Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 1, 2008

Debian update for jailer

Release Date: 2008-12-01

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for jailer. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
DSA-1674-1:
http://lists.debian.org/debian-security-announce/2008/msg00266.html

Other References:
SA32943:
http://secunia.com/advisories/32943/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 1, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 1, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Slackware update for samba

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From local network
Solution Status: Vendor Patch


OS: Slackware Linux 10.0
Slackware Linux 11.0

Description:
Slackware has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.

Solution:
Apply updated packages.

Original Advisory:
SSA:2008-333-01:
http://slackware.com/security/viewer....=2008&m=slackware-security.453684

Other References:
SA32813:
http://secunia.com/advisories/32813/

Collapse -
RakhiSoftware Shopping Cart Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of system information

Where: From remote
Solution Status: Unpatched


Software: RakhiSoftware Shopping Cart

Description:
Charalambous Glafkos has reported some vulnerabilities in RakhiSoftware Shopping Cart, which can be exploited by malicious people to disclose system information, or to conduct SQL injection and cross-site scripting attacks.

Solution:
Filter malicious characters and character sequences in a web proxy.

Use another product.

Provided and/or discovered by:
Charalambous Glafkos

Original Advisory:
http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt

Collapse -
Debian update for imlib2

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
DSA-1672-1:
http://lists.debian.org/debian-security-announce/2008/msg00264.html

Other References:
SA32796:
http://secunia.com/advisories/32796/

Collapse -
Slackware update for ruby

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Collapse -
Debian update for wireshark

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Exposure of sensitive information
DoS

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
DSA-1673-1:
http://lists.debian.org/debian-security-announce/2008/msg00265.html

Other References:
SA30886:
http://secunia.com/advisories/30886/

SA31044:
http://secunia.com/advisories/31044/

SA31674:
http://secunia.com/advisories/31674/

SA32355:
http://secunia.com/advisories/32355/

Collapse -
jailer "updatejail" Insecure Temporary Files

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: jailer 0.x

Description:
A security issue has been reported in jailer, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "updatejail" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in version 0.4. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Javier Fernandez-Sanguino Pena

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1674

Collapse -
VLC Media Player Real Demuxer Integer Overflow Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: VLC media player 0.x

Description:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.

Successful exploitation may allow the execution of arbitrary code.

The vulnerability is reported in versions 0.9.0 through 0.9.6.

Solution:
Update to version 0.9.7.

Provided and/or discovered by:
Tobias Klein

Original Advisory:
VideoLAN-SA-0811:
http://www.videolan.org/security/sa0811.html

Tobias Klein:
http://www.trapkit.de/advisories/TKADV2008-013.txt

Collapse -
Active Trade "username" and "password" SQL Injection Vulnera

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Trade 2.x

Description:
R3d D3v!L has reported some vulnerabilities in Active Trade, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "username" and "password" parameters in account.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7282

Collapse -
Microsoft Office Communications Server SIP INVITE Denial of

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Less critical
Impact: DoS

Where: From remote
Solution Status: Unpatched


Software: Microsoft Office Communications Server 2007

Description:
A vulnerability has been reported in Microsoft Office Communications Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the processing of SIP messages. This can be exploited to potentially exhaust all available memory via multiple SIP INVITE messages sent to an affected server.

Solution:
Restrict network access to the application.

Provided and/or discovered by:
VoIPshield

Original Advisory:
VoIPshield:
http://www.voipshield.com/research-details.php?id=133

Other References:
milw0rm:
http://milw0rm.com/exploits/7262

Collapse -
Basic PHP CMS "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Basic PHP CMS

Description:
CWH Underground has discovered a vulnerability in Basic PHP CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/7261

Collapse -
Bluo CMS "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Bluo CMS 1.x

Description:
The_5p3ctrum has reported a vulnerability in Bluo CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
The_5p3ctrum

Original Advisory:
http://milw0rm.com/exploits/7268

Collapse -
Ocean12 FAQ Manager Pro "ID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Ocean12 FAQ Manager Pro 1.x

Description:
Stack has reported a vulnerability in Ocean12 FAQ Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ID" parameter in default.asp (when "Action" is set to "Cat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Stack

Original Advisory:
http://milw0rm.com/exploits/7271

Collapse -
ASPReferral "AccountID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: ASPReferral 5.x

Description:
((r3d D3v!L)) has reported a vulnerability in ASPReferral, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "AccountID" parameter in Merchantsadd.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 5.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
((r3d D3v!L))

Original Advisory:
http://milw0rm.com/exploits/7274

Collapse -
Active eWebquiz "useremail" and "password" SQL Injection Vul

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data
Security Bypass

Where: From remote
Solution Status: Unpatched


Software: Active eWebquiz 8.x

Description:
R3d D3v!L has reported some vulnerabilities in Active eWebquiz, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "useremail" and "password" parameters in start.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 8.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7279

Collapse -
PHP TV Portal "mid" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: PHP TV Portal 2.x

Description:
A vulnerability has been reported in PHP TV Portal, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "mid" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyber-Zone

Original Advisory:
http://milw0rm.com/exploits/7284

Collapse -
CMS Made Simple "cms_language" Cookie Local File Inclusion

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: Local system
Solution Status: Unpatched


Software: CMS Made Simple 1.x

Description:
A vulnerability has been discovered in CMS Made Simple, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed via the "cms_language" cookie to admin/login.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is confirmed in version 1.4.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
M4ck-h@cK

Original Advisory:
http://milw0rm.com/exploits/7285

Collapse -
Active Votes "AccountID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Votes 2.x



Description:
R3d D3v!L has reported a vulnerability in Active Votes, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "AccountID" parameter in VoteHistory.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7287

Collapse -
Active Products "password" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Price Comparison 4.x
Active Web Mail 4.x

Description:
R3d-D3v!L has reported some vulnerabilities in multiple Active products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "password" parameter in login.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in the following products:
- Web Mail version 4.0
- Active Price Comparison version 4.0

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d-D3v!L

Changelog:
2008-12-01: Added "Active Price Comparison 4.x" as an affected product.

