Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 17
April 28, 2005

SANS Newsletters Home

More than 100 new vulnerabilities this week. That's twice the prevailing rate. And the window of time from vulnerability discovery to exploit is shrinking again. An exploit for the MySQL MaxDB vulnerability (#1 below) was circulating within a day of discovery.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1 (#5, #6)
    • Third Party Windows Apps
    • 13 (#2)
    • Linux
    • 3
    • HP-UX
    • 1 (#7)
    • Unix
    • 5 (#8)
    • Novell
    • 1
    • Cross Platform
    • 12 (#1, #3, #4)
    • Web Application
    • 74

******* Why Do Security Professionals Attend SANS Training? ***********

(1) "SANS teaches you things that you can use right away without all the fluff. What an eye opener." (Sean Saxton, EMS)

(2) "The knowledge gained from SANS training has not only empowered me with the confidence of providing top notched computer security services, but it has also reduced the time needed for unbillable hours of research." (Kevin Cohen, Data Triage Technologies)

(3) "Quick, concise, full of content" (Michael Moore, EDS)

Join us at SANSFIRE next month: http://www.sans.org/sansfire2005

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
HP-UX
Unix
Novell
Cross Platform
Web Application

*********************** SANS Sponsored Links ****************************

1) Join us as SANS presents an authoritative Webcast on Cutting Edge Hacker Techniques on Wednesday, May 04 at 1:00 PM EDT (1700 UTC) This webcast discusses innovative attack techniques and tools released in the last 6 to 8 months and defensive strategies for the evolving threats. https://www.sans.org/webcasts/show.php?webcastid=90530

2) SANS comes to Denver on May 8-14 to host nine immersion tracks plus special one-day classes. http://www.sans.org/rockymnt2005

3) Try SANS@HOME Weekly Webcasts - superb course leaders and material - a great way to learn http://www.sans.org/athome

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Other Software
  • (2) HIGH: MailEnable HTTP Authorization Buffer Overflow
  • Affected:
    • MailEnable Enterprise version 1.04 and prior
    • MailEnable Professional version 1.54 and prior

  • Description: MailEnable, a Windows-based mail server, contains buffer overflows in its webmail server (MEHTTPS.EXE). An unauthenticated attacker can trigger the flaw by sending an overlong string (over 270 bytes) in the "Authorization" HTTP header. The flaw can be exploited to execute arbitrary code with the privileges of the webmail server. Exploit code has been publicly posted.

  • Status: Vendor has confirmed the buffer overflow and released a hotfix.

  • Council Site Actions: Only one of the reporting council sites is using the affected software. They have notified their system support group and have advised them to patch their systems ASAP.

  • References:
  • (3) MODERATE: Sun Java System Web Proxy Server Overflow
  • Affected:
    • Sun Java System Web Proxy Server version 3.6 SP6 and prior

  • Description: Sun has issued an advisory stating that the Sun Java System Web Proxy Server (Sun ONE proxy server) contains a buffer overflow that can be exploited by an attacker to execute arbitrary code with the privileges of the proxy server, typically "nobody". No technical details regarding the nature of the overflow have been posted.

  • Status: Sun announced the flaw. Upgrade to SP7 or later. Council Sight Actions: Three of the reporting council sites are using the affect software. One site issued a moderate alert to their support groups. The second site has notified their system support group and has advised them to patch their systems ASAP. The third site is phasing out this software in the very near future and has not planned any remediation action.

  • References:
  • (4) MODERATE: Mplayer and xine-lib Media Streams Overflow
  • Affected:
    • MPlayer version 1.0pre6 and prior
    • xine-lib version 1.0 and prior

  • Description: MPlayer and xine-lib, Linux movie players, contain heap-based buffer overflows in processing RealMedia (RTSP) and Microsoft Media (MMST) streams. The flaws can be triggered by specially crafted movie files. An attacker can exploit these flaws, by enticing a client to visit a webpage, to potentially execute arbitrary code on the client system. The technical details required to leverage the flaws have been posted. Since the flaws are heap-based overflows, exploitation will be challenging.

  • Status: Vendors have confirmed, patches available.

  • Council Site Actions: Two of the reporting council sites are using the affected software. One has notified their system support group and has advised them to patch their systems ASAP. The second site, due to resource limitations, does not notify users of problems with individual desktop applications unless they know the problems are being frequently exploited in practice.

