE: Not
Available
Platform: Web Application
Title: Cardinal CMS
"upload.php" Arbitrary File Upload
Description: Cardinal CMS
is a PHP-based content manager. The application is exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an affected
computer with the privileges of the web server process. The issue occurs
because the software fails to properly sanitize user-supplied input in the
"/html/news_fckeditor/editor/filemanager/upload/php/upload.php"
script. Cardinal CMS
version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/30677
______________________________________________________________________
08.34.52 CVE: Not
Available
Platform: Web Application
Title: Nukeviet
"admin/login.php" Cookie Authentication Bypass
Description: Nukeviet is a PHP-based content manager. The application is
exposed to an authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. This issue affects
the "admin/login.php" script.
Nukeviet version 2.0 Beta is affected.
Ref: http://www.securityfocus.com/bid/30681
______________________________________________________________________
08.34.53 CVE: Not
Available
Platform: Web Application
Title: YapBB
"class_yapbbcooker.php" Remote File Include
Description: YapBB is a bulletin board. The application is exposed to a
remote file include issue because it fails to properly sanitize user-supplied
input to the "cfgIncludeDirectory"
parameter of the "include/class_yapbbcooker.php" script. YapBB version 1.2 Beta2 is affected.
Ref: http://www.securityfocus.com/bid/30686
______________________________________________________________________
08.34.54 CVE: Not
Available
Platform: Web Application
Title: CyBoards
PHP Lite Multiple Remote Vulnerabilities
Description: CyBoards PHP Lite is a web-based
message board application. The application is exposed to multiple issues. An
attacker may exploit these issues to execute arbitrary server-side script code
on an affected computer in the context of the web server process. CyBoards PHP Lite version 1.21 is
affected.
Ref: http://www.securityfocus.com/bid/30688
______________________________________________________________________