Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 43
October 27, 2005

SANS Newsletters Home

Open source software for VOIP (Skype), network sniffing (Ethereal), and managing MySQL databases all had critical new vulnerabilities discovered this week.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 0 (#5)
    • Third Party Windows Apps
    • 1
    • Linux
    • 3
    • Cross Platform
    • 15 (#1, #2, #4, #6)
    • Web Application
    • 33 (#3)
    • Hardware
    • 1

******************** Security Training Update *************************

Large, multi-track security training programs coming up in Baltimore, San Diego, Vancouver, Toronto, and Amsterdam. Details: http://www.sansorg

***********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Cross Platform
Web Application
Hardware

******************* SPONSORED LINKS ***********************************

1) SANS WEBCAST: Learn how to safely exploit vulnerabilities in your network with a CORE IMPACT automated penetration-test http://www.sans.org/info.php?id=908

2) ALERT: How Hackers Use Evasive Spyware To Bypass AV & Behavior- based Security. **FREE White Paper** http://www.sans.org/info.php?id=909

***********************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Other Software
  • (1) HIGH: Skype Multiple Buffer Overflows
  • Affected:
    • Skype for Windows versions 1.4.*.83 and prior
    • Skype for Mac OS X versions 1.3.*.16 and prior
    • Skype for Linux versions 1.2.*.17 and prior
    • Skype for Pocket PC versions 1.1.*.6 and prior

  • Description: Skype is peer-to-peer software for making phone calls over the Internet using VoIP technology. The software has reportedly been downloaded over 178 million times. (a) The Skype client for all platforms contains a heap-based buffer overflow that can be triggered by specially crafted UDP or TCP packets. A remote attacker can potentially exploit this flaw to execute arbitrary code. The discoverers have posted some technical details and reported that a single UDP packet can be used for exploitation. (b) The Skype Windows client registers "callto://" and "skype://" URI handlers. These URI handlers allow Skype to be invoked via a web browser. These URI handlers contain a buffer overflow that can be triggered by an overlong URL. A malicious webpage or a Skype peer may entice a Skype user to click a specially crafted link, and exploit this flaw to execute arbitrary code on the Skype user's system.

  • Status: Skype has released updates for all platforms. Since the heap-based buffer overflow can be exploited by a single UDP packet, the malicious packet can be easily spoofed. Further, Skype clients listen on arbitrary chosen ports and use encrypted communications. Hence, firewalls or IDS/IPS systems may only offer a limited protection.

  • Council Site Actions: Only two of the reporting council sites responded to this item. One site has already applied the patches. The other site has users who use the software; however, it is not supported by their central IT department. They are not distributing any update guidance regarding Skype to their end users. They suspect that many end users have heard of the Skype security problem because of coverage in the technology press or general press.

  • References:
  • (2) HIGH: Ethereal Multiple Protocol Decoding Overflows
  • Affected:
    • Ethereal versions 0.7.7 - 0.10.12

  • Description: Ethereal, a popular open source network sniffer and protocol analyzer for Unix/Windows platforms contains buffer overflow vulnerabilities in parsing the following protocols: SRVLOC, AgentX and SLIMP3. These buffer overflows can be exploited to execute arbitrary code with the privileges of the ethereal process (typically "root" when ethereal is being used as a sniffer). To exploit these flaws, an attacker has to either inject the malicious packets into the network traffic being sniffed by ethereal, or entice a client to open a specially crafted packet capture file. The technical details regarding the buffer overflows and an exploit for SLIMP3 protocol decoder have been posted.

  • Status: Ethereal has released version 0.10.13 that also fixes DoS vulnerabilities in other protocol decoders in addition to the buffer overflows.

  • Council Site Actions: Most of the council sites are responding to this item on some level. A few sites have notified their users and recommended that they upgrade to the fixed version. The other sites will distribute the patches during their next regularly scheduled system update process. One site commented they the seldom use Ethereal on their workstations, so their SOP is to update to the latest version each time they use it.

  • References:
  • (4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
  • Affected:
    • Multiple AV vendors including McAfee, Trend Micro, Kaspersky, Sophos, CA, Panda.

  • Description: Multiple anti-virus engines reportedly contain a vulnerability that can lead to bypassing detection of malware in ".bat", ".html" and ".eml" files. The problem occurs because the detection engines stop processing these files if they are tagged with a fake executable file header. Note that with the increase in client-side attacks, bypassing malicious HTML detection may lead to spread of spyware and other malware on desktop systems. Multiple proof of concept examples have been posted.

  • Status: No official statement is available from the AV vendors at this time. The advisory also lists certain versions of the AV software that are not reportedly vulnerable.

  • Council Site Actions: All council sites are waiting for further information from their anti-virus vendor. Most sites use automated updates for the engine and dat files.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4604 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.43.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZipGenius Multiple Formats File Name Buffer Overflow Vulnerabilities
  • Description: ZipGenius is a file compression suite. It is prone to multiple buffer overflow issues due to insufficient boundary checks prior to copying user-supplied data into sensitive process buffers. The files "zipgenius.exe" and "zg.exe" applications are prone to a buffer overflow. ZipGenius versions 5.5.1.468 and 6.0.2.1041 are reported to be vulnerable. Other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/15161/discuss
  • 05.43.2 - CVE: Not Available
  • Platform: Linux
  • Title: BMV PostScript File Handling Integer Overflow
  • Description: BMV is a frontend for GhostScript that allows previewing of PostScript files. It is vulnerable to an integer overflow issue that can allow a remote attacker to execute arbitrary code and gain unauthorized access to an affected computer. BMV version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15153/info
  • 05.43.3 - CVE: Not Available
  • Platform: Linux
  • Title: Squid FTP Server Response Denial of Service
  • Description: Squid is a popular caching proxy server. It is reported to be vulnerable to a remote denial of service issue due to improper handling of ftp server responses. Squid versions 2.5 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15157
  • 05.43.4 - CVE: Not Available
  • Platform: Linux
  • Title: SUSE Linux Squid Proxy SSL Handling Denial of Service
  • Description: Squid Proxy is a web proxy software package. Squid Proxy running on SUSE Linux is affected by a denial of service vulnerability. The exact cause of this issue is currently unknown, however reports indicate that this issue arises when the application handles specially crafted HTTPS data. SUSE Linux version 9.0 is reported to be vulnerable to this issue.
  • Ref: http://www.securityfocus.com/advisories/9567
  • 05.43.5 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Basic Analysis And Security Engine SQL Injection
  • Description: Basic Analysis And Security Engine (BASE)is an application that analysis SNORT data. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "sig[1]" parameter of the "base_qry_main.php" script. BASE Basic Analysis and Security Engine version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15199/info
  • 05.43.6 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Discovery Web Accounts Default Password
  • Description: Symantec Discovery is a software application for tracking the hardware/software assets. During installation, two database accounts, DiscoveryWeb and DiscoveryRO, are created with NULL passwords. Symantec Discovery versions 6.0 and earlier are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2005.10.24.html
  • 05.43.7 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability
  • Description: Anti-virus software from multiple vendors is reported to be vulnerable to a detection evasion vulnerability. It is reported to be vulnerable to a byte detection evasion issue. The issue presents itself in the way the scanning engine of the various anti-virus software, determines what type of file it is scanning. An attacker can, through the use of magic bytes, trick the anti-virus software into thinking a malicious file is of a different type, possibly evading further scanning or evading certain types of scanning.
  • Ref: http://www.securityfocus.com/bid/15189
  • 05.43.8 - CVE: CVE-2005-3265
  • Platform: Cross Platform
  • Title: Skype Technologies Skype Multiple Buffer Overflow Vulnerabilities
  • Description: Skype Technologies Skype is peer-to-peer communications software that provides for Internet-based voice communications. It is reported to be vulnerable to multiple buffer overflow issues. These issues affect Skype for Windows releases 1.1.*.0 through 1.4.*.83.
  • Ref: http://www.securityfocus.com/bid/15190
  • 05.43.9 - CVE: CVE-2005-3267
  • Platform: Cross Platform
  • Title: Skype Networking Routine Heap Overflow
  • Description: Skype is peer-to-peer communications application. It is vulnerable to a heap overflow issue due to the client receiving a specifically-crafted network traffic, which causes an overwrite to part of the heap including the heap integrity control data. All Skype clients are vulnerable.
  • Ref: http://www.skype.com/security/skype-sb-2005-03.html
  • 05.43.10 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP iCalendar Default_View Remote File Include
  • Description: PHP iCalendar is a web-based calendar implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input. The "default_view" parameter of "index.php" is not properly sanitized, allowing attackers to specify remotely-hosted script files to be executed in the context of the web server hosting the vulnerable software. PHP iCalendar versions 2.0.1, 2.0c, 2.0b and 2.0a2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15193/discuss
  • 05.43.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Network Appliance iSCSI Authentication Bypass
  • Description: The iSCSI (Internet Small Computer System Interface) protocol is an Internet Protocol (IP) based storage networking standard for linking data storage facilities. Network Appliance's iSCSI implementation is susceptible to an authentication bypass vulnerability. This issue allows attackers to bypass iSCSI authentication, allowing them to read/write arbitrary data contained in iSCSI volumes. Versions 6.4, 6.5, and 7.0 are reported vulnerable to this issue; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/15197
  • 05.43.12 - CVE: CAN-2005-3184
  • Platform: Cross Platform
  • Title: Ethereal Stack Buffer Overflow
  • Description: Ethereal is a network analyzer. It is vulnerable to a remote buffer overflow issue when dissecting Service Location Protocol (SRVLOC) packets. Ethereal versions 0.10.13 and ealier are vulnerable. Ref: http://www.idefense.com/application/poi/display?id=323&type=vulnerabilities&flashstatus=true
  • 05.43.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Application Server HTTP Response Splitting
  • Description: Oracle Application Server is prone to an HTTP response splitting vulnerability due to lack of proper sanitization checks on the input. This issue occurs in the session URL rewriting function, when the affected application creates an HTTP cookie header containing user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
  • 05.43.14 - CVE: CAN-2005-3256
  • Platform: Cross Platform
  • Title: Mozilla Enigmail Incorrect Encryption Key Selection
  • Description: Enigmail is a plugin for Mozilla designed to interface with the GnuPG application. It is affected by an incorrect encryption key selection vulnerability. This issue is due to a design flaw in the application that results in the potential selection of incorrect encryption keys when sending email messages. Enigmail versions prior to 0.92.1 are affected.
  • Ref: http://www.securityfocus.com/advisories/9552
  • 05.43.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Paros HSQLDB Remote Authentication Bypass
  • Description: Paros is an application used to do security tests on web enabled applications. It is prone to a remote authentication bypass vulnerability. A remote attacker can connect to the "HSQLDB" database with a username of "sa" and a blank password, and subsequently access any information that is present in the database. Paros version 3.2.5 is affected; earlier versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15141
  • 11.5.1 - CVE: Not Available11.5.9.5 and are affected.
  • Platform: Cross Platform
  • Title: Oracle Workflow Wf_monitor Cross-Site Scripting
  • Description: Oracle Workflow is a business process management solution embedded in the Oracle database. Insufficient sanitization of the "response form" field of the "wf_monitor" script exposes the application to a cross-site scripting issue. Oracle Workflow versions
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
  • 05.43.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Workflow Wf_route Cross-Site Scripting
  • Description: Oracle Workflow is business process management functionality present in the Oracle database. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input of the "end_date" field of the "wf_route" script. An attacker may leverage this issue to steal cookie-based authentication credentials as well as perform other attacks. Oracle Workflow version 11.5.1 is vulnerable.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
  • 05.43.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Application Server 10g emagent.exe Stack Overflow Vulnerability
  • Description: Oracle Application Server 10g is reported to be vulnerable to a buffer overflow issue due to improper boundary checks. Successful exploitation could result in arbitrary code execution in the security context of the Oracleoracleas1ASControl service.
  • Ref: http://www.securityfocus.com/bid/15146
  • 05.43.19 - CVE: CAN-2005-3241, CAN-2005-3242, CAN-2005-3243,CAN-2005-3244, CAN-2005-3246, CAN-2005-3245, CAN-2005-3247,CAN-2005-3248, CAN-2005-3249, CAN-2005-3184
  • Platform: Cross Platform
  • Title: Ethereal Multiple Protocol Dissector Vulnerabilities
  • Description: Ethereal is a multi-platform network protocol sniffer and analyzer. Several vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors like BER, SigComp UDVM, SCSI, sFlow, RTnet, ISAKMP, FC-FCS, RSVP, ISIS LSP, ONC RPC, SLIMP3, AgentX, SRVLOC, IrDA, SMB and X11. Ethereal versions 0.7.7 through 0.10.12 are affected.
  • Ref: http://www.securityfocus.com/bid/15148/exploit
  • 05.43.20 - CVE: Not Available
  • Platform: Web Application
  • Title: Techno Dreams Multiple SQL Injection Vulnerabilities
  • Description: Techno Dreams provides a collection of ASP scripts performing various functions. Multiple Techno Dreams scripts are prone to multiple SQL injection vulnerabilities due to a failure in the applications to properly sanitize user-supplied input before using it in SQL queries. The "admin/login.asp" script of the "Announcement", "Guestbook" and "WebDirectory" scripts, as well as the "login.asp" script of the "Mailing List" script are vulnerable to SQL injection.
  • Ref: http://www.securityfocus.com/archive/1/414708
  • 05.43.21 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Multiple HTML Injection Vulnerabilities
  • Description: XOOPS is a community web site building application written in PHP. It is prone to multiple HTML injection issues due to improper sanitization of user-supplied input before using it in dynamically generated content. XOOPS version 2.0.13 (japanese) is released to fix this issue.
  • Ref: http://www.securityfocus.com/bid/15195
  • 05.43.22 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpMyAdmin is a web based administration tool for MySQL database. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input in "left.php", "queryframe.php" and "server_databases.php" scripts. An attacker may leverage these issues to steal cookie-based authentication credentials as well as perform other attacks. phpMyAdmin versions earlier than 2.6.4 -pl3 are vulnerable.
  • Ref: http://www.trapkit.de/advisories/TKADV2005-10-001.txt
  • 05.43.23 - CVE: Not Available
  • Platform: Web Application
  • Title: MWChat Chat.PHP SQL Injection
  • Description: MWChat is a web-based chat system. It is reported to be vulnerable to SQL injection issue due to improper sanitization of user-supplied input to the "username" parameter of "chat.php" script.
  • Ref: http://www.securityfocus.com/bid/15198
  • 05.43.24 - CVE: Not Available
  • Platform: Web Application
  • Title: AR-Blog Unspecified HTML Injection
  • Description: AR-Blog is a web log application written in PHP. It is prone to an HTML injection vulnerability. This issue is due to insufficient sanitization of user-supplied input before using it in dynamically generated content. When adding a comment to a web log entry, user-supplied input is not sanitized. AR-Blog versions 5.2 and 2.0 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15201/discuss
  • 05.43.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Belchior Foundry vCard Remote File Include
  • Description: Belchior Foundry vCard is a web based e-card application. It is vulnerable to a Remote File Include issue due to insufficient sanitization of the "match" parameter of the "define.inc.php" script. Belchior Foundry vCard version 2.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15207/info
  • 05.43.26 - CVE: Not Available
  • Platform: Web Application
  • Title: Flyspray Multiple Cross-Site Scripting Vulnerabilities
  • Description: Flyspray is a web-based bug tracking system for software developers. It is prone to multiple cross-site scripting vulnerabilities due to a lack of proper sanitization of user-supplied input. Multiple parameters are not properly sanitized when submitted to the "index.php" script, and subsequently allow an attacker to submit malicious HTML and script code. The following is a list of parameters which are affected: PHPSESSID, task, string, type, serv, due, dev, sort2. Flyspray versions 0.9.8 amd 0.9.7 are affected
  • Ref: http://www.securityfocus.com/bid/15209/exploit
  • 05.43.27 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis Multiple Unspecified SQL Injection Vulnerabilities
  • Description: Mantis is a bug tracking application written in PHP. It is prone to multiple unspecified SQL injection vulnerabilities that are caused by improper sanitization of user-supplied input to unspecified parameters and scripts. Mantis versions 0.19.2 and 1.0.0rc2 are reported to be vulnerable. An upgrade to 0.19.3 is available.
  • Ref: http://www.securityfocus.com/bid/15210
  • 05.43.28 - CVE: Not Available
  • Platform: Web Application
  • Title: SparkleBlog Multiple HTML Injection Vulnerabilities
  • Description: SparkleBlog is a web log application written in PHP. SparkleBlog is prone to multiple HTML injection vulnerabilities due to improper sanitization of user-supplied input to the comment section of a Web log entry.
  • Ref: http://www.securityfocus.com/bid/15202
  • 05.43.29 - CVE: Not Available
  • Platform: Web Application
  • Title: AR-Blog Remote Authentication Bypass
  • Description: AR-Blog is a web log application written in PHP. It is prone to an authentication bypass vulnerability caused by malicious cookie parameters. Versions 5.2 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15203
  • 05.43.30 - CVE: Not Available
  • Platform: Web Application
  • Title: ipbProArcade GameID Remote SQL Injection
  • Description: ipbProArcade is a third party module for the Invision Power Board. Insufficient sanitization of the "gameid" parameter in the "favorites" module exposes the application to an SQL injection issue. ipbProArcade version 2.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/15205
  • 05.43.31 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBulletinBoard Usercp.PHP SQL Injection
  • Description: MyBulletinBoard is a web-based bulletin board system. It is prone to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "awayday" parameter of the "usercp.php" script before using it in an SQL query. A remote attacker could exploit this issue to gain administrative access. MyBulletinBoard versions 1.0 PR2 and RC4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/414672
  • 05.43.32 - CVE: Not Available
  • Platform: Web Application
  • Title: RSA ACE Agent Image Cross-Site Scripting
  • Description: RSA ACE Agent provides local and remote authentication to restrict unauthorized access to resources on a host. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "image" parameter.
  • Ref: http://www.securityfocus.com/bid/15206
  • 05.43.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Platinum DBoardGear Theme Import SQL Injection
  • Description: Platinum DBoardGear is a web-based forum application implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "ctrtools.php" script.
  • Ref: http://www.securityfocus.com/archive/1/414517
  • 05.43.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Nuked Klan Multiple SQL Injection Vulnerabilities
  • Description: Nuked Klan is a content management application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to parameters such as "forum_id", "thread_id", and "link_id" of the "index.php" script. Nuked Klan version 1.7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15181
  • 05.43.35 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Multiple Input Validation Vulnerabilities
  • Description: DCP-Portal is a content management system. DCP-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities due to insufficient validation of data supplied through the following URI parameters: "cid" in "index.php", "name" in "register.php", "email" in "lostpassword.php", "year" in "calender.php", "cid" in "register.php" and "mid" in "forums.php". DCP-Portal versions 6.1.1 through version 3.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/414341
  • 05.43.36 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteTurn Domain Manager Pro Admin Panel Cross-Site Scripting
  • Description: Domain Manager Pro is a Web content management solution. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "err" parameter of the admin panel.
  • Ref: http://www.kapda.ir/advisory-96.html
  • 05.43.37 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Message Post HTML Injection
  • Description: PHP-Fusion is a content management system written in PHP. PHP-Fusion is prone to an HTML injection vulnerability that is caused by improper sanitization of user-supplied input to message posts. PHP-Fusion version 6.0.204 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15187
  • 05.43.38 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Theme Variable Local File Inclusion
  • Description: phpMyAdmin is a a web interface for handling MySQL administrative tasks. It is prone to a local file include vulnerability due to insufficient sanitization of user-supplied input. The "theme" cookie variable may be used by an attacker to override data in a predefined variable. phpMyAdmin versions 2.6.4-pl2 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/advisories/9578
  • 05.43.39 - CVE: CVE-2005-0259
  • Platform: Web Application
  • Title: phpBB Avatar Upload HTML Injection
  • Description: phpBB is a bulletin board system written in PHP. phpBB is prone to an HTML injection vulnerability due to a failure in the application to properly sanitize user-supplied input when allowing Avatars to be uploaded from remote locations. phpBB version 2.0.17 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15170
  • 05.43.40 - CVE: Not Available
  • Platform: Web Application
  • Title: eBASEweb Unspecified SQL Injection
  • Description: eBASEweb is prone to an SQL injection vulnerability. This issue is due to insufficient sanitization of user-supplied input to unspecified parameters of unspecified scripts. eBASEweb version 3.0 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/15171
  • 05.43.41 - CVE: Not Available
  • Platform: Web Application
  • Title: FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
  • Description: FlatNuke is a content management system. Insufficient sanitization of the "user", "quale" and "op" parameters of the "index.php" script exposes the application to multiple file include issues. FlatNuke version 2.5.7 was released to fix this issue.
  • Ref: http://www.securityfocus.com/archive/1/414365
  • 05.43.42 - CVE: Not Available
  • Platform: Web Application
  • Title: Platinum DBoardGear Multiple SQL Injection Vulnerabilities
  • Description: Platinum DBoardGear is a web-based forum application implemented in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "buddy" parameter of the "buddy.php" script and the "uid" parameter of the "u2a.php" script.
  • Ref: http://www.securityfocus.com/bid/15174/references
  • 05.43.43 - CVE: Not Available
  • Platform: Web Application
  • Title: TClanPortal Index.PHP SQL Injection
  • Description: TClanPortal is a web portal application. Insufficient sanitization of the "id" parameter of the "linkdl/index.php" script exposes the application to an SQL injection issue. TClanPortal version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15173
  • 05.43.44 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB Common.PHP Remote File Include
  • Description: PunBB is a bulletin board application. It is reported to be vulnerable to a remote file include issue due to improper sanitization of user-supplied input to the "pun_root" parameter of the "common.php" script.
  • Ref: http://www.securityfocus.com/bid/15175
  • 05.43.45 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPNuke Multiple Modules SQL Injection Vulnerabilities
  • Description: PHPNuke is a web-based content management system. It is reported to be vulnerable to multiple sql injection issues due to improper sanitization of user-supplied input to the "username", "url" and "description" parameters. PHP-Nuke version 7.8 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15178
  • 05.43.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Splatt Forums Remote Authentication Bypass
  • Description: Splatt Forums is a forum application written in PHP. It is prone to an authentication bypass vulnerability. An attacker may bypass the administrative logon process and make changes to posts with the effective rights of the forum administrator. Version 3.2 is vulnerable; version 4.0 is available to address this issue.
  • Ref: http://www.securityfocus.com/bid/15152
  • 05.43.47 - CVE: Not Available
  • Platform: Web Application
  • Title: TikiWiki Unspecified Cross-Site Scripting
  • Description: TikiWiki is a web-based wikki application. It is affected by a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input. TikiWiki versions 1.9.1 and 1.8.5 are affected.
  • Ref: http://www.securityfocus.com/bid/15164/info
  • 05.43.48 - CVE: Not Available
  • Platform: Web Application
  • Title: AL-Caricatier SS.PHP Authentication Bypass
  • Description: AL-Caricatier is a PHP script written for Arabic language users. It is vulnerable to an authentication bypass issue due to improper validation of user-supplied input by the affected scripts. An attacker could exploit this issue to disclose sensitive information or gain administrative access. AL-Caricatier versions 2.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15162/info
  • 05.43.49 - CVE: Not Available
  • Platform: Web Application
  • Title: Nuked Klan Multiple HTML Injection Vulnerabilities
  • Description: Nuked Klan is reported to be vulnerable to multiple HTML injection vulnerabilities due to improper sanitization of user-supplied input. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/15166
  • 05.43.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Zomplog Detail.PHP HTML Injection
  • Description: Zomplog is a web log application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the "id" field of the "detail.php" script. Zomplog versions 3.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15168/info
  • 05.43.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Chipmunk Multiple Cross-Site Scripting Vulnerabilities
  • Description: Chipmunk Forum, Topsite, Directory are web-based applications. They are vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input. All versions are reported to be vulnerable.
  • Ref: http://irannetjob.com/content/view/148/28/
  • 05.43.52 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal
  • Description: PHP-Nuke NukeFixes is an add-on for PHP-Nuke. It is prone to a directory traversal vulnerability. A remote attacker may use directory traversal sequences "../" in the "file" parameter of the "modules.php" script to view files that are only intended to be accessible to authenticated and authorized users. NukeFix version 3.1 for PHP-Nuke version 7.8 is vulnerable.
  • Ref: http://www.nukefixes.com/ftopict-1779-.html#7641
  • 05.43.53 - CVE: Not Available
  • Platform: Hardware
  • Title: Cisco 11500 Malformed SSL Client Certificate Denial of Service
  • Description: Cisco 11500 Content Services Switch is a load balancing device designed to provide scalable network services for datacenters. It is prone to a denial of service condition when processing malformed SSL client certificates. When the device processes malformed SSL client certificates during SSL session negotiation, a memory corruption issue may cause the device to reload. Devices running WebNS operating system versions 7.1 through 7.5 are vulnerable.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course has been a career changing event. I will be approaching the way I manage in a whole new mind set
-Steve Hoevernaar, Kroger

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County