Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 51
December 22, 2005

SANS Newsletters Home

One hundred and thirty nine more vulnerabilities found this week. Someone wrote asking whether the big numbers reflect worse programming or more people looking for them. Both, probably. But the main people who should feel bad are the department chairs of computer science departments who believe that secure programming isn't worth putting into the core curriculum.

Security vendors Symantec and TrendMicro had particularly bad vulnerabilities this week.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Microsoft Office
    • 1
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 13 (#3)
    • Linux 1
    • HP-UX 1
    • Unix
    • 2
    • Cross Platform
    • 31 (#1, #2)
    • Web Application
    • 83

************** SPONSORED BY THE SCADA SECURITY SUMMIT *******************

Registration just opened: http://www.sans.org/scadasummit06/ Every utility and process manufacturing organization should have a team at the Summit. Teams are coming from several countries. One large manufacturer is sending a team of 20 engineers and security people. Sessions on new technologies that are just being proven, measuring SCADA security, the actual threat, and the future of process control security.

http://www.sans.org/scadasummit06/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Unix
Cross Platform
Web Application
Network Device

*************************** SPONSORED LINKS *****************************

1) Come to SANS 2006 (Orlando in February) 16 major tracks, 12 special courses, a large exposition. And great networking opportunities: http://www.sans.org /sans2006"> http://www.sans.org /sans2006

2) Earn your Master of Science in Information Security Engineering at SANS.EDU - preparing the Top Guns to fight the next phase of cyber crime. http://www.sans.org

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Symantec AntiVirus Products RAR Handling Buffer Overflow
  • Affected:
    • Symantec Norton, Gateway Security, Client Security, Brightmail and
    • Corporate Antivirus product lines Third-party products using version
    • 3.2.14.3 or prior of the "Dec2Rar.DLL" library

  • Description: Symantec anti-virus products contain multiple heap-based buffer overflows in the "Dec2Rar.DLL" library that is responsible for scanning RAR archives to detect viruses. The overflows can be triggered by RAR archives with specially crafted "sub-block" headers, and exploited to execute arbitrary code. The technical details including a disassembler output has been publicly posted. Note that for compromising gateway and server products sending a malicious email is sufficient i.e. no user-interaction is required.

  • Status: Symantec is working on getting the patches ready. A workaround, in the meanwhile, is to disable RAR processing on the anti-virus products. Such a configuration, however, will also let RAR-compressed viruses go undetected.

  • Council Site Actions: All reporting council sites are awaiting confirmation from the vendor. Some sites have notified their system support group of the issue. One site commented that if a patch is not release before an exploit, they will disable RAR scanning.

  • References:
Other Software
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4741 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.51.1 - CVE: CVE-2005-4131
  • Platform: Microsoft Office
  • Title: Excel Unspecified Memory Corruption
  • Description: Microsoft Excel is vulnerable to two unspecified memory corruption vulnerabilities when the application attempts to process malformed or corrupted XLS files. All versions of Microsoft Excel are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15926/info
  • 05.51.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Information Server 5.1 DLL Request Denial of Service
  • Description: Microsoft Internet Information Server 5.1 is affected by a denial of service condition which occurs when several requests are received for a DLL within a virtual directory causing the "inetinfo.exe" process to crash.
  • Ref: http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
  • 05.51.3 - CVE: CVE-2005-4290
  • Platform: Third Party Windows Apps
  • Title: ECW-Cart Multiple Cross-Site Scripting Vulnerabilities
  • Description: ECW-Cart is a web shopping cart application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "kword", "max", "min", "comp" and "f" parameters of the "index.cgi" script. Soft4e ECW-Cart version 2.0.3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ecw-cart-xss-vuln.html
  • 05.51.4 - CVE: CVE-2005-1928
  • Platform: Third Party Windows Apps
  • Title: Trend Micro ServerProtect EarthAgent Daemon Denial of Service
  • Description: Trend Micro ServerProtect is an antivirus scanner. The EarthAgent Daemon is vulnerable to a denial of service issue when receiving a crafted packet on TCP port 5005. Trend Micro ServerProtect version 5.58 with Control Manager 2.5 or 3.0 and Damage Cleanup Server 1.1 is vulnerable. Ref: http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt
  • 05.51.5 - CVE: CVE-2005-1930
  • Platform: Third Party Windows Apps
  • Title: ServerProtect RPTServer.ASP Directory Traversal
  • Description: Trend Micro Server Protect Management Console is vulnerable to a directory traversal issue in the Crystal Report component due to insufficient sanitization of user-supplied input to the "IMAGE" parameter of the "rptserver.asp" script. Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1 is vulnerable. Ref: http://www.idefense.com/application/poi/display?id=352&type=vulnerabilities&flashstatus=true
  • 05.51.6 - CVE: CVE-2005-1929
  • Platform: Third Party Windows Apps
  • Title: Trend Micro ServerProtect Relay Heap Overflow
  • Description: Trend Micro ServerProtect is an antivirus scanner for servers that also offers a Windows-based administration console. A remotely exploitable heap-based buffer overflow vulnerability is present in the Trend Micro ServerProtect "relay.dll" component in the Management Console. This vulnerability may be triggered by an excessive HTTP POST request to the component that specifies a length value that will cause an integer wrap. Arbitrary code execution would occur in the context of the underlying Web server. This issue is reported to affect ServerProtect 5.58 for Windows running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1.
  • Ref: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=354
  • 05.51.7 - CVE: CVE-2005-4270
  • Platform: Third Party Windows Apps
  • Title: Watchfire AppScan QA Remote Buffer Overflow
  • Description: Watchfire AppScan QA is a security testing suite. It is vulnerable to a buffer overflow issue due to insufficient handling of a malformed HTTP 401 response with a WWW-Authenticate header containing a long Realm field. Watchfire AppScan QA versions 5.0.609 Subscription 7 and 5.0.134 are vulnerable.
  • Ref: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_AppScanQA_RemoteCodeExec.pdf
  • 05.51.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Acidcat CMS Multiple Input Validation Vulnerabilities
  • Description: Acidcat CMS is a content management application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "ID" parameter of the "main_content.asp" and "default.asp" scripts. Acidcat CMS versions 2.1.13 and earlier are vulnerable.
  • Ref: http://hamid.ir/security/acidcat.txt
  • 05.51.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pegasus Mail Multiple Code Execution Vulnerabilities
  • Description: Pegasus Mail is an email client application. It is vulnerable to multiple remote code execution issues due to insufficient boundry checking when handling a malformed POP3 reply. Pegasus Mail versions4.21c and 4.30PB1 are vulnerable.
  • Ref: http://secunia.com/advisories/17992/
  • 05.51.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Floosietek FTGate Multiple Remote Vulnerabilities
  • Description: FTGate is a family of email server software. Floosietek FTGate is prone to multiple remote vulnerabilities. These issues are identified as buffer overflow, format string, and cross-site scripting vulnerabilities. FTGate 4.4 (build 4.4.000) is vulnerable to these issues; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/15972/exploit
  • 05.51.12 - CVE: CVE-2005-3657
  • Platform: Third Party Windows Apps
  • Title: McAfee VirusScan Security Center ActiveX Control Arbitrary File Overwrite
  • Description: McAfee VirusScan is a commercially available virus scanning product for the Microsoft Windows platform. Security Center is a component that combines various security protection applications. It ships with McAfee VirusScan. McAfee VirusScan Security Center is prone to an arbitrary file overwrite vulnerability. This issue arises due to an access validation error. The application ships with an ActiveX control that does not properly restrict access and the control may be loaded in arbitrary domains. Successful exploitation can lead to various attacks including potential arbitrary code execution and remote unauthorized access.
  • Ref: http://www.securityfocus.com/archive/1/419896
  • 05.51.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable Multiple IMAP Remote Buffer Overflow Vulnerabilities
  • Description: MailEnable is prone to multiple remote IMAP service buffer overflow issues due to insufficient bounds checking in the "LIST", "LSUB" and "UUID" commands. MailEnable Professional version 1.7 and MailEnable Enterprise version 1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/15985
  • 05.51.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ASPBite Index.ASP Cross-Site Scripting
  • Description: ASPBite is a content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "strSearch" parameter of the "index.asp" script. ASPBite version 8.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15991/info
  • 05.51.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avaya Modular Messaging POP3 Remote Denial of Service
  • Description: Avaya Modular Messaging is an application server. It includes the Avaya Message Storage Server (MSS) POP3 service as well. This is prone to a remote denial of service vulnerability. An attacker can send specially crafted packets to the service to trigger an infinite loop that eventually leads to a crash or hang. Avaya Modular Messaging 2.0 SP4 and prior versions are vulnerable.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2005-235.pdf
  • 05.51.16 - CVE: Not Available
  • Platform: Linux
  • Title: Info-ZIP UnZip File Name Buffer Overflow
  • Description: Info-ZIP unzip is a decompression utility. It is vulnerable to a filename buffer overflow issue due to insufficient sanitization of user-supplied input to the command line of the filename argument. Info-ZIP UnZip versions 5.52 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15968
  • 05.51.17 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX WBEM Services Denial of Service
  • Description: HP-UX systems running web-based Enterprise Management services are vulnerable to an unspecified denial of service issue which is remotely exploitable. See advisory for further details.
  • Ref: http://www.securityfocus.com/advisories/9896
  • 05.51.18 - CVE: CVE-2005-4300
  • Platform: Unix
  • Title: Libremail Pop.c Remote Format String
  • Description: Libremail is a set of command line mail tools for UNIX and Linux platforms. It is susceptible to a remote format string vulnerability. An attacker must entice a user to connect to a malicious POP server to carry out a successful attack. Libremail 1.1.0 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/15906
  • 05.51.19 - CVE: CVE-2005-4178
  • Platform: Unix
  • Title: Dropbear SSH Server Remote Buffer Overflow
  • Description: Dropbear SSH Server is a secure shell server designed to run with low resource requirements. Dropbear SSH Server is prone to a remote buffer overflow vulnerability. This issue occurs because the application fails to perform boundary checks prior to copying user-supplied data into finite-sized process buffers. A successful attack may facilitate arbitrary code execution. Exploitation of this vulnerability may allow an attacker to gain superuser access to the computer. Dropbear SSH Server versions prior to 0.47 are affected.
  • Ref: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html
  • 05.51.20 - CVE: CVE-2005-4297
  • Platform: Cross Platform
  • Title: BBBoard V2 Cross-Site Scripting
  • Description: BBBoard v2 is a customizable web forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the search module parameters of the application. BBBoard v2 versions 2.56 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/bbboard-v2-xss-vuln.html
  • 05.51.21 - CVE: CVE-2005-4284
  • Platform: Cross Platform
  • Title: StaticStore Search.CGI Cross-Site Scripting
  • Description: StaticStore is an e-commerce application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "keywords" parameter of the "search.cgi" script. StaticStore versions 1.189A and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html
  • 05.51.22 - CVE: CVE-2005-4285
  • Platform: Cross Platform
  • Title: Dick Copits PDEstore Multiple Cross-Site Scripting Vulnerabilities
  • Description: Dick Copits PDEstore is a web store front application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "product" and "cart_id" parameters of the "pdestore.cgi" script. Dick Copits PDEstore versions 1.8 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/pdestore-xss-vuln.html
  • 05.51.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Macromedia Cold Fusion MX Multiple Vulnerabilities
  • Description: ColdFusion MX is an application server. Macromedia ColdFusion MX is affected by multiple vulnerabilities. A security vulnerabilty related to the JRun clustered sandbox affects versions 6.0, 6.1, 6.1 with JRun and 7.0. An input validation vulnerability affects versions 6.0, 6.1, 6.1 with JRun and 7.0. A security vulnerability related to the CFOBJECT tag and CreateObject function sandbox security setting affects ColdFusion MX version 7.0. A security vulnerability that could expose the ColdFusion Administrator password hash to unauthorized parties affects ColdFusion MX version 7.0.
  • Ref: http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
  • 05.51.24 - CVE: CVE-2005-4342, CVE-2005-4343, CVE-2005-4344,CVE-2005-4345
  • Platform: Cross Platform
  • Title: Macromedia JRun Multiple Vulnerabilities
  • Description: Macromedia JRun is a J2EE application server that is available for Microsoft Windows, Unix, and Linux variants. Macromedia JRun is affected by multiple security vulnerabilities that let remote users gain unauthorized access to Web application source code. This could potentially expose sensitive information embedded in application source code that may be useful to the attacker. Also, a denial of service vulnerability in the JRun Web Server component.
  • Ref: http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html
  • 05.51.25 - CVE: CVE-2005-4310
  • Platform: Cross Platform
  • Title: SSH Tectia Server Host Authentication Authorization Bypass
  • Description: SSH Tectia Server is a commercial implementation of the SSH protocol. SSH Tectia Server is susceptible to an authorization bypass vulnerability. This issue is due to an unspecified flaw in the server's authorization routines when the server is configured to exclusively utilize host-based authentication. SSH Tectia Server version 5.0.0 is vulnerable.
  • Ref: http://www.ssh.com/documents/33/SSH_Tectia_Server_5.0.1_releasenotes.txt
  • 05.51.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Envolution Multiple Input Validation Vulnerabilities
  • Description: Envolution is a framework to build ERP/CRM/CMS solutions. It is affected by multiple SQL injection and cross-site scripting issues due to insufficient sanitization of user-supplied input. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/15857
  • 05.51.27 - CVE: CVE-2005-4255
  • Platform: Cross Platform
  • Title: WikkaWiki TextSearch.PHP Cross-Site Scripting
  • Description: WikkaWiki is a wiki Web forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "phrase" parameter of the "TextSearch.php" page. WikkaWiki version 1.1.6.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/wikkawiki-xss-vuln.html
  • 05.51.28 - CVE: CVE-2005-1929
  • Platform: Cross Platform
  • Title: Trend Micro ServerProtect ISANVWRequest Heap Overflow
  • Description: Trend Micro ServerProtect is an antivirus scanner for servers. A remotely exploitable heap-based buffer overflow vulnerability is present in the Trend Micro ServerProtect "isaNVWRequest.dll" ISAPI component of the Management Console. Trend Micro ServerProtect version 5.58 for Windows running with Trend Micro Control Manager version 2.5/3.0 and Trend Micro Damage Cleanup Server version 1.1 is affected. Other versions and platforms may be affected as well.
  • Ref: http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities
  • 05.51.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TML CMS Multiple Input Validation Vulnerabilities
  • Description: TML CMS is a content management application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "id" or "form" parameter of the "index.php" script. TML CMS version 0.5 is vulnerable.
  • Ref: http://packetstormsecurity.org/0512-exploits/ztml.txt
  • 05.51.30 - CVE: CVE-2005-3652
  • Platform: Cross Platform
  • Title: Citrix Program Neighborhood Application Enumeration Buffer Overflow
  • Description: Citrix Program Neighborhood is a client for connecting to various Citrix server products. It fails to properly bounds check the application names returned from the server causing a buffer overflow condition. Citrix Program Neighborhood versions 9.1 and earlier are affected.
  • Ref: http://support.citrix.com/article/CTX108354
  • 05.51.31 - CVE: CVE-2005-4333
  • Platform: Cross Platform
  • Title: Binary Board System Multiple Cross-Site Scripting Vulnerabilities
  • Description: Binary board system is a web-based bulletin board application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to such parameters as the "branch", "board" and "user". Binary board system versions 0.2.5 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/bbboard-v2-xss-vuln.html
  • 05.51.32 - CVE: CVE-2005-4308
  • Platform: Cross Platform
  • Title: EZUpload Remote File Include Vulnerability
  • Description: EZUpload is an application that uploads files. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "mode" parameter of the "index.php" script. EZUpload version 2.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html
  • 05.51.33 - CVE: CVE-2005-4330
  • Platform: Cross Platform
  • Title: iHTML Merchant Mall SQL Injection
  • Description: iHTML Merchant Mall is a web-based application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id", "step", and "store" parameters of the "browse.ihtml". iHTML Merchant Mall is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html
  • 05.51.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Round Cube Webmail Path Disclosure
  • Description: Round Cube is a web-based IMAP client that is implemented in PHP and MySQL. Round Cube will reportedly reveal its installation path in an error message output to the client. Round Cube Webmail version 0.1 -20051021 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/419706
  • 05.51.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Sample Scripts Multiple HTML Injection Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise Web applications. IBM WebSphere Application Server sample scripts are prone to multiple HTML injection vulnerabilities. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials.
  • Ref: http://www.packetstormsecurity.org/0512-exploits/ibm_css.txt
  • 05.51.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CONTENS Near Parameter Cross-Site Scripting
  • Description: CONTENS is a web-based content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "near" parameter of the "search.cfm" script. CONTENS version 3.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/contens-searchcfm-multiple-input.html
  • 05.51.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EPiX Search Module Cross-Site Scripting
  • Description: EPiX is a content management applicaiton. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the search module. EPiX version 3.1.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/epix-search-query-xss-vuln.html
  • 05.51.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MMBase Search Module Cross-Site Scripting
  • Description: MMBase is a web content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "search" module. MMBase versions 1.7.4 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/mmbase-xss-vuln.html
  • 05.51.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Antivirus Library RAR Decompression Heap Overflow
  • Description: The Symantec antivirus library is vulnerable to multiple heap-based buffer overflow issues that could be exploited to compromise computers running applications that utilize the affected library. Please refer to the link below for a list of vulnerable systems.
  • Ref: http://www.securityfocus.com/bid/15971/info
  • 05.51.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Netpublish Server Server.NP Directory Traversal
  • Description: Extensis Portfolio NetPublish Server is a database-driven file cataloging applicaiton. It is vulnerable to a directory traversal issue due to insufficient sanitization of user-supplied input to the "template" parameter of the "server.np" script. Extensis Portfolio NetPublish Server version 7 is vulnerable.
  • Ref: http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201
  • 05.51.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP-UX Software Distributor Unspecified Remote Unauthorized Access
  • Description: HP-UX Software Distributor (SD) is prone to an unspecified remote unauthorized access vulnerability. The cause of this issue is not specified. HP-UX version B.11.11 is affected.
  • Ref: http://www.securityfocus.com/advisories/9900
  • 05.51.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Clearswift MIMEsweeper For Web Executable File Bypass
  • Description: Clearswift MIMEsweeper For web is a security product deployed on gateway systems. It is vulnerable to a file bypass issue due to a design error which fails to filter executable files that are named without the ".exe" file extension. All current versions of Clearswift MIMEsweeper For Web are considered to be vulnerable at the moment.
  • Ref: http://www.securityfocus.com/archive/1/419904
  • 05.51.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Blender Buffer Overflow
  • Description: Blender is a 3D-modeling application. It is vulnerable to a buffer overflow issue due to insufficient sanitization of user-supplied input to the ".blend" file. Blender versions 2.40 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/419907
  • 05.51.44 - CVE: CVE-2005-4267
  • Platform: Cross Platform
  • Title: Qualcomm WorldMail IMAPD Buffer Overflow
  • Description: WorldMail is mail server software for the Microsoft Windows platform. The IMAPd service is a daemon process for accepting and handling IMAP requests. WorldMail IMAPd service is prone to a remote buffer overflow vulnerability. This issue occurs when multiple instances of the "}" character follows the following IMAP commands: LIST, LSUB, SEARCH TEXT, STATUS INBOX, AUTHENTICATE, FETCH, SELECT and COPY; other commands may also be affected. This issue is reported to affect IMAPd service version 6.1.19.0 of WorldMail 3.0; other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15980/exploit
  • 05.51.45 - CVE: CVE-2005-4348
  • Platform: Cross Platform
  • Title: Fetchmail Missing Email Header Remote Denial of Service
  • Description: Fetchmail is a mail retrieval utility. It is vulnerable to a remote denial of service issue due to insufficient handling of unexpected input when retrieving an email message without headers. Fetchmail versions 6.2.5.4 and 6.3.0 are vulnerable.
  • Ref: http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt
  • 05.51.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AbleDesign ReSearch Search Cross-Site Scripting
  • Description: AbleDesign ReSearch is a search application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to unspecified parameters when performing a search. AbleDesign version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15988/info
  • 05.51.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LiveJournal Cleanhtml.PL HTML Injection
  • Description: LiveJournal is an online journal application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to HTML attributes of the "cleanhtml.pl" script. All versions of LiveJournal are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15990/info
  • 05.51.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Fortinet Products IKE Exchange Denial of Service Vulnerabilities
  • Description: Fortinet FortiGate, FortiManager, and FortiClient products are commercial network security products. They are prone to denial of service vulnerabilities due to security flaws in Fortinet's IPSec implementation. FortiOS versions 3.0 and earlier, FortiManager versions 3.0 and earlier, and FortiClient version 2.0 are affected.
  • Ref: http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
  • 05.51.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMWare Remote Arbitrary Code Execution
  • Description: VMWare is virtualization software that allows multiple virtual machines to run on a single computer. It is affected by a code execution issue which arises in "vmnat.exe" on Windows and "vmnet-natd" on Linux when a malicious guest is using a NAT networking configuration. An attacker can exploit this issue by issuing specially crafted FTP "EPRT" and "PORT" commands. VMWare Workstation, VMWare GSX Server, VMWare ACE, and VMWare Player are affected. Please see attached link for a list of vulnerable versions.
  • Ref: http://www.securityfocus.com/bid/15998/info
  • 05.51.50 - CVE: CVE-2005-2423
  • Platform: Cross Platform
  • Title: Beehive Forum Multiple HTML Injection Vulnerabilities
  • Description: Beehive Forum is a web-based forum application. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input to parameters such as "Name", "Description", and "Comment" fields of the "links.php" and "links_add.php" scripts. Beehive Forum version 0.6.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16002/info
  • 05.51.51 - CVE: Not Available
  • Platform: Web Application
  • Title: CommerceSQL Search Module Cross-Site Scripting
  • Description: CommerceSQL is web shopping cart software. It is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "search" module. CommerceSQL version 1.0 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/commercesql-xss-vuln.html
  • 05.51.52 - CVE: CVE-2005-4313, CVE-2005-4312
  • Platform: Web Application
  • Title: AlmondSoft Almond Classifieds SQL Injection
  • Description: Almond Classifieds is web software for displaying user-supplied classified ads. AlmondSoft Almond Classifieds is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input to the "id" parameter of the application before using it in an SQL query.
  • Ref: http://pridels.blogspot.com/2005/12/almondsoft-products-sql-inj.html
  • 05.51.53 - CVE: Not Available
  • Platform: Web Application
  • Title: eDatCat EDCstore.PL Cross-Site Scripting
  • Description: eDatCat is web shopping cart software. Insufficient sanitization of the "user_action" parameter in the "EDCstore.pl" script exposes the application to a cross-site scripting issue. eDatCat version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15889
  • 05.51.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Plexum PlexCart X3 SQL Injection
  • Description: Plexum PlexCart X3 is an eCommerce and shopping cart application. Insufficient sanitization of user-supplied input exposes the application to an SQL injection issue. PlexCart X3 version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15900
  • 05.51.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Atlant Pro Cross-Site Scripting Vulnerabilities
  • Description: Atlant Pro is a classifed advertisements CGI application. Atlant Pro is vulnerable to cross-site scripting issues due to insufficient sanitization of user-supplied input to the "ct" and "before" parameters of the "atl.cgi" script. Atlant Pro 8.0.9 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/atlant-pro-xss-vuln.html
  • 05.51.56 - CVE: Not Available
  • Platform: Web Application
  • Title: SF ECTOOLS Onlineshop Cross-Site Scripting
  • Description: ECTOOLS Onlineshop is a web-based application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "product", "category", and "uid" parameters of the "cart.cgi" script. ECTOOLS Onlineshop 1.0 and prior versions are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/15891/exploit
  • 05.51.57 - CVE: CVE-2005-4314
  • Platform: Web Application
  • Title: PPCal Shopping Cart Cross-Site Scripting
  • Description: PPCal Shopping Cart is a web-based application. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "stop" and "user" parameters of the "ppcal.cgi" script. PPCal Shopping Cart 3.3.0 and prior versions are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ppcal-shopping-cart-xss.html
  • 05.51.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Zaygo DomainCart Cross-Site Scripting
  • Description: Zaygo DomainCart is a web-based application. Insufficient sanitization of user-supplied input exposes the application to a cross-site scripting issue. DomainCart versions 2.0 and earlier are affected.
  • Ref: http://pridels.blogspot.com/2005/12/domaincart-xss.html
  • 05.51.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Kryptronic ClickCartPro CP-APP.CGI Cross-Site Scripting
  • Description: Kryptronic ClickCartPro is a web shopping cart application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "affl" parameter of the "cp-app.cgi" script. Kruptronic ClickCartPro Version 5.1 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/clickcartpro-ccp-xss-vuln.html
  • 05.51.60 - CVE: CVE-2005-4283
  • Platform: Web Application
  • Title: The CITY Shop Search Cross-Site Scripting
  • Description: The CITY Shop is a web store front application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "SKey" parameter of the "store.cgi" script. The CITY Shop version 1.3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/city-shop-xss-vuln.html
  • 05.51.61 - CVE: CVE-2005-4236
  • Platform: Web Application
  • Title: CKGold Search.PHP Cross-Site Scripting
  • Description: CKGold is a web-based shopping cart application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "search.php" script. CKGold is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ckgold-xss-vuln.html
  • 05.51.62 - CVE: CVE-2005-4264
  • Platform: Web Application
  • Title: PHP Support Tickets Multiple SQL Injection Vulnerabilites
  • Description: Triangle Solutions PHP Support Tickets is a web-based help desk application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "username" and "password" parameters of the login page and the "id" parameter of the "index.php" script. Triangle Solutions PHP Support Tickets 2.0 is vulnerable.
  • Ref: http://www.nii.co.in/vuln/PHPSupportTickets.html
  • 05.51.63 - CVE: Not Available
  • Platform: Web Application
  • Title: WHMCompleteSolution Knowledgebase.PHP Cross-Site Scripting
  • Description: WHMCompleteSolution is a web hosting management application. Insufficient sanitization in the "knowledgebase.php" script exposes the application to a cross-site scripting issue. WHMCompleteSolution version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15856
  • 05.51.64 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP-DEV XM Forum Forum.ASP Cross-Site Scripting
  • Description: XM Forum is a web-based forum. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "forum_title" parameter of the "forum.asp" script. ASP-DEV XM Forum version RC3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15858/info
  • 05.51.65 - CVE: CVE-2005-4259
  • Platform: Web Application
  • Title: ASPBB Multiple SQL Injection Vulnerabilities
  • Description: ASPBB is a web-based bulletin board application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to such parameters as the "tid", "forum_id" and "profile_id". ASPBB version 0.4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15859
  • 05.51.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Limbo CMS Multiple Input Validation Vulnerabilities
  • Description: Limbo CMS is a content management system. Insufficient sanitization of the "_SERVER[REMOTE_ADDR]" parameter of the "index.php" script exposes the application to multiple input validation issues. Limbo CMS versions 1.0.4.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15871
  • 05.51.67 - CVE: Not Available
  • Platform: Web Application
  • Title: QuickPayPro Multiple Input Validation Vulnerabilities
  • Description: QuickPayPro is a credit card processing, follow-up marketing and affiliate program application. Insufficient sanitization of user-supplied input exposes the application to multiple SQL injection and cross-site scripting issues. QuickPayPro version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/15863
  • 05.51.68 - CVE: Not Available
  • Platform: Web Application
  • Title: AppServ Open Project Remote Denial of Service
  • Description: AppServ is an installer package. It is vulnerable to a remote denial of service issue due to insufficient handling of long HTTP GET requests. AppServ version 2.5.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15851/info
  • 05.51.69 - CVE: Not Available
  • Platform: Web Application
  • Title: MarmaraWeb E-Commerce Cross-Site Scripting
  • Description: E-commerce is an application for selling products on the web. It is prone to a cross-site scripting vulnerability. This issue is due to improper sanitization of user-supplied input to the "page" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/15875/exploit
  • 05.51.70 - CVE: Not Available
  • Platform: Web Application
  • Title: MarmaraWeb E-Commerce Remote File Include
  • Description: E-commerce is an application for selling products on the Web; it is implemented in PHP. E-commerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "page" parameter of "index.php". An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server process.
  • Ref: http://www.securityfocus.com/bid/15877
  • 05.51.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Alkacon OpenCMS Login Cross-Site Scripting
  • Description: Alkacon OpenCMS is an open source content management system. Insufficient sanitization of the "username" parameter of the "/system/login" page exposes the application to a cross-site scripting issue. OpenCMS version 6.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/15882
  • 05.51.72 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteNet BBS Multiple Cross-Site Scripting Vulnerabilities
  • Description: SiteNet BBS is a forum application. Insufficient sanitization of the "pg", "tid", "cid" and "fid" parameters of the "netboardr.cgi" and "search.cgi" scripts exposes the application to multiple cross-site scripting issues. Sitenet BBS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15883
  • 05.51.73 - CVE: Not Available
  • Platform: Web Application
  • Title: AtlantForum Multiple Cross-Site Scripting Vulnerabilities
  • Description: AtlantForum is web forum software. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "sch_allsubct", "before" and "ct" parameters of the "atl.cgi" script. AtlantForum version 4.0.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/atlantforum-xss-vuln.html
  • 05.51.74 - CVE: Not Available
  • Platform: Web Application
  • Title: DCForum DCBoard Cross-Site Scripting
  • Description: DCForum is a web-based forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "page" parameter of the "dcboard.php" script. DCForum versions 6.25 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/dcforum-xss-vuln.html
  • 05.51.75 - CVE: Not Available
  • Platform: Web Application
  • Title: ezDatabase Multiple Input Validation Vulnerabilities
  • Description: ezDatabase is a web application for creating and managing an online MySQL database. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "index.php" script. ezDatabase versions 2.1.2 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ezdatabase-vuln.html
  • 05.51.76 - CVE: CVE-2005-4307
  • Platform: Web Application
  • Title: ScareCrow Multiple Cross-Site Scripting Vulnerabilities
  • Description: ScareCrow is a web-based message board application implemented in Perl. It is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input to the "forum" parameter of "forum.cgi" and "post.cgi" and the "user" parameter of "profile.cgi". These issues affect version 2.13.
  • Ref: http://pridels.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html
  • 05.51.77 - CVE: CVE-2005-4328
  • Platform: Web Application
  • Title: WebGlimpse Cross-Site Scripting
  • Description: WebGlimpse is a Web search and index application implemented in CGI-Perl. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "id" parameter of the "webglimpse.cgi" script. This issue affects version 2.14.1.
  • Ref: http://pridels.blogspot.com/2005/12/webglimpse-xss-vuln.html
  • 05.51.78 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCal Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: WebCal is a web-based calendar application. Insufficient sanitization of the "function", "year" and "date" parameters of the "webcal.cgi" script exposes the appliction to multiple HTML injection and cross-site scripting issues. WebCal versions 3.04 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15917
  • 05.51.79 - CVE: Not Available
  • Platform: Web Application
  • Title: ezUpload SQL Injection
  • Description: ezUpload is a PHP script that lets users or visitors upload files to the server. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the search module before using it in an SQL query. An attacker could exploit this issue to compromise the application. ezUpload version 2.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html
  • 05.51.80 - CVE: Not Available
  • Platform: Web Application
  • Title: IHTML Merchant SQL Injection
  • Description: IHTML Merchant is a web-based application. IHTML Merchant is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input to the "id", "pid", and "step" parameters of the "merchant.ihtml" script before using it in an SQL query. IHTML Merchant version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/15911/exploit
  • 05.51.81 - CVE: CVE-2005-4329
  • Platform: Web Application
  • Title: PHP Arena PAFileDB Extreme Edition SQL Injection
  • Description: PHP Arena paFileDB Extreme Edition is an application which allows webmasters to post files for download on a website. PAFileDB Extreme Edition is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "newsid" parameter of the "pafiledb.php" script before using it in an SQL query.
  • Ref: http://pridels.blogspot.com/2005/12/pafiledb-extreme-edition-sql-inj.html
  • 05.51.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Fusebox Index.PHP Cross-Site Scripting
  • Description: PHP Fusebox is a web application programming tool. Insufficient sanitization of the "action" parameter of the "index.php" script exposes the application to a cross-site scripting issue. PHP Fusebox version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15924/info
  • 05.51.83 - CVE: Not Available
  • Platform: Web Application
  • Title: JPortal Forum Forum.PHP SQL Injection
  • Description: JPortal Forum is a Web forum application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "where" parameter of the "forum.php" script. JPortal Web 2.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15925/info
  • 05.51.85 - CVE: Not Available
  • Platform: Web Application
  • Title: PlaySMS Index.PHP Cross-Site Scripting
  • Description: PlaySmS is a web-based mobile portal system. It is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "err" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/15928/exploit
  • 05.51.86 - CVE: Not Available
  • Platform: Web Application
  • Title: ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities
  • Description: ELOG Web Logbook is a logbook. ELOG Web Logbook is vulnerable to two remote buffer overflow issues due to insufficient boundary checks on user-supplied data. ELOG Web Logbook versions 2.6.0 and earlier are vulnerable.
  • Ref: http://midas.psi.ch/elog/
  • 05.51.87 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Members.PHP Cross-Site Scripting
  • Description: PHP-Fusion is a content management system. Insufficient sanitization of the "sortby" parameter of the "members.php" script exposes the application to a cross-site scripting issue. PHP-Fusion version 6.0.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/15931/info
  • 05.51.88 - CVE: Not Available
  • Platform: Web Application
  • Title: FLIP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Free Lanparty Inter-/Intranet Portal (FLIP) is a content management and groupware application. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "name" parameter of "text.php" and the "frame" parameter of "forum.php". FLIP version 0.9.0.1029 is affected.
  • Ref: http://www.securityfocus.com/bid/15947/exploit
  • 05.51.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Caravel CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Caravel CMS is a web-based content management system. It is prone to multiple cross-site scripting vulnerabilities. This issue is due to a failure in the application to properly sanitize user-supplied input to the "folderviewer_attrs" and "fileDN" parameters of the "Introduction" and "News" scripts.
  • Ref: http://pridels.blogspot.com/2005/12/caravel-cms-xss.html
  • 05.51.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Acuity CMS ASP Search Module Cross-Site Scripting
  • Description: Acuity CMS ASP is a content management system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to parameters of the search module. Acuity CMS ASP version 2.6.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html
  • 05.51.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Hot Banana Web Content Management Suite Cross-Site Scripting
  • Description: Hot Banana Web Content Management Suite is prone to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "keywords" parameter of the "index.cfm" script. Hot Banana version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/15948
  • 05.51.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Cofax Search.HTM Cross-Site Scripting
  • Description: Cofax is a web-based text and multimedia publication system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "searchstring" parameter of the "search.htm" script. Cofax version 2.0 RC3 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/cofax-xss-vuln.html
  • 05.51.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Allinta CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Allinta CMS is a content management application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "s" parameter of the "faq.asp" script and the "searchQuery" parameter of the "search.asp" script. Allinta CMS versions 2.3.2 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/allinta-23x-xss-vuln.html
  • 05.51.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Colony Search Module Cross-Site Scripting
  • Description: Colony is a web-based content management system. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the search module. Colony version 2.75 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/colony-cms-xss-vuln.html
  • 05.51.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Libertas Enterprise CMS Index.PHP Cross-Site Scripting
  • Description: Enterprise CMS is Web content management software implemented in PHP. Enterprise CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "page_search" parameter of the "index.php" script. This issue affects Enterprise CMS version 3.0.
  • Ref: http://pridels.blogspot.com/2005/12/libertas-enterprise-cms-xss-vuln.html
  • 05.51.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Box UK Amaxus CMS Cross-Site Scripting
  • Description: Box UK Amaxus CMS is a content management system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "change" parameter of various scripts. Amaxus CMS verions 3 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/amaxus-vuln.html
  • 05.51.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Contenite ID Parameter Cross-Site Scripting
  • Description: Contenite is a web-based content management system. Insufficient sanitization of the "id" parameter in the "home.php" script exposes the application to a cross-site scripting issue. Contenite version 0.11 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/contenite-xss-vuln.html
  • 05.51.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Liferay Portal Enterprise Multiple Cross-Site Scripting Vulnerabilites
  • Description: Liferay Portal Enterprise is a portal application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to "_77_struts_action", "p_p_mode" and "p_p_state" parameters. Liferay Portal Enterprise version 3.6.1 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/liferay-portal-enterprise-361-xss.html
  • 05.51.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Lighthouse CMS Search Cross-Site Scripting
  • Description: Lighthouse is a web-based content management application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "search" parameter. Lighthouse version 1.1 is vulnerable; other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/15952/exploit
  • 05.51.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Esselbach Storyteller CMS Search Module Cross-Site Scripting
  • Description: Esselbach Storyteller CMS is a content management system. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the search module.
  • Ref: http://pridels.blogspot.com/2005/12/esselbach-storyteller-cms-xss-vuln.html
  • 05.51.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Lutece Search Module Cross-Site Scripting
  • Description: Lutece is a Web portal engine implemented in Java. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "search" module. Lutece version 1.2.3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/lutece-xss-vuln.html
  • 05.51.102 - CVE: Not Available
  • Platform: Web Application
  • Title: FarCry Search Module Cross-Site Scripting
  • Description: FarCry is a content management system. It is affected by a cross-site scripting issue due to insufficient sanitization of user-supplied input. FarCry version 3.0 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/farcry-xss-vuln.html
  • 05.51.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Magnolia Search Module Cross-Site Scripting
  • Description: Magnolia Content Management Suite is web content management software. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "query" parameter of the "search.html" page. Mangolia Content Management Suite version 2.1 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/magnolia-xss-vuln.html
  • 05.51.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Community Enterprise Multiple Input Validation Vulnerabilities
  • Description: Community Enterprise is a web-based back office application suite. It is vulnerable to multiple input validation issues which include SQL injection and cross-site scripting attacks. This is due to insufficient sanitization of user-supplied input. CitySoft Community Enterprise versions 4.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html
  • 05.51.105 - CVE: Not Available
  • Platform: Web Application
  • Title: ContentServ Index.PHP SQL Injection
  • Description: ContentServ is a content management application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "StoryID" parameter of the "index.php" script before using it in an SQL query. ContentServ versions 3.1 and prior are reported to be vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/15956/exploit
  • 05.51.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Adaptive Website Framework Cross-Site Scripting
  • Description: Adaptive Website Framework is a content management system that is implemented in PHP. It is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "page" parameter of the "account.html" page.
  • Ref: http://pridels.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html
  • 05.51.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Direct News Index.PHP SQL Injection
  • Description: Direct News is a news reader application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "setLang" parameter of the "index.php" script before using it in an SQL query. Direct News versions 4.9 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15957/exploit
  • 05.51.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Mercury CMS Multiple Input Validation Vulnerabilities
  • Description: Mercury CMS is a web content management system. Insufficient sanitization of the "page", "content" and "criteria" parameters in the "index.cfm" script exposes the application to multiple input validation issues. Mercury CMS version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15967
  • 05.51.109 - CVE: Not Available
  • Platform: Web Application
  • Title: ODFaq FAQ.PHP SQL Injection
  • Description: ODFaq is a web-based frequently asked questions application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "cat" parameter of the "faq.php" script. ODFaq version 2.1.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/odfaq-sql-inj-vuln.html
  • 05.51.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Komodo CMS Multiple Input Validation Vulnerabilities
  • Description: Komodo CMS is a web content management system. It is vulnerable to multiple input validation issues due to insufficient sanitization user-supplied input to such parameters as the "page" parameter of the "page.php" script. Komodo CMS versions 2.1 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/komodo-cms-vuln.html
  • 05.51.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Marwel Index.PHP SQL Injection
  • Description: Marwel is a web content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "show" parameter of the "index.php" script. Marwel versions 2.7 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/marwel-sql-inj.html
  • 05.51.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Miraserver Multiple SQL Injection Vulnerabilities
  • Description: Miraserver is a content management application. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to the "page" parameter of the "index.php" script, the "id" parameter of the "newsitem.php" script, and the "cat" parameter of the "article.php" script before using it in an SQL query. Miraserver versions 1.0 RC4 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/15960/exploit
  • 05.51.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Baseline CMS Multiple Input Validation Vulnerabilities
  • Description: Baseline CMS is a content management application. It is prone to multiple input validation vulnerabilities due to improper sanitization of user-supplied input. SQL injection attacks are possible through the "SiteNodeID" parameter of the "Page.asp" script. Cross-site scripting attacks are possible through the "PageID" and "SiteNodeID" parameters of the "Page.asp" scripts. Baseline CMS version 1.95 is affected.
  • Ref: http://www.securityfocus.com/bid/15961/exploit
  • 05.51.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Bitweaver Multiple Input Validation Vulnerabilities
  • Description: Bitweaver is a web application framework. Insufficient sanitization of user-supplied input exposes the application to multiple SQL injection and cross-site scripting issues. Bitweaver version 1.1.1 beta and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/15962
  • 05.51.115 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaDot Portal Server Site_Mgr Group Privilege Escalation
  • Description: MetaDot Portal Server is an open source portal software which provides content management, portal, and online database applications. It is used to create Web portals and websites. It is prone to a vulnerability that could permit privilege escalation. An attacker with a valid account can exploit this vulnerability to add themselves to arbitrary groups, including the "SITE_MGR" group.
  • Ref: http://www.metadot.com/metadot/index.pl?iid=2632
  • 05.51.116 - CVE: CVE-2005-3875
  • Platform: Web Application
  • Title: Enterprise Connector Main.PHP SQL Injection Vulnerability
  • Description: Enterprise Connector is a conference and messaging application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "loginid" parameter of "main.php" script. Enterprise Heart Enterprise Connector version 1.0.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html
  • 05.51.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultraapps Issue Manager Privilege Escalation
  • Description: Utraapps Issue Manager is a web-based business application. It is reported to be prone to a privilege escalation vulnerability. An attacker could exploit this to repeatedly log in as the administrative user of the application. Ultraapps Issue Manager version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/419910
  • 05.51.118 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGedView Multiple Code Execution Vulnerabilities
  • Description: PHPGedView is a genealogy application. It is vulnerable to multiple remote script code execution issues due to insufficient sanitization of user-supplied input to such parameters as "user_language", "user_email", and "user_gedcomid". PhpGedView versions 3.3.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/419906
  • 05.51.119 - CVE: Not Available
  • Platform: Web Application
  • Title: NQContent Search Module Cross-Site Scripting
  • Description: NQcontent is a content management system. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "search" module. NQcontent Professional Edition version 3.0, NQcontent Enterprise Edition version 3.0 and NQcontent Comparison Matrix version 3.0 are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html
  • 05.51.120 - CVE: Not Available
  • Platform: Web Application
  • Title: AbleDesign D-Man Title Parameter Cross-Site Scripting
  • Description: AbleDesign D-Man is a web-based download manager. D-Man is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "title" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/15993
  • 05.51.121 - CVE: Not Available
  • Platform: Web Application
  • Title: Quick Square Development Honeycomb Archive Multiple Input Validation Vulnerabilities
  • Description: Honeycomb Archive is an image library service. It is prone to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input. SQL injection attacks are possible through the "series", "cat_parent", "cat" and "div" parameters of "CategoryResults.cfm". Cross-site scripting attacks are possible through the "search" module. Quick Square Development Honeycomb Archive Enterprise and Non-Enterprise version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/15995/exploit
  • 05.51.122 - CVE: Not Available
  • Platform: Web Application
  • Title: Plogger Remote File Include
  • Description: Plogger is a photo gallery application. Insufficient sanitization of the "basedir" parameter in the "/admin/plog-admin-functions.php" script exposes the application to a remote file include issue. Plogger Beta version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/15992
  • 05.51.123 - CVE: Not Available
  • Platform: Web Application
  • Title: E-Publish Multiple Input Validation Vulnerabilities
  • Description: E-Publish is a web-based content management system. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input. E-Publish versions 2.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/e-publish-cms-vuln.html
  • 05.51.124 - CVE: Not Available
  • Platform: Web Application
  • Title: pTools Index.ASP SQL Injection
  • Description: pTools is a content management application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to "docID" parameter of the "index.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/15996/discuss
  • 05.51.125 - CVE: Not Available
  • Platform: Web Application
  • Title: myEZshop Shopping Cart Multiple Input Validation Vulnerabilities
  • Description: myEZshop Shopping Cart is an online purchasing application written in PHP. It is prone to multiple input validation vulnerabilities. SQL injection attacks are possible through the "GroupsId" and "ItemsId" parameters in "admin.php". Cross-site scripting attacks are possible through the "Keyword" parameter when performing a search.
  • Ref: http://www.securityfocus.com/bid/15965
  • 05.51.126 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenCMS Search Module Cross-Site Scripting
  • Description: OpenCMS is an open source content management system. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the search module. OpenCMS versions 6.0.3 and 6.0.2 are reported to be vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/opencms-xss-vuln.html
  • 05.51.127 - CVE: Not Available
  • Platform: Web Application
  • Title: Tolva Usermods.PHP Remote File Include
  • Description: Tolva is a Web creation and management application written in PHP. It is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "ROOT" parameter of the "usermods.php" script. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server process.
  • Ref: http://www.securityfocus.com/bid/16000
  • 05.51.128 - CVE: Not Available
  • Platform: Web Application
  • Title: SPIP Multiple Cross-Site Scripting Vulnerabilities
  • Description: SPIP is a web-based content management system. Insufficient sanitization of user-supplied input in the "spip_login.php3" and the "spip_pass.php3" scripts exposes the application to multiple cross-site scripting issues. SPIP version 1.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/16019
  • 05.51.129 - CVE: Not Available
  • Platform: Web Application
  • Title: Plexcor CMS Search Module Cross-Site Scripting
  • Description: Plexcor CMS is a web-based content management system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the search module. Plexcor CMS versions 4.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2005/12/plexcors-cms-xss-vuln.html
  • 05.51.130 - CVE: Not Available
  • Platform: Web Application
  • Title: Polopoly Search Module Cross-Site Scripting
  • Description: Polopoly is a web-based content management system. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the search module. Polopoly version 9.0 is affected.
  • Ref: http://pridels.blogspot.com/2005/12/polopoly-xss-vuln.html
  • 05.51.131 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo Multiple SQL Injection Vulnerabilities
  • Description: Papoo is a web-based content management system implemented in PHP. It is prone to multiple SQL injection vulnerabilities. These issues affect the "menuid" parameter of "index.php" and "guestbook.php". These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
  • Ref: http://pridels.blogspot.com/2005/12/papoo-multiple-sql-vuln.html
  • 05.51.132 - CVE: Not Available
  • Platform: Web Application
  • Title: PortalApp Login.ASP Cross-Site Scripting
  • Description: PortalApp is an ecommerce, collaboration and content management application. Insufficient sanitization of the "ret_page" parameter in the "login.asp" script exposes the application to a cross-site scripting issue. PortalApp versions 3.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/16008
  • 05.51.133 - CVE: Not Available
  • Platform: Web Application
  • Title: ProjectApp Multiple Cross-Site Scripting Vulnerabilities
  • Description: ProjectApp is a team communication application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. ProjectApp version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/16011
  • 05.51.134 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Linksys Routers LanD Packet Denial Of Service
  • Description: Multiple Linksys devices are prone to a denial of service vulnerability. These devices are susceptible to a remote denial of service vulnerability when handling TCP "LanD" packets containing the PUSH, ACK, SYN, and URG flags. Linksys BEFW11S4 and WRT54GS devices are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/15861/exploit
  • 05.51.135 - CVE: Not Available
  • Platform: Network Device
  • Title: Versalink 327W LanD Packet Denial of Service
  • Description: Versalink 327W is a DSL router and modem. TCP "LanD" packets containing the PUSH, ACK, SYN, and URG flags may cause affected devices to crash. Versalink 327W is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/15869/info
  • 05.51.136 - CVE: Not Available
  • Platform: Network Device
  • Title: Scientific Atlanta DPX2100 Cable Modem LanD Packet Denial Of Service
  • Description: Scientific Atlanta DPX2100 cable modems are vulnerable to a denial of service issue when handling TCP "LanD" packets. Scientific Atlanta version DPX2100 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/419520
  • 05.51.137 - CVE: CVE-2005-4332
  • Platform: Network Device
  • Title: Clean Access Multiple Access Validation Issues
  • Description: Cisco Clean Access scans devices attempting to connect to a network. It is vulnerable to remote attackers to bypass authentication through various Web server JSP pages such as admin/uploadclient.jsp and apply_firmware_action.jsp. Cisco Clean Access versions 3.5.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/15909
  • 05.51.138 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco EIGRP Protocol HELLO Packet Replay
  • Description: EIGRP (Enhanced Interior Gateway Routing Protocol) is a proprietary protocol developed by Cisco. It supports using the MD5 algorithm to authenticate router communications. The Cisco EIGRP protocol is susceptible to a vulnerability that allows HELLO packet replay attacks. The protocol uses the Opcode, AS number, Flags, Sequence Number, and Nexthop packet fields when creating the MD5 message authentication code. By capturing a valid HELLO packet, attackers may utilize the included key digest to create their own EIGRP HELLO packets. This issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets.
  • Ref: http://www.securityfocus.com/archive/1/419830
  • 05.51.139 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco EIGRP Protocol Unauthenticated Goodbye Packet Remote Denial of Service
  • Description: EIGRP (Enhanced Interior Gateway Routing Protocol) is a proprietary protocol developed by Cisco. It is affected by a denial of service issue which can be triggered by sending spoofed EIGRP "Goodbye" packets or packets with mismatched "k" values set.
  • Ref: http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5
    e1.html

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This is a must for anyone that is considering taking the CISSP exam
-Leigh Lopez, CSUN

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage