@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) HIGH: Mozilla, Firefox, Netscape Browsers Multiple Vulnerabilities
• (2) HIGH: RealPlayer and Helix Player Format String Vulnerability
• (3) HIGH: Apple Mac OS X Security Update 2005-008
• (4) MODERATE: Webmin and Usermin Remote Authentication Bypass

Other Software

• (5) HIGH: TWiki INCLUDE Function Remote Command Execution

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 05.39.1 - Internet Explorer for Mac OS Denial of Service

Third Party Windows Apps

• 05.39.2 - FL Studio FLP File Processing Heap Overflow
• 05.39.3 - SecureW2 Insecure Pre-Master Secret Generation Vulnerability
• 05.39.4 - 7-Zip ARJ File Buffer Overflow
• 05.39.5 - PowerArchiver Long Filename Buffer Overflow

Mac Os

• 05.39.6 - Apple Mac OS X Security Update 2005-008 Multiple Vulnerabilities

Linux

• 05.39.7 - RealNetworks RealPlayer and Helix Player Format String Vulnerability
• 05.39.8 - Astaro Security Linux PPTP Server Unspecified Remote Denial of Service
• 05.39.9 - Zengaia Unspecified SQL Injection

Unix

• 05.39.10 - RSyslog Syslog Message SQL Injection

Cross Platform

• 05.39.11 - TWikiUsers INCLUDE Function Allows Shell Execution
• 05.39.12 - Polipo Off-By-One Buffer Overflow
• 05.39.13 - MultiTheftAuto Multiple Remote Vulnerabilities
• 05.39.14 - wzdftpd SITE Command Arbitrary Command Execution
• 05.39.15 - phpMyFAQ Logs Unauthorized Access
• 05.39.16 - JPortal Download.PHP SQL Injection
• 05.39.17 - Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
• 05.39.18 - Mozilla Browser/Firefox XMLHttp Header Spoofing
• 05.39.19 - Multiple Browser Proxy Auto-Config Script Handling Remote Denial of Service
• 05.39.20 - Mozilla Browser/ Firefox XBM Image Processing Heap Overflow
• 05.39.21 - Mozilla Browser/Firefox Unspecified JavaScript Engine Integer Overflow
• 05.39.22 - Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption
• 05.39.23 - Mozilla Browser/Firefox Chrome Window Spoofing
• 05.39.24 - Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass
• 05.39.25 - Land Down Under Multiple SQL Injection Vulnerabilities
• 05.39.26 - Yukihiro Matsumoto Ruby SAFE Level Restriction Bypass

Web Application

• 05.39.27 - CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities
• 05.39.28 - PostNuke PN_BBCode Local File Include
• 05.39.29 - CubeCart Multiple Cross-Site Scripting Vulnerabilities
• 05.39.30 - PHP-Fusion Messages.PHP SQL Injection
• 05.39.31 - Riverdark RSS Syndicator Module RSS.PHP Multiple Cross-Site Scripting Vulnerabilities
• 05.39.32 - contentServ Local File Include
• 05.39.33 - UNU Networks MailGust User_email.PHP SQL Injection
• 05.39.34 - CMS Made Simple Index.PHP Cross-Site Scripting
• 05.39.35 - SEO-Board Admin.PHP SQL Injection
• 05.39.36 - LucidCMS Index.PHP Cross-Site Scripting
• 05.39.37 - CJ LinkOut Top.PHP Cross-Site Scripting
• 05.39.38 - CJ Tag Board Multiple Cross-Site Scripting Vulnerabilities
• 05.39.39 - phpMyFAQ Local File Include Vulnerability
• 05.39.40 - AlstraSoft E-Friends Remote File Include
• 05.39.41 - phpMyFAQ Password.PHP SQL Injection
• 05.39.42 - phpMyFAQ Multiple Cross-Site Scripting Vulnerabilities
• 05.39.43 - Movable Type Username Information Disclosure
• 05.39.44 - Mall23 AddItem.ASP SQL Injection
• 05.39.45 - Lotus Domino Unspecified Cross-Site Scripting
• 05.39.46 - PunBB Forgotten Email Cross-Site Scripting
• 05.39.47 - PunBB Language Selection File Include
• 05.39.48 - GeSHI Example.PHP Directory Traversal
• 05.39.49 - Copernicus Europa Multiple Unspecified SQL Injection Vulnerabilities
• 05.39.50 - PerlDiver Perldiver.CGI Cross-Site Scripting
• 05.39.51 - Simplog Multiple SQL Injection Vulnerabilities
• 05.39.52 - My Little Forum Search.PHP SQL Injection
• 05.39.53 - Movable Type Remote File Include
• 05.39.54 - Movable Type Multiple Unspecified HTML Injection Vulnerabilities

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 39, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4545 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 05.39.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Internet Explorer for Mac OS Denial of Service
• Description: Internet Explorer for Mac OS is vulnerable to a denial of service issue due to kernel exception failure caused by invalid memory access when opening a malformed Web page. Microsoft Internet Explorer version 5.2.3 for Mac OS is vulnerable.
• Ref: http://www.securityfocus.com/bid/14899

• 05.39.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: FL Studio FLP File Processing Heap Overflow
• Description: Image-Line Software FL Studio is a commercial audio editing package. It is vulnerable to a remote heap overflow issue due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. An attacker could exploit this issue to execute arbitrary machine code in the context of the user running the affected application. FL Studio version 5.0.1 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/411737

• 05.39.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: SecureW2 Insecure Pre-Master Secret Generation Vulnerability
• Description: SecureW2 is an EAP-TTLS (Extensible Authentication Protocol Tunneled Transport Layer Security) client for Microsoft Windows. It is reported to be vulnerable to an insecure pre-master secret generation issue. SecureW2 versions 3.1.1 and earlier are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14947

• 05.39.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: 7-Zip ARJ File Buffer Overflow
• Description: 7-Zip is a file compression and decompression application for Microsoft Windows. It is prone to a stack-based buffer overflow vulnerability when handling ARJ blocks that are greater than 2600 bytes. The vulnerability has been confirmed in versions 3.13, 4.23, and 4.26 BETA. Other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/411522

• 05.39.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PowerArchiver Long Filename Buffer Overflow
• Description: PowerArchiver is a file compression and decompression tool. It is reported to be vulnerable to a long filename buffer overflow issue. PowerArchiver 2006 versions 9.5 Beta 5 and earlier are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14922

• 05.39.6 - CVE: CAN-2005-1992, CAN-2005-2747, CAN-2005-2746,CAN-2005-2745, CAN-2005-2748, CAN-2005-2744, CAN-2005-2743,CAN-2005-2524, CAN-2005-2742, CAN-2005-2741
• Platform: Mac Os
• Title: Apple Mac OS X Security Update 2005-008 Multiple Vulnerabilities
• Description: Apple has released Security Update 2005-008 to address multiple aribitrary code execution, information disclosure, local privilege escalation, cross-site scripting and unauthorized access issues. Mac OS X versions 10.4.2 and earlier are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14914

• 05.39.7 - CVE: Not Available
• Platform: Linux
• Title: RealNetworks RealPlayer and Helix Player Format String Vulnerability
• Description: RealPlayer and Helix player are susceptible to a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input, allowing a remote attacker to supply format specifiers directly to a formatted printing function. RealNetworks RealPlayer version 10.0.5.756 Gold on Linux is affected.
• Ref: http://www.securityfocus.com/bid/14945

• 05.39.8 - CVE: Not Available
• Platform: Linux
• Title: Astaro Security Linux PPTP Server Unspecified Remote Denial of Service
• Description: Astaro Security Linux is a network security solution offering a firewall, VPN, intrusion detection and antivirus capibilities. Astaro Security Linux Point-to-Point Tunneling Protocol (PPTP) server is affected by an unspecified remote denial of service vulnerability. A remote attacker may exploit this issue by sending specially crafted data to the PPTP server and causing the application to crash. Version 4.0.27 is vulnerable.
• Ref: http://www.securityfocus.com/bid/14950/info

• 05.39.9 - CVE: Not Available
• Platform: Linux
• Title: Zengaia Unspecified SQL Injection
• Description: Zengaia is a multiplayer game. Zengaia is reportedly affected by an unspecified SQL injection vulnerability. This is due to the application failing to properly sanitize user-supplied input before being used in an SQL query. Zengaia versions prior to 0.2 are reported to be affected. Zengaia versions 0.2 and 0.2.1 are affected.
• Ref: http://www.securityfocus.com/bid/14892

