Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 1
January 7, 2005

SANS Newsletters Home

Note 1: Part II has two weeks of vulnerabilities. Note 2: The big Orlando security training conference has two deadlines: today and next Friday, for discounts. http://www.sans.org/orlando05

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 4 (#6, #7)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 10
    • Linux
    • 4 (#1)
    • HP-UX
    • 2
    • Unix
    • 2
    • Cross Platform
    • 11 (#2)
    • Web Application
    • 17 (#3, #4, #5)
    • Hardware
    • 1 (#8)

**************** Sponsored by SANS Orlando 2005 *************************

The largest security training conference in Orlando starts in just 30 days. Practical, timely, exciting training programs for every security professional. Fourteen immersion tracks for security practitioners, managers and auditors. Those seeking ISC2 CISSP certification will find the nation's top rated prep course at SANS Orlando, too. Plus seven one and two day short courses. And Orlando is comfortable in February! Details: http://www.sans.org/orlando05/ PS. The early registration discounts end today and next Friday.

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Unix
Cross Platform
Web Application
Hardware
PART I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Mozilla NNTP Protocol Processing Overflow
  • Affected:
    • Mozilla version 1.7.3 and prior

  • Description: Mozilla browser supports NNTP (news) protocol and interprets "news://" URLs. The browser contains a heap-based buffer overflow that can be triggered by an overlong news URL ending in a "\\" (backslash) character. A malicious webpage or an HTML email may possibly exploit the flaw to execute arbitrary code on the system running the browser. Mozilla developers initially reported that the flaw cannot be exploited to execute arbitrary code. However, the discoverer has posted a proof-of-concept exploit that overwrites heap memory with the user-supplied data.

  • Status: Mozilla confirmed, upgrade to version 1.7.5. The discussion on MozillaZine indicates that Firefox prior to version 1.0 may also be affected. Hence, upgrade Firefox to version 1.0.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary. Several of the sites commented that they block NNTP at their network security perimeter.

  • References:
Other Software
  • (3) HIGH: PhotoPost and ReviewPost PHP File Upload Vulnerabilities
  • Affected:
    • PhotoPost Classifieds, an ad software, version prior to 2.02
    • ReviewPost PHP Pro, a product review management software, version prior
    • to 2.84

  • Description: The following PHP software contains arbitrary file upload vulnerabilities: PhotoPost Classifieds and ReviewPost PHP Pro. The problem arises because a filename with multiple extensions such a foo.jpg.php.jpg.php is not properly checked for the real file type. As a result, an attacker can upload arbitrary PHP scripts and execute the scripts with the privileges of the webserver. Status: PhotoPost Classifieds: Vendor confirmed, upgrade to version 2.02 ReviewPost PHP Pro: Vendor confirmed, upgrade to version 2.84

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: WHM Autopilot PHP Include Vulnerabilities
  • Affected:
    • WHM Autopilot version prior to 2.5.0

  • Description: WHM Autopilot, a web hosting management software, reportedly contains PHP remote file include vulnerabilities. The problems arise because the software does not properly sanitize input to "Server_inc" parameter. These flaws can be exploited by a remote attacker to run arbitrary PHP code on the webserver. The posted advisory shows how to craft the malicious HTTP requests to exploit the flaws. Note that the vulnerabilities can be exploited only if the server's "register_globals" PHP configuration parameter is turned "On". The default setting for this parameter is "Off" for PHP versions 4.2.0 or higher.

  • Status: Vendor confirmed, upgrade to version 2.5.0.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
  • (7) Windows NetDDE Service Buffer Overflow

  • Description: Exploit code has been publicly posted for the buffer overflow vulnerability in the Windows NetDDE service that has been discussed in the Microsoft Security Bulletin MS04-031. The service is not enabled by default. However, if this service is being used, ensure that the systems are properly patched. Note that the overflow can be leveraged to execute arbitrary code with 'SYSTEM' privileges.

  • Council Site Actions: Most of the reporting council sites are running the affected software and have already patched their systems or are in the process of patching their systems.

  • References:
Patches
  • (8) Symantec Nexland Firewall Appliances

  • Description: The following Symantec Nexland Firewall Appliances with firmware builds prior to 16U use public as the default read/write SNMP community string: Nexland ISB SOHO Firewall Appliance, Nexland Pro100, Pro400 Firewall Appliances, Nexland Pro800, Pro800turbo Firewall Appliances, and Nexland WaveBase Firewall Appliances. An attacker can use the default SNMP community string to make arbitrary changes to the firewall configuration, thereby putting the entire network protected by the firewall at risk. Symantec has released updates for the affected firewalls.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 1, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 3969 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.1.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows winhlp32 Phrase Integer Overflow
  • Description: Microsoft Windows is affected by an integer overflow condition. This issue exists in "winhlp32.exe" and is exposed when a malformed phrase compressed Windows Help file (.hlp) is processed by the program. All Windows versions except Windows XP SP2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/385332
  • 05.1.2 - CVE: Not Available
  • Platform: Windows
  • Title: Windows winhlp32 Phrase Heap Overflow
  • Description: Microsoft Windows Help System winhlp32.exe is affected by a heap-based overflow vulnerability. Insufficient sanitization of the "phrasesEndOffset" value in the "phrase table" headers exposes a heap overflow condition. All current Windows systems are affected.
  • Ref: http://www.xfocus.net/flashsky/icoExp/
  • 05.1.3 - CVE: Not Available
  • Platform: Windows
  • Title: Windows LoadImage API Function Integer Overflow
  • Description: Microsoft Windows is vulnerable to a remote integer overflow issue due to a failure in the application to sanitize the size of the user-supplied integer values. An attacker may exploit this issue to execute arbitrary code in the context of the affected user. All versions of Windows NT, 2000, 2003, and XP versions before SP2 are known to be vulnerable.
  • Ref: http://www.xfocus.net/flashsky/icoExp/index.html
  • 05.1.4 - CVE: Not Available
  • Platform: Windows
  • Title: Windows ANI File Denial of Service
  • Description: The Microsoft .ani file format reads and stores Windows animated cursors. The Windows kernel is reported to be vulnerable to a denial of service issue, due to improper sanitization of .ani file structure. Currently, all Windows versions except Windows XP SP2 are reported to be vulnerable.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2004-12/0363.html
  • 05.1.5 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer FTP Client Directory Traversal
  • Description: Microsoft Internet Explorer FTP client allows users to transfer files. The client is vulnerable to a directory traversal vulnerability due to a failure of the application to sanitize user-supplied input. A remote attacker could place files in an arbitrary location without the user's knowledge or consent. Microsoft Internet Explorer 6.0 and 6.0 SP1 are reported to be vulnerable.
  • Ref: http://www.7a69ezine.org/node/view/176
  • 05.1.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Soldner Secret Wars Multiple Remote Vulnerabilities
  • Description: Soldner Secret Wars is a network enabled PC game. Multiple denial of service, HTML injection and format string issues exist in Secret Wars versions 30830 and earlier.
  • Ref: http://aluigi.altervista.org/adv/soldnerx-adv.txt
  • 05.1.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mozilla/Firefox File Download Dialog Spoofing Vulnerability
  • Description: Mozilla and Firefox are vulnerable to an issue that may permit a malicious web page to spoof the source of a download. Mozilla versions 1.7.x and Firefox versions 1.x are reported to be vulnerable. No solution available, but the vendor states a fix will be included in the next release.
  • Ref: http://secunia.com/secunia_research/2004-15/advisory/
  • 05.1.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArGoSoft FTP Server Remote User Enumeration Vulnerability