Original Advisory:
http://milw0rm.com/exploits/7281
http://milw0rm.com/exploits/7283

Collapse -
Active Bids "ItemID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01



Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Bids 3.x

Description:
Stack has reported a vulnerability in Active Bids, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ItemID" parameter in bidhistory.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 3.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Stack

Original Advisory:
http://milw0rm.com/exploits/7290

Collapse -
ASPThai Forums Database Disclosure

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: ASPThai Forums 8.x

Description:
CWH Underground has reported a security issue an ASPThai Forums, which can be exploited by malicious people to disclose sensitive information.

The security issue is caused due to the database file database/aspthaiForum.mdb being stored with insecure permissions inside the web root. This can be exploited to gain knowledge of potentially sensitive information by downloading the file.

The security issue is reported in version 8.5. Other versions may also be affected.

Solution:
Restrict access to the database file.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/7292

Collapse -
Active Web Helpdesk "CategoryID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Web Helpdesk 2.x

Description:
Cyber-Zone has reported a vulnerability in Active Web Helpdesk, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "CategoryID" parameter in default.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyber-Zone

Original Advisory:
http://milw0rm.com/exploits/7298

Collapse -
Lito Lite CMS "cid" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Lito Lite CMS

Description:
CWH Underground has discovered a vulnerability in Lito Lite CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cid" parameter in cate.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in a version downloaded 2008-12-01. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/7294

Collapse -
Active Newsletter "email" and "password" SQL Injection Vulne

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Newsletter 4.x

Description:
R3d D3v!L has reported some vulnerabilities in Active Newsletter, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "email" and password" parameters in SubscriberStart.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 4.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7280

Collapse -
Active Test Multiple SQL Injection Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Test 2.x

Description:
R3d D3v!L has reported some vulnerabilities in Active Test, which can be exploited by malicious users and people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Changelog:
2008-12-01: Added vulnerability #2.

Original Advisory:
1) http://milw0rm.com/exploits/7295
2) http://milw0rm.com/exploits/7276

Collapse -
Active Photo Gallery "username" and "password" SQL Injection

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Photo Gallery

Description:
R3d D3v!L has reported some vulnerabilities in Active Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "username" and "password" parameters in account.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 6.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d D3v!L

Original Advisory:
http://milw0rm.com/exploits/7299

Collapse -
Active Price Comparison "ProductID" SQL Injection Vulnerabil

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Price Comparison 4.x

Description:
R3d-D3v!L has reported a vulnerability in Active Price Comparison, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ProductID" parameter in reviews.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 4.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R3d-D3v!L

Original Advisory:
http://milw0rm.com/exploits/7300

Collapse -
Active products "username" and "password" SQL Injection

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Force Matrix 2.x
Active Membership 2.x
Active Time Billing 3.x
Active Votes 2.x

Description:
Some vulnerabilities have been reported in multiple Active products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "username" and "password" parameters in start.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in the following products:
- Active Time Billing version 3.2
- Active Force Matrix version 2.0
- Active Votes version 2.2
- Active Membership version 2.0

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
OffensiveTrack and R3d D3v!L.

Changelog:
2008-12-01: Updated "Title", "Description", "Provided by", "Software" and "Original Advisory" sections.

Original Advisory:
http://milw0rm.com/exploits/7273
http://milw0rm.com/exploits/7275
http://milw0rm.com/exploits/7278
http://milw0rm.com/exploits/7301

Collapse -
Active Business Directory "catid" SQL Injection Vulnerabilit

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Active Business Directory 2.x

Description:
OffensiveTrack has reported a vulnerability in Active Business Directory, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
OffensiveTrack

Original Advisory:
http://milw0rm.com/exploits/7302

Collapse -
KTP Computer Customer Database Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: KTP Computer Customer Database 1.x

Description:
Some vulnerabilities have been discovered in KTP Computer Customer Database, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct SQL injection attacks and disclose potentially sensitive information.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Provided and/or discovered by:
1, 2) CWH Underground
3) An anonymous person.

Original Advisory:
1) http://milw0rm.com/exploits/7305
2) http://milw0rm.com/exploits/7304

Collapse -
Minimal Ablog Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - December 1, 2008

Release Date: 2008-12-01

Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
System access

Where: From remote
Solution Status: Unpatched


Software: Minimal Ablog 0.x

Description:
NoGe has discovered some vulnerabilities in Minimal Ablog, which can be exploited by malicious people to conduct SQL injection attacks, bypass certain security restrictions, or compromise a vulnerable system.

The vulnerabilities are confirmed in version 0.4. Other versions may also be affected.

Solution:
Restrict access to the "admin/" directory (e.g. via ".htaccess").

Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
NoGe

Original Advisory:
http://milw0rm.com/exploits/7306

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.