• 05.39.10 - CVE: CAN-2005-3074
• Platform: Unix
• Title: RSyslog Syslog Message SQL Injection
• Description: RSyslog is a system log management daemon. It is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. All versions prior to 1.10.1 are vulnerable.
• Ref: http://www.rsyslog.com/Article37.phtml

• 05.39.11 - CVE: CAN-2005-2877
• Platform: Cross Platform
• Title: TWikiUsers INCLUDE Function Allows Shell Execution
• Description: TWiki is a Web-based application that allows creation and maintenance of Web sites. It is vulnerable to a remote shell execution due to insufficient sanitization of user-supplied data passed through the "rev" parameter. TWiki versions 03Sep2004 and earlier are reported to be vulnerable.
• Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude

• 05.39.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Polipo Off-By-One Buffer Overflow
• Description: Polipo is a small and fast caching web proxy. It is prone to an off-by-one buffer overflow vulnerability due to a problem in the application when parsing NL-terminated headers. Polipo versions 0.9.8 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/14961

• 05.39.13 - CVE: Not Available
• Platform: Cross Platform
• Title: MultiTheftAuto Multiple Remote Vulnerabilities
• Description: MultiTheftAuto is a mod and server for Grand Theft Auto III and Grand Theft Auto: Vice City. It is reported to be vulnerable to multiple vulnerabilities. MultiTheftAuto versions 0.5 patch 1 and earlier versions are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14941

• 05.39.14 - CVE: Not Available
• Platform: Cross Platform
• Title: wzdftpd SITE Command Arbitrary Command Execution
• Description: wzdftpd is an FTP server implementation. It is affected by a remote arbitrary command execution vulnerability due to insufficient sanitization of user-supplied data. wzdftpd version 0.5.4 is reported to be vulnerable..
• Ref: http://www.securityfocus.com/bid/14935

• 05.39.15 - CVE: Not Available
• Platform: Cross Platform
• Title: phpMyFAQ Logs Unauthorized Access
• Description: phpMyFAQ is an FAQ manager web-application. It is vulnerable to unauthorized access due to no authorization when granting access to the log files. phpMyFAQ version 1.5.1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/14930

• 05.39.16 - CVE: CAN-2005-3052
• Platform: Cross Platform
• Title: JPortal Download.PHP SQL Injection
• Description: JPortal is a web-based portal application. JPortal is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Versions 2.2.1 through 2.3.1 are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/411518

• 05.39.17 - CVE: CAN-2005-2704
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
• Description: Mozilla and Firefox are prone to a DOM object spoofing issue that is exposed through an XBL control that uses <implement> for an internal interface. A remote attacker could potentially exploit this issue to gain elevated privileges. Please refer the link below for a list of vulnerable versions.
• Ref: http://www.securityfocus.com/bid/14921/info

• 05.39.18 - CVE: CAN-2005-2703
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox XMLHttp Header Spoofing
• Description: Mozilla and Firefox browsers are vulnerable to XMLHttp header spoofing due to insufficient santization of user-supplied input to the headers of the XMLHttpRequest. Firefox versions 1.0.6, Mozilla Suite versions 1.7.11 and earlier are reported to be vulnerable.
• Ref: http://www.mozilla.org/security/announce/mfsa2005-58.html

• 05.39.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Browser Proxy Auto-Config Script Handling Remote Denial of Service
• Description: Multiple browsers are affected by a remote denial of service vulnerability due to a design error in the browser processing a proxy auto-config (PAC) script containing an "eval()" statement. Firefox versions 1.0.6 and earlier, Netscape Browser versions 8.0.3.3, and Mozilla versions 1.7.11 and earlier are affected by this issue.
• Ref: http://www.securityfocus.com/bid/14924

• 05.39.20 - CVE: CAN-2005-0215
• Platform: Cross Platform
• Title: Mozilla Browser/ Firefox XBM Image Processing Heap Overflow
• Description: Mozilla and Firefox web browsers are vulnerable to a heap overflow issue when processing malformed XBM images with a space character as the terminator. Firefox versions 1.0.6 and Mozilla versions 1.7.11 and earlier are vulnerable.
• Ref: http://www.mozilla.org/security/announce/mfsa2005-58.html

• 05.39.21 - CVE: CAN-2005-2705
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox Unspecified JavaScript Engine Integer Overflow
• Description: Mozilla and Firefox are affected by an unspecified integer overflow vulnerability in their JavaScript engine due to insufficient boundary checking prior to copying user-supplied data into sensitive process buffers. Netscape versions 7.2, Netscape Browser versions 8.0.3.3, Mozilla Firefox versions 1.0.6 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/14917

• 05.39.22 - CVE: CAN-2005-2702
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption
• Description: Mozilla and Firefox are prone to a stack corruption vulnerability. This issue occurs when Unicode sequences are used with zero-width non-joiner characters. Successful exploitation could result in arbitrary code execution in the security context of the user running the browser.
• Ref: http://www.securityfocus.com/bid/14918/references

• 05.39.23 - CVE: CAN-2005-2707
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox Chrome Window Spoofing
• Description: Mozilla and Firefox browsers are prone to a window spoofing vulnerability. An error in the creation of windows can be exploited by opening a window from a reference to a closed window to create a blank "chrome" canvas. The resulting window is missing certain security mechanisms designed to protect against phishing attacks, such as the address bar and the status bar. Mozilla Firefox versions 1.0.6 and earlier and Mozilla Browser versions 1.7.11 and earlier are affected.
• Ref: http://www.mozilla.org/security/announce/mfsa2005-58.html

• 05.39.24 - CVE: CAN-2005-2706
• Platform: Cross Platform
• Title: Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass
• Description: Mozilla Browser/Firefox are prone to a potential arbitrary code execution weakness. This issue allows an attacker to bypass restrictions associated with loading privileged "chrome" pages.
• Ref: http://www.securityfocus.com/bid/14920

• 05.39.25 - CVE: CAN-2005-2788
• Platform: Cross Platform
• Title: Land Down Under Multiple SQL Injection Vulnerabilities
• Description: Land Down Under is a content management system. It is affected by multiple SQL injection vulnerabilities due to insufficient sanitization of user supplied input before including it in SQL queries. Land Down Under version 801 is vulnerable.
• Ref: http://www.securityfocus.com/bid/14896/info

• 05.39.26 - CVE: CAN-2005-2337
• Platform: Cross Platform
• Title: Yukihiro Matsumoto Ruby SAFE Level Restriction Bypass
• Description: Ruby is an object-oriented scripting language. It is susceptible to a SAFE level restriction bypass vulnerability due to a flaw when executing with the SAFE level set to 1, and when objects that are "tainted" are not allowed to be executed. Ruby versions prior to 1.8.3 are vulnerable.
• Ref: http://www.securityfocus.com/bid/14909

• 05.39.27 - CVE: CAN-2005-2901
• Platform: Web Application
• Title: CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities
• Description: CJ Web2Mail is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the thankyou.php and web2mail.php scripts. An attacker may leverage this issue to steal cookie-based authentication credentials as well as perform other attacks. CJ Web2Mail 3.0 is vulnerable.
• Ref: http://www.securityfocus.com/bid/14956/info

• 05.39.28 - CVE: Not Available
• Platform: Web Application
• Title: PostNuke PN_BBCode Local File Include
• Description: PostNuke is a content management system written in PHP. It is reported to be vulnerable to a local file include issue due to improper sanitization of user-supplied input to the GeSHi library "pn_bbcode" module of the application. PostNuke version 0.760 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14958

• 05.39.29 - CVE: Not Available
• Platform: Web Application
• Title: CubeCart Multiple Cross-Site Scripting Vulnerabilities
• Description: CubeCart is an eCommerce script written in PHP using a MySQL database back end. It is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/bid/14962

• 05.39.30 - CVE: Not Available
• Platform: Web Application
• Title: PHP-Fusion Messages.PHP SQL Injection
• Description: PHP-Fusion is affected by an SQL injection vulnerability. Insufficient sanitization of the "msg_send" parameter of the "messages.php" script exposes this issue. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/14964

• 05.39.31 - CVE: CAN-2005-3085
• Platform: Web Application
• Title: Riverdark RSS Syndicator Module RSS.PHP Multiple Cross-Site Scripting Vulnerabilities
• Description: Riverdark RSS Syndicator Module is a newsfeed aggregator module for Invision Power Board. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "forum" and "topic" parameters of the "rss.php" script. Riverdark RSS Syndicator module version 2.1.7 is vulnerable.
• Ref: http://securitytracker.com/id?1014969

• 05.39.32 - CVE: Not Available
• Platform: Web Application
• Title: contentServ Local File Include
• Description: contentServ is web-based content management software implemented in PHP. It is prone to a local file include vulnerability due to insufficient sanitization of user-supplied input to the "ctsWebsite" parameter of the "admin/about.php" script. contentServ version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/14943

• 05.39.33 - CVE: Not Available
• Platform: Web Application
• Title: UNU Networks MailGust User_email.PHP SQL Injection
• Description: MailGust is a web-based application that acts as a mailing list manager, a newsletter distribution tool, and a message board. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "email" field of the "/gorum/user_email.php" script. MailGust version 1.9 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/archive/1/411586

• 05.39.34 - CVE: Not Available
• Platform: Web Application
• Title: CMS Made Simple Index.PHP Cross-Site Scripting
• Description: CMS Made Simple is a content management system written in PHP. It is prone to a cross-site scripting vulnerability that is caused by insufficient sanitization of user-supplied input to the "page" parameter of the "index.php" script. This issue is reported to affect CMS Made Simple version 0.10; other versions may also be vulnerable.
• Ref: http://www.securityfocus.com/bid/14937

• 05.39.35 - CVE: Not Available
• Platform: Web Application
• Title: SEO-Board Admin.PHP SQL Injection
• Description: SEO-Board is a forum application. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied cookie data that is processed by the "admin.php" script. Successful exploitation could result in a compromise of the application, disclosure or modification of data. SEO-Board versions earlier than 1.03 are vulnerable.
• Ref: http://www.securityfocus.com/bid/14936/info

• 05.39.36 - CVE: Not Available
• Platform: Web Application
• Title: LucidCMS Index.PHP Cross-Site Scripting
• Description: LucidCMS is a simple and flexible content management system. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. LucidCMS 1.0.11 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14951

• 05.39.37 - CVE: CAN-2005-2900
• Platform: Web Application
• Title: CJ LinkOut Top.PHP Cross-Site Scripting
• Description: CJ LinkOut is a URL redirection script written in PHP. CJ LinkOut is prone to a cross-site scripting vulnerability caused by improper sanitization of user-supplied input to the "123" parameter of the "top.php" script. CJ LinkOut version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/14953

• 05.39.38 - CVE: CAN-2005-2899
• Platform: Web Application
• Title: CJ Tag Board Multiple Cross-Site Scripting Vulnerabilities
• Description: CJ Tag Board is prone to multiple cross-site scripting vulnerabilities. Insufficient sanitization of the date, time, name, ip, agent and msg parameters exposes the issue. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/14954

• 05.39.39 - CVE: Not Available
• Platform: Web Application
• Title: phpMyFAQ Local File Include Vulnerability
• Description: phpMyFAQ is an FAQ manager web-application written in PHP. It is reported to be vulnerable to a local file include issue due to improper sanitization of "LANGCODE" parameter of the "index.php" script. phpMyFAQ version 1.5.1 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14929

• 05.39.40 - CVE: CAN-2005-3062
• Platform: Web Application
• Title: AlstraSoft E-Friends Remote File Include
• Description: AlstraSoft E-Friends is a Web based forum application. It is affected by a remote file include vulnerability. An attacker could host arbitrary malicious code in a file at an attacker-controlled site and include the file using a variable path. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer. AlstraSoft E-Friends 4.0 is reported to be affected.
• Ref: http://www.securityfocus.com/archive/1/411584

• 05.39.41 - CVE: Not Available
• Platform: Web Application
• Title: phpMyFAQ Password.PHP SQL Injection
• Description: phpMyFAQ is an FAQ manager web-application. Insufficient sanitization of the "username" field of the "password.php" script exposes the application to an SQL injection issue. phpMyFAQ version 1.5.1 is reported to be prone to this issue.
• Ref: http://www.securityfocus.com/bid/14927

• 05.39.42 - CVE: Not Available
• Platform: Web Application
• Title: phpMyFAQ Multiple Cross-Site Scripting Vulnerabilities
• Description: phpMyFAQ is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the "/admin/header.php" and "/admin/footer.php" scripts. An attacker may leverage these issues to steal cookie-based authentication credentials as well as perform other attacks. phpMyFAQ 1.5.1 is vulnerable.
• Ref: http://rgod.altervista.org/phpmyfuck151.html

• 05.39.43 - CVE: Not Available
• Platform: Web Application
• Title: Movable Type Username Information Disclosure
• Description: Movable Type is a Web log publishing platform. It is vulnerable to an information disclosure issue which could be exploited by a remote attacker to extract username information from the application error messages and could aid further brute force attacks. Movable Type versions earlier than 3.2 are vulnerable.
• Ref: http://www.sixapart.com/movabletype/docs/3.2/h_changelog/#entry-5869

• 05.39.44 - CVE: CAN-2005-3043
• Platform: Web Application
• Title: Mall23 AddItem.ASP SQL Injection
• Description: Mall23 is an ecommerce application written in ASP. Mall23 is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
• Ref: http://systemsecure.org/ssforum/viewtopic.php?t=277

• 05.39.45 - CVE: Not Available
• Platform: Web Application
• Title: Lotus Domino Unspecified Cross-Site Scripting
• Description: IBM Lotus Domino is prone to a cross-site scripting vulnerability. This is due to insufficient input validation of data supplied through URI parameters. The specific parameter affected was not specified by IBM. IBM Lotus Domino version 6.5.4 is reportedly vulnerable.
• Ref: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21201845

• 05.39.46 - CVE: Not Available
• Platform: Web Application
• Title: PunBB Forgotten Email Cross-Site Scripting
• Description: PunBB is a bulletin board application. Insufficient sanitization of user-supplied input to the "forgotten e-mail" feature exposes the application to a cross-site scripting issue. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/14912

• 05.39.47 - CVE: Not Available
• Platform: Web Application
• Title: PunBB Language Selection File Include
• Description: PunBB is a bulletin board application. It is vulnerable to a file include issue due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to gain unauthorized access. PunBB versions earlier than 1.2.8 are vulnerable.
• Ref: http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt

• 05.39.48 - CVE: Not Available
• Platform: Web Application
• Title: GeSHI Example.PHP Directory Traversal
• Description: GeSHI is a generic syntax highlighter application written in PHP. It is reported to be vulnerable to a directory traversal issue due to improper sanitization of user-supplied input to the "language" parameter of the "contrib/example.php" script. GeSHi version 1.0.7.2 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14903

• 05.39.49 - CVE: Not Available
• Platform: Web Application
• Title: Copernicus Europa Multiple Unspecified SQL Injection Vulnerabilities
• Description: Copernicus Europa is an asset finance administration and accounting system. It is vulnerable to multiple unspecified SQL injection issues due to a failure in the application to properly sanitize input before using it in an SQL query. Remote attackers could exploit this issue to compromise the application, get hold of sensitive data or perform other attacks.
• Ref: http://www.securityfocus.com/bid/14895/info

• 05.39.50 - CVE: Not Available
• Platform: Web Application
• Title: PerlDiver Perldiver.CGI Cross-Site Scripting
• Description: PerlDiver is an application which displays Perl installation settings. It is reported to be vulnerable to a cross-site scripting isue due to improper sanitization of user-supplied input to the "module" parameter of the "perldiver.cgi" script. PerlDiver version 2.31 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/14894

• 05.39.51 - CVE: CAN-2005-3076
• Platform: Web Application
• Title: Simplog Multiple SQL Injection Vulnerabilities
• Description: Simplog is used for adding blogging capabilities to existing websites. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. Simplog version 0.9.1 is affected by this issue.
• Ref: http://secunia.com/advisories/16881/

• 05.39.52 - CVE: CAN-2005-3045
• Platform: Web Application
• Title: My Little Forum Search.PHP SQL Injection
• Description: My Little Forum is a simple web-forum implemented in PHP. It is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Versions 1.3 and 1.5 are vulnerable.
• Ref: http://www.securityfocus.com/bid/14908

• 05.39.53 - CVE: Not Available
• Platform: Web Application
• Title: Movable Type Remote File Include
• Description: Movable Type is a web log publishing platform and it is prone to a remote file include vulnerability. This is due to a lack of proper sanitization of user-supplied files. As a result, files with arbitrary extensions can be uploaded to a directory inside the web server path. An attacker may execute arbitrary server-side script code with the privileges of the web server process. Movable Type version 3.17 is vulnerable.
• Ref: http://www.sixapart.com/movabletype/docs/3.2/h_changelog/#entry-5869

• 05.39.54 - CVE: Not Available
• Platform: Web Application
• Title: Movable Type Multiple Unspecified HTML Injection Vulnerabilities
• Description: Movable Type is a web log publishing platform for businesses, organizations, developers, and web designers written in Perl. It is prone to multiple unspecified HTML injection vulnerabilities. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/14912

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.