  • Description: ArGoSoft FTP Server is reported vulnerable to a remote information disclosure condition. The software responds differently for failed login attempts on valid and invalid usernames. This could be used to anonymously bruteforce user accounts present on the target server. ArGoSoft FTP Server versions 1.4.2.0 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/385855
  • 05.1.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Macallan Mail Solution Web Interface Authentication Bypass
  • Description: Macallan Mail Solution is a mail server. It is vulnerable when url-encoding a "/" into "%2f" or requesting a non-existing directory. It is possible for a remote attacker to bypass the authentication. Macallan Mail Solution 4.0.6.8 (Build 768) is affected.
  • Ref: http://www.cirt.dk/Advisories/cirt-27-advisory.pdf
  • 05.1.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Macallan Mail Solution HTTP GET Request Buffer Overflow
  • Description: Macallan Mail Solution is a mail server. Macallan Mail Solution is vulnerable to a remotely exploitable buffer overflow issue. Mail Solution version 4.0.6.8 (Build 768) is reported to be vulnerable.
  • Ref: http://www.cirt.dk/Advisories/cirt-27-advisory.pdf
  • 05.1.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HyperTerminal Remote Denial of Service
  • Description: Hilgraeve HyperTerminal is a communications/telnet application. It is vulnerable to a remote denial of service vulnerability which may allow an attacker to crash the application. HyperTerminal versions earlier than 5.0 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/12121/discussion/
  • 05.1.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SecureCRT Remote Denial of Service
  • Description: SecureCRT is a Secure Shell (SSH) client. It is reported to be vulnerable to a remote denial of service issue. The issue presents itself when an excessively long hostname value of over 512 bytes is given to the application. SecureCRT version 3.4 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12122/info/
  • 05.1.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ButtUglySoftware CleanCache Insecure Data Removal
  • Description: CleanCache is a utility for Internet Explorer 6.0 and Windows 2000/XP that deletes temporary cache contents. Affected versions do not remove sensitive data in a secure manner. Data recovery tools could disclose data that was previously deleted. CleanCache version 2.19 is affected.
  • Ref: http://securitytracker.com/alerts/2004/Dec/1012701.html
  • 05.1.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetCat Exec Mode Buffer Overflow
  • Description: NetCat is affected by a remotely exploitable buffer overflow issue when listening in exec mode. The issue exists in the DNS-related code and may be triggered by sending a client request greater than 256 bytes. NetCat version 1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/12106/info/
  • 05.1.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WPKontakt Remote Script Execution
  • Description: Wirtualna Polska WPKontakt is an instant messenger application. WPKontakt is reported to be vulnerable to a potential script execution. WPKontakt versions 3.0.1 and earlier are affected.
  • Ref: http://www.man.poznan.pl/security/wpkontakt.html
  • 05.1.16 - CVE: Not Available
  • Platform: Linux
  • Title: KorWeblog Remote File Include Vulnerability
  • Description: KorWeblog is a popular blog system. KorWeblog is prone to a vulnerability that may allow attackers to influence the include path for external files. KorWeblog version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/385736
  • 05.1.17 - CVE: CAN-2004-1017
  • Platform: Linux
  • Title: Linux Kernel USB io_edgeport Driver Local Integer Overflow
  • Description: The io_edgeport USB driver of the Linux kernel is reported to be vulnerable to an integer overflow issue. The issue presents itself when the "edge_startup()" function of the "io_edgeport.c" file handles malicious data. Linux kernel 2.4.21 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12102
  • 05.1.18 - CVE: CAN-2004-1234
  • Platform: Linux
  • Title: Linux Kernel ELF Binary Loading Denial of Service
  • Description: The Linux kernel is unable to properly handle malformed ELF binaries. This may potentially result in a denial of service. Linux kernel 2.4.0 through 2.4.25 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12101
  • 05.1.19 - CVE: CAN-2004-0888
  • Platform: Linux
  • Title: tetex-bin xdvizilla Insecure File Creation
  • Description: tetex-bin xdvizilla is a script that integrates DVI file viewing in Mozilla-based browsers. The script creates temporary files with insecure permissions that may allow write access to users during the execution of the script. tetex-bin version 2.0.2 is affected.
  • Ref: http://www.securityfocus.com/advisories/7394
  • 05.1.20 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Netscape Directory Server Remote Buffer Overflow
  • Description: Netscape Directory Server, when deployed on a HP-UX system, is affected by a buffer overflow issue due to insufficient network input sanitization. HP-UX versions B.11.23 and earlier are affected.
  • Ref: http://www.securityfocus.com/advisories/7714
  • 05.1.21 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX System Administration Manager Privilege Escalation
  • Description: The System Administration Manager (SAM) is an interface for system administration tasks. A potential security vulnerability has been identified with SAM running on HP-UX that may allow local privilege escalation. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are known to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/7710
  • 05.1.22 - CVE: Not Available
  • Platform: Unix
  • Title: aStats Local Insecure Temporary File Creation
  • Description: aStats is a graphical statistics generator for aMule. A local temporary file creation issue exists in the application due to a failure to create and write to temporary files in a secure manner. aStats version 1.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/12128/info/
  • 05.1.23 - CVE: Not Available
  • Platform: Unix
  • Title: QNX crttrap Local Insecure File Creation
  • Description: crttrap is a QNX-based utility that is used to detect video hardware. A local insecure file creation vulnerability reportedly affects QNX crttrap. The software can be tricked to create directories that are writeable by an unprivileged attacker. Since the software runs as a setuid-root process using symbolic links, it can further be tricked into accessing arbitrary files on the system.
  • Ref: http://www.securityfocus.com/archive/1/385657
  • 05.1.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Network News Remote Heap Overflow
  • Description: The Mozilla network news transport protocol is used for retrieval of Netnews articles. A remote heap overflow exists due to a failure to properly validate the length of user-supplied strings prior to copying them into dynamically allocated process buffers. Mozilla versions 1.7.3 and earlier are vulnerable.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=264388
  • 05.1.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHPProjekt Remote File Include
  • Description: PHPProjekt is a freely available, open source PHP Groupware package. Insufficient sanitization of user supplied input in the "authform.inc.php" file exposes a file include issue. PHPProjekt versions 4.2.2 and earlier are affected.
  • Ref: http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&a
    mp;sid=193
  • 05.1.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GNU a2ps psmandup.in Script Insecure Temporary File
  • Description: GNU a2ps is a utility that allows users to convert files to PostScript format files. It is vulnerable to an insecure temporary file creation issue due to insufficient access control mechanism login in the "psmandup.in" script. GNU a2ps 4.13 and GNU a2ps 4.13b are vulnerable.
  • Ref: http://www.securityfocus.com/bid/12109/info/
  • 05.1.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TikiWiki Unauthorized File Upload
  • Description: TikiWiki is a web-based groupware and content management system. TikiWiki is affected by an issue that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software. TikiWiki versions 1.9-rc3 and prior, 1.8.4 and prior and 1.7.8 and prior are known to be vulnerable.
  • Ref: http://tikiwiki.org/tiki-read_article.php?articleId=97
  • 05.1.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Crystal Enterprise Report File Cross-Site Scripting
  • Description: Business Objects Crystal Enterprise is an application that allows for dynamic generation of reports. It is vulnerable to a cross-site scripting issue due to improper sanitization of user supplied URIs to RPT files. An attacker could exploit this issue to execute arbitrary code in the user's browser. Business Objects Crystal Enterprise version 10 and earlier are vulnerable.
  • Ref: http://support.businessobjects.com/library/kbase/articles/c2016559.asp
  • 05.1.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GNU a2ps fixps.in Script Insecure Temporary File
  • Description: GNU a2ps is a file utility that allows users to convert any file type to PostScript format files. It is reported to be vulnerable to an issue that may allow malicious local users to corrupt files, due to the fact that the "fixps.in" script creates temporary files in an insecure manner, allowing symbolic link attacks. a2ps versions 4.13b and 4.13 are affected.
  • Ref: http://www.securityfocus.com/bid/12108/info/
  • 05.1.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: YACY P2P Search Engine Multiple Cross-Site Scripting
  • Description: YACY is a peer-to-peer search engine application implemented in Java. YACY is affected by multiple cross-site scripting vulnerabilities. YACY version 0.31 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/385453
  • 05.1.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SHOUTcast File Request Format String Vulnerability
  • Description: Nullsoft SHOUTcast is a streaming audio server. It is vulnerable to a format string error in the URL handling logic when processing requested filenames. This vulnerability may allow execution of arbitrary code or cause a server to crash. SHOUTcast versions 1.9.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/385350
  • 05.1.35 - CVE: Not Available
  • Platform: Web Application
  • Title: ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
  • Description: ReviewPost PHP Pro is a web-based bulletin board application. It is reported to be vulnerable to sql injection, cross-site scripting and file upload issues due to improper sanitization of user-supplied input. All versions of ReviewPost PHP Pro are reported to be vulnerable.
  • Ref: http://www.gulftech.org/?node=research&article_id=00062-01022005
  • 05.1.36 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBulletinBoard SQL Injection
  • Description: MyBulletinBoard is a web-based forum application. MyBulletinBoard is vulnerable to a remote SQL injection issue due to insufficient sanitization of user-supplied input in the "uid" parameter in the "member.php" script. All versions of MyBulletinBoard are known to be vulnerable.
  • Ref: http://secunia.com/advisories/13722/
  • 05.1.37 - CVE: Not Available
  • Platform: Web Application
  • Title: PhotoPost Classifieds Multiple Input Validation Vulnerabilities
  • Description: PhotoPost is a classified advertising system. Insufficient sanitization of user-supplied input exposes various SQL injection and cross-site scripting issues. PhotoPost Classifieds versions 2.x are affected.
  • Ref: http://secunia.com/advisories/13699/
  • 05.1.38 - CVE: Not Available
  • Platform: Web Application
  • Title: PhotoPost PHP Pro Multiple Cross-Site Scripting Vulnerabilities
  • Description: PhotoPost PHP Pro is a web-based gallery application. It is vulnerable to multiple cross-site scripting issues due to improper sanitization of user-supplied input. PhotoPost PHP Pro 4.8.1 is affected by this issue.
  • Ref: http://www.photopost.com/forum/showthread.php?t=111296
  • 05.1.39 - CVE: CAN-2004-1061
  • Platform: Web Application
  • Title: Bugzilla Internal Error Cross-Site Scripting
  • Description: Bugzilla is a web-based bug tracking system. Bugzilla is vulnerable to a cross-site scripting issue when rendering error pages that include user-supplied input. Bugzilla version 2 is known to be vulnerable.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=272620
  • 05.1.40 - CVE: Not Available
  • Platform: Web Application
  • Title: GNUBoard File Upload Vulnerability
  • Description: SIR GNUBoard is a bulletin board system. Insufficient sanitization of filename extensions in the "gbupdate.php" file exposes an arbitrary script file upload issue in the application. GNUBoard version 3.x is affected.
  • Ref: http://secunia.com/advisories/13711/
  • 05.1.41 - CVE: Not Available
  • Platform: Web Application
  • Title: iWebNegar Multiple Remote Vulnerabilities
  • Description: iWebNegar is a web log and content management system. Insufficient sanitization of user-supplied input exposes various access validation and HTML injection issues. iWebNegar version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/12140/info/
  • 05.1.42 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGroupWare index.php HTML Injection
  • Description: PHPGroupWare is a web-based groupware system. Insufficient sanitization of the "date" parameter in the "index.php" file exposes an HTML injection issue. PHPGroupWare versions earlier than 0.9.16RC3 are affected.
  • Ref: https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478
  • 05.1.43 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Calendar Remote File Include
  • Description: PHP-Calendar is a web-based calendar. It is vulnerable to a remote file include issue due to insufficient sanitization of the "phpc_root_path" parameter in the "calendar.php" and "setup.php" scripts. All versions are known to be affected.
  • Ref: http://www.gulftech.org/?node=research&article_id=00060-12292004
  • 05.1.44 - CVE: Not Available
  • Platform: Web Application
  • Title: WHM AutoPilot Multiple Remote Vulnerabilities
  • Description: WHM AutoPilot is a script designed to administer a web-hosting environment. It is affected by multiple input validation issues. These include cross-site scripting and remote file and script include attacks. All current versions of WHM AutoPilot are considered to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/385572
  • 05.1.45 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Multiple Input Validation Vulnerabilities
  • Description: Moodle is a course management system. Insufficient sanitization of the "search" parameter in the "view.php" script exposes a cross-site scripting issue. A directory traversal issue is exposed due to insufficient sanitization of the "file" parameter in the "file.php" script. Moodle versions 1.4.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/385561
  • 05.1.46 - CVE: Not Available
  • Platform: Web Application
  • Title: PHProxy Error Parameter Cross-Site Scripting
  • Description: PHProxy is an HTTP proxy implemented in PHP. It is reported to be vulnerable to a cross-site scripting issue, due to improper sanitization of the "error" parameter in the "index.php" script. PHProxy versions 0.3 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12115/info/
  • 05.1.47 - CVE: Not Available
  • Platform: Web Application
  • Title: E107 Image Manager Unauthorized File Upload
  • Description: e107 is a web-based content management application. e107 is vulnerable to a file upload issue that may allow an attacker to upload a malicious PHP script and execute it with the privileges of the web server. e107 versions 0.616 and earlier are known to be vulnerable.
  • Ref: http://secunia.com/advisories/13657/
  • 05.1.48 - CVE: Not Available
  • Platform: Web Application
  • Title: ViewCVS Source View Input Validation Vulnerability
  • Description: ViewCVS is an application that allows users to browse CVS repositories via the Web. It is vulnerable to a cross-site scripting and an HTTP response splitting condition. ViewCVS version 0.9.2 is affected.
  • Ref: http://www.securityfocus.com/advisories/7729
  • 05.1.49 - CVE: Not Available
  • Platform: Web Application
  • Title: SugarCRM Multiple Cross-Site Scripting Vulnerabilities
  • Description: SugarCRM is a customer relationship management suite. Insufficient sanitization of user-supplied input exposes various cross-site scripting issues in the application. SugarCRM versions 2.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/12113/info/
  • 05.1.50 - CVE: Not Available
  • Platform: Web Application
  • Title: ZeroBoard Script Injection and Cross-Site Scripting Vulnerabilities
  • Description: ZeroBoard is a web-based bulletin board application. It is vulnerable to multiple script injection issues and one cross-site scripting issue. Zeroboard version 4.1 pl4 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/385450
  • 05.1.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Help Center Live Multiple Remote Vulnerabilities
  • Description: Help Center Live is a web-based help desk application. It is vulnerable to multiple remote security issues including remote file, script inclusion, and cross-site scripting attacks. These can be used towards theft of cookie-based authentication credentials or arbitrary script execution on the vulnerable host.
  • Ref: http://www.gulftech.org/?node=research&article_id=00058-12242004
  • 05.1.52 - CVE: Not Available
  • Platform: Hardware
  • Title: ZyXEL B-240 Adapter Web Interface Cross-Site Scripting
  • Description: ZyXEL B-240 is a Wireless Ethernet Adapter. Its web administration interface is vulnerable to a remote cross-site scripting issue due to improper sanitization of user-supplied input. Currently there are no known fixes for this issue.
  • Ref: http://www.securityfocus.com/archive/1/385865

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org

Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

This course will provide a wealth of information to advance my career in the IT field.
-Doreen Lawrence, Los Alamos National Lab

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.