@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) HIGH: Perl Format String Vulnerability
• (2) HIGH: Ipswitch IMail SMTP Format String Vulnerabilities

Other Software

• (3) HIGH: phpMyAdmin Remote Variable Overwrite
• (4) HIGH: MediaWiki PHP Remote Code Execution

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 05.49.1 - Microsoft Internet Explorer CSS Import Cross-Domain Restriction Bypass

Third Party Windows Apps

• 05.49.2 - InfinetSoftware MyTemplateSite Cross-Site Scripting
• 05.49.3 - Absolute Shopping Package Multiple Cross-Site Scripting Vulnerabilities
• 05.49.4 - WinEggDropShell Multiple Remote Buffer Overflow Vulnerabilities
• 05.49.5 - Real Networks RealPlayer Unspecified Remote Code Execution
• 05.49.6 - XcPhotoAlbum Cross-Site Scripting
• 05.49.7 - Ipswitch Collaboration Suite and IMail Server SMTPD Remote Format String

Linux

• 05.49.8 - XPDF DCTStream Baseline Remote Heap Buffer Overflow
• 05.49.9 - Astaro Security Linux ISAKMP IKE Traffic DOS

HP-UX

• 05.49.10 - HP-UX Unspecified IPSec Unauthorized Remote Access

Unix

• 05.49.11 - XPDF DCTStream Progressive Remote Heap Buffer Overflow
• 05.49.12 - Open Motif libUil Open_source_file Buffer Overflow
• 05.49.13 - cURL / libcURL URL Parser Buffer Overflow

Cross Platform

• 05.49.14 - Web4Future Affiliate Manager SQL Injection
• 05.49.15 - Sobexsrv Dosyslog Remote Format String
• 05.49.16 - MediaWiki User Language Remote Code Execution
• 05.49.17 - Nodezilla Evl_Data Directory Unauthorized Access
• 05.49.18 - PHPYellowTM Multiple SQL Injection Vulnerabilities
• 05.49.19 - XPDF Remote Heap Buffer Overflow
• 05.49.20 - XPDF StreamPredictor Remote Heap Buffer Overflow
• 05.49.21 - Sun Communications Services Delegated Default Admin Password Disclosure
• 05.49.22 - Mr CGI Guy Software Multiple Search.CGI Cross-Site Scripting Vulnerabilities
• 05.49.23 - Sun Java System Application Server Reverse SSL Proxy Vulnerability
• 05.49.24 - Apple Quicktime/iTunes Unspecified Heap Overflow
• 05.49.25 - Drupal View User Profile Authorization Bypass
• 05.49.26 - PHPMyChat Multiple X-Site Scripting Vulnerabilities
• 05.49.27 - Open Motif libUil Diag_issue_diagnostic Buffer Overflow
• 05.49.28 - QualityEBiz Quality PPC Search Cross-Site Scripting
• 05.49.29 - Java Search Engine Search.JSP X-Site Scripting
• 05.49.30 - FFmpeg LibAVCodec Heap Buffer Overflow
• 05.49.31 - Ipswitch Collaboration Suite and IMail Server Denial of Service
• 05.49.32 - Apache MPM Worker.C Denial of Service

Web Application

• 05.49.33 - Web4Future Portal Solutions Arhiva.PHP Directory Traversal
• 05.49.34 - Edgewall Software Trac Search Module SQL Injection
• 05.49.35 - PluggedOut Nexus Search Script Input Validation Vulnerabilities
• 05.49.36 - Hobosworld HobSR Multiple SQL Injection Vulnerabilities
• 05.49.37 - Relative Real Estate Systems SQL Injection
• 05.49.38 - Web4Future eDating Professional Multiple SQL Injection Vulnerabilities
• 05.49.39 - Blog System Multiple SQL Injection Vulnerabilities
• 05.49.40 - Web4Future Portal Solutions Comentarii.PHP SQL Injection
• 05.49.41 - SAPID CMS Multiple Authentication Bypass Vulnerabilities
• 05.49.42 - Solupress News Search.ASP Cross-Site Scripting
• 05.49.43 - SiteBeater MP3 Catalog Search.ASP Cross-Site Scripting
• 05.49.44 - Widget Press Widget Property Property.PHP SQL Injection
• 05.49.45 - Web4Future KeyWord Frequency Counter Cross-Site Scripting
• 05.49.46 - Web4Future eCommerce Enterprise Edition Multiple SQL Injection Vulnerabilities
• 05.49.47 - Easy Search System Search.cgi Cross-Site Scripting
• 05.49.48 - SiteBeater News Archive.ASP Cross-Site Scripting
• 05.49.49 - PHP-Fusion Messages.PHP SQL Injection
• 05.49.50 - Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities
• 05.49.51 - FileLister Definesearch.JSP Cross-Site Scripting
• 05.49.52 - SAMEDIA Landshop Multiple SQL Injection Vulnerabilities
• 05.49.53 - Quicksilver Forums SQL Injection
• 05.49.54 - 1-Script 1-Search 1search.CGI Cross-Site Scripting
• 05.49.55 - DuWare DuPortalPro Password.ASP Cross-Site Scripting
• 05.49.56 - Horde IMP Email Attachments HTML Injection
• 05.49.57 - Instant Photo Gallery Multiple SQL Injection Vulnerabilities
• 05.49.58 - PHP Upload Center Index.PHP Directory Traversal
• 05.49.59 - Tradesoft CMS Multiple SQL Injection Vulnerabilities
• 05.49.60 - Drupal Image Upload HTML Injection
• 05.49.61 - Citrix Multiple Applications Login Form Cross-Site Scripting
• 05.49.62 - Lore Article.PHP SQL Injection
• 05.49.63 - DotClear Session.PHP SQL Injection
• 05.49.64 - FastJar Archive Extraction Directory Traversal
• 05.49.65 - MXChange Multiple Unspecified Input Validation Vulnerabilities
• 05.49.66 - WebCalendar Layers_Toggle.PHP HTTP Response Splitting
• 05.49.67 - WebCalendar Multiple SQL Injection Vulnerabilities
• 05.49.68 - Edgewall Software Trac Ticket Query Module SQL Injection
• 05.49.69 - Extreme Corporate Extremesearch.PHP Cross-Site Scripting
• 05.49.70 - Drupal Submitted Content HTML Injection
• 05.49.71 - PHPX Admin Login.PHP SQL Injection
• 05.49.72 - NetClassifieds Products Multiple SQL Injection Vulnerabilities
• 05.49.73 - DUware Multiple Software SQL Injection
• 05.49.74 - Atlassian Confluence Search Cross-Site Scripting
• 05.49.75 - Zen Cart Password_Forgotten.PHP SQL Injection
• 05.49.76 - IISWorks ASPKnowledgeBase KB.ASP Cross-Site Scripting
• 05.49.77 - PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
• 05.49.78 - PHPForumPro Multiple SQL Injection Vulnerabilities
• 05.49.79 - DoceboLMS Connector.PHP Directory Traversal
• 05.49.80 - DoceboLMS Arbitrary File Upload
• 05.49.81 - A-FAQ Multiple SQL Injection Vulnerabilities
• 05.49.82 - NetauctionHelp Multiple Cross-Site Scripting Vulnerabilities
• 05.49.83 - XcClassified CPSearch.ASP Cross-Site Scripting
• 05.49.84 - RWAuction Pro Search.ASP Cross-Site Scripting
• 05.49.85 - PluggedOut Blog Index.PHP Multiple SQL Injection Vulnerabilities
• 05.49.86 - Cars Portal Index.PHP Multiple SQL Injection Vulnerabilities
• 05.49.87 - e107 Website System Voting Manipulation
• 05.49.88 - SugarCRM Sugar Suite Remote and Local File Include Vulnerabilities
• 05.49.89 - PHPMyAdmin Import_Blacklist Variable Overwrite
• 05.49.90 - SimpleBBS Remote Arbitrary Command Execution

Network Device

• 05.49.91 - MultiTech MultiVoIP INVITE Remote Buffer Overflow
• 05.49.92 - Avaya TN2602AP IP Media Resource 320 Remote Denial of Service
• 05.49.93 - Check Point VPN-1 SecureClient Policy Bypass

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4722 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 05.49.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer CSS Import Cross-Domain Restriction Bypass
• Description: Microsoft Internet Explorer is prone to an issue that allows a violation of the cross-domain security model. The vulnerability arises as Internet Explorer does not properly parse CSS files and facilitates imports of files that are not valid CSS files. An attacker may exploit this issue to steal sensitive information, which may aid in other attacks. Microsoft Internet Explorer versions 6.0 SP2 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/15660

• 05.49.2 - CVE: CVE-2005-4004
• Platform: Third Party Windows Apps
• Title: InfinetSoftware MyTemplateSite Cross-Site Scripting
• Description: MyTemplateSite is a sales solution application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "q" parameter of the "search.asp" script. InfinetSoftware MyTemplateSite version 1.2 is vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/mytemplatesite-xss-vuln.html

• 05.49.3 - CVE: CVE-2005-4003
• Platform: Third Party Windows Apps
• Title: Absolute Shopping Package Multiple Cross-Site Scripting Vulnerabilities
• Description: Absolute Shopping Package Solutions Shopping Cart is a web-based shopping cart. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "srch_product_name" parameter of "adv_search.asp" and the "b_search" parameter of "bsearch.asp". Absolute Shopping Package Solutions Shopping Cart Professional version 2.9d and Lite version 2.1 are vulnerable. Ref: http://pridels.blogspot.com/2005/12/asps-shopping-cart-professional-and.html

• 05.49.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: WinEggDropShell Multiple Remote Buffer Overflow Vulnerabilities
• Description: WinEggDropShell is a remote access trojan. It is affected by multiple remote buffer overflow vulnerabilities. These issues arise because the application fails to perform boundary checks prior to copying user-supplied data into process buffers. The issues affect the HTTP and FTP servers supplied with the application. WinEggDropShell version 1.7 is vulnerable, however, other versions are likely to be affected as well.
• Ref: http://www.securityfocus.com/bid/15682/exploit

• 05.49.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Real Networks RealPlayer Unspecified Remote Code Execution
• Description: Real Networks RealPlayer is affected by an unspecified code execution vulnerability. The cause of this issue is currently unknown. The potential impact of this issue allows for remote arbitrary code execution in the context of the user running the application. All current versions of RealPlayer for Microsoft Windows are vulnerable.
• Ref: http://www.securityfocus.com/bid/15691

• 05.49.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: XcPhotoAlbum Cross-Site Scripting
• Description: XcPhotoAlbum is a Web photo album application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "SearchFor" parameter of the "PASearch.asp" script. XcPhotoAlbum versions 1.0 and earlier are vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/xcphotoalbum-v1x-xss-vuln.html

• 05.49.7 - CVE: CAN-2005-2931
• Platform: Third Party Windows Apps
• Title: Ipswitch Collaboration Suite and IMail Server SMTPD Remote Format String
• Description: Ipswitch Collaboration Suite (ICS) is an application suite that includes IMail Server and IMail Anti-Virus. It is susceptible to a remote format string vulnerability due to insufficient sanitization of user-supplied input to a formatted printing function. Ipswitch Collaboration Suite version 2.0 1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15752

• 05.49.8 - CVE: CAN-2005-3191
• Platform: Linux
• Title: XPDF DCTStream Baseline Remote Heap Buffer Overflow
• Description: XPDF is an open source PDF viewer. It is reported prone to a remote buffer overflow vulnerability in the "CTStream::readBaselineSOF" function residing in the "xpdf/Stream.cc" file. This issue is reported to affect XPDF version 3.01. Applications using embedded XPDF code may be vulnerable to this issue as well.
• Ref: http://www.securityfocus.com/bid/15727

• 05.49.9 - CVE: CVE-2005-3985
• Platform: Linux
• Title: Astaro Security Linux ISAKMP IKE Traffic DOS
• Description: Astaro Security Linux is a suite of network security applications. It is vulnerable to a denial of service when handling malformed IKE packets during an exchange. Astaro Security Linux versions 6.101 and earlier are vulnerable.
• Ref: http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en

• 05.49.10 - CVE: CVE-2005-3670
• Platform: HP-UX
• Title: HP-UX Unspecified IPSec Unauthorized Remote Access
• Description: HP-UX is vulnerable to an unauthorized, unspecified remote access issue when running IPSec. See the advisory for further details. HP-UX versions B.11.00, B.11.11, and B.11.23 are vulnerable.
• Ref: http://www.securityfocus.com/advisories/9812

• 05.49.11 - CVE: CAN-2005-3191
• Platform: Unix
• Title: XPDF DCTStream Progressive Remote Heap Buffer Overflow
• Description: XPDF is an open source PDF viewer. It is prone to a remote buffer overflow vulnerability. It is reported that this issue presents itself in the "DCTStream::readProgressiveSOF" function residing in the "xpdf/Stream.cc" file. XPDF versions 3.0 pl3 and earlier are affected. Ref: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities&flashstatus=true

• 05.49.12 - CVE: Not Available
• Platform: Unix
• Title: Open Motif libUil Open_source_file Buffer Overflow
• Description: Open Motif is an open version of the Motif GUI toolkit. It is vulnerable to a buffer overflow issue due to improper use of the "strcpy" function. Successful exploitation may result in a remote compromise or local privilege escalation depending on the affected application linked to the library. Open Motif version 2.2.3 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15686/info

• 05.49.13 - CVE: CVE-2005-0490
• Platform: Unix
• Title: cURL / libcURL URL Parser Buffer Overflow
• Description: cURL is a utility for retrieving remote content from servers over a number of protocols. libcURL provides this functionality to applications, as a shared library. cURL and libcURL are prone to a buffer overflow vulnerability. The issues occur when the URL parser function handles an excessively long URL string and is caused by two separate errors. An attacker can exploit these issues to crash the affected library, effectively denying service.
• Ref: http://curl.haxx.se/docs/adv_20051207.html

• 05.49.14 - CVE: Not Available
• Platform: Cross Platform
• Title: Web4Future Affiliate Manager SQL Injection
• Description: Affiliate Manager PRO is a web-based sales referral application. It is vulnerable to an SQL injection due to insufficient sanitization of user-supplied input to the "pid" parameter of the "functions.php" script. Web4Future Affiliate Manager PRO version 4.1 is vulnerable.
• Ref: http://pridels.blogspot.com/2005...e-affiliate-manager-pro-sql.html

• 05.49.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Sobexsrv Dosyslog Remote Format String
• Description: sobexsrv is a Bluetooth OBEX server with Bluetooth Security Mode-2 support. It is vulnerable to a remote format string vulnerability due to a failure in the application to properly sanitize user-supplied input. Successful exploitation could allow arbitrary code execution in the context of the affected server application. sobexsrv version 1.0 .0-pre3 is vulnerable.
• Ref: http://www.digitalmunition.com/DMA%5B2005-1202a%5D.txt

• 05.49.16 - CVE: Not Available
• Platform: Cross Platform
• Title: MediaWiki User Language Remote Code Execution
• Description: MediaWiki is a Web log application. It is vulnerable to a remote code execution issue due to insufficient sanitization of user-supplied input to the "eval()" call. MediaWiki versions 1.5.2 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/15703

• 05.49.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Nodezilla Evl_Data Directory Unauthorized Access
• Description: Nodezilla is an experimental grid based p2p system. It is prone to an unauthorized access vulnerability due to a failure in the application to restrict access to sensitive files. Specifically, the application permits the "evl_data" directory to be shared. Nodezilla versions 0.4.12 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/15704/discuss

• 05.49.18 - CVE: CVE-2005-4001
• Platform: Cross Platform
• Title: PHPYellowTM Multiple SQL Injection Vulnerabilities
• Description: PhpYellowTM is a web-based yellow page directory. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "haystack" parameter of "search_result.php" and the "ckey" parameter of "print_me.php". PhpYellowTM Pro version 5.33 and Lite version 5.33 are vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/phpyellowtm-pro-edition-sql-inj-vuln.html

• 05.49.19 - CVE: CAN-2005-3193
• Platform: Cross Platform
• Title: XPDF Remote Heap Buffer Overflow
• Description: XPDF is an open source PDF viewer. It is vulnerable to a remote buffer overflow issue due to insufficient boundary check with the "JPXStream::readCodestream" function. XPDF versions 3.01 and earlier are vulnerable.
• Ref: http://rhn.redhat.com/errata/RHSA-2005-840.html

• 05.49.20 - CVE: CAN-2005-3192
• Platform: Cross Platform
• Title: XPDF StreamPredictor Remote Heap Buffer Overflow
• Description: XPDF is an open source PDF viewer. It is reported prone to a remote buffer overflow vulnerability due to improper boundary checks before copying user-supplied data into process buffers. It is reported that this issue presents itself in the "StreamPredictor::StreamPredictor" function residing in the "xpdf/Stream.cc" file. This issue is reported to affect XPDF versions 3.01-pl3 and earlier.
• Ref: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities

• 05.49.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Communications Services Delegated Default Admin Password Disclosure
• Description: Communications Services 6 Delegated Administrator 2005Q1 is part of the Java System Messaging Server 6 and provides a console and command line utility for provisioning Messaging Server users. It is prone to a vulnerability that can disclose the Top-Level Administrator (TLA) default password.
• Ref: http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102068-1

• 05.49.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Mr CGI Guy Software Multiple Search.CGI Cross-Site Scripting Vulnerabilities
• Description: Mr CGI Guy Software is a repository for various CGI Perl scripts. Many scripts are vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to an unspecified parameter of the "search.cgi" script. Mr. CGI Guy Software Warm Links version 1.0, Hot Links SQL version 3.1, Hot Links Pro version 3.0 and Amazon Search Directory version 1.0 are vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/amazon-search-directory-xss-vuln.html http://pridels.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html http://pridels.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html http://pridels.blogspot.com/2005/12/warm-links-xss-vuln.html

• 05.49.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Application Server Reverse SSL Proxy Vulnerability
• Description: Sun Java System Application Server is prone to a man in the middle issue due to a design error. An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic between a client and a server. Please refer the link below for a list of vulnerable software.
• Ref: http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1

• 05.49.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Quicktime/iTunes Unspecified Heap Overflow
• Description: An unspecified heap-based buffer overflow vulnerability has been reported in Apple Quicktime and iTunes. Successful exploitation of this issue could result in execution of arbitrary code in the context of the currently logged in user. Apple Quicktime version 7.0.3 and iTunes version 6.0.1 are vulnerable.
• Ref: http://www.security-protocols.com/modules.php?name=News&file=article&sid
  =3109

• 05.49.25 - CVE: CVE-2005-3974
• Platform: Cross Platform
• Title: Drupal View User Profile Authorization Bypass
• Description: Drupal is a content management system. It is vulnerable to an authorization bypass issue due to not correctly enforcing user privileges. Drupal versions 4.6.3 and earlier are vulnerable.
• Ref: http://drupal.org/node/39356

• 05.49.26 - CVE: CVE-2005-3991
• Platform: Cross Platform
• Title: PHPMyChat Multiple X-Site Scripting Vulnerabilities
• Description: PhpMyChat is a Web based chat application written in PHP. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "start_page.css.php" and "style.css.php" or the "From" parameter of "users_popupL.php" scripts. PhpMyChat version 0.14.6 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15679

• 05.49.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Open Motif libUil Diag_issue_diagnostic Buffer Overflow
• Description: Open Motif is an open version of the Motif GUI toolkit. A buffer overflow vulnerability affects libUil and can leave applications which link to the library vulnerable. The issue exists in the "diag_issue_diagnostic()" function and is caused due to the use of the "vsprintf()" libc procedure. Open Motif version 2.2.3 is affected.
• Ref: http://www.securityfocus.com/bid/15684/info

• 05.49.28 - CVE: CVE-2005-3977
• Platform: Cross Platform
• Title: QualityEBiz Quality PPC Search Cross-Site Scripting
• Description: QualityEBiz Quality PPC is a web-based revenue generation application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user supplied input to the "REQ" parameter of the search module. QualityEBiz Quality PPC version 1553 is vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/qualityppc-xss-vuln.html

• 05.49.29 - CVE: CVE-2005-3966
• Platform: Cross Platform
• Title: Java Search Engine Search.JSP X-Site Scripting
• Description: Java Search Engine is a server-side search engine. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "q" parameter of the "search.jsp" script. Java Search Engine version 0.9.34 is vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/jse-xss-vuln.html

• 05.49.30 - CVE: Not Available
• Platform: Cross Platform
• Title: FFmpeg LibAVCodec Heap Buffer Overflow
• Description: FFmpeg is a multimedia package. Libavcodec implements encoding and decoding for numerous multimedia codecs. It is vulnerable to a heap buffer overflow issue due to insufficient boundary checking with the "avcodec_default_get_buffer()" function. FFmpeg versions 0.4.9 -pre1 and earlier are vulnerable.
• Ref: http://mplayerhq.hu/pipermail/ffmpeg-devel/2005-November/005333.html

• 05.49.31 - CVE: CAN-2005-2923
• Platform: Cross Platform
• Title: Ipswitch Collaboration Suite and IMail Server Denial of Service
• Description: Ipswitch Collaboration Suite (ICS) is an application suite that includes IMail Server and IMail Anti-Virus. They are prone to a remote denial of service vulnerability due to improper handling of LIST command. Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch Collaboration Suite version 2.0 1 and Ipswitch IMail version 8.20 are vulnerable. Ref: http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities&flashstatus=true

• 05.49.32 - CVE: CVE-2005-2970
• Platform: Cross Platform
• Title: Apache MPM Worker.C Denial of Service
• Description: Apache web-server is prone to a memory leak due to a flaw in the "worker.c" file, causing a denial of service vulnerability. Apache versions earlier than 2.0.55 are vulnerable.
• Ref: http://www.apache.org/dist/httpd/Announcement2.0.html

• 05.49.33 - CVE: Not Available
• Platform: Web Application
• Title: Web4Future Portal Solutions Arhiva.PHP Directory Traversal
• Description: Web4Future Portal Solutions is a web-based news publication application. It is vulnerable to a directory traversal issue due to a lack of proper sanitization of user-supplied input. This issue may be leveraged to read arbitrary files on an affected computer with the privileges of the web server. All current versions are vulnerable.
• Ref: http://www.securityfocus.com/bid/15718/info

• 05.49.34 - CVE: Not Available
• Platform: Web Application
• Title: Edgewall Software Trac Search Module SQL Injection
• Description: Edgewall Software Trac is a wiki and bug tracking system. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "q" parameter of the search module before using it in an SQL query. Edgewall Software Trac versions 0.9.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/15720/exploit

• 05.49.35 - CVE: CVE-2005-4054, CVE-2005-4056, CVE-2005-4057
• Platform: Web Application
• Title: PluggedOut Nexus Search Script Input Validation Vulnerabilities
• Description: PluggedOut Nexus is a web-based community application. PluggedOut Nexus is prone to multiple input validation vulnerabilities. These issues could permit cross-site scripting and SQL injection attacks. PluggedOut Nexus version 0.1 is reported to be vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/pluggedout-nexus-sqlxss-vuln_06.html

• 05.49.36 - CVE: Not Available
• Platform: Web Application
• Title: Hobosworld HobSR Multiple SQL Injection Vulnerabilities
• Description: Hobosworld HobSR is a web-based application. It is prone to multiple SQL injection vulnerabilities. These issues are due to improper sanitization of user-supplied input to the "arrange", and "p" parameters of "view.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/15713/exploit

• 05.49.37 - CVE: CVE-2005-4019
• Platform: Web Application
• Title: Relative Real Estate Systems SQL Injection
• Description: Relative Real Estate Systems is a web-based real estate management application implemented in PHP. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "mls" parameter of the "index.php" script before using it in an SQL query. Relative Real Estate Systems version 1.2 is affected.
• Ref: http://pridels.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html

• 05.49.38 - CVE: Not Available
• Platform: Web Application
• Title: Web4Future eDating Professional Multiple SQL Injection Vulnerabilities
• Description: Web4Future eDating Professional is a web-based matchmaking application. It is prone to multiple SQL injection vulnerabilities caused by insufficient sanitization of user-supplied input to various scripts. Web4Future eDating Professional versions 5 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/15715

• 05.49.39 - CVE: Not Available
• Platform: Web Application
• Title: Blog System Multiple SQL Injection Vulnerabilities
• Description: Blog System is a web-based blog. Insufficient sanitization of the "cat" parameter in the "index.php" script and the "note" parameter in the "blog.php" script exposes the application to an SQL injection issue. NetArt Media Blog System version 1.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/418640

• 05.49.40 - CVE: Not Available
• Platform: Web Application
• Title: Web4Future Portal Solutions Comentarii.PHP SQL Injection
• Description: Web4Future Portal Solutions is a Web based news publication application. It is prone to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "comentarii.php" script before using it in an SQL query. An attacker could exploit this issue to compromise the application. All current versions of Portal Solutions are vulnerable.
• Ref: http://www.securityfocus.com/bid/15716/info

• 05.49.41 - CVE: Not Available
• Platform: Web Application
• Title: SAPID CMS Multiple Authentication Bypass Vulnerabilities
• Description: SAPID CMS is a content management application. It is prone to authentication bypass issues due to a failure in the application to perform any authentication on a user before granting access to the "insert_file.php", "insert_image.php", "insert_link.php", "insert_qcfile.php" and the "edit.php" scripts. Sapid CMS version 1.2.3 RC3 has been released to address this issue.
• Ref: http://sapid-club.com/en/viewtopic.php?p=586#586

• 05.49.42 - CVE: Not Available
• Platform: Web Application
• Title: Solupress News Search.ASP Cross-Site Scripting
• Description: Solupress News is a web-based news management application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "keywords" parameter of the "search.asp" script. Solupress News version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/15695/exploit

• 05.49.43 - CVE: CVE-2005-3999
• Platform: Web Application
• Title: SiteBeater MP3 Catalog Search.ASP Cross-Site Scripting
• Description: MP3 Catalog is a web-based music cataloging system implemented in ASP. MP3 Catalog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to "search.asp". MP3 Catalog version 2.0.3 is vulnerable. Ref: http://pridels.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html

• 05.49.44 - CVE: Not Available
• Platform: Web Application
• Title: Widget Press Widget Property Property.PHP SQL Injection
• Description: Widget Property is a web-based property management application. It is prone to an SQL injection vulnerability caused by insufficient sanitization of user-supplied input to various parameters of the "property.php" script. Widget Property version 1.1.19 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15701

• 05.49.45 - CVE: Not Available
• Platform: Web Application
• Title: Web4Future KeyWord Frequency Counter Cross-Site Scripting
• Description: Web4Future KeyWord Frequency Counter is a Perl program that counts word frequency on a specified web page. Insufficient sanitization of the "index.cgi" script exposes the application to a cross-site scripting issue. Web4Future KeyWord Frequency Counter version 1.0 is affected. Ref: http://pridels.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html

• 05.49.46 - CVE: Not Available
• Platform: Web Application
• Title: Web4Future eCommerce Enterprise Edition Multiple SQL Injection Vulnerabilities
• Description: Web4Future eCommerce Enterprise Edition is a web application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input to the "view.php" and "viewbrands.php" scripts. An attacker could exploit this issue to compromise the application. eCommerce Enterprise Edition versions 2.1 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/15707/info

• 05.49.47 - CVE: CVE-2005-4032
• Platform: Web Application
• Title: Easy Search System Search.cgi Cross-Site Scripting
• Description: Easy Search System is a web site indexing and searching script. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "q" parameter of the "search.cgi" script. Ref: http://pridels.blogspot.com/2005/12/easy-search-system-v11-xss-vuln.html

• 05.49.48 - CVE: Not Available
• Platform: Web Application
• Title: SiteBeater News Archive.ASP Cross-Site Scripting
• Description: SiteBeater News is a web-based news system. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "Keywords" parameter of the "Archive.asp" script. SiteBeater News version 4.0 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15697

• 05.49.49 - CVE: Not Available
• Platform: Web Application
• Title: PHP-Fusion Messages.PHP SQL Injection
• Description: PHP-Fusion is a content management system. Insufficient sanitization of the "search" and "sort" options of the "messages.php" exposes the application to an SQL injection issue. PHP-Fusion version 6.0.109 is affected.
• Ref: http://www.securityfocus.com/archive/1/418512

• 05.49.50 - CVE: Not Available
• Platform: Web Application
• Title: Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities
• Description: Alisveristr E-commerce is a web-based e-commerce application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input to the user login and administrator login pages. An attacker could exploit this issue to compromise the application. All current versions of Alisveristr E-commerce are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/418510

• 05.49.51 - CVE: Not Available
• Platform: Web Application
• Title: FileLister Definesearch.JSP Cross-Site Scripting
• Description: FileLister is a web-based file indexing tool written in JavaScript and Java. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "searchwhat" parameter of the "definesearch.jsp" script. FileLister version 0.51 is affected.
• Ref: http://pridels.blogspot.com/2005/12/filelister-sql-inj-vuln.html

• 05.49.52 - CVE: Not Available
• Platform: Web Application
• Title: SAMEDIA Landshop Multiple SQL Injection Vulnerabilities
• Description: SAMEDIA LandShop is a web-based tool for the marketing, sale or rent of any kind of real estate. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to various scripts. SAMEDIA LandShop version 0.6.3 is affected. Ref: http://pridels.blogspot.com/2005/12/landshop-real-estate-commerce-system.html

• 05.49.53 - CVE: Not Available
• Platform: Web Application
• Title: Quicksilver Forums SQL Injection
• Description: Quicksilver Forums is a Web forum application. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input from the "HTTP_USER_AGENT" variable before using it in an SQL query. Successful exploitation could result in a compromise of the application. Quicksilver Forums versions earlier than 1.1.5 are vulnerable to this issue. Ref: http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354

• 05.49.54 - CVE: Not Available
• Platform: Web Application
• Title: 1-Script 1-Search 1search.CGI Cross-Site Scripting
• Description: 1-Script 1-Search is a search engine script written in the CGI programming language. It is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://pridels.blogspot.com/2005/12/1-search-xss-vuln.html

• 05.49.55 - CVE: Not Available
• Platform: Web Application
• Title: DuWare DuPortalPro Password.ASP Cross-Site Scripting
• Description: DuPortalPro is a web portal application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "result" parameter of the "password.asp" script. DUware DUportal Pro version 3.4.3 is affected.
• Ref: http://www.securityfocus.com/bid/15731

• 05.49.56 - CVE: Not Available
• Platform: Web Application
• Title: Horde IMP Email Attachments HTML Injection
• Description: IMP is a set of PHP scripts designed to implement a web-based IMAP email interface. It is prone to an HTML injection issue due to a failure in the application to properly sanitize user-supplied input. Horde IMP versions 4.0.4 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/418734

• 05.49.57 - CVE: Not Available
• Platform: Web Application
• Title: Instant Photo Gallery Multiple SQL Injection Vulnerabilities
• Description: Instant Photo Gallery is a website authoring and gallery management system. It is prone to multiple SQL injection vulnerabilities. These issues are due to improper sanitization of user-supplied input to the "cat_id" parameter of the "portfolio.php" script, and the "cid" parameter of the "content.php" script before using it in an SQL query. Instant Photo Gallery version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/15659/exploit

• 05.49.58 - CVE: CVE-2005-3947
• Platform: Web Application
• Title: PHP Upload Center Index.PHP Directory Traversal
• Description: PHP Upload Center is prone to a directory traversal vulnerability. Input to the "filename" parameter of the "index.php" script is not properly sanitized. An attacker may make use of directory traversal strings "../" to retrieve files in the context of the affected web server process.
• Ref: http://www.securityfocus.com/bid/15621

• 05.49.59 - CVE: Not Available
• Platform: Web Application
• Title: Tradesoft CMS Multiple SQL Injection Vulnerabilities
• Description: Tradesoft CMS is a content management application. Insufficient sanitization of the "username", "email" and "password" fields exposes the application to multiple SQL injection issues. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/15661/info

• 05.49.60 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Image Upload HTML Injection
• Description: Drupal is an open-source content management system. It is vulnerable to an HTML injection issue due to a failure in the application to properly sanitize user-supplied input when allowing images to be uploaded from remote locations. An attacker could exploit this issue to run arbitrary code in the context of the web application. Please refer to the link below for a list of vulnerable versions.
• Ref: http://drupal.org/node/39355

• 05.49.61 - CVE: Not Available
• Platform: Web Application
• Title: Citrix Multiple Applications Login Form Cross-Site Scripting
• Description: Citrix MetaFrame is remote desktop management software. Insufficient sanitization of the "username" parameter in the "login" form exposes the application to a cross-site scripting issue. Please refer to the attached advisory for the complete list of afftected versions.
• Ref: http://www.securityfocus.com/bid/15664

• 05.49.62 - CVE: Not Available
• Platform: Web Application
• Title: Lore Article.PHP SQL Injection
• Description: Lore is a knowledgebase management application. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "id" parameter of the "article.php" script before using it in an SQL query. Lore version 1.5.4 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15665/exploit

• 05.49.63 - CVE: CVE-2005-3963
• Platform: Web Application
• Title: DotClear Session.PHP SQL Injection
• Description: DotClear is a Web log application written in PHP. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "dc_xd" cookie parameter utilized in "session.php", before using it in an SQL query. Dotclear versions 1.2.2 and 1.2.1 are reported to be affected.
• Ref: http://www.zone-h.fr/advisories/read/id=696

• 05.49.64 - CVE: Not Available
• Platform: Web Application
• Title: FastJar Archive Extraction Directory Traversal
• Description: Fastjar is prone to a directory traversal issue due to insufficient sanitization of the directory traversal strings. FastJar version 0.93 is affected.
• Ref: http://www.securityfocus.com/bid/15669/info

• 05.49.65 - CVE: Not Available
• Platform: Web Application
• Title: MXChange Multiple Unspecified Input Validation Vulnerabilities
• Description: MXChange is a web-based email exchange application. It is vulnerable to multiple unspecified input validation issues due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to steal cookie-based authentication credentials as well as perform other attacks. MXChange versions earlier than 0.2 .0-pre10-492 are vulnerable.
• Ref: http://www.securityfocus.com/bid/15672/info

• 05.49.66 - CVE: Not Available
• Platform: Web Application
• Title: WebCalendar Layers_Toggle.PHP HTTP Response Splitting
• Description: WebCalendar is a web-based calendar. It is affetced by a HTTP response splitting issue due to a failure in the application to sanitize the "ret" parameter of the "layers_toggle.php" script. WebCalendar version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/418286

• 05.49.67 - CVE: Not Available
• Platform: Web Application
• Title: WebCalendar Multiple SQL Injection Vulnerabilities
• Description: WebCalendar is a Web based calendar application. WebCalendar is prone to multiple SQL injection vulnerabilities. These issues are due to improper sanitization of user-supplied input before being used in an SQL query. The "startid" parameter of the "activity_log.php" script and HTTP POST operations to the "edit_report_handler.php" script are not properly sanitized, and allow an attacker to inject malicious code into the application. WebCalendar version 1.0.1. is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/15662/exploit

• 05.49.68 - CVE: CVE-2005-4065
• Platform: Web Application
• Title: Edgewall Software Trac Ticket Query Module SQL Injection
• Description: Trac is a wiki and bug tracking system implemented in PHP. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "group" parameter of the "ticket query module" before using it in an SQL query.
• Ref: http://projects.edgewall.com/trac/wiki/ChangeLog

• 05.49.69 - CVE: Not Available
• Platform: Web Application
• Title: Extreme Corporate Extremesearch.PHP Cross-Site Scripting
• Description: Extreme Search Corporate Edition is a pay per click search engine application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "search" parameter of the "extremesearch.php" script. Extreme Search Corporate Edition versions 6.0 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/15675

• 05.49.70 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Submitted Content HTML Injection
• Description: Drupal is a content management system. It is prone to an HTML injection issue due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Drupal versions 4.6.3 and earlier are vulnerable.
• Ref: http://drupal.org/node/39353

• 05.49.71 - CVE: Not Available
• Platform: Web Application
• Title: PHPX Admin Login.PHP SQL Injection
• Description: PHPX is a web-based content management system. Insufficient sanitization of the "username" parameter of the "admin/login.php" script exposes the application to an SQL injection issue. Please check the attached advisory for a list of affected versions.
• Ref: http://rgod.altervista.org/phpx_359_xpl.html

• 05.49.72 - CVE: CVE-2005-3978
• Platform: Web Application
• Title: NetClassifieds Products Multiple SQL Injection Vulnerabilities
• Description: NetClassifieds is a classified ad application written in PHP. It is prone to multiple SQL injection vulnerabilities. Please visit the attached reference for the list of vulnerable versions. Ref: http://pridels.blogspot.com/2005/12/netclassifieds-all-versions-sql-inj.html

• 05.49.73 - CVE: Not Available
• Platform: Web Application
• Title: DUware Multiple Software SQL Injection
• Description: Multiple DUware applications are prone to an SQL injection vulnerability. This issue is due to insufficient sanitization of user-supplied input to the "iType" parameter of the "type.asp" script. Visit the referenced link for a list of vulnerable applications and their versions.
• Ref: http://www.securityfocus.com/bid/15681

• 05.49.74 - CVE: Not Available
• Platform: Web Application
• Title: Atlassian Confluence Search Cross-Site Scripting
• Description: Atlassian Confluence is a collaboration and knowledge management application. It is prone to a cross-site scripting vulnerability due to a failure insufficient sanitization of user-supplied input to the "searchQuery" parameter of the application's search module. Atlassian Confluence versions 2.0.1-build 321 and 1.4 are affected. Ref: http://pridels.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html

• 05.49.75 - CVE: CVE-2005-3996
• Platform: Web Application
• Title: Zen Cart Password_Forgotten.PHP SQL Injection
• Description: Zen Cart is a freely available web-based shopping cart application. It is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "admin_email" parameter of the "admin/password_forgotten.php" script before using it in an SQL query. Zen Cart version 1.2.6d is affected.
• Ref: http://rgod.altervista.org/zencart_126d_xpl.html

• 05.49.76 - CVE: Not Available
• Platform: Web Application
• Title: IISWorks ASPKnowledgeBase KB.ASP Cross-Site Scripting
• Description: IISWorks ASPKnowledgeBase is a knowledge sharing application. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "kb.asp" script. An attacker could exploit this issue to steal cookie-based authentication credentials as well as perform other attacks. ASPKnowledgeBase versions 2.0 and earlier are vulnerable. Ref: http://pridels.blogspot.com/2005/12/iisworks-asp-knowledgebase-2x-xss-vuln.html

• 05.49.77 - CVE: CVE-2005-3665
• Platform: Web Application
• Title: PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
• Description: PHPMyAdmin is a freely available tool that provides a web interface for handling MySQL administrative tasks. It is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. Specifically, user-supplied data to the "HTTP_HOST" variable and some unspecified scripts in the "libraries" directory is not properly sanitized. PHPMyAdmin versions 2.7.0-beta1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/15735/discuss

• 05.49.78 - CVE: Not Available
• Platform: Web Application
• Title: PHPForumPro Multiple SQL Injection Vulnerabilities
• Description: PHPForumPro is Web forum software. PHPForumPro is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to the "parent" and "day" parameters of "index.php" before using it in an SQL query. PHPForumPro version 2.2 is affected.
• Ref: http://www.securityfocus.com/bid/15736/discuss

• 05.49.79 - CVE: Not Available
• Platform: Web Application
• Title: DoceboLMS Connector.PHP Directory Traversal
• Description: DoceboLMS is an e-learning application implemented in PHP. It is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "Type" parameter of "connector.php". DoceboLMS version 2.0.4 is affected.
• Ref: http://rgod.altervista.org/docebo204_xpl.html

• 05.49.80 - CVE: Not Available
• Platform: Web Application
• Title: DoceboLMS Arbitrary File Upload
• Description: DoceboLMS is an e-learning application. It is prone to an arbitrary file upload vulnerability as a result of insufficient sanitization of user-supplied input to the "CurrentFolder" parameter of "connector.php" script. DoceboLMS version 2.0.4 is vulnerable.
• Ref: http://www.securityfocus.com/bid/15744

• 05.49.81 - CVE: Not Available
• Platform: Web Application
• Title: A-FAQ Multiple SQL Injection Vulnerabilities
• Description: A-FAQ is a question and answer database application. Insufficient sanitization of the "faqid" parameter in the "faqDspItem.asp" script and the "catcode" parameter of the "faqDsp.asp" script exposes the application to multiple SQL injection issues. A-FAQ versions 1.0 and earlier are affected.
• Ref: http://pridels.blogspot.com/2005/12/faq-sql-inj-vuln.html

• 05.49.82 - CVE: Not Available
• Platform: Web Application
• Title: NetauctionHelp Multiple Cross-Site Scripting Vulnerabilities
• Description: NetAuctionHelp is a web-based auction application. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the "search.asp" script. An attacker may leverage these issues to steal cookie-based authentication credentials as well as perform other attacks. NetAuctionHelp Versions 3.0 and earlier are vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html

• 05.49.83 - CVE: Not Available
• Platform: Web Application
• Title: XcClassified CPSearch.ASP Cross-Site Scripting
• Description: XcClassified is a classified advertising application. It is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "SearchFor" parameter of the "CPSearch.asp" script. XcClassified versions 3.x and prior are vulnerable; other versions may also be affected.
• Ref: http://pridels.blogspot.com/2005/12/xcclassified-v3x-xss-vuln.html

• 05.49.84 - CVE: Not Available
• Platform: Web Application
• Title: RWAuction Pro Search.ASP Cross-Site Scripting
• Description: RWAuction Pro is a knowledge sharing application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "searchtxt" parameter of the "search.asp" script. RWAuction version 4.0 is vulnerable; prior versions may also be affected.
• Ref: http://www.securityfocus.com/bid/15740/exploit

• 05.49.85 - CVE: CVE-2005-4054, CVE-2005-4056
• Platform: Web Application
• Title: PluggedOut Blog Index.PHP Multiple SQL Injection Vulnerabilities
• Description: PluggedOut Blog is a web log application written in PHP. It is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input to the "categoryid", "entryid", "year", "month" and "day" parameters of "index.php".
• Ref: http://pridels.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html

• 05.49.86 - CVE: Not Available
• Platform: Web Application
• Title: Cars Portal Index.PHP Multiple SQL Injection Vulnerabilities
• Description: Cars Portal is an automobile classifieds portal application. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to the "page" and "car" parameters of the "index.php" script. Cars Portal versions 1.1 and earlier are vulnerable.
• Ref: http://pridels.blogspot.com/2005/12/cars-portal-v1x-sql-injection.html

• 05.49.87 - CVE: Not Available
• Platform: Web Application
• Title: e107 Website System Voting Manipulation
• Description: e107 website System is a web-based content management system. It is affeceted by a vote manipulation issue due to a failure in "rate.php" to properly verify if a user has already voted. e107 website system versions 0.6172 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/418577

• 05.49.88 - CVE: Not Available
• Platform: Web Application
• Title: SugarCRM Sugar Suite Remote and Local File Include Vulnerabilities
• Description: SugarCRM Sugar Suite includes Sugar Enterprise, Sugar Professional, and Sugar Open Source CRM applications. These applications are affected by remote and local file include vulnerabilities due to insufficient sanitization of user-supplied data. The "beanFiles[1]" parameter of the "acceptDecline.php" script can facilitate remote and local file include attacks. Sugar Suite versions 4.0 beta and 3.5 are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/15760/exploit

• 05.49.89 - CVE: Not Available
• Platform: Web Application
• Title: PHPMyAdmin Import_Blacklist Variable Overwrite
• Description: phpMyAdmin is a web interface tool for handling MySQL administrative tasks. It is prone to a vulnerability that permits an attacker to overwrite the certain global variable. An attacker may be able to exploit this issue to include arbitrary remote and local files. Please refer to the link below for a list of vulnerable versions.
• Ref: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

• 05.49.90 - CVE: Not Available
• Platform: Web Application
• Title: SimpleBBS Remote Arbitrary Command Execution
• Description: SimpleBBS is a web-based bulletin board system application. It is prone to an arbitrary command execution vulnerability due to improper sanitization of user-supplied input to the "name" parameter of "index.php". SimpleBBS versions 1.1 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/418838

• 05.49.91 - CVE: Not Available
• Platform: Network Device
• Title: MultiTech MultiVoIP INVITE Remote Buffer Overflow
• Description: MultiVoIP is a line of voice over IP devices that integrates voice and fax into an existing data network. It is affected by a remote buffer overflow issue when a string greater than 60 bytes is provided in the INVITE packet of the SIP packet. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/15711

• 05.49.92 - CVE: Not Available
• Platform: Network Device
• Title: Avaya TN2602AP IP Media Resource 320 Remote Denial of Service
• Description: Avaya TN2602AP IP Media Resource 320 is a device that provides VoIP protocol audio access to the switch. It is prone to a remote denial of service vulnerability because the application fails to handle exceptional conditions in a proper manner. Avaya TN2602AP IP Media Resource 320 versions prior to vintage 9 firmware are vulnerable to this issue.
• Ref: http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf

• 05.49.93 - CVE: Not Available
• Platform: Network Device
• Title: Check Point VPN-1 SecureClient Policy Bypass
• Description: Check Point VPN-1 SecureClient is a VPN client application. It is affected by a policy bypass issue due to a failure of the application to securely implement remote administrator-provided policies on affected computers. Please check the attached advisory for a list of affected versions.
• Ref: http://www.securityfocus.com/bid/15757/info

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.