  • References:
Exploit Code
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 17, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4243 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.17.1 - CVE: CAN-2003-0818
  • Platform: Windows
  • Title: Microsoft Windows ASN.1 Library Heap Corruption
  • Description: Microsoft Windows Abstract Syntax Notation 1 (ASN.1) is used with other Microsoft executables and libraries on Windows. It is vulnerable to a heap corruption due to ASN.1 BER encoding large length fields or modified bit strings. Microsoft Windows 2000 SP2, SP3, SP4 and Windows XP SP0, SP1 are vulnerable. NOTE: This is a new exploit for a known vulnerability that is patched by MS04-007.
  • Ref: http://www.phreedom.org/solar/exploits/msasn1-bitstring/
  • 05.17.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RaidenFTPD Unauthorized File Access
  • Description: RaidenFTPD is an FTP server for Windows. It is prone to a vulnerability that could allow unauthorized access to files outside the FTP root. This issue was reported to affect all versions of RaidenFTPD prior to 2.4.2241.
  • Ref: http://www.securityfocus.com/bid/13292/
  • 05.17.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: netMailshar Professional Webmail Service Directory Traversal
  • Description: netMailshar Professional is an email server. Insufficient sanitization of the ".." sequence exposes the application to a directory traversal issue. netMailshar Professional versions 4 and earlier are affected.
  • Ref: http://www.pppindia.com/intl/netmailshar/
  • 05.17.4 - CVE: CAN-2005-1230
  • Platform: Third Party Windows Apps
  • Title: Yawcam Directory Traversal
  • Description: Yawcam is a Web cam application for Windows platforms. The Yawcam Web server is affected by a directory traversal vulnerability. Yawcam versions 0.2.5 and earlier are known to be vulnerable.
  • Ref: http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt
  • 05.17.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetMailshar Professional Username Information Disclosure
  • Description: netMailshar Professional is an email server for Microsoft Windows platforms. It is prone to an information disclosure vulnerability. This issue is due to the application responding with different messages with regards to the validity of an entered username. This vulnerability could lead to the disclosure of various valid usernames, which could aid in brute force attacks as well as permit an attacker to harvest valid email addresses. This issue is reported to affect netMailshar Professional version 4.
  • Ref: http://www.pppindia.com/intl/netmailshar/
  • 05.17.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable HTTPMail Connector Unspecified Security Vulnerability
  • Description: MailEnable is a mail server available for Windows. It is vulnerable to an unspecified issue in its HTTPMail connector module. It is reported that an attacker can exploit this issue to cause a denial of service condition. Please refer to the following links for a list of vulnerable versions.
  • Ref: http://www.mailenable.com/
  • 05.17.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArGoSoft Mail Server AddNew Unauthenticated Access
  • Description: ArGoSoft Mail Server is vulnerable to unauthenticated access due to the lack of authentication before accessing the "addnew" script. ArGoSoft Mail Server Pro version 1.8.7.6 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396694
  • 05.17.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArGoSoft Mail Server Email Message HTML Injection
  • Description: ArGoSoft Mail Server is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. This issue is reported to affect ArGoSoft Mail Server Pro version 1.8.7.6; other versions may also be vulnerable.
  • Ref: http://does-not-exist.org/mail-archives/bugtraq/msg08440.html
  • 05.17.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: nProtect Netizen ActiveX Control Arbitrary File Creation
  • Description: nProtect Netizen is a personal security solution that supports automatic updates through an ActiveX control. The nProtect Netizen update ActiveX control is affected by an issue that could allow arbitrary files to be downloaded to a vulnerable computer. nProtect Netizen versions 2005.3.17.1 and earlier are known to be vulnerable.
  • Ref: http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/80_e.html
  • 05.17.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable HTTP Authorization Buffer Overflow
  • Description: MailEnable is a mail server available for Windows. It is vulnerable to a remote buffer overflow issue which can be exploited by an attacker by creating a malicious HTTP authorization request. This may allow a remote attacker to control execution flow of the server process. Please refer to the following links for the vulnerable versions.
  • Ref: http://www.mailenable.com/hotfix/ http://www.securityfocus.com/bid/13350/info/
  • 05.17.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Fastream NetFile FTP/Web Server Directory Traversal
  • Description: Fastream NetFile FTP/Web server is prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. Insufficient sanitization of the "filename" parameter to the "mkdir" command exposes this issue. NetFile version 7.5.0 Beta 7 is released to address this issue.
  • Ref: http://www.securityfocus.com/bid/13388
  • 05.17.12 - CVE: CAN-2004-1077
  • Platform: Third Party Windows Apps
  • Title: Citrix Program Neighborhood Agent Malicious Shortcut Creation
  • Description: The Citrix Program Neighborhood Agent provides server side configuration of client settings using Citrix Metaframe and NFuse. It is prone to a vulnerability that could allow malicious applications to be executed on a client computer with the privileges of the current user. A malicious server can create shortcuts in the Startup folder that point to malicious applications. The next time the user starts Windows, the application the shortcut points to will be executed in the security context of the current user. This issue was reported to affect Program Neighborhood Agent for Win32 and Citrix Metaframe Presentation Server client for WinCE.
  • Ref: http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities
  • 05.17.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VooDoo cIRCle BotNet Connection Denial of Service
  • Description: VooDoo cIRCle is an IRC bot implemented for the Microsoft Windows platform. VooDoo cIRCle is affected by a denial of service vulnerability. VooDoo cIRCle versions 1.0.32 and earlier are known to be vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=323254
  • 05.17.14 - CVE: CAN-2004-1078
  • Platform: Third Party Windows Apps
  • Title: Citrix Program Neighborhood Agent Buffer Overflow
  • Description: The Citrix Program Neighborhood Agent facilitates server side configuration of client settings using Citrix Metaframe and NFuse. The Citrix Program Neighborhood Agent is susceptible to a stack overflow. In order for this vulnerability to be exploited, the client needs to connect to a malicious server, potentially resulting in arbitrary code execution in the context of the client. Reportedly, this issue affects Program Neighborhood Agent for Win32 8.0 and Citrix Metaframe Presentation Server client for WinCE 8.0.
  • Ref: http://www.securityfocus.com/bid/13373
  • 05.17.15 - CVE: CAN-2005-1241
  • Platform: Linux
  • Title: PowerTech PowerLock Input Validation
  • Description: PowerTech PowerLock is hardening software for IBM iSeries AS400 platforms. It is prone to an input validation vulnerability which may allow an attacker to pass directory traversal sequences to public services.
  • Ref: http://www.securityfocus.com/archive/1/396628
  • 05.17.16 - CVE: CAN-2004-1343
  • Platform: Linux
  • Title: Debian CVS-Repouid Denial of Service
  • Description: Debian CVS is the concurrent versions system supported by Debian. It is vulnerable to a denial of service due to an error with its CVS cvs-repouid patch. A remote attacker can exploit this issue to cause the CVS process to crash, effectively denying service to legitimate users.
  • Ref: http://www.securityfocus.com/advisories/8482
  • 05.17.17 - CVE: CAN-2004-1342
  • Platform: Linux
  • Title: Debian CVS-Repouid Remote Authentication Bypass
  • Description: Debian CVS is the concurrent versions system supported by Debian. It is reported to be vulnerable to a remote authentication bypass issue due to an error with Debian's CVS cvs-repouid patch.
  • Ref: http://www.securityfocus.com/bid/13402
  • 05.17.18 - CVE: CAN-2005-1192
  • Platform: HP-UX
  • Title: HP-UX ICMP PMTUD Remote Denial of Service
  • Description: Path MTU Discovery (PMTUD) functionality is supported within the ICMP protocol. HP-UX IPV4 based platforms are affected by attacks against ICMP PMTUD. HP-UX versions B.11.00 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/8473
  • 05.17.19 - CVE: CAN-2005-1229
  • Platform: Unix
  • Title: cpio Filename Directory Traversal
  • Description: cpio is an file compression/decompression utility. It is prone to a directory traversal vulnerability. The issue manifests itself when cpio is invoked on a malicious archive. A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.
  • Ref: http://www.securityfocus.com/archive/1/396429
  • 05.17.20 - CVE: Not Available
  • Platform: Unix
  • Title: Palace Guard Software Secure/NET+ Input Validation
  • Description: Palace Guard Software Secure/NET+ is hardening software for IBM iSeries AS400 platforms. Palace Guard Software Secure/NET+ is prone to an input validation vulnerability. It fails to filter directory traversal sequences from user requests. This vulnerability may allow an attacker to pass directory traversal sequences to public services, for example the FTP service.
  • Ref: http://www.securityfocus.com/bid/13311
  • 05.17.21 - CVE: CAN-2005-1239
  • Platform: Unix
  • Title: Raz-Lee Security+++ Suite Input Validation
  • Description: Raz-Lee Security+++ Suite is hardening software for IBM iSeries AS400 platforms. Insufficient sanitization of user supplied input may allow an attacker to pass directory traversal sequences to public services like the FTP service. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/396628
  • 05.17.23 - CVE: CAN-2005-1246
  • Platform: Unix
  • Title: SNMPPD SNMP Proxy Daemon Remote Format String
  • Description: SNMPPD SNMP Proxy Daemon is exposed to a remote formatting string issue due to improper implementation of the "syslog()" function. A remote attacker may leverage this issue to execute arbitrary code within the context of the affected application. SNMPPD SNMP Proxy Daemon versions 0.4.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/396843
  • 05.17.24 - CVE: CAN-2005-1247
  • Platform: Novell
  • Title: Nsure Audit Remote Denial of Service
  • Description: Novell Nsure Audit is a secure logging and auditing application. It is vulnerable to a remote denial of service issue when handling multiple connections on TCP port 449. Novel Nsure Audit version 1.0.1 is vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm
  • 05.17.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Error Page Cross-Site Scripting
  • Description: IBM WebSphere Application Server is "middleware" that provides a platform for enterprise applications. It is susceptible to a cross-site scripting vulnerability in error message web pages. The user-supplied name of an invalid page or file is not properly sanitized and subsequently included on the the 404 error page that is returned. IBM WebSphere version 6.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/13349
  • 05.17.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL MaxDB WebDAV Remote Buffer Overflow
  • Description: MySQL MaxDB is affected by a remote buffer overflow issue. The problem presents itself when the WebDAV functionality of the Web tool attempts to handle a malicious HTTP requests. MySQL MaxDB version 7.5.00.26 is released to fix this issue.
  • Ref: http://www.securityfocus.com/archive/1/396919
  • 05.17.27 - CVE: CAN-2005-0684
  • Platform: Cross Platform
  • Title: MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow
  • Description: MySQL MaxDB is a varient of SAP DB. It is vulnerable to a buffer overflow issue due to a failure of the application to properly validate lengths of user-supplied strings in the "getLockTokenHeader()" function. An attacker may exploit this issue to gain unauthorized access.
  • Ref: http://www.securityfocus.com/archive/1/396956
  • 05.17.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ImageMagick PNM Image Buffer Overflow
  • Description: ImageMagick is an image editing application. It is vulnerable to a buffer overflow when parsing malformed PNM image files. ImageMagick version 6.2.2 corrects this vulnerablity.
  • Ref: http://www.overflow.pl/adv/imheapoverflow.txt
  • 05.17.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: tcpdump BGP Decoding Routines Denial of Service
  • Description: tcpdump is a network-monitoring tool. It is reported to be vulnerable to a denial of service issue due to improper checks while decoding the BGP packets. tcpdump versions 3.8.3 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13380
  • 05.17.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: tcpdump LDP Decoding Routines Denial of Service
  • Description: tcpdump is a network-monitoring tool. It is vulnerable to a denial of service issue if it decodes malformed Label Distribution Protocol LDP datagrams. tcpdump versions 3.8.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396932
  • 05.17.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TCPDump RSVP Decoding Routines Denial of Service
  • Description: tcpdump is a freely available, open source network-monitoring tool. tcpdump is affected by a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. tcpdump versions 3.9.x/CVS and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396930
  • 05.17.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ethereal RSVP Decoding Routines Denial Of Service
  • Description: Ethereal is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way Ethereal decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging. An attacker may exploit this issue to deny Ethereal service for legitimate users. Ethereal versions up to and including 0.10.10 are prone to this issue.
  • Ref: http://www.securityfocus.com/bid/13391
  • 05.17.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: tcpdump ISIS Decoding Routines Denial of Service
  • Description: tcpdump is a network-monitoring tool. tcpdump is susceptible to a denial of service vulnerability. Specifically, the decoding routine for ISIS (Intermediate System to Intermediate System) packets is vulnerable. A remote attacker may cause tcpdump to hang by sending malformed ISIS packets, resulting in denial of service. tcpdump versions up to and including 3.9.x are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13392
  • 05.17.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Intersoft NetTerm Netftpd USER Buffer Overflow
  • Description: Netftpd is a FTP server included with Intersoft International NetTerm. It is vulnerable to a remote buffer overflow issue due to insufficient boundary checking in the USER command processing. An attacker can exploit this issue to execute arbitrary code in the vulnerable system. Netftpd version 4.2.2 is reported vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396959
  • 05.17.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Convert-UUlib Perl Module Buffer Overflow
  • Description: Convert-UUlib is a Perl module that provides an interface to the uulib library. It is affected by a remotely exploitable buffer overflow vulnerability. This condition may be leveraged to overwrite sensitive program control variables, allowing a remote attacker to control execution flow of the process. Convert-UUlib version 1.51 has been released to fix this issue.
  • Ref: http://www.securityfocus.com/advisories/8481
  • 05.17.36 - CVE: CAN-2005-0684
  • Platform: Cross Platform
  • Title: MySQL MaxDB HTTP GET Request Remote Buffer Overflow
  • Description: MySQL MaxDB is a re-branded version of SAP DB that includes certain enhancements. A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. The problem presents itself when a malicious HTTP GET request is received by the affected database server. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
  • Ref: http://www.idefense.com/application/poi/display?id=236
  • 05.17.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Ocean12 Calendar Manager Admin Form SQL Injection
  • Description: Ocean12 Calendar Manager is a web-based calendar management system implemented in ASP, utilizing a Microsoft Access database. Ocean12 Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input to the "Admin_ID" parameter of the admin login form before using it in an SQL query.
  • Ref: http://osvdb.org/ref/15/1530x-ocean12-multiple.txt
  • 05.17.38 - CVE: CAN-2005-1234
  • Platform: Web Application
  • Title: PHPBB-Auction Module SQL Injection
  • Description: phpbb-auction module is an auction system. It is vunerable to an SQL injection due to insufficient sanitization of user-supplied input to the "u" parameter. phpbb-auction versions 1.2 and earlier are vulnerable.
  • Ref: http://www.snkenjoi.com/secadv/secadv9.txt
  • 05.17.39 - CVE: CAN-2005-1233
  • Platform: Web Application
  • Title: PHP Labs proFile Dir URI Variable Cross-Site Scripting
  • Description: PHP Labs proFile is a web-based file management application. It is prone to a cross-site scripting vulnerability. Attackers may embed hostile HTML and script code in a malicious link to the affected application. Exploitation could allow theft of cookie-based authentication credentials or other attacks.
  • Ref: http://www.snkenjoi.com/secadv/secadv7.txt
  • 05.17.40 - CVE: CAN-2005-1236
  • Platform: Web Application
  • Title: DUportal Pro Multiple SQL Injection Vulnerabilities
  • Description: DUportal Pro is a content management system. Insufficient sanitization of user supplied input exposes the application to multiple SQL injection issues. DUportal Pro versions 3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/396336
  • 05.17.41 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery Favs SQL Injection
  • Description: Coppermine Photo Gallery is a web-based gallery implemented in PHP. It is vulnerable to an SQL injection issue due to a failure of the application to properly sanitize user supplied data in "include/init.inc.php" script. A remote attacker can exploit this issue to compromise the application or get access to sensitive information. Coppermine versions prior to 1.3.3 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/396354
  • 05.17.42 - CVE: Not Available
  • Platform: Web Application
  • Title: PHProjekt Chatroom Text Submission HTML Injection
  • Description: PHProjekt is a PHP Groupware package. It is reported to be vulnerable to an HTML injection issue due to improper sanitization of user-supplied input. PHProjekt versions 4.2 and earlier are reported to be vulnerable to the issue.
  • Ref: http://www.securityfocus.com/bid/13286
  • 05.17.43 - CVE: CAN-2005-1236
  • Platform: Web Application
  • Title: DUportal Multiple SQL Injection Vulnerabilities
  • Description: DUportal/DUportal SQL are content management systems. They are vulnerable to multiple SQL injection vulnerabilities due to insufficent sanitization of user-supplied input. DUportal and DUportal SQL versions 3.1.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/13288/info/
  • 05.17.44 - CVE: CAN-2005-1172, CAN-2005-1225
  • Platform: Web Application
  • Title: Coppermine Photo Gallery ZipDownload.PHP SQL Injection
  • Description: Coppermine Photo Gallery is a web-based gallery. Coppermine is affected by an SQL injection vulnerability. Coppermine versions 1.3.2 and earlier are known to be vulnerable.
  • Ref: http://www.waraxe.us/advisory-42.html
  • 05.17.45 - CVE: Not Available
  • Platform: Web Application
  • Title: AZ Bulletin Board Remote File Include Vulnerability
  • Description: AZ Bulletin Board (AZBB) is a PHP based bulletin board. It is vulnerable to a remote file include issue due to a failure of the application to validate critical parameters before using them in a "include()" function call. An attacker may leverage this issue to execute arbitrary server-side script code in the context of the web server process. AZ Bulletin Board versions prior to 1.0.8 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/396360
  • 05.17.46 - CVE: CAN-2005-1201
  • Platform: Web Application
  • Title: AZ Bulletin Board Remote Directory Traversal
  • Description: AZ Bulletin Board is a web-based bulletin board application. It is reported to be vulnerable to a remote directory traversal issue due to improper sanitization of user-supplied input to the "attachment" parameter. AZ Bulletin Board AZbb versions 1.0.7 c and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396360
  • 05.17.47 - CVE: CAN-2005-1201
  • Platform: Web Application
  • Title: AZ Bulletin Board Directory Traversal
  • Description: AZ Bulletin Board is a Web-based bulletin board application. It is vulnerable to a directory traversal vulnerability due to insufficient user-supplied data through the "ent" parameter of the "admin_avatar.php" and "admin_attachment.php" scripts. AZ Bulletin Board AZbb version 1.08 corrects this issue.
  • Ref: http://www.gulftech.org/?node=research&article_id=00068-04192005
  • 05.17.48 - CVE: CAN-2005-1237
  • Platform: Web Application
  • Title: FlexPHPNews News.PHP SQL Injection
  • Description: FlexPHPNews is a web-based application for news administration. FlexPHPNews is prone to an SQL injection Vulnerability in user-supplied input to the "newsid" parameter of "news.php" before using it in an SQL query. This issue is reported to affect FlexPHPNews version 0.0.3.
  • Ref: http://secunia.com/advisories/14905
  • 05.17.49 - CVE: CAN-2005-1004
  • Platform: Web Application
  • Title: PayProCart Username Cross-Site Scripting
  • Description: PayProCart is a web based PayPal and Ebay shopping cart. Insufficient sanitization of the "username" parameter of the "cart.php" and "index.php" script exposes the application to multiple cross-site scripting issues. All versions are affected.
  • Ref: http://lostmon.blogspot.com/
  • 05.17.50 - CVE: Not Available
  • Platform: Web Application
  • Title: ProfitCode PayProCart ChckOutAction Cross-Site Scripting
  • Description: ProfitCode Software PayProCart is a web-based PayPal and Ebay shopping cart implemented in PHP. It is vulnerable to a cross site scripting issue due to improper sanitization of the "chckoutaction" parameter in the "cart.php" and "index.php" scripts. An attacker may leverage this issue to steal cookie based authentication credentials. PayProCart versions earlier to 3.1 are vulnerable to this issue.
  • Ref: http://lostmon.blogspot.com/
  • 05.17.51 - CVE: CAN-2005-1004
  • Platform: Web Application
  • Title: PayProCart Ckprvd Cross-Site Scripting
  • Description: PayProCart is a web-based PayPal and Ebay shopping cart. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "ckprvd" parameter of the "cart.php" and "index.php" scripts. PayProCart version 3.0 is reported to be vulnerable to the issue.
  • Ref: http://www.securityfocus.com/bid/13303
  • 05.17.52 - CVE: CAN-2005-1004
  • Platform: Web Application
  • Title: PayProCart PageID Cross-Site Scripting
  • Description: PayProCart is a web-based shopping cart. It is vulnerable to cross site scripting due to insufficient sanitization of user supplied input to the "pageID" parameter of the "cart.php" and "index.php" scripts. ProfitCode Software PayProCart version 3.0 is vulnerable.
  • Ref: http://lostmon.blogspot.com/2005/04/payprocart-multiple-variable-xss-path_20.htm
    l
  • 05.17.54 - CVE: Not Available
  • Platform: Web Application
  • Title: ASPNuke Comments.ASP SQL Injection
  • Description: ASPNuke is web portal software. It is reported to be vulnerable an SQL injection issue due to improper sanitization of the "taskid" parameter of the "comments.asp" script. ASPNuke version 0.80 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13315
  • 05.17.55 - CVE: Not Available
  • Platform: Web Application
  • Title: ASPNuke Detail.ASP SQL Injection
  • Description: ASPNuke is web portal software. It is vulnerable to an SQL injection vulnerability due to insufficient sanitization of user supplied input to the "taskid" parameter of "detail.asp". ASPNuke version 0.80 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396678
  • 05.17.56 - CVE: Not Available
  • Platform: Web Application
  • Title: PixySoft E-Cart Remote Command Execution Vulnerability
  • Description: PixySoft E-Cart is an e-commerce plug-in for WebAPP. It is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. PixySoft E-Cart version 1.1 is reported to be vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/396748
  • 05.17.57 - CVE: Not Available
  • Platform: Web Application
  • Title: ProfitCode Software PayProCart AdminShop ModID Cross-Site Scripting
  • Description: PayProCart is a web-based PayPal and Ebay shopping cart. It is implemented in PHP. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "modID" parameter of "adminshop/index.php".
  • Ref: http://lostmon.blogspot.com/
  • 05.17.58 - CVE: Not Available
  • Platform: Web Application
  • Title: ProfitCode PayProCart Cross-Site Scripting
  • Description: PayProCart is a web-based PayPal and Ebay shopping cart. PayProCart is vulnerable to a cross-site scripting attack.
  • Ref: http://www.securityfocus.com/bid/13307
  • 05.17.59 - CVE: Not Available
  • Platform: Web Application
  • Title: ProfitCode PayProCart AdminShop ProMod Cross-Site Scripting
  • Description: PayProCart is a web-based PayPal and Ebay shopping cart. Insufficient sanitization of the "proMod" parameter of the "adminshop/index.php" script exposes the application to a cross-site scripting issue. All versions are affected.
  • Ref: http://www.securityfocus.com/bid/13308
  • 05.17.60 - CVE: Not Available
  • Platform: Web Application
  • Title: ProfitCode PayProCart Cross-Site Scripting
  • Description: PayProCart is a web-based PayPal and Ebay shopping cart. It is implemented in PHP. It is vulnerable to a cross-site scripting issue due to a failure in the application to sanitize user input to the "adminshop/nmailer/index.php" script. An attacker may leverage this issue to steal cookie-based authentication credentials. PayProCart version 3.0 is vulnerable to this issue.
  • Ref: http://lostmon.blogspot.com/
  • 05.17.61 - CVE: CAN-2005-1245
  • Platform: Web Application
  • Title: MediaWiki Unspecified HTML Tidy Cross-Site Scripting
  • Description: MediaWiki is a wiki engine designed to run wikipedia. It is reported to be vulnerable to unspecified cross-site scripting issue due to improper sanitization of user-supplied input. MediaWiki version 1.4.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13301
  • 05.17.62 - CVE: Not Available
  • Platform: Web Application
  • Title: OneWorldStore chksettings.asp Denial of Service
  • Description: OneWorldStore is web-based storefront software. Malformed requests made to the "/owConnections/chksettings.asp" script leads to a denial of service condition. All current versions are affected.
  • Ref: http://lostmon.blogspot.com/2005/04/oneworldstore-critical-failure.html
  • 05.17.63 - CVE: Not Available
  • Platform: Web Application
  • Title: ASPNuke Profile.ASP Cross-Site Scripting
  • Description: ASPNuke is ASP-based Web portal software. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user supplied input to the profile.asp script. An attacker can exploit this issue to steal cookie based credentials. ASPNuke version 0.8 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/396678
  • 05.17.64 - CVE: Not Available
  • Platform: Web Application
  • Title: WoltLab Burning Board Thread.PHP Cross-Site Scripting
  • Description: WoltLab Burning Board is a free web-based bulletin board package based on PHP and MySQL. WoltLab Burning Board is affected by a cross-site scripting vulnerability. WoltLab Burning Board versions 2.3.1 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13325
  • 05.17.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Black Knight Forum Member.ASP SQL Injection
  • Description: Black Knight (BK) Forum is a Web forum application implemented in ASP. A vulnerabilty exists in the application due to a failure to properly sanitize user-supplied input to the "id" parameter of "member.asp" prior to utilizing the data in an SQL query.
  • Ref: http://www.securityfocus.com/bid/13327
  • 05.17.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Black Knight Forum Forum.ASP SQL Injection
  • Description: Black Knight Forum is a web-based forum application. Insufficient sanitization of the "forum" parameter in the "forum.asp" script exposes the application to an SQL injection issue. Black Knight Forum version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/13328
  • 05.17.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Black Knight Forum Register.ASP SQL Injection
  • Description: Black Knight (BK) Forum is an ASP-based Web forum. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "register.asp" script. A remote attacker can exploit this issue to gain access to sensitive information or modify data. Black Knight Forum version 4.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396743
  • 05.17.68 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ ProductCatalogSubCats.ASP SQL Injection
  • Description: CartWIZ is a Web-based shopping cart application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "idParentCategory" parameter of the "productCatalogSubCats.asp" script. CartWIZ version 1.10 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396749
  • 05.17.69 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ SearchResults.ASP Cross-Site Scripting
  • Description: CartWIZ is a web-based shopping cart application. It is vulnerable to a cross-site scripting issue due to a failure of the application to sanitize user input to the "searchResults.asp" script. An attacker can leverage this issue to steal cookie-based authentication credentials and other attacks.
  • Ref: http://www.securityfocus.com/bid/13343
  • 05.17.70 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Profile.PHP Cross-Site Scripting
  • Description: phpBB is an open-source web forum application. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "u" parameter of "profile.php" script. phpBB versions 2.0.14 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13344
  • 05.17.71 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Viewtopic.PHP Cross Site Scripting
  • Description: phpBB is a web forum application. It is vulnerable to a cross site scripting issue due to insufficient sanitization of user-supplied input to the "highlight" parameter of the "viewtopic.php" script. phpBB versions 2.0.14 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396744
  • 05.17.72 - CVE: Not Available
  • Platform: Web Application
  • Title: ACS Blog Administrative Access Authentication Bypass
  • Description: ACS Blog is Web blog software implemented in ASP. ACS Blog is affected by an authentication bypass vulnerability. ACS Blog versions 1.1.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13346
  • 05.17.73 - CVE: Not Available
  • Platform: Web Application
  • Title: SWSoft Confixx Change User SQL Injection
  • Description: Confixx is a control panel system for Web sites; it is implemented in PHP. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "change user" field before using it in an SQL query.
  • Ref: http://www.sw-soft.com/en/products/confixx/
  • 05.17.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyVisites Cross-Site Scripting
  • Description: phpMyVisites is a Web site statistics application. phpMyVisites is susceptible to a cross-site scripting vulnerability. A remote attacker may embed hostile HTML and script code in a malicious link to phpMyVisites. Versions 1.0 through 1.3 are believed to be vulnerable. Other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/13352
  • 05.17.75 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyVisites Index.PHP Cross Site Scripting
  • Description: phpMyVisites is a web site statistics application. Insufficient sanitization of the "per" URI variable in the "index.php" script exposes the application to a cross-site scripting issue. phpMyVisites versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/13356
  • 05.17.76 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyVisites Site Variable Cross-Site Scripting
  • Description: PHPMyVisites is a Web site statistics application. It is vulnerable to a cross-site scripting issue due to improper sanitization of "site" URI variable. An attacker can exploit this issue to steal cookie based authentication credentials. PHPMyVisites 1.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/13357/info/
  • 05.17.77 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ SearchResults.ASP PriceTo Argument SQL Injection
  • Description: CartWIZ is a Web-based shopping cart application. Insufficient sanitizatoin of user the "priceTo" parameter in the "searchResults.asp" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=2253
  • 05.17.78 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ SearchResults.ASP PriceFrom SQL Injection
  • Description: CartWIZ is a Web-based shopping cart application. Insufficient sanitization of the "priceForm" parameter of the "searchResults.asp" script exposes the application to an SQL injection issue. CartWIZ version 1.10 and all prior versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/13334
  • 05.17.79 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ SearchResults.ASP IDCategory Argument SQL Injection
  • Description: CartWIZ is a web-based shopping cart application. Insufficient sanitization of the "idCategory" parameter in the "searchResults.asp" script exposes the application to an SQL injection issue. CartWIZ version 1.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/396749
  • 05.17.80 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: CartWIZ is a web-based shopping cart application. It is reported to be vulnerable to multiple sql injection and cross-site scripting issues due to improper sanitization of user-supplied input. Cartwiz version 1.10 is reported to be vulnerable to the issue.
  • Ref: http://www.digitalparadox.org/advisories/cartwiz.txt
  • 05.17.81 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ Access.ASP Cross-Site Scripting
  • Description: CartWIZ is a Web-based shopping cart application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "redirect" parameter of the "access.asp" script. CartWIZ version 1.10 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396749
  • 05.17.82 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ Login.ASP Redirect Argument Cross-Site Scripting
  • Description: CartWIZ is a Web-based shopping cart application implemented in ASP. CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "redirect" parameter of the "login.asp" script. This may facilitate the theft of cookie-based authentication credentials.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=2253
  • 05.17.83 - CVE: Not Available
  • Platform: Web Application
  • Title: CartWIZ Searchresults.ASP SKU Argument Cross-Site Scripting
  • Description: CartWIZ is a web-based shopping cart application. Insufficient sanitization of the "sku" parameter in the "searchresults.asp" script exposes the application to a cross-site scripting issue. CartWIZ version 1.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/396749
  • 05.17.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Nag Remote Cross-Site Scripting
  • Description: The Horde Application Framework consists of several Web applications, written in PHP. Horde Nag is a Web application for managing online task lists. Horde Nag is susceptible to a remote cross-site scripting vulnerability. The application fails to sufficiently sanitize user-supplied input prior to including it in a dynamically generated Web page, allowing a remote attacker to inject script code that will then be executed in the browser of a user of Horde Nag. Horde Nag versions before version 1.1.3 are believed to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13363
  • 05.17.85 - CVE: CAN-2005-0961
  • Platform: Web Application
  • Title: Horde Chora Remote Cross-Site Scripting
  • Description: The Horde Application Framework is a series of web applications. Insufficient sanitization of user-supplied input exposes the application to a cross-site scripting issue. Horde Chora version 1.2.3 was released to address this issue.
  • Ref: http://www.securityfocus.com/bid/13364
  • 05.17.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Accounts Module Remote Cross-Site Scripting
  • Description: The Horde Application Framework is a series of Web applications, implemented in PHP. It is vulnerable to a remote cross-site scripting issue due to a failure of the application to properly sanitize user-supplied input before generating dynamic web content. An attacker may leverage this issue to steal cookie-based authentication credentials or perform other attacks. Versions of Horde Accounts Module prior to 2.1.2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/13365/info/
  • 05.17.87 - CVE: Not Available
  • Platform: Web Application
  • Title: OneWorldStore IDOrder Information Disclosure
  • Description: OneWorldStore is a web-based storefront application. It is vulnerable to an information disclosure issue due to insufficient sanitization of user-supplied input to the "idOrder" parameter of "PaymentMethods/owOfflineCC.asp". All OneWorldStore versions are vulnerable.
  • Ref: http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html
  • 05.17.88 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart2 IntCatalogID Parameter Remote SQL Injection
  • Description: MetaCart2 is a web-based shopping cart. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of user-supplied input to the "intCatalogID" parameter of the "productsByCategoyr.asp" script.
  • Ref: http://www.securityfocus.com/bid/13382
  • 05.17.89 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart2 StrSubCatalogID Parameter SQL Injection
  • Description: MetaCart2 is a web-based shopping cart application. It is vulnerable to an SQL injection vulnerability due to insufficient sanitization of user-supplied input. MetaLinks MetaCart2 for PayFlow Link, PayPal and SQL Server UK Edition are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396924
  • 05.17.90 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart2 CurCatalogID Parameter Remote SQL Injection
  • Description: MetaCart2 is a Web-based shopping cart application implemented in ASP technology. MetaCart2 is affected by remote SQL injection vulnerability. MetaCart2 versions for PayPal and Payflow Link are known to be vulnerable.
  • Ref: http://www.securit yfocus.com/archive/1/396924"> http://www.securit yfocus.com/archive/1/396924 http://www.securit yfocus.com/archive/1/396922
  • 05.17.91 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection
  • Description: MetaCart2 is a Web-based shopping cart application implemented in ASP technology. A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft of sensitive information, potentially including authentication credentials and data corruption.
  • Ref: http://www.securityfocus.com/archive/1/396924
  • 05.17.92 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart E-Shop V-8 Remote SQL Injection
  • Description: MetaCart e-Shop V-8 is a web-based shopping cart application. MetaCart e-Shop V-8 is susceptible to an SQL injection vulnerability. The application fails to properly sanitize user-supplied input prior to including it in SQL queries.
  • Ref: http://www.securityfocus.com/bid/13376
  • 05.17.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board QPid Parameter SQL Injection
  • Description: Invision Power Board is web forum software. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of the "qpid" parameter of the "index.php" script. Invision Power Board version 2.0.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13375
  • 05.17.94 - CVE: Not Available
  • Platform: Web Application
  • Title: SqWebmail HTTP Response Splitting
  • Description: SqWebMail is a web-based e-mail application. It is vulnerable to an HTTP response splitting vulnerability due to insufficient sanitization of user-supplied input in the "redirect" parameter of the "sqwebmail" script. SqWebMail versions 4.0.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396949
  • 05.17.95 - CVE: Not Available
  • Platform: Web Application
  • Title: WoltLab Burning Board PMS.PHP Cross-Site Scripting
  • Description: WoltLab Burning Board is a web-based bulletin board. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "folderid" parameter of "pms.php" script. Woltlab Burning Board version 2.3.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13353
  • 05.17.96 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart e-Shop Remote SQL Injection
  • Description: MetaCart e-Shop is a shopping cart application implemented using Active Server Pages. It is vulnerable to an SQL injection issue due to a failure of the application to properly sanitize user-supplied input to the "ProductsByCategory.asp" script. An attacker may exploit this issue to get access to sensitive information and cause data modification. MetaCart e-Shop Version 8 (V-8) is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/396921
  • 05.17.97 - CVE: Not Available
  • Platform: Web Application
  • Title: StorePortal Default.ASP Multiple SQL Injection Vulnerabilities
  • Description: StorePortal is web portal software. It is reported to be vulnerable to multiple SQL injection issues due to improper sanitization of user-supplied input to multiple parameters. StorePortal version 2.63 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13358
  • 05.17.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Vacation Remote Cross-Site Scripting
  • Description: The Horde Application Framework is a series of Web applications, implemented in PHP. Horde Vacation is affected by remote cross-site scripting vulnerability. Horde Vacation versions 2.2.1 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13360
  • 05.17.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde MNemo Remote Cross-Site Scripting
  • Description: The Horde Application Framework is a series of Web applications, implemented in PHP. It is designed to facilitate the creation of Web applications through the use of pre-defined classes. A remote cross-site scripting vulnerability affects Horde Mnemo. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
  • Ref: http://www.horde.org/mnemo/
  • 05.17.100 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyVisites Set_Lang File Include
  • Description: phpMyVisites is a Web site statistics application. phpMyVisites is affected by the inclusion of arbitrary files. phpMyVisites versions 1.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396928
  • 05.17.101 - CVE: Not Available
  • Platform: Web Application
  • Title: yappa-ng Unspecified Remote File Include
  • Description: yappa-ng is a photo album Web application that is implemented in PHP. yappa-ng is susceptible to a remote file include vulnerability. Remote users may specify a path to a remote include file and thus execute a malicious remote PHP script. Software versions prior to the 2.3.2 release are believed to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13371
  • 05.17.102 - CVE: Not Available
  • Platform: Web Application
  • Title: yappa-ng Cross-Site Scripting
  • Description: yappa-ng is a photo album web application. Insufficient sanitization of user-supplied input exposes the application to cross-site scripting issue. yappa-ng version 2.3.2 was released to address this issue.
  • Ref: http://www.securityfocus.com/archive/1/396919
  • 05.17.103 - CVE: Not Available
  • Platform: Web Application
  • Title: GrayCMS Error.PHP Remote File Include
  • Description: GrayCMS is a Web based content management system implemented in PHP. It is vulnerable to a remote file include issue due to a failure of the application to properly sanitize user input to the "error.php" script. An attacker may leverage this issue to execute arbitrary server-side script code with the privileges of the web server process. GrayCMS version 1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/13381/discussion/
  • 05.17.104 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaCart2 Searchaction.ASP Multiple SQL Injection Vulnerabilities
  • Description: MetaCart2 is a web-based shopping cart application. Insufficient sanitization of user-supplied input to the "searchaction.asp" script exposes the application to multiple SQL injection issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/396923
  • 05.17.105 - CVE: Not Available
  • Platform: Web Application
  • Title: bBlog Index.PHP HTML Injection Vulnerability
  • Description: bBlog is a web-based blogging application. It is reported to be vulnerable to an HTML injection issue due to improper sanitization of user-supplied input to the "index.php" script. bBlog version 0.7.4 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13397
  • 05.17.106 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaBid Auctions intAuctionID Parameter SQL Injection
  • Description: MetaBid Auctions is a Web-based auction application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input of the "intAuctionID" parameter of the "item.asp" script. MetaLinks MetaBID Auction is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/396925
  • 05.17.107 - CVE: Not Available
  • Platform: Web Application
  • Title: bBlog PostID Parameter SQL Injection
  • Description: bBlog is a web-based blogging application implemented in PHP. bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://www.securityfocus.com/bid/13398
  • 05.17.108 - CVE: Not Available
  • Platform: Web Application
  • Title: BEA WebLogic Server and WebLogic Express Cross-Site Scripting
  • Description: WebLogic Server and WebLogic Express by BEA Systems are Java-based application servers for Windows. The administration console of WebLogic Server and WebLogic Express are susceptible to cross-site scripting. The administration console does not sanitize user-supplied input sufficiently and proceeds to include this input in dynamically generated Web pages. Version 8.1 of WebLogic Server and WebLogic Express are deemed vulnerable.
  • Ref: http://www.securityfocus.com/bid/13400
  • 05.17.109 - CVE: Not Available
  • Platform: Web Application
  • Title: ABCZone.IT WWWGuestBook SQL Injection
  • Description: ABCZone.IT WWWGuestBook is a guest book. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "password" parameter of "login.asp". ABCZone.IT WWWGuestBook version 1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/13404
  • 05.17.110 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Calendar Search.PHP SQL Injection
  • Description: PHP-Calendar is a web based calendar implemented in PHP. PHP-Calendar is affected by an SQL injection vulnerability. PHP-Calendar versions 0.10.3 and earlier are known to be vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=323483

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

The Best Information Security conference I have attended yet.
-Chris Bimson, Compass Systems, Inc.

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage