Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 13
April 3, 2006

SANS Newsletters Home

More than 95 new vulnerabilities discovered this week - only one, in Veritas NetBackup, is critical. But notice, in Part II, cross-site scripting vulnerabilities abound. What will it take to get web developers to program securely?

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 1
    • Mac Os
    • 1
    • Linux
    • 2
    • HP-UX
    • 1
    • BSD
    • 1
    • Solaris
    • 1
    • Unix
    • 3
    • Cross Platform
    • 9 (#1)
    • Web Application - Cross Site Scripting
    • 32
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 17

********************* Sponsored By Sourcefire ***************************

Sourcefire, the creator of Snort®, is offering the Open Source Snort community two comprehensive courses: "Snort: Building and Operating" and "Snort Rules."

Purchase both Snort courses either as an instructor-led or 60-day online training bundle and receive a FREE Snort Certified Professional exam (save $395).

For more information: http://www.sans.org/info.php?id=1089

Contact Sourcefire Training at 800.501.6008 or at: http://www.sans.org/info.php?id=1089

*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
HP-UX
BSD
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

************************* Sponsored Links: *****************************

1) SANS OnSite InfoSec Training Your Location! Your Schedule! Lower Cost! Receive a bonus seat for your OnSite Course (up to $4,750 value). Simply complete the interest form today! http://www.sans.org/info.php?id=1087

2) Security 508: System Forensics, Investigation & Response via SANS@Home starts April 19! http://www.sans.org/athome/details.php?id=1404 Also Security 506: Securing Unix/Linux led by the SANS System Administrators http://www.sans.org/athome/details.php?id=1431 See http://www.sans.org/athome/index.php for complete SANS@Home listings. PART I Critical Vulnerabilities

***********************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Symantec Veritas NetBackup Multiple Buffer Overflows
  • Affected:
    • Both server and client software is affected for the following products
    • on all platforms.
    • NetBackup Enterprise Server/NetBackup Server versions 5.0, 5.1 and 6.0
    • NetBackup DataCenter and BusinesServer version 4.5FP and 4.5MP

  • Description: Veritas NetBackup software offers a backup and recovery solution for mid to large size enterprises. The backup server, as well as, client contains stack-based buffer overflows that can be triggered by sending specially crafted requests to the volume manager daemon (13701/tcp), the Catalog daemon (13721/tcp) or the Sharepoint services daemon (13724/tcp). The problem arises because user-supplied input is copied to the process stack without any bounds checking. The buffer overflows can be easily exploited to execute arbitrary code. The technical details required to craft an exploit have been publicly posted. If the backup software is installed on a large number of enterprise desktop systems (a typical configuration that enables users to back up their important data), the vulnerabilities can be leveraged to compromise a large number of systems.

  • Status: Veritas has released patches for all the affected software. A workaround is to block ports 13701/tcp, 13721/tcp and 13724/tcp at the network perimeter. The overflows in the backup software have been widely exploited during last year, and as a general security practice it is recommended to also block the other ports used by this software at the network perimeter. The list of ports is available here: http://seer.support.veritas.com/docs/279553.htm

  • Council Site Actions: More than half of the council sites are using the affected software. Most of these sites plan to deploy the patches during their next regularly scheduled system maintenance. One site commented that they just finished migrating to Legato and used this vulnerability as an excuse to turn the old system off. They had been running the old system. "just in case", off. Another site said that as a result of this vulnerability, they built a test server that same day in preparation for a full version upgrade of Veritas.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 13, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4955 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.13.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows Help Image Processing Heap Overflow
  • Description: winhlp32.exe is the Microsoft Windows Help File viewer. It is vulnerable to a heap overflow issue when handling a specially crafted Windows Help (.hlp) file containing a malicious image. See the advisory for a list of vulnerable Windows operating systems.
  • Ref: http://www.open-security.org/advisories/15 http://www.securityfocus.com/bid/17325/info
  • 06.13.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
  • Description: The Microsoft .NET Framework SDK is a development kit used to create applications for the .NET environment. Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer overflow vulnerabilities that could be exploited to cause a denial of service or potentially execute arbitrary code.
  • Ref: http://www.securityfocus.com/bid/17243/exploit
  • 06.13.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Office XP Array Index Denial of Service
  • Description: Microsoft Office is prone to a denial of service condition when handling malformed files. Specifically, when .xls or .xlw files containing a malformed array index is opened using Excel, Word, or PowerPoint, an exception will be thrown by the "mso.dll" library. Office XP is vulnerable to this issue; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/17252/exploit
  • 06.13.4 - CVE: CVE-2005-0922, CVE-2005-0923
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Antivirus Remote Denial of Service
  • Description: Symantec Norton Antivirus is vulnerable to a remote unspecified denial of service issue when handling a malicious file with the Auto-Protect module. See the reference for a list of vulnerable versions.
  • Ref: http://secunia.com/advisories/14741/
  • 06.13.5 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X ImageIO Remote Denial of Service
  • Description: ImageIO is susceptible to a remote denial of service vulnerability. This issue is due to a failure to properly process malicious image files. This issue allows remote users to crash the applications which use the ImageIO API, denying further service to users.
  • Ref: http://www.securityfocus.com/bid/17321
  • 06.13.6 - CVE: CVE-2006-1539
  • Platform: Linux
  • Title: Tetris-BSD Tetris-bsd.scores Local Privilege Escalation
  • Description: Tetris-BSD is a multi-player game ported to the Linux operating system. This game is prone to a local privilege escalation vulnerability. An attacker who is a member of the "games" group can modify the state data in the "/var/games/tetris-bsd.scores" file, and trigger the execution of arbitrary code with another player's privileges. This vulnerability exists in the "checkscores()" function in the "scores.c" source code file.
  • Ref: http://www.securityfocus.com/archive/1/429296
  • 06.13.7 - CVE: CVE-2006-1058
  • Platform: Linux
  • Title: BusyBox Insecure Password Hash Weakness
  • Description: BusyBox is a Linux utility designed to implement the functionality of fileutils and shellutils binaries. It is susceptible to an insecure password hash weakness due to a design flaw that results in password hashes being created without utilizing a salt. BusyBox Linux Utilities version 1.1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17330
  • 06.13.8 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Passwd Unspecified Local Denial of Service
  • Description: HP-UX passwd(1) is prone to an unspecified local denial of service vulnerability. Some unspecified error conditions cause "/sbin/passwd" to improperly handle exceptional conditions resulting in a denial of service condition. HP-UX versions B.11.23 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17280
  • 06.13.9 - CVE: Not Available
  • Platform: BSD
  • Title: NetBSD If_Bridge(4) Kernel Memory Disclosure
  • Description: NetBSD "if_bridge(4)" is prone to a kernel memory disclosure vulnerability. This issue arises due to a design error. Specifically, the issue presents itself because the bridge(4) ioctl(2) calls do not clear stack memory after temporarily storing the results of the ioctl(2) requests before copying the result back to the calling process.
  • Ref: http://www.securityfocus.com/bid/17312
  • 06.13.10 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Cluster SunPlex Manager Unauthorized File Access
  • Description: Sun Cluster is the high-availability software package maintained and distributed by Sun Microsystems. It is prone to a vulnerability that can allow local users to gain unauthorized access to files, which can facilitate disclosure of sensitive information. Specifically, this issue exists in the SunPlex Manager GUI application and likely arises due to an access validation error. This issue affects Sun Cluster 3.1 4/04 for Solaris 8 and 9.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102278-1 &searchclause=
  • 06.13.11 - CVE: CVE-2005-4746
  • Platform: Unix
  • Title: FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities
  • Description: FreeRADIUS is an implementation of the RADIUS protocol. FreeRADIUS is prone to multiple buffer overflow vulnerabilities in an unspecified fashion in the "rlm_sqlcounter" module and through unspecified means when expanding "%t" sequences.
  • Ref: http://www.freeradius.org/security.html
  • 06.13.12 - CVE: Not Available
  • Platform: Unix
  • Title: MPlayer Multiple Integer Overflow Vulnerabilities
  • Description: MPlayer is a multimedia video and audio application. It is susceptible to two integer overflow vulnerabilities which are caused by the way the application handles ASF and AVI file headers. MPlayer version 1.0.20060329 is affected.
  • Ref: http://www.securityfocus.com/bid/17295
  • 06.13.13 - CVE: Not Available
  • Platform: Unix
  • Title: DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities
  • Description: DIA is a gtk-based program for creating diagrams. The application fails to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers resulting into multiple buffer overflow issues.
  • Ref: http://www.securityfocus.com/bid/17310
  • 06.13.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Blazix Java Application/Web Server JSP Source Disclosure
  • Description: Blazix Java Application/Web Server is Java application server. A problem with Blazix Java Application/Web Server may result in the disclosure of the source code of Java Server Pages (JSP). This issue is due to a failure in the server to properly validate the filename extension. This issue affects Blazix Java Application/Web Server 1.2.5 on Windows; other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/archive/1/429108
  • 06.13.15 - CVE: CVE-2006-1356
  • Platform: Cross Platform
  • Title: LibVC VCard Processing Buffer Overflow
  • Description: LibVC is a library that is used to process vcard files. It is vulnerable to a buffer overflow in the count_vcards function in LibVC when handling a line that is longer than 256 bytes. LibVC version 003 is vulnerable.
  • Ref: http://osvdb.org/ref/23/23985-libvc.txt
  • 06.13.16 - CVE: CVE-2006-1403, CVE-2006-1402
  • Platform: Cross Platform
  • Title: csDoom 2005 Multiple Buffer Overflow and Format String Vulnerabilities
  • Description: csDoom 2005 is a network enabled version of Doom that is available for multiple platforms. csDoom 2005 is susceptible to multiple buffer overflow and format string vulnerabilities. These issues may allow attackers to execute arbitrary machine code in the context of the affected application. Both clients and servers are affected by these issues.
  • Ref: http://aluigi.altervista.org/adv/csdoombof-adv.txt
  • 06.13.17 - CVE: CVE-2006-0989, CVE-2006-0990, CVE-2006-0991
  • Platform: Cross Platform
  • Title: VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
  • Description: VERITAS NetBackup is a network enabled backup solution from VERITAS. It is available for various platforms. Various daemons running in VERITAS NetBackup are prone to buffer overflow vulnerabilities. These issues arise because the application fails to perform boundary checks prior to copying user-supplied data into process buffers. Specifically, the vulnerabilities affect the volume manager daemon (vmd), the NetBackup Catalog daemon (bpdbm) and the NetBackup Sharepoint Services server daemon (bpspsserver). A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
  • Ref: http://www.symantec.com/avcenter/security/Content/2006.03.27.html
  • 06.13.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian GNU/Linux Multiple Packages Insecure RUNPATH
  • Description: Debian GNU/Linux has a "buildd" automatic package compilation system. Multiple packages in Debian GNU/Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.
  • Ref: http://www.securityfocus.com/bid/17288/references
  • 06.13.19 - CVE: CVE-2005-4745
  • Platform: Cross Platform
  • Title: FreeRadius RLM_SQLCounter SQL Injection
  • Description: FreeRADIUS is an implementation of the RADIUS protocol. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "rlm_sqlcounter" module. FreeRADIUS versions 1.0.4 and 1.0.3 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17294
  • 06.13.20 - CVE: CVE-2006-0052
  • Platform: Cross Platform
  • Title: GNU Mailman Attachment Scrubber Malformed MIME Message Denial of Service
  • Description: GNU Mailman is prone to denial of service attacks. This issue affects the attachment scrubber utility. The issue is caused by improper exception handling in the "Scrubber.py" script. The specific issue is caused when the script handles an email that includes a single malformed multipart MIME-encoded part. GNU Mailman version 2.5 when used in conjunction with Python email is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17311/references
  • 06.13.21 - CVE: CVE-2006-1059
  • Platform: Cross Platform
  • Title: Samba Machine Trust Account Local Information Disclosure
  • Description: Samba is susceptible to a local information disclosure vulnerability. This issue is due to a design error that potentially leads to sensitive information being written to log files. This occurs when the debugging level has been set to 5 or higher. Samba versions 3.0.21 through to 3.0.21c that use the "winbindd" daemon are susceptible to this issue.
  • Ref: http://www.samba.org/samba/security/CAN-2006-1059.html
  • 06.13.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XFIT/S Unspecified Denial of Service
  • Description: XFIT/S is prone to a denial of service vulnerability. The vulnerability presents itself when the application receives data unexpectedly. This causes the server and control processes of the application to halt and stop accepting file transfer requests.
  • Ref: http://www.hitachi-support.com/security_e/vuls_e/HS06-004_e/index - -e.html
  • 06.13.23 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpmyfamily Track.PHP Cross-Site Scripting
  • Description: phpmyfamily is a genealogy website builder application implemented in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "name" parameter of the "track.php" script. phpmyfamily version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17278
  • 06.13.24 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpCOIN Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpCOIN is a client, order and helpdesk management solution. Insufficeint sanitization of the "fs" parameter of the "mod.php" and the "mod_print.php" scripts exposes the application to multiple cross-site scripting issues. phpCOIN versions 1.2.2 and earlier are affetced.
  • Ref: http://www.securityfocus.com/bid/17279
  • 06.13.25 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: CONTROLzx HMS is a content management system. It is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input to the "sharedPlanID" parameter of the "shared_order.php" script, the "dedicatedPlanID" parameter of the "dedicated_order.php" script, and the "plan_id" parameter of the "server_management.php" script. CONTROLzx HMS version 3.3.4 is vulnerable; other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/17282/exploit
  • 06.13.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FusionZONE couponZONE Multiple Cross-Site Scripting Vulnerabilities
  • Description: couponZONE is a web-based coupon management application. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "srchfor" and "srchby" parameters of the "local.cfm" file. couponZONE version 4.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html
  • 06.13.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: classifiedZONE Accountlogon.CFM Cross-Site Scripting
  • Description: classifiedZONE is a classified ad management system implemented in ColdFusion. Insufficient sanitization of the "rtn" parameter of the "accountlogon.cfm" page exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17273
  • 06.13.28 - CVE: CVE-2006-1487
  • Platform: Web Application - Cross Site Scripting
  • Title: SupportTrio Multiple Cross-Site Scripting Vulnerabilities
  • Description: ActiveCampaign SupportTrio is a web-based technical support management application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "article" and "print" parameters of the "index.php" script and the "category" parameter of the "pdf.php" script. ActiveCampaign SupportTrio version 2.50.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html
  • 06.13.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VihorDesing Index.PHP Cross-Site Scripting
  • Description: VihorDesing is a banner rotation application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "page" parameter of the "index.php" script. All versions of VihorDesign are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/428737
  • 06.13.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ConfTool Index.PHP Cross-Site Scripting
  • Description: ConfTool is a conference management application implemented in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "page" parameter of the "index.php" script. ConfTool version 1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17231
  • 06.13.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Metisware Instructor PersonalTaskEdit.ASP Cross-Site Scripting
  • Description: Metisware Instructor is an e-learning application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "Task" parameter of the "PersonalTaskEdit.asp" script. Metisware Instructor version 1.3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/metisware-instructor-xss-vuln.html
  • 06.13.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EZHomePagePro Multiple Cross-Site Scripting Vulnerabilities
  • Description: EZHomePagePro is a web-based community application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input parameters such as "adid", "aname", "m" and "usid". HTMLJunction EZHomePagePro version 1.5 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html
  • 06.13.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Calendar Express Multiple Cross-Site Scripting Vulnerabilities
  • Description: Calendar Express is a web application for creating calendars. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "allwords" and 'oneword" parameters in the "search.php" script. Calendar Express version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/17240
  • 06.13.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Absolute FAQ Manager Cross-Site Scripting
  • Description: Absolute FAQ Manager is a web based FAQ manager. Insufficient sanitization of the "question" parameter exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17242
  • 06.13.35 - CVE: CVE-2006-1406
  • Platform: Web Application - Cross Site Scripting
  • Title: uniForum Multiple Cross-Site Scripting Vulnerabilities
  • Description: uniForum is a web application for creating forums. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "txtuser" and "txtpassword" parameters of the "websecadmin.aspx" script. uniForum version 4 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/uniforum-xss-vuln.html
  • 06.13.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: dotNetBB Forums dotNetBB Cross-Site Scripting
  • Description: dotNetBB is a web-based forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "em" parameter of "iforget.aspx script. dotNetBB version 2.42EC SP 3 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html
  • 06.13.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Toast Forums Toast.ASP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Toast Forums is a web-based forum application written in ASP. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "author", "message", "subject" and "dayprune" parameters of the "toast.asp" script. Toast Forums versions 1.6 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/xss-in-toast-forums-16.html
  • 06.13.38 - CVE: CVE-2006-1398
  • Platform: Web Application - Cross Site Scripting
  • Title: G-Book Cross-Site Scripting
  • Description: G-Book is a web-based guestbook application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "g_message" field of the "guestbook.php" script. G-Book version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/428900
  • 06.13.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting
  • Description: SweetSuite.NET Content Management System (CMS) is a web application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "keywords" parameter of the "search.aspx" script. SweetSuite.NET CMS version 2.1 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html
  • 06.13.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Online Quiz System Multiple Cross-Site Scripting Vulnerabilities
  • Description: Online Quiz System is a web-based quiz and examination application. Online Quiz System is prone to multiple cross-site scripting vulnerabilities. These issues are due to improper sanitization of user-supplied input.
  • Ref: http://www.securityfocus.com/bid/17255/exploit
  • 06.13.41 - CVE: CVE-2006-1399
  • Platform: Web Application - Cross Site Scripting
  • Title: Meeting Reserve SearchResult.PHP Cross-Site Scripting
  • Description: Meeting Reserve is an on-line meeting reservation application implemented in PHP. It is prone to a cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input to the "search_term" parameter of the "searchresult.php" script. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://www.securityfocus.com/bid/17256
  • 06.13.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Caloris Planitia Technologies School Management System Cross-Site Scripting
  • Description: School Management System is affected by a cross-site scripting issue due to insufficient sanitization of the "msg" parameter of the "default.asp" page. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17257
  • 06.13.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Web Host Automation Ltd. Helm Multiple Cross-Site Scripting Vulnerabilities
  • Description: Helm is a server management and hosting control application written in ASP. Helm is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. Helm version 3.2.10-beta is reported to be vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/17263/exploit
  • 06.13.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BlankOL Bol.CGI Multiple Cross-Site Scripting Vulnerabilities
  • Description: BlankOL is a solution to add services to a website. Insufficeint saniitzation of the user-supplied input to the "file" and "function" parameters of the "bol.cgi" script exposes the application to multiple cross-site scripting issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17265
  • 06.13.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Arab IT ArabPortal System Cross-Site Scripting
  • Description: ArabPortal System is a content management application written in PHP. It is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "title" parameter used in the "online.php" and "download.php" scripts. ArabPortal System version 2.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/17285/exploit
  • 06.13.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Connect Daily Multiple Cross-Site Scripting Vulnerabilities
  • Description: Connect Daily is a calendar application implemented in HTML and JavaScript. It is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to various scripts. Connect Daily versions 3.2.9 and 3.2.8 are affected.
  • Ref: http://pridels.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html
  • 06.13.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities
  • Description: AL-Caricatier is a PHP script written for Arabic language. Insufficient sanitization of the "CatName", "CaricatierID" and "CatID" parameters of the "view_caricatier.php" script exposes the application to multiple cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/17289
  • 06.13.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPKIT Cross-Site Scripting
  • Description: PHPKIT is a content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "error" parameter of the "include.php" script. PHPKIT version 1.6.03 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/429249
  • 06.13.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Script Index Search Parameter Cross-Site Scripting
  • Description: PHP Script Index is a directory indexing and file management application. It is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "search" parameter.
  • Ref: http://www.securityfocus.com/bid/17297
  • 06.13.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Classifieds Search.PHP Cross-Site Scripting
  • Description: PHP Classifieds is a classified advertisement application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "searchword" parameter of the "search.php" script. PHP Classifieds versions 6.18 and 6.20 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17305/info
  • 06.13.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PhxContacts Login.PHP Cross-Site Scripting
  • Description: PhxContacts is an address-book application written in PHP. PhxContacts is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "m" parameter of the "login.php" script. PhxContacts versions 0.93.1 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/17307
  • 06.13.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EzASPSite Default.ASP SQL Injection
  • Description: EzASPSite is a web-based application that is used to create ASP-driven websites. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "Scheme" parameter of the "Default.asp" script. EzASPSite versions 2.0 RC3 and earlier are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/17309
  • 06.13.53 - CVE: CVE-2006-1544
  • Platform: Web Application - Cross Site Scripting
  • Title: VNews Multiple Cross-Site Scripting
  • Description: VNews is a news readers application, written in PHP. VNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the "autorkomentarza" and "tresckomentarza" parameters of the "news.php" script.
  • Ref: http://evuln.com/vulns/112/summary.html
  • 06.13.54 - CVE: CVE-2006-0841
  • Platform: Web Application - Cross Site Scripting
  • Title: Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Mantis is bug-tracking software. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "start_day", "start_year" and "start_month" parameters of the "view_all_set.php" script. Mantis versions 1.0.1 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/mantis-xss-vuln.html
  • 06.13.55 - CVE: CVE-2006-0540
  • Platform: Web Application - SQL Injection
  • Title: Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection
  • Description: VSNS Lemon is a weblog application implemented in PHP. Lemon is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "id" parameter of the "functions/final_functions.php" script.
  • Ref: http://evuln.com/vulns/106/description.html
  • 06.13.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhpCollab Sendpassword.PHP SQL Injection
  • Description: PhpCollab is a collaboration and project management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "loginForm" parameter of the "sendpassword.php" script. PHPCollab versions 2.5.rc3 and earlier are vulnerable.
  • Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_
    SQLINJ.php
  • 06.13.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
  • Description: couponZONE is a web-based coupon management application. It is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input. Specifically, data passed to the "companyid", "scat" and "coid" parameters of the "local.cfm" script is not properly sanitized. couponZONE 4.2 is reported to be vulnerable; other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/17274/exploit
  • 06.13.58 - CVE: CVE-2006-1395
  • Platform: Web Application - SQL Injection
  • Title: Cholod MySQL Based Message Board Mb.CGI SQL Injection
  • Description: Cholod MySQL Based Message Board is a web-based message board application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "action" parameter of the "mb.cgi" script. All versions of Cholod.com MySQL Based Message Board are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17224/info
  • 06.13.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Ticket Search.PHP SQL Injection
  • Description: PHP Ticket is a ticketing application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "search.php" script. PHP Ticket versions 0.71 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17229
  • 06.13.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPBookingCalendar Details_View.PHP SQL Injection
  • Description: phpBookingCalendar is a booking calendar application implemented in PHP. Insufficient sanitization of the "event_id" variable of the "details_view.php" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17230
  • 06.13.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Nuked-Klan Index.PHP SQL Injection
  • Description: Nuked-Klan is a content management system. Insufficient sanitization of the "index.php" script exposes the application to SQL injcetion issues. Nuked-Klan version 1.7.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17233
  • 06.13.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SaphpLesson Print.PHP SQL Injection
  • Description: SaphpLesson is a web-based tutoring application implemented in PHP. SaphpLesson is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input. Specifically, data passed to the "lessid" parameter of the "print.php" script is not properly sanitized. SaphpLesson version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17239/exploit
  • 06.13.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AkoComment akocomment.PHP Multiple SQL Injection Vulnerabilities
  • Description: AkoComment is an add-on for the Mambo and Joomla content management system. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "acname" and "contentid" parameters of the "akocomment.php" script. AkoComment version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/428893
  • 06.13.64 - CVE: CVE-2006-1334
  • Platform: Web Application - SQL Injection
  • Title: Maian Weblog Multiple SQL Injection Vulnerabilities
  • Description: Maian Weblog is a web blog application written in PHP. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input. Specifically, the application fails to sanitize user-supplied input to the "entry" parameter of the "print.php" script and the "email" parameter of the "mail.php" script before using that input in SQL queries. Maian Weblog version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17247/exploit
  • 06.13.65 - CVE: CVE-2006-1426
  • Platform: Web Application - SQL Injection
  • Title: Pixel Motion Multiple SQL Injection Vulnerabilities
  • Description: Pixel Motion is a web blog application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "date" and "pass" parameters of the "admin/index.php" script. All versions of Pixel Motion are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/1135
  • 06.13.66 - CVE: CVE-2006-1238
  • Platform: Web Application - SQL Injection
  • Title: DSLogin Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: DSLogin is a web-based application implemented in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "log_userid" parameter in the "index.php" and "admin/index.php" scripts. All current versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17262
  • 06.13.67 - CVE: CVE-2006-1495
  • Platform: Web Application - SQL Injection
  • Title: NetOffice Sendpassword.PHP SQL Injection
  • Description: NetOffice is a collaboration and project management application implemented in PHP. NetOffice is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "loginForm" parameter of the "sendpassword.php" script.
  • Ref: http://www.securityfocus.com/bid/17286
  • 06.13.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OneOrZero Helpdesk Index.PHP SQL Injection
  • Description: OneOrZero Helpdesk is a web-based helpdesk application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "index.php" script. OneOrZero Helpdesk version 1.6.3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17298/info
  • 06.13.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tilde CMS Index.PHP SQL Injection
  • Description: Tilde CMS is a content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "index.php" script. Tilde CMS version 3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17299
  • 06.13.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Null News Multiple SQL Injection Vulnerabilities
  • Description: Null News is a web-based news application, written in PHP. The application is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. Null News version 2005.07.27 is reported to be vulnerable. Other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/17300
  • 06.13.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpNewsManager Multiple SQL Injection Vulnerabilities
  • Description: phpNewsManager is a script for managing news for websites. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to the "browse.php", "category.php", "gallery.php" and "poll.php" scripts. phpNewsManager version 1.48 is vulnerable.
  • Ref: http://evuln.com/vulns/110/summary.html
  • 06.13.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vCounter vCounter.PHP SQL Injection
  • Description: vCounter is an application which counts visits to a web site. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "REQUEST_URI" header which is passed through the "url" parameter of the "vCounter.php" script. vCounter version 1.0 is reported to be affected.
  • Ref: http://www.securityfocus.com/bid/17302
  • 06.13.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sourceworkshop Newsletter Newsletter.PHP SQL Injection
  • Description: Newsletter is a simple newsletter application implemented in PHP. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input. Specifically, data passed through the "newsletteremail" parameter of the "newsletter.php" script. Newsletter version 1.0 is reported to be affected. Other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/17304
  • 06.13.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhxContacts Multiple SQL Injection Vulnerabilities
  • Description: PhxContacts is an address book application. It is vulnerable to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to parameters such as "motclef", "nbr_line_view" and "id_contact". PhxContacts versions 0.93.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/429259
  • 06.13.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VNews Multiple SQL Injection Vulnerabilities
  • Description: VNews is a web-based news application written in PHP. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. VNews version 1.2 is reported to be vulnerable. Other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/17316
  • 06.13.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-Changer Multiple SQL Injection Vulnerabilities
  • Description: X-Changer is a currency exchange-rate calculator written in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "from", "into" and "id" parameters of the "index.php" script. X-Changer version 0.20 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/17322
  • 06.13.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: O2PHP Oxygen Post.PHP SQL Injection
  • Description: Oxygen is a bulletin-board application written in PHP. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input. Specifically, the application fails to sanitize data passed through the "id" parameter of the "post.php" script. Oxygen versions 1.1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17324/exploit
  • 06.13.78 - CVE: Not Available2005.07.01 is reported to be vulnerable. Other versions may beaffected as well.
  • Platform: Web Application - SQL Injection
  • Title: qliteNews Multiple SQL Injection Vulnerabilities
  • Description: qliteNews is a web-based news application written in PHP. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. Specifically, the application fails to sanitize input to the "username" and "password" parameters of the "loginprocess.php" script. qliteNews version
  • Ref: http://www.securityfocus.com/bid/17333
  • 06.13.79 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki Encoded Page Link HTML Injection
  • Description: MediaWiki is a wiki application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the encoded page links. MediaWiki version 1.5.7 is vulnerable.
  • Ref: http://www.mediawiki.org/wiki/MediaWiki
  • 06.13.80 - CVE: CVE-2006-1485
  • Platform: Web Application
  • Title: Noah Grey Greymatter Arbitrary File Upload
  • Description: Greymatter is a web-based log and journal maintenance system. It is prone to an arbitrary file upload vulnerability due to insufficient sanitization of user-supplied input to the "gm-upload.cgi" script. Greymatter versions 1.21d and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17271
  • 06.13.81 - CVE: CVE-2006-1486
  • Platform: Web Application
  • Title: RealestateZONE Multiple Cross-Site Scripting Vulnerabilities
  • Description: RealestateZONE is a real estate management solution. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "bamin", "bemin", "pmin", and "state" parameters of "index.cfm". FusionZONE RealestateZONE version 4.2 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html
  • 06.13.82 - CVE: CVE-2006-1480
  • Platform: Web Application
  • Title: WEBalbum Remote Command Execution
  • Description: WEBalbum is a web application written in PHP. It is prone to a remote command execution vulnerability because the application fails to adequately sanitize paths contained in cookies before using them in includes. An attacker can connect to a vulnerable server using a malicious cookie in order to have arbitrary commands included in the webserver's Apache log files. WEBalbum version 2.02pl is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17228
  • 06.13.83 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
  • Description: phpAdsNew is a web-based banner ad management application and phpPgAds is a port of phpAdsNew designed to utilize a PostgreSQL database backend. Insufficient sanitization of user-supplied input exposes these applications to multiple HTML injection and cross-site scripting issues. phpAdsNew version 2.0.8 has been released to fix the issue.
  • Ref: http://www.securityfocus.com/bid/17251
  • 06.13.84 - CVE: Not Available
  • Platform: Web Application
  • Title: TFT Gallery Administrator Password Information Disclosure
  • Description: TFT Gallery is an image gallery application implemented in PHP. It is prone to an information disclosure vulnerability due to improper access validation before granting access to sensitive and privileged information like the administrative username and encrypted password in the file "admin/passwd". All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17250
  • 06.13.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Xigla Absolute Live Support XE Multiple HTML Injection Vulnerabilities
  • Description: Xigla Absolute Live Support XE is a customer and technical support application implemented in ASP. It is prone to HTML injection vulnerabilities due to improper sanitization of user-supplied input. Specifically, the "Screen name" and "Session Topic" input fields of the registration page are not properly sanitized. Xigla Absolute Live Support XE versions 2.0 and prior are vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2006/03/absolute-live-support-xe-v20-xss-vuln.html
  • 06.13.86 - CVE: Not Available
  • Platform: Web Application
  • Title: TWiki Remote Denial Of Service
  • Description: TWiki is a web-based wiki application. It is prone to a remote denial of service vulnerability. This issue is due to a design error. TWiki versions 20040903 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17267
  • 06.13.87 - CVE: CVE-2006-1386
  • Platform: Web Application
  • Title: TWiki Remote Information Disclosure
  • Description: TWiki is a web log application. It is vulnerable to an information disclosure issue due to insufficient sanitization of user-supplied input to the "rdiff" and "preview" scripts. TWiki versions 20040903 and earlier are vulnerable.
  • Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
  • 06.13.88 - CVE: Not Available
  • Platform: Web Application
  • Title: VWar Functions_install.PHP Remote File Include
  • Description: VWar is a team organizer application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "vwar_root" variable of "functions_install.php". VWar versions 1.5.0 and earlier are vulnerable.
  • Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/VWar_1.5.0_RCE.php
  • 06.13.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Help Viewer Remote PHP Code Execution
  • Description: Horde is a web application framework, written in PHP. Horde is prone to a remote PHP code execution vulnerability due to a lack of proper sanitization of user-supplied input to the "Help Viewer" section of the application, when viewing the "About" dialog. Horde versions 3.0 up to 3.0.9 and 3.1.0 are vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/17292
  • 06.13.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Explorer XP Multiple Input Validation Vulnerabilities
  • Description: Explorer XP is a web-based file explorer. Insufficient sanitization of user-supplied input to the "chemin" parameter of the "dir.php" script exposes the application to script injection and cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/17303
  • 06.13.91 - CVE: CAN-2006-1477
  • Platform: Web Application
  • Title: PHP Live Helper Multiple Remote File Include Vulnerabilities
  • Description: Turnkeywebtools PHP Live Helper is a customer and technical support application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of the "abs_path" parameter. Turnkeywebtools PHP Live Helper version 1.8 is vulnerable.
  • Ref: http://www.worlddefacers.de/Public/WD-TMPLH.txt
  • 06.13.92 - CVE: Not Available
  • Platform: Web Application
  • Title: VWar Functions_Admin.PHP Remote File Include
  • Description: VWar is a team organizer application. Insufficient sanitization of the "functions_admin.php" script exposes the application to a file include issue. VWar versions 1.4 and 1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/17315
  • 06.13.93 - CVE: Not Available
  • Platform: Web Application
  • Title: VBook multiple Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: VBook is an application that counts visits to a web site. It is vulnerable to multiple cross-site scripting and SQL injection issues due to insufficient sanitization of user-supplied input to such parameters as "x", "author", "email", "www", "temat", and "tresc" of the "index.php" script. VBook version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17320/info
  • 06.13.94 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaSlash Gallery Index.PHP Remote File Include
  • Description: MediaSlash Gallery is an image-gallery application. Insufficient sanitization of the "rub" variable in the "index.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/17323
  • 06.13.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Mon Album Multiple SQL Injection Vulnerabilities
  • Description: Mon Album is a photo album application written in PHP. The application is prone to multiple SQL injection vulnerabilities as it fails to properly sanitize user-supplied input. Specifically, the application fails to sanitize input to the "pc" parameter of the "index.php" script, and the "pnom", "pcourriel" and "pcommentaire" parameters of the "image_agrandir.php" script. Mon Album version 0.8.7 is reported to be vulnerable; other versions may be affected as well.
  • Ref: http://www.securityfocus.com/archive/1/429475

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS always provides the best training and trainers with a vast amount of knowledge.
-Mike Brennan, SSIC

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP