Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 19
May 13, 2005

SANS Newsletters Home

Another week, another Firefox vulnerability (#1), another Internet Explorer vulnerability (#2), and another iTunes vulnerability (#3). And for Bakbone NetVault users, a critical vulnerability that must be patched right away (#4).

BTW SANSFire in Atlanta is four weeks away and includes an extraordinary selection of unique security courses for security and audit folks. Details: http://www.sans.org/sansfire2005

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 1 (#2, #9, #10)
    • Third Party Windows Apps
    • 8
    • Mac Os
    • 3
    • Linux
    • 1
    • Solaris
    • 2
    • Unix
    • 6
    • Cross Platform
    • 22 (#1, #3, #4, #5)
    • Web Application
    • 44 (#6, #7, #8)
    • Network Device
    • 1
    • Hardware
    • 2

******************** Sponsored by St Bernard ****************************

As critical patches continue to be released, staying ahead of the rapid spread of vulnerabilities is more difficult and time-consuming than ever. UpdateEXPERT offers the most accurate and comprehensive patching available, allowing you to easily manage patching across any network topography and eliminate costly downtime. Be confident your business is completely secured. Download a FREE trial of UpdateEXPERT today! http://www.stbernard.com/forms/updateexpert_demo_form.asp?oc=48

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Cross Platform
Web Application
Network Device
Hardware

*********************** Sponsored Links *********************************

These links take you outside SANS:

1) Job wanted in security/IT risk management. Lenny Zeltser is a SANS instructor and book author. GSE, CISSP, MBA credentials.
http://www.sans.org/info.php?id=775

2) Top Layer - 2005 NSS Group "Double Approval" for Rate & Content-based Intrusion Prevention.
Report http://www.sans.org/info.php?id=776

3) Now Available! New versions of WRQ Reflection for Secure IT (formerly F-Secure SSH).
Learn more at http://www.sans.org/info.php?id=777

*************************************************************************

Why Professionals Always Attend SANS Training If They Have A Choice

1) " SANS courses balance the why and the how-to of security. Not only will you learn something, you learn how to do something."
(Greg Kotula, Wall Street On Demand)

2) " SANS never fails to provide top level training that is worth every penny."
(Tyler Hudak, Yellow Roadway Tech)

(3) "SANS training gives me the tools I need to do my job."
(Michael Hiramoto, NCI)

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) MODERATE: Microsoft Windows Explorer Remote Script Injection (MS05-024)
  • Affected:
    • Windows 2000 SP3/SP4

  • Description: Microsoft has confirmed the remote script injection vulnerability discussed in the @RISK newsletter posted on April 21, 2005, and released patch MS05-024 to address the issue. Proof-of-concept exploit for this flaw has already been published; hence, this patch should be applied to the vulnerable Windows 2000 systems. Blocking ports 139/tcp and 445/tcp at the network perimeter will block the most likely attack vector - an attacker enticing users to browse the attacker's malicious shared folder.

  • Council Site Actions: Most of the council sites plan to deploy the patch during their next regularly scheduled system update process. A few council sites have already installed the patch. Several sites commented that they are blocking ports 139/TCP and 445/TCP at their external perimeter control points.

  • References:
  • (3) MODERATE: Apple iTunes MPEG4 File Processing Overflow
  • Affected:
    • iTunes versions prior to 4.8

  • Description: iTunes, a widely used media player, contains a buffer overflow in processing MPEG4 media files. A malicious webpage hosting a specially crafted MPEG4 file can exploit this flaw to execute arbitrary code with the privileges of the user running iTunes. Systems with iTunes configured as their default media player should apply the patch provided by Apple on a priority basis. The discoverers will likely release the technical information in another 3 months. Note that the flaw is rated "MODERATE" at the current time due to lack of public availability of the technical details.

  • Status: Apple has confirmed and version 4.8 has been released for Mac OS version 10.2.8 or later, and Windows XP/2000.

  • Council Site Actions: Only two council sites report they are using the affected software. One site has already updated their systems and the other site is in progress of upgrading to version 4.8.

  • References:
Other Software
  • (4) CRITICAL: BakBone Netvault Backup Software Overflow
  • Affected:
    • Netvault versions 7.x

  • Description: Bakbone Netvault is a backup solution for environments running UNIX, Linux, Windows NT/2000/2003 or Netware. The software is reportedly being used by AT&T, Los Alamos National Laboratory and many other large enterprises. The implementation of the communication protocol between the Netvault client (the system being backed up) and the server (the system backing up the data) reportedly contains a heap-based buffer overflow. By sending specially crafted packets to the port 20031/tcp, an attacker can execute arbitrary code on the system running this software. Exploit code for leveraging this flaw on Windows platforms is publicly available.

  • Status: Vendor not confirmed, no updates available. A workaround is to block the ports 20031/tcp and 20031/udp (the Netvault default ports) at the network perimeter. Increased scanning activity has been noticed for the port 20031/tcp.

  • References:
  • (5) HIGH: RSA SecurID Web Agent Buffer Overflow
  • Affected:
    • RSA SecurID Web Agent version 5.3 and prior

  • Description: RSA SecurID Authentication Agent software is designed to control access to corporate networks, web applications and other servers. The authentication agent designed for web servers contains a heap-based overflow. The flaw can be triggered by a specially crafted HTTP request containing data encoded using the "chunked" transfer encoding. For the agent deployed on IIS servers, it is possible to exploit the overflow and execute arbitrary code with "SYSTEM" privileges. Working exploit code has been developed by the discoverers and is planned to be distributed to select audiences.

  • Status: RSA has confirmed the overflow and provided patches.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (7) MODERATE: phpBB bbcode.php Vulnerability
  • Affected:
    • phpBB versions prior to 2.0.14

  • Description: phpBB is a widely used bulletin board software. phpBB contains a vulnerability in bbcode.php that can be exploited by users to include active script code in their postings. This can potentially lead to installing malicious programs on the other bulletin board users' systems, or administrative access to the bulletin board. Some reports indicate that this flaw is being exploited in the wild.

  • Status: phpBB version 2.0.14 has been released to fix this issue.

  • Council Site Actions: Only one site responded to this item. They have a small number of web servers running the affected software. However, because the impact of this vulnerability is not well understood, they are not taking any action at this time. They are monitoring for compromise and will take action if necessary.

  • References:
Exploit Code
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4306 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.19.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: SQL Server 2000 Multiple Vulnerabilities
  • Description: Microsoft SQL Server 2000 is vulnerable to multiple vulnerabilities which are resolved in Microsoft SQL Server 2000 Service Pack 4. See Microsoft advisory for further details.
  • Ref: http://support.microsoft.com/default.aspx?scid=kb;en-us;290211
  • 05.19.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DataTrac Remote Denial of Service
  • Description: DataTrac is used to forward TCP traffic from a specified port on a host to another host. The program crashes if a long string is sent to the service. DataTrac version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/13558/info/
  • 05.19.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Orenosv HTTP/FTP Server Remote Buffer Overflow
  • Description: Orenosv is an HTTP/FTP server. It is reported to be vulnerable to a remote buffer overflow issue due to improper boundary checks of SSI command name in "parse_cmd()" function. Orenosv HTTP/FTP Server 0.8.1 is reported to be vulnerable.
  • Ref: http://www.security.org.sg/vuln/orenosv081.html
  • 05.19.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hosting Controller Unauthorized Account Registration
  • Description: Hosting Controller is an application that consolidates all hosting tasks into one interface. It is reported to be vulnerable to an authorization bypass issue due to improper access validation for administrative scripts. Hosting Controller version 6.1 Hotfix 1.9 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13531
  • 05.19.5 - CVE: CAN-2005-1423
  • Platform: Third Party Windows Apps
  • Title: 602ProLAN Suite 2004 Directory Traversal
  • Description: 602ProLAN Suite is an all-in-one server application. It is vulnerable to a directory traversal issue due to insufficient sanitization of user-supplied data when receiving URI requests containing "../". Software602 602ProLAN SUITE 2004 version 2004.0 .05.0413 is vulnerable.
  • Ref: http://support.software602.com/products/ls2004/releasenotes.asp
  • 05.19.6 - CVE: CAN-2005-1416
  • Platform: Third Party Windows Apps
  • Title: 04WebServer Directory Traversal
  • Description: 04WebServer is a typical web server application. 04WebServer is affected by a directory traversal vulnerability that could allow attackers to read files outside the Web root. 04WebServer versions 1.5 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13550
  • 05.19.7 - CVE: CAN-2005-1118
  • Platform: Third Party Windows Apps
  • Title: RSA Authentication Agent For Web Remote Heap Buffer Overflow
  • Description: RSA Security RSA Authentication Agent is designed to secure network-based access to enterprise networks. It is affected by a buffer overflow issue. The issue presents itself when an attacker sends an excessively large chunk in an HTTP "chunked-encoding" style connection to a vulnerable server. RSA Authentication Agent versions 5.0, 5.2 and 5.3 are affecetd.
  • Ref: http://www.securityfocus.com/archive/1/397678
  • 05.19.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SimpleCam Directory Traversal
  • Description: Dead Pirate Software SimpleCam is a Web cam application. It is vulnerable to a directory traversal issue due to failing to filter out directory traversal sequences such as "..". SimpleCam version 1.2 is vulnerable.
  • Ref: http://www.autistici.org/fdonato/advisory/SimpleCam1.2-adv.txt
  • 05.19.9 - CVE: CAN-2005-0918
  • Platform: Third Party Windows Apps
  • Title: Adobe SVG Viewer ActiveX Control SRC Information Disclosure
  • Description: Adobe SVG is an ActiveX control viewer for vector graphics. The ".src" property of the ActiveX can be employed to disclose the existence of a target file leading to information disclosure type of attacks. Adobe SVG Viewer versions 3.02 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/397513
  • 05.19.10 - CVE: Not Available
  • Platform: Mac Os
  • Title: 4D WebStar Tomcat Plugin Remote Buffer Overflow
  • Description: 4D WebStar is an application providing web, FTP and email services for Apple Mac OS X. The Tomcat Plugin supplied with the HTTP server is affected by a remote buffer overflow vulnerability. 4D WebStar versions 5.3.3 and 5.4 are known to be to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13579
  • 05.19.11 - CVE: CAN-2005-1332
  • Platform: Mac Os
  • Title: Apple Mac OS X BlueTooth Arbitrary File Access
  • Description: Apple Mac OS X is affected by an arbitrary file access vulnerability. Mac OS X versions 10.3.9 and earlier are known to be vulnerable.
  • Ref: http://www.digitalmunition.com/DMA%5B2005-0502a%5D.txt
  • 05.19.12 - CVE: CAN-2005-1331
  • Platform: Mac Os
  • Title: Mac OS X AppleScript Editor Code Obfuscation
  • Description: Mac OS X AppleScript editor is prone to a code obfuscation vulnerability in it's URI mechanism. Due to insufficient input validation on the URIs, it is possible to include code that is obfuscated by UTF-8 characters which will not appear in the user's AppleScript editor. However, when the code is compiled and run, the obfuscated code will be included and run.
  • Ref: http://docs.info.apple.com/article.html?artnum=301528
  • 05.19.13 - CVE: CAN-2005-1515
  • Platform: Linux
  • Title: QMail Substdio_Put() Function Integer Overflow
  • Description: Dan Bernstein QMail is an SMTP server. It is vulnerable to a remote integer overflow issue in the substdio_put() function when running on 64 bit platforms with a large amount of virtual memory. QMail versions 1.0 2 and 1.0.3 are vulnerable.
  • Ref: http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
  • 05.19.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun StorEdge 6130 Array Unauthorized Access
  • Description: Sun StorEdge 6130 Array is an application server. StorEdge 6130 Array is affected by an unauthorized access vulnerability. StorEdge 6130 arrays with serial numbers in the range of 0451AWF00G to 0513AWF00J are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57771-1
  • 05.19.15 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NIS+ Remote Denial of Service
  • Description: NIS+ (Network Information Service Plus) is a network directory service. The rpc.nisd NIS+ daemon on Sun Solaris is vulnerable to an unspecified remote denial of service condition. Sun Solaris versions 7, 8, and 9 are affected.
  • Ref: http://www.securityfocus.com/bid/13552/info/
  • 05.19.16 - CVE: Not Available
  • Platform: Unix
  • Title: Squid Proxy Unspecified DNS Spoofing
  • Description: Squid Proxy is a freely available, open source web proxy software package. Squid Proxy is affected by an unspecified DNS spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known to be vulnerable.
  • Ref: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  • 05.19.17 - CVE: Not Available
  • Platform: Unix
  • Title: Gzip zgrep Arbitrary Command Execution
  • Description: zgrep is used to invoke grep on gzipped and compressed files. zgrep is reportedly affected by an arbitrary command execution vulnerability. This issue arises due to insufficient sanitization of user-supplied data. An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. zgrep 1.2.4 was reported vulnerable.
  • Ref: http://www.securitytracker.com/alerts/2005/May/1013928.html
  • 05.19.18 - CVE: CAN-2005-1515
  • Platform: Unix
  • Title: QMail Commands() Function Remote Integer Overflow Vulnerability
  • Description: QMail is a free SMTP server. It is reported to be vulnerable to a remote integer overrun issue due to improper checks in the "commands()" function. QMail version 1.0.3 and 1.0.2 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13535
  • 05.19.19 - CVE: Not Available
  • Platform: Unix
  • Title: FreeRADIUS RLM_SQL.C Buffer Overflow
  • Description: FreeRADIUS is an implementation of the RADIUS protocol. It is vulnerable to a buffer overflow issue due to a failure in the application to do proper bounds checking on user-supplied data and could allow an attacker to execute arbitrary code. FreeRADIUS 1.0.2 is vulnerable.
  • Ref: http://www.freeradius.org/security.html
  • 05.19.20 - CVE: CAN-2005-1515
  • Platform: Unix
  • Title: QMail Alloc() Function Remote Integer Overflow
  • Description: QMail is an SMTP server. It is vulnerable to a remote integer overflow issue in the alloc() function which can allow an attacker to run arbitrary code in the context of the SMTP server process. QMail versions 1.0 3 and earlier are vulnerable.
  • Ref: http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
  • 05.19.21 - CVE: CAN-2005-1453
  • Platform: Unix
  • Title: Leafnode fetchnews Client Article Body Remote Denial of Service
  • Description: Leafnode is a Usenet news proxy. Fetchnews is a NNTP client software used with Leafnode. Fetchnews is prone to a remote denial of service vulnerability that may allow a remote attacker to cause the software to hang. The vulnerability manifests when an upstream news server terminates the connection abruptly after fetchnews has requested an article body and before the data transfer is complete. This vulnerability affects Leafnode versions 1.9.48 to 1.11.1.
  • Ref: http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt
  • 05.19.22 - CVE: CAN-2005-1261
  • Platform: Cross Platform
  • Title: Gaim Remote URI Handling Buffer Overflow
  • Description: Gaim is an instant messaging client that supports numerous protocols. It is reported to be vulnerable to a remote buffer overflow issue due to improper handling of long URIs. Gaim versions 1.2.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13590
  • 05.19.23 - CVE: CAN-2005-1262
  • Platform: Cross Platform
  • Title: Gaim Remote MSN protocol Denial Of Service
  • Description: Gaim is an instant messaging client. It is vulnerable to a denial of service issue in its MSN protocol handling code when it receives an empty SLP message. Gaim versions 1.3.0 and eariler are reported to be vulnerable.
  • Ref: http://rhn.redhat.com/errata/RHSA-2005-429.html
  • 05.19.24 - CVE: CAN-2005-1009
  • Platform: Cross Platform
  • Title: BakBone NetVault Unspecified Heap Overflow Vulnerability
  • Description: NetVault is a backup and restore solution. BakBone NetVault is reportedly affected by an unspecified heap overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. It is conjectured that this issue is remote in nature and may allow an attacker to gain unauthorized access to an affected computer. Exploitation of this issue likely allows for memory corruption resulting from the application copying excessive data into a finite sized buffer. All versions of NetVault are considered vulnerable at the moment.
  • Ref: http://www.securityfocus.com/bid/13594
  • 05.19.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MyServer Cross-Site Scripting Vulnerability
  • Description: MyServer is a web server. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input. MyServer version 0.8 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13578
  • 05.19.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LibTIFF TIFFOpen Buffer Overflow Vulnerability
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is prone to a stack-based buffer overflow vulnerability in the TIFFOpen() function when a malformed TIFF file with too many values in the BitsPerSample tag is viewed by an application that calls the vulnerable library. An attacker may leverage this issue to run arbitrary code in the security context of the vulnerable application. LibTIFF versions 3.7.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/8550
  • 05.19.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HT Editor ELF Parser Remote Heap Overflow
  • Description: HT Editor is a hex. It is affected by an unspecified heap overflow issue due to insufficient boundary checks prior to copying user-supplied data into process buffers. HT Editor versions 0.8.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/advisories/8549
  • 05.19.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HT Editor PE Parser Unspecified Remote Buffer Overflow
  • Description: HT Editor is a hex editor for various platforms. It is affected by an unspecified buffer overflow vulnerability because the application does not perform boundary checks prior to copying user-supplied data into sensitive process buffers. An attacker may exploit this issue to run arbitrary code and to gain unauthorized access to a vulnerable computer. HT Editor 0.8.0 and earlier versions are affected by this issue.
  • Ref: http://www.securityfocus.com/advisories/8549
  • 05.19.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fusion SBX Authentication Bypass
  • Description: FusionPHP Fusion SBX is a Web application that lets users post comments on a site. It is vulnerable to an issue that allows users to bypass authentication due to an error in the "extract()" function of "index.php". Fusion SBX version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/13575/info/
  • 05.19.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MyServer Remote Directory Listing
  • Description: MyServer is a Web server. It is affected by a remote directory listing vulnerability. MyServer versions 0.8 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13579
  • 05.19.31 - CVE: Search Results
  • Platform: Cross Platform
  • Title: Ethereal DISTCC Dissection Stack Buffer Overflow
  • Description: A remote buffer overflow vulnerability reportedly affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10.
  • Ref: http://www.securityfocus.com/advisories/8551
  • 05.19.32 - CVE: CAN-2005-0039
  • Platform: Cross Platform
  • Title: IETF IPsec Protocol Encapsulating Security Payload
  • Description: A vulnerability affects certain configurations of IPsec. When IPsec is configured to employ Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, where Authentication Header (AH) is not being used to provide packet integrity protection, certain attacks against the IPsec protocol are possible.
  • Ref: http://www.securityfocus.com/bid/13562
  • 05.19.33 - CVE: CAN-2005-1248
  • Platform: Cross Platform
  • Title: Apple iTunes MPEG4 Parsing Buffer Overflow
  • Description: Apple iTunes is a media player application. iTunes is reported to be vulnerable to buffer overflow issue due to improper boundary checks in MPEG4 parser. iTunes versions 4.7.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13565
  • 05.19.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AOL Instant Messenger Smiley Icon Location Remote Denial of Service
  • Description: AOL Instant Messenger is reported to be vulnerable to a remote denial of service vulnerability. The issue presents itself when an attacker sends an invite with malicious "smiley" HTML code. AOL Instant Messenger versions 5.5.3595 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13553
  • 05.19.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CodeThatShoppingCart Multiple Input Validation Vulnerabilities
  • Description: CodeThatShoppingCart is a Web based shopping cart. It is vulnerable to multiple input validation vulnerabilites such as cross-site scripting and SQL injection attacks. CodeThatShoppingCart version 1.3.1 is reported to be vulnerable.
  • Ref: http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html
  • 05.19.36 - CVE: CAN-2005-1159
  • Platform: Cross Platform
  • Title: Mozilla Firefox Install Method Arbitrary Code Execution
  • Description: Mozilla Firefox is vulnerable to an execution of remote arbitary code execution because the application does not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address. Mozilla Firefox versions 1.0.3 and earlier are vulnerable.
  • Ref: http://www.mozilla.org/security/announce/mfsa2005-42.html
  • 05.19.37 - CVE: CAN-2005-1344
  • Platform: Cross Platform
  • Title: Apache htdigest Realm Command Line Argument Buffer Overflow
  • Description: A buffer overflow issue exists in the htdigest utility included with Apache. By supplying an overly long realm value to the command line options of htdigest, it is possible to trigger an overflow condition. All current versions are affected.
  • Ref: http://www.securityfocus.com/advisories/8539
  • 05.19.38 - CVE: CAN-2005-0611
  • Platform: Cross Platform
  • Title: RealNetworks RealPlayer Unspecified Code Execution
  • Description: RealNetworks RealPlayer is vulnerable to a unspecified code execution vulnerability which manifests when an unspecified file is processed by the vulnerable software allowing an attacker to potentially execute code in the context of the user running the affected software.
  • Ref: http://www.securityfocus.com/bid/13530
  • 05.19.39 - CVE: CAN-2005-1194
  • Platform: Cross Platform
  • Title: NASM IEEE_PUTASCII Remote Buffer Overflow
  • Description: NASM (The Netwide Assembler) is an x86 assembler available for multiple platforms. It is vulnerable to a remote buffer overflow issue due to a failure of the application to perform proper boundary checks on user supplied data. The attacker may exploit this to gain unauthorized access in the context of the user running NASM. NASM versions 0.98.38 and 0.98.35 are vulnerable.
  • Ref: http://rhn.redhat.com/errata/RHSA-2005-381.html
  • 05.19.40 - CVE: CAN-2005-1456, CAN-2005-1457, CAN-2005-1458,CAN-2005-1459, CAN-2005-1460, CAN-2005-1461, CAN-2005-1462,CAN-2005-1463, CAN-2005-1464, CAN-2005-1465, CAN-2005-1466,CAN-2005-1467, CAN-2005-1468, CAN-2005-1469, CAN-2005-1470
  • Platform: Cross Platform
  • Title: Ethereal Multiple Remote Protocol Dissector Vulnerabilities
  • Description: Ethereal is a multi-platform network protocol sniffer and analyzer. It is reported to be vulnerable to buffer overflow, format string, null pointer dereference, denial of service and double-free vulnerabilities. Ethereal versions 0.10.10 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13504
  • 05.19.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DMail DSMTP Format String Vulnerability
  • Description: NetWin DMail is a mail server. The SMTP server is vulnerable to a remote format string issue. It is unable to handle malicious data passed through various administrative commands. NetWin DMail version 3.1 a and 3.1 b are vulnerable.
  • Ref: http://www.security.org.sg/vuln/dmail31a.html
  • 05.19.42 - CVE: CAN-2005-1496
  • Platform: Cross Platform
  • Title: Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
  • Description: Oracle database is prone to a privilege escalation issue. By manipulating the "run_job" function of "dbms_scheduler" an attacker can switch the "session_user" privileges. This issue has been addressed in the patch for Oracle version 10.0.1.14.
  • Ref: http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_sele
    ct_user.html
  • 05.19.43 - CVE: CAN-2005-1495
  • Platform: Cross Platform
  • Title: Oracle 9i/10g Database Fine Grained Audit Logging Failure
  • Description: Oracle 9i/10g Database is prone to a logging failure issue that exists in Fine Grained Audit (FGA) functionality. The issue exposes itself when a SYS user invokes a SELECT statement on an FGA object causing the FGA to disable, without notifying the database administrator. All current Oracle 9i/10g versions are affected.
  • Ref: http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue
    .html
  • 05.19.44 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Solution Quick.Forum NewTopic HTML Injection
  • Description: Quick.Forum is a web forum. Insufficient sanitization of the "newTopic" parameter exposes the application to an HTML Injection issue. Quick.Forum version 2.1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/13602
  • 05.19.45 - CVE: Not Available
  • Platform: Web Application
  • Title: PixySoft Guestbook Pro Multiple HTML Injection Vulnerabilities
  • Description: PixySoft Guestbook Pro is a guestbook module for WebAPP. Insufficient sanitization of the "message" and the "title" parameter exposes the application to multiple HTML injection issues.
  • Ref: http://www.securityfocus.com/bid/13593
  • 05.19.46 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Website System Global Variables Unauthorized Access
  • Description: e107 Website System is a web-based content management system implemented in PHP. It is vulnerable to an issue that can allow remote attackers to gain complete unauthorized access to an affected Web site or the database used by the application due to improper implementation of global variables. An attacker can exploit this issue to completely compromise a vulnerable computer. e107 Website system version 0.617 is vulnerable to this issue.
  • Ref: http://e107.org/e107_plugins/bugtracker2/bugtracker2.php?0.bug.558
  • 05.19.47 - CVE: Not Available
  • Platform: Web Application
  • Title: ColdFusion MX 7 Default Error Page Cross-Site Scripting
  • Description: Macromedia ColdFusion MX 7 comes with JRun Web Server. It is vulnerable to a cross-site scripting issue when utilizing the JRun Web Server. This is due to insufficient sanitization of user-supplied input. Macromedia ColdFusion MX version 7.0 is vulnerable.
  • Ref: http://www.macromedia.com/go/mpsb05-03
  • 05.19.48 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Virtual News Manager Admin_Login.ASP SQL Injection
  • Description: ASP Virtual News Manager is Web based news management software. ASP Virtual News Manager is affected by an SQL injection vulnerability. Currently all versions of ASP Virtual News Manager are reported to be vulnerable.
  • Ref: http://www.under9round.com/avn13.txt
  • 05.19.49 - CVE: Not Available
  • Platform: Web Application
  • Title: NukeET Base64 Codigo Variable Cross-Site Scripting
  • Description: NukeET is a web application. Insufficient sanitization of the "codigo" parameter in the "catalog.php" script exposes the application to a SQL injection issue. NukeET versions 3.1 and earlier are affected.
  • Ref: http://lostmon.blogspot.com/2005/05/nukeet-codigo-variable-cross-site.html
  • 05.19.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Subject Search Server Search For Variable HTML Injection
  • Description: Subject Search Server (SSServer) is a web site search engine implementation. It is reported to be vulnerable to an HTML injection issue due to improper sanitization of user-supplied input. Subject Search Server version 1.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13574
  • 05.19.51 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Website System Search.PHP Remote File Include
  • Description: e107 Website System is a Web based content management system implemented in PHP. e107 Website System is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
  • Ref: http://e107.org/e107_plugins/bugtracker2/bugtracker2.php?0.bug.558
  • 05.19.52 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Website System Request.PHP Directory Traversal
  • Description: e107 Website System is a web based content management system implemented in PHP. It is vulnerable to a directory traversal issue could be exploited by an attacker to view the contents of arbitrary files. The issue occurs because the "request.php" script does not properly sanitize directory traversal characters such as "../" from user-supplied input. e107 Website System 0.617 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/13573/info/
  • 05.19.53 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Website System Forum_viewforum.PHP SQL Injection
  • Description: e107 Website System is a web-based content management system. Insufficient sanitization of user-supplied input to the "forum_viewforum.php" script exposes the application to an SQL injection issue. e107 Website System version 0.617 is affected.
  • Ref: http://e107.org/e107_plugins/bugtracker2/bugtracker2.php?0.bug.558
  • 05.19.54 - CVE: Not Available
  • Platform: Web Application
  • Title: WowBB View_User.PHP SQL Injection
  • Description: WowBB is a web based forum application. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of user-supplied input to the "sort_by" parameter of the "view_user.php" script. WowBB versions 1.62 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13569
  • 05.19.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Message Board Remote Command Execution
  • Description: Easy Message Board is a Perl based web message board. It is vulnerable to a remote command execution issue due to a failure in the application to properly sanitize user-supplied input in the "easymsgb.pl" script. An attacker can exploit this issue to execute arbitrary code in the context of the server. All current versions of Easy Message Board are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/397827
  • 05.19.56 - CVE: Not Available
  • Platform: Web Application
  • Title: PwsPHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: PwsPHP is web content management software. It is affected by multiple cross-site scripting vulnerabilities. PwsPHP versions 1.2.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/397812
  • 05.19.57 - CVE: CAN-2005-1509
  • Platform: Web Application
  • Title: PwsPHP Profil.PHP SQL Injection
  • Description: PwsPHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "id" parameter of "profil.php" before using it in an SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The vendor has addressed this issue in PwsPHP version 1.2.3; earlier versions are reported vulnerable.
  • Ref: http://mods.pwsphp.com/
  • 05.19.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Positive Software Corporation SiteStudio HTML Injection
  • Description: SiteStudio is a web based application used to design Web sites. SiteStudio is affected by an HTML injection vulnerability. SiteStudio versions 1.6 Final and earlier are known to be vulnerable.
  • Ref: http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt
  • 05.19.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Message Board Directory Traversal
  • Description: Easy Message Board is a web message board implemented in Perl. Easy Message Board is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the "print" parameter of "easymsgb.pl". This could allow a remote attacker to read files outside the Web root. This could only be used to access files to which the Web server has permission.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0132.html
  • 05.19.60 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke Double Hex Encoded Input Validation Vulnerability
  • Description: PHP-Nuke is a content management system. It is vulnerable to an input validation issue due to a failure of the application to correctly identify potentially dangerous characters when the characters are double hex-encoded (i.e. %25%41 == %41 == A). A remote attacker may exploit this issue to bypass PHP-Nuke protections and exploit issues that exist in the underlying PHP-Nuke installation. PHP-Nuke versions 7.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/13557/info/
  • 05.19.61 - CVE: Not Available
  • Platform: Web Application
  • Title: NukeScripts NukeSentinel Input Validation Vulnerability
  • Description: NukeScripts NukeSentinel is a hardening script for PHP Nuke installations. It is reported to be vulnerable to an input validation issue due to improper sanitization of user-supplied input.
  • Ref: http://www.securityfocus.com/bid/13556
  • 05.19.62 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Unspecified BBCode.PHP
  • Description: phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. The vendor reports that a critical unspecified vulnerability exists in the BBCode handling routines of the "bbcode.php" script. This issue is most likely due to the application failing to properly sanitize user-supplied input. The vendor has reported that it is addressed in phpBB version 2.0.15.
  • Ref: http://www.phpbb.com/
  • 05.19.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Advanced Guestbook Index.PHP Entry Parameter SQL Injection
  • Description: Advanced Guestbook is a guest book script. Insufficient sanitization of the "entry" parameter in the "index.php" script exposes the application to an SQL injection issue. Advanced Guestbook versions 2.3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/397826
  • 05.19.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Net56 Browser Based File Manager SQL Injection
  • Description: Net56 Browser Based File Manager is a file management utility. Its login page is vulnerable to a SQL injection issue which could allow an unauthorized user to login without a password. Net56 Browser Based File Manager 1.0 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/13547/credit/
  • 05.19.65 - CVE: Not Available
  • Platform: Web Application
  • Title: AutoTheme PostNuke Module Multiple Unspecified Vulnerabilities
  • Description: AutoTheme allows users to create PostNuke and PHP-Nuke themes in HTML. AutoTheme for PostNuke is reported prone to multiple unspecified vulnerabilities. The causes and impacts of these issues were not specified. The issues affect the "Blocks" module and it is reported that some of these issues may allow remote attackers to gain unauthorized access to a vulnerable computer. AutoTheme 1.7 and AT-Lite .8 for PostNuke are vulnerable to these issues.
  • Ref: http://spidean.mckenzies.net/Article314.phtml
  • 05.19.66 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeRADIUS RLM_SQL.C SQL Injection
  • Description: FreeRADIUS is a freely available, open source implementation of the RADIUS protocol. FreeRADIUS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://www.freeradius.org/
  • 05.19.67 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Advanced Transfer Manager Arbitrary File Upload
  • Description: PHP Advanced Transfer Manager is a upload and download manager. The application does not sanitize file extensions prior to uploading a user-supplied file allowing an attacker to upload arbitrary PHP scripts. PHP Advanced Transfer Manager versions 1.21 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/13542/credit/
  • 05.19.68 - CVE: Not Available
  • Platform: Web Application
  • Title: HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure Vulnerability
  • Description: HTMLJunction EZGuestbook is a web-based forum application. It is reported to be vulnerable to a database disclosure issue. The issue presents itself when an attacker sends direct access request to the "guestbook.mdb" file.
  • Ref: http://www.securityfocus.com/bid/13543
  • 05.19.69 - CVE: Not Available
  • Platform: Web Application
  • Title: CJ Ultra Plus OUT.PHP SQL Injection
  • Description: CJ Ultra Plus is a web-based forum application. It is vulnerable to an SQL injection vulnerability due to insufficient sanitization of user supplied input to the "perm" parameter of the "out.php" script. CJ Ultra Plus CJ Ultra Plus versions 1.0.3 and 1.0.4 are vulnerable.
  • Ref: http://secunia.com/advisories/15281/
  • 05.19.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting
  • Description: Invision Power Board is web forum software. Invision Power Board is affected by a cross-site scripting vulnerability. Invision Power Board versions 2.0.3 and earlier are known to be vulnerable.
  • Ref: http://www.gulftech.org/?node=research&article_id=00073-05052005
  • 05.19.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Topics.PHP Highlite Parameter Cross-Site Scripting
  • Description: Invision Power Board is Web forum software. Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "highlite" parameter of "topics.php". An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. This issue has been addressed in Invision Power Board version 2.0.4; earlier versions are vulnerable.
  • Ref: http://www.gulftech.org/?node=research&article_id=00073-05052005
  • 05.19.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Login.PHP SQL Injection
  • Description: Invision Power Board is web forum software. Invision Power Board is prone to an SQL injection vulnerability. Insufficient sanitization of the "pid" variable in the "login.php" script exposes the issue. This issue reportedly affects Invision Power Board versions prior to 2.0.4.
  • Ref: http://www.gulftech.org/?node=research&article_id=00073-05052005
  • 05.19.73 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart PHP Item_List.PHP Cross-Site Scripting
  • Description: MidiCart PHP is a commercially available e-commerce solution. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "maingroup" parameter of "item_list.php" script. An attacker may leverage this issue to steal cookie-based authentication credentials as well as other attacks. All known versions of MidiCart PHP are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/397595
  • 05.19.74 - CVE: Not Available
  • Platform: Web Application
  • Title: BirdBlog BB Code HTML Injection
  • Description: BirdBlog is web blog software. It is reported to be vulnerable to an HTML injection issue due to improper sanitization of user-supplied input. BirdBlog version 1.3.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13520
  • 05.19.75 - CVE: CAN-2005-1494
  • Platform: Web Application
  • Title: MegaBook Admin.CGI EntryID Cross-Site Scripting
  • Description: MegaBook is a web-based guestbook. MegaBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "entryid" parameter of "admin.cgi". An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. This issue is reported to affect MegaBook version 2.0.
  • Ref: http://go-mega.net/megabook/
  • 05.19.76 - CVE: Not Available
  • Platform: Web Application
  • Title: MegaBook Admin.CGI Password Parameter Cross-Site Scripting
  • Description: MegaBook is a web based guestbook. MegaBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "password" parameter of "admin.cgi". This issue is reported to affect MegaBook version 2.0.
  • Ref: http://www.securityfocus.com/bid/13523
  • 05.19.77 - CVE: CAN-2005-1503
  • Platform: Web Application
  • Title: MidiCart PHP Search_List.PHP SQL Injection
  • Description: MidiCart PHP is an e-commerce solution. It is reported to be vulnerable to an SQL injection issue due to improper sanitization of the "searchstring" parameter of the "search_list.php" script.
  • Ref: http://www.securityfocus.com/bid/13512
  • 05.19.78 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart PHP Item_List.PHP SQL Injection
  • Description: MidiCart PHP is an e-commerce solution. It is vulnerable to a SQL injection issue due to insufficient sanitization of user supplied input to the "maingroup" parameter of "item_list.php" script.
  • Ref: http://www.hackgen.org/advisories/hackgen-2005-004.txt
  • 05.19.79 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart PHP Item_List.PHP SecondGroup Parameter SQL Injection
  • Description: MidiCart PHP is a commercially available e-commerce solution. MidiCart PHP is affected by an SQL injection vulnerability. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/397595
  • 05.19.80 - CVE: CAN-2005-1503
  • Platform: Web Application
  • Title: MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection
  • Description: MidiCart PHP is a commercially available e-commerce solution. MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "code_no" parameter of "item_show.php" before using it in an SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://does-not-exist.org/mail-archives/bugtraq/msg08652.html
  • 05.19.81 - CVE: CAN-2005-1502
  • Platform: Web Application
  • Title: MidiCart PHP Search_List.PHP SearchString Parameter Cross-Site Scripting
  • Description: MidiCart PHP is an e-commerce solution. Insufficient sanitiation of the "searchstring" parameter in the "search_list.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/397595
  • 05.19.82 - CVE: CAN-2005-1502
  • Platform: Web Application
  • Title: MidiCart PHP Item_List.PHP SecondGroup Parameter Cross-Site Scripting
  • Description: MidiCart PHP is an e-commerce solution. Insufficient sanitiation of the "secondgroup" parameter in the "item_list.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/397595
  • 05.19.83 - CVE: Not Available
  • Platform: Web Application
  • Title: myBloggie Multiple Input Validation
  • Description: myBloggie is a web-based blog using BBCode Image tags. myBloggie is affected by multiple vulnerabilities. myBloggie versions 2.1.2 and earlier are known to be vulnerable.
  • Ref: http://mywebland.com/forums/viewtopic.php?t=180
  • 05.19.84 - CVE: Not Available
  • Platform: Web Application
  • Title: MRO Maximo Unauthorized Script Disclosure
  • Description: MRO Maximo is asset management software that runs on Tomcat server. MRO Maximo is affected by an unauthorized script disclosure vulnerability. This issue manifests because the files contained in the "maximo_installation" directory are not recognized as server-side executable scripts. Information such as stored passwords and database locations harvested through the exploitation of this issue may be used to aid in further attacks against the affected software. This issue was reported to affect MRO Maximo versions 4 and 5.
  • Ref: http://article.gmane.org/gmane.comp.security.bugtraq/17520
  • 05.19.85 - CVE: CAN-2005-1486, CAN-2005-1487
  • Platform: Web Application
  • Title: FishCart Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: FishNet FishCart is a shopping cart software package. FishCart is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=2419
  • 05.19.86 - CVE: Not Available
  • Platform: Web Application
  • Title: YusASP Web Asset Manager Unauthorized Access
  • Description: YusASP is a file manager for web content. The application does not perform any authentication for access to the application scripts. This could permit an attacker to manage the content on the remote site. YusASP Web Asset Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/13501
  • 05.19.87 - CVE: CAN-2005-1443
  • Platform: Web Application
  • Title: Invision Power Board Cross-Site Scripting
  • Description: Invision Power Board is web forum software. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user supplied input to the "act" parameter of "index.php" script. Invision Board versions 2.1 Alpha2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/13483/info/
  • 05.19.88 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Catalyst 6500/7600 Series Firewall Services Module ACL Bypass Vulnerability
  • Description: Cisco FWSM (Firewall Services Module) is an integrated firewall implementation for Catalyst 6500 series switches and Cisco 7600 series routers. It is vulnerable to an issue that may allow traffic that is explicitly filtered to bypass ACLs. This can lead to unauthorized TCP traffic bypassing the firewall. Cisco Catalyst 6500 Series Switches and Cisco 7600 series routers running FWSM version 2.3.1 or earlier are vulnerable.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20050511-url.shtml
  • 05.19.89 - CVE: Not Available
  • Platform: Hardware
  • Title: GeoVision Digital Surveillance Unauthorized JPEG Image Access
  • Description: GeoVision Digital Surveillance System is a multi-channel video surveillance system. It is vulnerable to an issue that allows remote unauthorized attackers to view JPEG images stored on a server allowing a remote attacker to request JPEG files over the web using a URI request. GeoVision Digital Surveillance System versions 6.04 and 6.1 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/13571/info/
  • 05.19.90 - CVE: Not Available
  • Platform: Hardware
  • Title: NiteEnterprises Remote File Manager Denial of Service
  • Description: NiteEnterprises Remote File Manager allows users to remotely manage files on a computer. Insufficient sanitization of data received on TCP port 7080 causes the application to fail. NiteEnterprises Remote File Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/13550

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end== Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters.

To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP