Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 38
September 23, 2005

SANS Newsletters Home

The first critical vulnerability this week, in ClamAV, is in open source software used in many email, web and FTP antivirus (AV) scanning gateways running on UNIX/Linux. Apple Mac, Linux, IBM, Sun, and others are referenced in the supporting pages as possible users. If you employ gateway AV on systems with those operating systems, check with your vendor for applicability.

And once more Firefox web browser and Symantec's Veritas storage products have critical new vulnerabilities that allow attackers to take over and control systems running those software packages.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Third Party Windows Apps
    • 10 (#4)
    • Mac Os
    • 1
    • Linux
    • 1
    • HP-UX
    • 1
    • Unix
    • 1 (#2, #5, #6)
    • Cross Platform
    • 5 (#1)
    • Web Application
    • 27 (#3)
    • Hardware
    • 2

************************** Sponsored by Permeo **************************

FREE SSL VPN Buyer's Guide

Need help selecting a SSL VPN solution ideal for your environment? Download security analyst Mark Bouchard's latest buyer's guide. You'll get expert advice on how to evaluate SSL VPN technology including a list of features to look for and implementation best practices. Download a copy today!

http://www.permeo.com/info/sans_bestpractguide.asp

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
HP-UX
Unix
Cross Platform
Web Application
Hardware

*********************** Sponsored Link **********************************

1) "Fearless Wireless: AirWave's software automatically enforces WiFi security policies, detects rogues, and conducts compliance audits." http://www.sans.org/info.php?id=885

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Dinesh Sequeira and Rohit Dhamankar at TippingPoint, a division of 3Com, (www.tippingpoint.com) as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: ClamAV UPX and FSG Handling Vulnerabilities
  • Affected: ClamAV versions prior to 0.87

  • Description: ClamAV is an open-source antivirus program designed mainly for scanning emails on UNIX mail gateways. The software includes a virus scanning library - libClamAV. This library is used by many third party email, web, FTP scanners as well as mail clients. The library contains a buffer overflow in the file "upx.c" that can be triggered by specially crafted UPX (Packed Executable Format) packed executable files. A denial of service flaw also exists in the file "fsg.c" that can cause the ClamAV engine to enter an infinite loop while processing crafted FSG files. The attacker can send the malicious files via email, web, FTP or a file share, and exploit the flaws to either execute arbitrary code on the system running the ClamAV library, or cause a denial of service. The technical details can be obtained by comparing the fixed and the affected versions of the software. Note that for compromising the mail/web/FTP gateways no user interaction is required.

  • Status: The vendor has released ClamAV 0.87 to address these issues. Please look for third party updates for the software.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (2) HIGH: FireFox, Mozilla and Thunderbird Remote Command Injection
  • Affected:
    • On UNIX platforms:
    • Mozilla Firefox 1.0.6 and prior
    • Mozilla Suite 1.7.11 and prior
    • Thunderbird 1.0.6 and prior

  • Description: This vulnerability in Mozilla/FireFox browsers and Thunderbird email client can be exploited to execute arbitrary commands on UNIX systems. The problem occurs when a URL containing "backtick" is passed as an argument to Mozilla, Firefox or Thunderbird. For instance, issuing a command "firefox http://local\`ls`\" will result in the execution of the 'ls' command. Systems using Mozilla/Firefox as default browsers and Thunderbird as default email client are at a higher risk as visiting a malicious webpage may result in the execution of attacker specified commands.

  • Status: Updates have been released to address this issue for Mozilla and Firefox.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. Most reported that no action was necessary. A few sites have advised the users to upgrade to the latest version. One site plans to distribute patches during their next regularly scheduled system update process.

  • References:
Other Software
  • (3) HIGH: TWiki Remote Command Execution
  • Affected:
    • TWikiRelease01Sep2004
    • TWikiRelease02Sep2004
    • TWikiRelease01Feb2003
    • TWikiRelease01Dec2001
    • TWikiRelease01Dec2000

  • Description: TWiki, Perl-based CGI software, allows multiple users to manage a web site's content through a web browser. TWiki is popularly used for intranet content management by many companies. The revision control function included in the software contains a command execution vulnerability. The problem occurs because the user input to the revision control function's "rev" parameter is not properly sanitized for shell metacharacters such as "|"(pipe). This can be exploited by an unauthenticated attacker to execute arbitrary commands on the web server. The posted advisory shows how to construct a malicious HTTP request.

  • Status: TWiki has confirmed and patches are available. Note that TWikiRelease 01September2004 patched with Florian Weimer's patch ( http://www.enyo.de/fw/security/notes/twiki-robustness.html) is not vulnerable.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: AhnLab and AVIRA Anti-virus Products File Handling Overflow
  • Affected:
    • AhnLab V3Pro 2004 6.0.0.383
    • AhnLab V3 VirusBlock 2005 6.0.0.383
    • AhnLab V3Net for Windows Server 6.0.0.383
    • AVIRA Desktop for Windows 1.0 0.00.68

  • Description: AhnLab and AVIRA family of products are designed to protect desktops and servers from various viruses. These products contain a buffer overflow in processing ACE archives. In case of AVIRA products, the overflow is triggered by an ACE archive containing a compressed file with a long filename. (Possibly a similar issue for the AhnLab products.) If the compressed file scanning is enabled, this overflow can be exploited to execute arbitrary code on the systems running Ahnlab or AVIRA anti-virus products. In addition, AhnLab anti-virus also contains a directory traversal vulnerability that can be exploited to write arbitrary files (for example in the "Startup" folder on Windows).

  • Status: AhnLab and AVIRA have published updates to address these issues.

  • Council Site Actions: Only one of the reporting council sites responded to this item. They are currently testing the hotfix and commented that affected clients do not browse the Internet. The remaining council sites do not use the affected software.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 38, 2005

  • 05.38.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Explorer Unspecified Code Execution
  • Description: Microsoft Internet Explorer is affected by an unspecified remote code execution issue that allows a remote attacker to execute arbitrary code in the context of the user running the browser. Internet Explorer versions 6.0, 6.0 SP1 and 6.0 SP2 are vulnerable.
  • Ref: http://www.eeye.com/html/research/upcoming/20050915.html
  • 05.38.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sybari Antigen for Exchange/SMTP Attachment Rule Bypass
  • Description: Sybari Antigen for Exchange/SMTP products are vulnerable to an attachment rule bypass vulnerability. Specifically, the issue arises when the application handles email messages containing arbitrary attachments with a subject line stating "Antigen forwarded attachment". Sybari Antigen v8.0 SR2 for Exchange and Sybari Antigen v8.0 SR2 for SMTP Gateways are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/411062
  • 05.38.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities
  • Description: Veritas Storage Exec is a commercial storage management package. It is vulnerable to multiple remote buffer overflow issues due to improper bounds checking of user-supplied data. These issues are located in multiple DCOM servers in the affected product. Please refer to the link below for a list of vulnerable versions of the software.
  • Ref: http://securityresponse.symantec.com/avcenter/security/Content/2005.09.19.html
  • 05.38.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Compuware DriverStudio Unauthorized Remote Reboot
  • Description: Compuware DriverStudio is software to aid in the creation of Microsoft Windows device drivers. It is vulnerable to an issue that could let an unauthorized remote attacker to reboot the system the driver is running on by sending a specially crafted UDP datagram. Compuware DriverStudio versions 2.7 and 3.0 beta are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/410718
  • 05.38.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hosting Controller Unspecified Information Disclosure
  • Description: Hosting Controller is an application that consolidates all hosting tasks into one interface. It is reported to be vulnerable to an unspecified information disclosure issue. Hosting Controller version 6.1 Hotfix 2.3 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14840
  • 05.38.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VxFtpSrv Buffer Overflow
  • Description: Cambridge Computer Corporation VxFtpSrv is an FTP server. It is vulnerable to a remote buffer overflow issue due to insufficient boundary checks when the application processes a long username. Cambridge Computer Corporation vxFtpSrv version 0.9.7 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/410719
  • 05.38.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cambridge Computer Corporation VxWeb Remote Buffer Overflow
  • Description: Cambridge Computer Corporation vxWeb is a Web server for Windows CE-based devices. vxWeb is affected by a remote buffer overflow vulnerability. vxWeb versions 1.1.4 and earlier are known to be vulnerable.
  • Ref: http://www.airscanner.com/security/05081101_vxweb.htm
  • 05.38.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cambridge Computer Corporation VxTftpSrv Remote Buffer Overflow
  • Description: Cambridge Computer Corporation vxTftpSrv is a TFTP server for Windows CE-based devices. vxTftpSrv is prone to a remote buffer overflow vulnerability that arises when the application processes a long file name. A successful attack may trigger a crash in the server or lead to arbitrary code execution. vxTftpSrv version 1.7.0 is reported to be affected by this issue.
  • Ref: http://www.securityfocus.com/bid/14842
  • 05.38.9 - CVE: CAN-2005-2986
  • Platform: Third Party Windows Apps
  • Title: Ahnlab V3 Antivirus Directory Traversal
  • Description: Ahnlab V3 Antivirus is vulnerable to a remote directory traversal vulnerability due to insufficient sanitization of user supplied data when handling crafted file names using directory traversal sequences. AhnLab V3Pro 2004 Build 6.0.0.383, AhnLab V3 VirusBlock 2005 Build 6.0.0.383, and AhnLab V3Net for Windows Server 6.0 Build 6.0.0.383 are reported to be vulnerable.
  • Ref: http://info.ahnlab.com/english/advisory/01.html
  • 05.38.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ahnlab V3 Antivirus ACE Archive Handling Remote Buffer Overflow
  • Description: Ahnlab V3 Antivirus products provide antivirus protection for Windows. Ahnlab V3 Antivirus products are affected by a remote buffer overflow vulnerability. AhnLab V3Pro 2004 Build 6.0.0.383, AhnLab V3 VirusBlock 2005 Build 6.0.0.383, and AhnLab V3Net for Windows Server 6.0 Build 6.0.0.383 are known to be vulnerable.
  • Ref: http://info.ahnlab.com/english/advisory/01.html
  • 05.38.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Compuware DriverStudio Remote Control Null Session Authentication Bypass
  • Description: Compuware DriverStudio is software to aid in the creation of Microsoft Windows device drivers. It is prone to authentication bypass vulnerability for the DriverStudio Remote Control Service (DSRsvc.exe) through an RPC NULL Session. Compuware DriverStudio versions 3.0 (beta 2) and 2.7 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/410718
  • 05.38.12 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Safari Data URI Memory Corruption Vulnerability
  • Description: Apple Safari is prone to a memory corruption vulnerability when specific "data:" URIs are opened. Apple Safari version 2.0.1 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/411078
  • 05.38.13 - CVE: CAN-2005-2658
  • Platform: Linux
  • Title: Turquoise SuperStat Date Parser Remote Buffer Overflow
  • Description: Turquoise SuperStat is used to gather statistics from Fidonet and Usenet. It is prone to a buffer overflow in its NNTP response mechanism. A successful attack may result in a remote compromise. Turquoise SuperStat versions 2.2.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/9275
  • 05.38.14 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP Tru64 FTP Server Remote Denial of Service
  • Description: A remote denial of service vulnerability has been reported in the HP Tru64 FTP server implementation. A remote authenticated FTP user may cause the FTP server process to become unresponsive. This may likely also be exploited over anonymous FTP, if enabled.
  • Ref: http://www.securityfocus.com/bid/14886
  • 05.38.15 - CVE: Not Available
  • Platform: Unix
  • Title: ClamAV FSG Compressed Executable Infinite Loop Denial of Service
  • Description: ClamAV is prone to a remote denial of service vulnerability. The application can enter an infinite loop when handling a malformed FSG compressed executable. The vulnerability exists in the FSG handling routines in the "libclamav/fsg.c" source file. ClamAV versions earlier than 0.87 are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/9292
  • 05.38.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Unspecified Drag And Drop File Upload
  • Description: Opera Web Browser is affected by an unspecified drag and drop file upload vulnerability. The cause of this issue was not specified, however it may allow remote attackers to upload arbitrary files to a computer. This can lead to various attacks including arbitrary code execution in the context of the user running the browser. Opera versions 8.0, 8.0.1 and 8.0.2 are vulnerable.
  • Ref: http://www.opera.com/docs/changelogs/windows/850
  • 05.38.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Mail Client Multiple Vulnerabilities
  • Description: Opera Mail client is an email client integrated with the Opera browser. Opera Web Browser Mail client is affected by multiple vulnerabilities. Opera Web Browser versions 8.02 and earlier are known to be vulnerable.
  • Ref: http://secunia.com/secunia_research/2005-42/
  • 05.38.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tofu Object Unpickling Remote Python Code Execution
  • Description: Tofu is a peer-to-peer network gaming engine. Tofu is affected by a remote execution vulnerability. Tofu versions 0.2 and earlier are known to be vulnerable.
  • Ref: http://soya.literati.org/
  • 05.38.20 - CVE: CAN-2005-2450
  • Platform: Cross Platform
  • Title: ClamAV UPX Compressed Executable Buffer Overflow
  • Description: ClamAV is prone to a remote buffer overflow vulnerability. This issue exists in the UPX handling routines in the "libclamav/upx.c" source file. Successful exploitation may result in execution of arbitrary code in the context of the application. ClamAV versions 0.51 through 0.86 are vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=356974
  • 05.38.21 - CVE: Not Available
  • Platform: Web Application
  • Title: MIVA Merchant 5 Merchant.MVC Cross-Site Scripting
  • Description: MIVA Merchant 5 is a shopping cart application. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "Customer_Login" field of the "merchant.mvc" script. An attacker may leverage this issue to steal cookie-based authentication credentials as well as other attacks. MIVA Merchant version 5.0 is vulnerable to this issue.
  • Ref: http://smallbusiness.miva.com/docs/merc_5.x_help/update-process.html
  • 05.38.22 - CVE: Not Available
  • Platform: Web Application
  • Title: ATutor Chat Logs Remote Information Disclosure
  • Description: ATutor is a web-based Learning Content Management System (LCMS) implemented in PHP. It is reported to be vulnerable to an information disclosure issue due to improper sanitization of user-supplied input. ATutor version 1.5.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14832
  • 05.38.23 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmin / Usermin Remote PAM Authentication Bypass
  • Description: Usermin is a web-based user interface for Unix and Linux users. Webmin and Usermin are affected by a remote authentication bypass vulnerability. Webmin version 1.220 and Usermin version 1.150 are known to be vulnerable. Earlier versions are also vulnerable.
  • Ref: http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/83.html
  • 05.38.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Copernicus Jupiter Multiple Unspecified SQL Injection Vulnerabilities
  • Description: Copernicus Jupiter is a Java lease evaluation and installment credit pricing engine. It is prone to multiple unspecified SQL injection vulnerabilities.
  • Ref: http://www.securityfocus.com/bid/14891
  • 05.38.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution Vulnerabilities
  • Description: Alkalay.net is a collection of various CGI Perl scripts. Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities due to insufficient santization of user-supplied input to the "man-cgi" script before being used in a Perl exec() routine.
  • Ref: http://www.cirt.net/advisories/alkalay.shtml
  • 05.38.26 - CVE: Not Available
  • Platform: Web Application
  • Title: EPay Pro Index.PHP Directory Traversal
  • Description: EPay Pro is a web-based payment gateway system written in PHP. It is vulnerable to a directory traversal issue due to lack of proper validation of user-supplied input to "index.php" script. An attacker could exploit this issue to get hold of sensitive information or perform other attacks. Epay pro version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/411105
  • 05.38.27 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Multiple Moderator and Administrator SQL Injection Vulnerabilities
  • Description: vBulletin is a commercially available web-based bulletin board application. It is reported to be vulnerable to multiple SQL injection issues due to improper sanitization of user-supplied input. vBulletin versions 3.0.8 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14872
  • 05.38.28 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Multiple Cross-Site Scripting Vulnerabilities
  • Description: vBulletin is a web-based bulletin board application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input. VBulletin versions 3.0.8 and earlier are vulnerable.
  • Ref: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt
  • 05.38.29 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Advanced Transfer Manager Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHP Advanced Transfer Manager is an upload and download manager implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "normalfontcolor", "font" and "mess" parameters of "txt.php". PHP Advanced Transfer Manager version 1.30 is reported to be vulnerable.
  • Ref: http://www.securitytracker.com/alerts/2005/Sep/1014930.html
  • 05.38.30 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Advanced Transfer Manager Multiple Directory Traversal Vulnerabilities
  • Description: PHP Advanced Transfer Manager is an upload and download manager. It is vulnerable to multiple directory traversal issues due to failure in the application to properly sanitize user-supplied input to various scripts. A remote attacker could exploit this issue to get hold of sensitive information. PHP Advanced Transfer Manager version 1.30 is vulnerable.
  • Ref: http://rgod.altervista.org/phpatm130.html
  • 05.38.31 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Rational ClearQuest Unspecified Multiple Cross-Site Scripting Vulnerabilities
  • Description: IBM Rational ClearQuest is a software development management application. It is reported to be vulnerable to multiple unspecified cross-site scripting issues due to improper sanitization of user-supplied input.
  • Ref: http://www.securityfocus.com/bid/14885
  • 05.38.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Hesk Session ID Authentication Bypass
  • Description: Hesk is a free helpdesk application written in PHP. It is reported to be vulnerable to an authentication bypass issue due to improper validation of the "PHPSESSID" parameter. Hesk version 0.93 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14879
  • 05.38.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Digger Solutions Intranet SQL Injection
  • Description: Digger Solutions Intranet Open Source is an Active Server Pages (ASP) intranet. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to an unspecified parameter of the "projects/project-edit.asp" script. Digger Solutions Intranet Open Source version 2.7.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14882
  • 05.38.34 - CVE: Not Available
  • Platform: Web Application
  • Title: NooToplist Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: NooToplist is a site listing and ranking application written in PHP and ASP. NooToplist is affected by multiple SQL injection vulnerabilities. NooToplist versions 1.0.0.17 and earlier are known to be vulnerable.
  • Ref: http://www.systemsecure.org/ssforum/viewtopic.php?t=249
  • 05.38.35 - CVE: Not Available
  • Platform: Web Application
  • Title: MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: MX Shop is an integrated e-commerce application written in PHP. It is affected by multiple SQL injection vulnerabilities that are caused by improper sanitization of user-supplied values to the "idp", "id_ctg" and "id_prd" parameters of the "index.php" script. InterAKT Online MX Shop version 3.2.0 is vulnerable.
  • Ref: http://www.systemsecure.org/ssforum/viewtopic.php?t=250
  • 05.38.36 - CVE: Not Available
  • Platform: Web Application
  • Title: CuteNews Flood Protection Client-IP PHP Code Injection
  • Description: CutePHP CuteNews is a news management system. It is vulnerable to an input validation issue in the "Client-Ip" information that will be logged in to the "flood.db.php" temporary file, which may let remote attackers inject PHP and execute PHP code. This issue is reported to affect CuteNews version 1.4.0.
  • Ref: http://www.securityfocus.com/archive/1/411057
  • 05.38.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Content2Web Multiple Input Validation Vulnerabilities
  • Description: Content2Web is a content management system implemented in PHP. It is prone to multiple input validation vulnerabilities that are caused by insufficient sanitization of user-supplied input to the "show" parameter of the "index.php" script. Content2Web version 1.0.1 is reported to be affected.
  • Ref: http://www.securityfocus.com/bid/14862
  • 05.38.38 - CVE: CAN-2005-2989
  • Platform: Web Application
  • Title: DeluxeBB Multiple SQL Injection Vulnerabilities
  • Description: DeluxeBB is a bulletin board application written in PHP. It is prone to multiple SQL injection vulnerabilities as a result of improper sanitization of user-supplied input to various scripts. DeluxeBB versions 1.0 and 1.0.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14851
  • 05.38.39 - CVE: Not Available
  • Platform: Web Application
  • Title: Digital Scribe Login SQL Injection
  • Description: Digital Scribe is a publishing application designed to help teachers put student work and homework assignments online. It is prone to an SQL injection vulnerability caused by improper sanitization of user-supplied input to the login screen. Digital Scribe version 1.4 is reported to be affected.
  • Ref: http://www.securityfocus.com/archive/1/410710
  • 05.38.40 - CVE: CAN-2005-2985
  • Platform: Web Application
  • Title: AEwebworks aeDating Search_Result.PHP SQL Injection
  • Description: AEwebworks aeDating is an online dating application written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "Country" field of the "Search_Result.PHP" script. AEwebworks aeDating versions 4.0 and 3.2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14847
  • 05.38.41 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Lotus Domino BaseTarget Parameter Cross-Site Scripting
  • Description: IBM Lotus Domino is prone to a cross-site scripting vulnerability. This is due to insufficient input validation of data supplied through the "BaseTarget" URI parameter. Exploitation may permit theft of cookie-based authentication credentials or other attacks. Lotus Domino version 6.5.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14845/info
  • 05.38.42 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Lotus Domino Src Parameter Cross-Site Scripting
  • Description: IBM Lotus Domino is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of the "Src" URL parameter. IBM Lotus Domino version 6.5.2 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14846
  • 05.38.43 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke WYSIWYG Editor Unspecified Security Vulnerability
  • Description: PHP-Nuke is a web-based content management system. It is reported to be vulnerable to an unspecified security issue. PHP-Nuke versions 7.8 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14860
  • 05.38.44 - CVE: CAN-2005-2979
  • Platform: Web Application
  • Title: Noah's Classifieds SQL Injection
  • Description: Noah's Classifieds is a web-based advertising application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "rollid" parameter of the "index.php" script. Noah's Classifieds versions 1.3 and 1.2 are vulnerable.
  • Ref: http://xforce.iss.net/xforce/xfdb/22271
  • 05.38.45 - CVE: Not Available
  • Platform: Web Application
  • Title: Noah's Classifieds Index.PHP Cross-Site Scripting
  • Description: Noah's Classifieds is a general purpose web advertising application written in PHP. Noah's Classifieds is affected by a cross-site scripting vulnerability. Noah's Classifieds versions 1.3 and earlier are known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14835
  • 05.38.46 - CVE: CAN-2005-2877
  • Platform: Web Application
  • Title: TWiki TWikiUsers Remote Arbitrary Command Execution
  • Description: TWiki is a web-based application that allows creation and maintenance of web sites using a web browser. A remote command execution vulnerability affects the application. This issue is due to a failure of the application to properly validate user-supplied data passed through the "rev" parameter for shell metacharacters. TWiki versions 20040902 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/14834
  • 05.38.47 - CVE: Not Available
  • Platform: Web Application
  • Title: Ensim OCW_login_username HTML Injection
  • Description: Ensim is a web hosting and web service management application. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "ocw_login_username" field. Ensim Webppliance versions 3.1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14836
  • 05.38.48 - CVE: Not Available
  • Platform: Hardware
  • Title: Multi-Computer Control System Remote Denial of Service
  • Description: Multi-Computer Control System (MCCS) is an application that allows users to control up to 15 computers using a single mouse and keyboard without the need for a hardware switch. It is prone to a remote denial of service vulnerability due to failure of the application to handle malformed UDP packets containing specially crafted data to the client or server component of the application. MCCS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/14870
  • 05.38.49 - CVE: CAN-2005-2984
  • Platform: Hardware
  • Title: Data Center Resources Avocent CCM Privileged Port Access Bypass
  • Description: The Avocent CCM console management appliances provide secure in-band and out-of-band connections to console ports of servers and serially managed devices. It is prone to a vulnerability that permits the bypass of access control to privileged ports due to improper authorization by the application before granting access to the internal "connect" command. Data Center Resources Avocent CCM4850 version 2.1 (Firmware) is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/410726

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS and their instructors bring "real-world" experience to the InfoSec Industry. It is really nice to receive useful training without the vendor spin.
-Marc Dolce, Core Business Technology Solutions

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP