Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 16
April 24, 2006

SANS Newsletters Home

More than 100 new vulnerabilities were uncovered last week. The most important are associated with Apple Mac OS/X, Oracle, and Symantec. This week brings more evidence of the intensity with which security researchers and attackers are going after vulnerabilities file parsing code.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Microsoft
    • 0 (#4)
    • Third Party Windows Apps
    • 1
    • Mac Os
    • 2 (#3)
    • Linux
    • 6
    • Aix
    • 1
    • Unix
    • 2
    • Cross Platform
    • 5 (#1, #2)
    • Web Application - Cross Site Scripting
    • 33
    • Web Application - SQL Injection
    • 17
    • Web Application
    • 35
    • Network Device
    • 3
    • Hardware
    • 1

******* Sponsored By Blue Coat Systems, Inc. (formerly Permeo Technologies) ********

New security ebook on Information Theft Prevention

In The Definitive Guide to Information Theft Prevention, security author Dan Sullivan provides advice on information protection and privacy regulations; how to tackle threats from unmanaged devices; how to secure managed devices; and how to leverage new security technologies. This guide also discusses risk management, incident responses and emerging best practices around information security. Download it now! http://www.sans.org/info.php?id=1120

********************************************************************************

"SANS has the highest quality instructors and the most relevant, current information of any training I have attended." (Melodee McHone, Hallmark)

SANS offers the industry's best courses and extraordinary faculty, offering authoritative up-to-the-minute material that shows you how to do the job and gives you the confidence to go back and do it immediately.

SANS Security Essentials, Hacker Exploits, System Forensics, Intrusion Detection, Auditing, plus training for CISSP exam and all Technical certification required for DoD 8570.

Join 600 security professionals in San Diego in May for SANS best instructors, a great security product expo, and evening networking and new technology sessions. Bonus: Smaller classes than the national conferences: Register today: http://www.sans.org/security06/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

**************************** Sponsored Links: **********************************

1) Free SANS WhatWorks in Intrusion Prevention Systems Webcast "Low- Maintenance Security" Tuesday, April 25 at 1:00 PM EDT (1700 UTC/GMT)

http://www.sans.org/info.php?id=1121

2) "From Logs to Logic: Turning Log Piles into Log Intelligence" a Free SANS Tool Talk Webcast this week! Wednesday, April 26 at 1:00 PM EDT (1700 UTC/GMT)

http://www.sans.org/info.php?id=1122

********************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4986 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.16.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP StorageWorks Secure Path for Windows Remote Denial of Service
  • Description: HP StorageWorks Secure Path for Windows provides data access for RAID storage systems on Windows 2003, Windows 2000 and Windows NT platforms. It is affected by a remote denial of service vulnerability due to which a remote unauthenticated attacker may cause the application to become unresponsive, denying service to legitimate users. HP StorageWorks Secure Path for Windows version 4.0C-SP2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17638
  • 06.16.2 - CVE: Not Available
  • Platform: Mac Os
  • Title: Symantec LiveUpdate for Macintosh Local Privilege Escalation
  • Description: Symantec products contain a feature called LiveUpdate that checks for new virus definitions and product updates over the Internet. LiveUpdate is affected by a local privilege escalation issue due to a failure of the application to properly utilize the PATH environment variable. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17571
  • 06.16.3 - CVE: Not Available
  • Platform: Mac Os
  • Title: Mac OS X Multiple Security Vulnerabilities
  • Description: Apple Mac OS X as well as Safari, Preview, Finder, QuickTime and BOMArchiveHelper are reported vulnerable to multiple security issues. Vulnerabilites range from heap overflow to denial of service. Apple OS X versions 10.4.6 and earlier are vulnerable. See the reference list for further details.
  • Ref: http://www.security-protocols.com/modules.php?name=News&file=article&sid
    =3233
  • 06.16.4 - CVE: CVE-2006-0744
  • Platform: Linux
  • Title: Linux Kernel Intel EM64T SYSRET Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service vulnerability. This issue presents itself in Intel EM64T CPUs when program control is returned using SYSRET. Specifically, the Intel EM64T CPU processes uncanonical return addresses differently from an AMD CPU. Linux kernel version 2.6.16.5 fixes this issue.
  • Ref: http://www.securityfocus.com/bid/17541
  • 06.16.5 - CVE: Not Available
  • Platform: Linux
  • Title: Avast! Linux Home Edition Insecure Temporary File Creation
  • Description: Avast! Linux Home Edition is an antivirus application. It creates temporary files in an insecure manner when scanning for malicious code. Avast! Linux Home Edition versions 1.0.5 and 1.0.5-1 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431019
  • 06.16.6 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Shared Memory Security Restriction Bypass
  • Description: The Linux kernel is prone to a shared memory access bypass issue due to improper validation in the "ipc/shm.c" and "mm/madvice.c" files. Please see the attached advisory for a list of affected versions.
  • Ref: http://www.securityfocus.com/bid/17587
  • 06.16.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel IP_ROUTE_INPUT Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service issue due to a design error in the "ip_route_input()" function when it dereferences the "skb->nh.protocol" field. Linux kernel versions prior to 2.6.16.8 are affected.
  • Ref: http://www.securityfocus.com/bid/17593
  • 06.16.8 - CVE: CVE-2006-1296
  • Platform: Linux
  • Title: Beagle Helper Applications Arbitrary Code Execution
  • Description: Beagle is a local index application. It is vulnerable to an insecure indexing issue when dealing with helper applications. Beagle version 0.2.4 is vulnerable.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
  • 06.16.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel RCU Signal Handling
  • Description: Linux kernel is prone to a local unspecified vulnerability. This issue exists in the "__group_complete_signal" function of the RCU signal handling functionality. The affected code resides in "signal.c" and the vulnerability is caused due to improper use of "BUG_ON". Linux kernel version 2.6.16 fixes the issue.
  • Ref: http://www.securityfocus.com/bid/17640
  • 06.16.10 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX RM_MLCache_File Local File Corruption
  • Description: The IBM AIX rm_mlcache_file command may let local attackers overwrite arbitrary files leading to destruction of sensitive data and denial of service. The affected utility is included in the bos.rte.install fileset. IBM AIX versions 5.3 L and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17576
  • 06.16.11 - CVE: CVE-2006-1753
  • Platform: Unix
  • Title: FCheck Insecure Temporary File Creation
  • Description: Fcheck is a host-based intrusion detection system. The vulnerability is due to a cronjob creating temporary files with insecure file permissions. An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/17524
  • 06.16.12 - CVE: CVE-2006-1905
  • Platform: Unix
  • Title: Xine Playlist Handling Remote Format String Vulnerability
  • Description: The Xine package is a multimedia player. It is vulnerable to a remote format string issue due to insufficient handling of crafted playlist files. All versions of Xine are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431251
  • 06.16.13 - CVE: CVE-2006-1830
  • Platform: Cross Platform
  • Title: Sun Java Studio Local Privilege Escalation
  • Description: Sun Java Studio is an enterprise development platform. It is prone to a local privilege escalation vulnerability. The vulnerability presents itself when the application is installed by the superuser and it creates certain files with world-writable permissions. An unprivileged local attacker can execute arbitrary code and commands in the context of a user who invokes the application. A successful attack can facilitate privilege escalation. Sun Java Studio Enterprise 8 is vulnerable to this issue.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102292-1
  • 06.16.14 - CVE: CVE-2006-1827
  • Platform: Cross Platform
  • Title: Asterisk JPEG File Handling Integer Overflow
  • Description: Asterisk is a private branch exchange (PBX) application. It is vulnerable to an integer overflow when a JPEG file greater than 65536 bytes is processed. Asterisk versions 1.2.6 and earlier are vulnerable.
  • Ref: http://www.cipher.org.uk/index.php?p=cipher/advisories.cipher
  • 06.16.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Neon Responders Remote Clock Synchronization Denial of Service
  • Description: Neon Responders is a companion application for LANsurveyor designed to aid in network resource management. It is affected by a denial of service issue when processing specially-crafted clock synchronization requests. Neon Responders version 5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/17569
  • 06.16.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle April 2006 Security Update Multiple Vulnerabilities
  • Description: Oracle released a Critical Patch Update advisory for April 2006 to address multiple vulnerabilities. Please see the advisory for further details.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html
  • 06.16.17 - CVE: CVE-2006-1057
  • Platform: Cross Platform
  • Title: Gnome Foundation GDM .ICEauthority Improper File Permissions
  • Description: Gnome Display Manager (GDM) is a utility harnessed by Gnome to manage various functions. It is vulnerable to an improper file permissions issue because there is a race condition between the time stat() is run on the ".ICEauthority" file and when the "chown()" and "chmod()" functions are run on the file. Gnome GDM version 2.14.1 is vulnerable.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
  • 06.16.18 - CVE: CVE-2006-1889
  • Platform: Web Application - Cross Site Scripting
  • Title: Boardsolution Index.PHP Cross-Site Scripting
  • Description: Boardsolution is a web forum application. The application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. Boardsolution version 1.12 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431072
  • 06.16.19 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
  • Description: TinyPHPForum is a web-based forum application. Insufficient sanitization of the "uname" parameter of the "profile.php" script and the "name" parameter of the login script exposes the application to multiple cross-site scripting issues. TinyPHPForum version 3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/17553
  • 06.16.20 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpFaber TopSites Index.PHP Cross-Site Scripting
  • Description: phpFaber TopSites is a web-based picture gallery. Insufficient sanitization of the "page" parameter in the "index.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17542
  • 06.16.21 - CVE: CVE-2006-1826
  • Platform: Web Application - Cross Site Scripting
  • Title: Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: Snipe Gallery is a web-based image gallery application implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/431074
  • 06.16.22 - CVE: CVE-2006-1802
  • Platform: Web Application - Cross Site Scripting
  • Title: Tiny Web Gallery Index.PHP Cross-Site Scripting
  • Description: Tiny Web Gallery is a web-based picture gallery. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of the "twg_album" parameter when it is submitted to the "index.php" script. Tiny Web Gallery versions 1.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431069
  • 06.16.23 - CVE: CVE-2006-1824
  • Platform: Web Application - Cross Site Scripting
  • Title: phpGuestbook HTML Injection
  • Description: phpGuestbook is web-based guest book application. phpGuestbook is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the 'Name' and 'Comment' fields. phpGuestbook versions 1.0 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431070
  • 06.16.24 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MODxCMS Index.PHP Cross-Site Scripting
  • Description: MODxCMS is a content management application. Insufficient sanitization of the "id" parameter in the "index.php" script exposes the application to a cross-site scripting issue. MODxCMS version 0.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17532
  • 06.16.25 - CVE: CVE-2006-1822
  • Platform: Web Application - Cross Site Scripting
  • Title: FarsiNews Search.PHP Cross-Site Scripting
  • Description: FarsiNews is a news publishing system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "selected_search_arch" parameter of the "search.php" script. FarsiNews versions 2.5.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431011
  • 06.16.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ar-blog Print.PHP Cross-Site Scripting
  • Description: ar-blog is a web log application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "id" parameter of the "print.php" script. ar-blog version 5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/17522
  • 06.16.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PlanetSearch + Cross-Site Scripting
  • Description: PlanetSearch + is a search application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "search_exp" parameter when it is submitted to the "planetsearchplus.php" script. All versions of PlanetSearch + are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431033
  • 06.16.28 - CVE: CVE-2006-1808
  • Platform: Web Application - Cross Site Scripting
  • Title: LifeType Index.PHP Cross-Site Scripting
  • Description: LifeType is a web blog application written in PHP. The application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. LifeType version 1.0.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431008
  • 06.16.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Papoo Print.PHP Cross-Site Scripting
  • Description: Papoo is a website management application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "reporeid_print" parameter of the "print.php" script. Papoo versions 2.1.5 and 2.1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/17530
  • 06.16.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BoastMachine Search.PHP Cross-Site Scripting
  • Description: BoastMachine is a web-based forum application. It is vulnerable to a cross-site scripting issue due to insufficent sanitization of user-supplied input to the "search.php" script. BoastMachine version 3.0 platinum is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431120
  • 06.16.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting
  • Description: Jax Guestbook is a web forum application. Insufficient sanitization of the "jax_guestbook.php" script exposes the application to a cross-site scripting issue. Guestbook version 3.50 is affected.
  • Ref: http://www.securityfocus.com/bid/17560
  • 06.16.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Calendarix YearCal.PHP Cross-Site Scripting
  • Description: Calendarix is a web calendar application. Insufficient sanitization of the "ycyear" parameter of the "yearcal.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17562
  • 06.16.33 - CVE: CVE-2006-1903, CVE-2006-1769
  • Platform: Web Application - Cross Site Scripting
  • Title: Manila Multiple Cross-Site Scripting Vulnerabilities
  • Description: Manila is a web-based forum application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "msgReader" and "sendMail" modules. Manila version 9.0.1 is vulnerable.
  • Ref: http://www.osvdb.org/24554
  • 06.16.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Serendipity Blog Config.PHP Script Injection
  • Description: Serendipity Blog is a web log application. Serendipity Blog is prone to a PHP script execution vulnerability due to insufficient sanitization of user-supplied input to the "config.php" file. Serendipity version 1.0.beta 2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17566
  • 06.16.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: axoverzicht.cgi Cross-Site Scripting
  • Description: axoverzicht.cgi is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. All versions of axoverzicht.cgi are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17584
  • 06.16.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpLinks Index.PHP Cross-Site Scripting
  • Description: phpLinks is a web link management application. Insufficient sanitization of the "term" parameter of the "index.php" script exposes the application to a cross-site scripting issue. phpLinks version 2.1.3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17586
  • 06.16.37 - CVE: CVE-2006-1906
  • Platform: Web Application - Cross Site Scripting
  • Title: phpLister Index.PHP Cross-Site Scripting
  • Description: phpLister is a web-based file management application. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. phpLister version 0.4.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431308
  • 06.16.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CutePHP CuteNews Editnews Module Cross-Site Scripting
  • Description: CuteNews is a news management system. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "source" parameter of the "editnews" module. CuteNews version 1.4.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17592
  • 06.16.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Visale Multiple Cross-Site Scripting Vulnerabilities
  • Description: Visale is a web-based classified advertising application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "pbpgst.cgi", "pblscg.cgi" and the "pblsmb.cgi" scripts. Visale versions 1.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/visale-xss-vuln.html
  • 06.16.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CommuniMail Multiple Cross-Site Scripting Vulnerabilities
  • Description: CommuniMail is a mailing list manager and newsletter script. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. CommuniMail version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/17602
  • 06.16.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco Wireless LAN Engine ArchiveApplyDisplay.JSP Cross-Site Scripting
  • Description: CiscoWorks Wireless LAN Solution Engine (WLSE) is a centralized systems-level application for managing and controlling an entire autonomous Cisco WLAN infrastructure. Insufficient sanitization of the "displayMsg" parameter of the "/wlse/configure/archive/archiveApplyDisplay.jsp" script exposes the application to a cross-site scripting issue. Cisco Wireless Lan Solution Engine Express version 2.13 resolves the issue.
  • Ref: http://www.securityfocus.com/bid/17604
  • 06.16.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IntelliLink Pro Multiple Cross-Site Scripting Vulnerabilities
  • Description: IntelliLink Pro is a link exchange application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17605
  • 06.16.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ContentBoxx Login.PHP Cross-Site Scripting
  • Description: ContentBoxx is a content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "action" parameter of the "login.php" script. All versions of ContentBoxx are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431386
  • 06.16.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BannerFarm Multiple Cross-Site Scripting Vulnerabilities
  • Description: BannerFarm is a banner advertisement exchange application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "aff" and "cat" parameters of the "banners.cgi" script. BannerFarm versions 2.3 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/bannerfarm-xss-vuln.html
  • 06.16.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Net Clubs Pro Multiple Cross-Site Scripting Vulnerabilities
  • Description: Net Clubs Pro is a web-based portal. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. Net Clubs Pro version 4.0 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html
  • 06.16.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EasyGallery EasyGallery.PHP Cross-Site Scripting
  • Description: EasyGallery is a web-based image gallery application implemented in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "order" parameter of the "EasyGallery.php" script. EasyGallery version 1.17 is affected.
  • Ref: http://www.securityfocus.com/bid/17624
  • 06.16.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: 4homepages 4images Member.PHP Cross-Site Scripting
  • Description: 4images is a web-based image gallery. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "user_id" URI parameter of the "member.php" script. 4images versions 1.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17625/info
  • 06.16.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: W2B Online Banking SID Parameter Cross-Site Scripting
  • Description: W2B Online Banking is an application suite for managing banking information. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "SID" parameter. All versions of W2B Online Banking are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/w2b-online-banking-vuln.html
  • 06.16.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ThWboard Index.PHP Cross-Site Scripting
  • Description: ThWboard is a message board application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "navpath" URI parameter of the "index.php" script. ThWboard 3 version Beta 2.84 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431509
  • 06.16.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Portal Pack Multiple Cross-Site Scripting Vulnerabilities
  • Description: Portal Pack is a web-based portal. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input. Portal Pack versions 6.0 and prior are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/portal-pack-6-xss-vuln.html
  • 06.16.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlackOrpheus Member.PHP SQL Injection
  • Description: BlackOrpheus is a web-based application used to manage site members. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "userID" parameter of the "member.php" script. BlackOrpheus version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17558/info
  • 06.16.52 - CVE: CVE-2006-1798
  • Platform: Web Application - SQL Injection
  • Title: RateIt Rateit.PHP SQL Injection
  • Description: RateIt is a web-based rating system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "rateit_id" parameter of the "rateit.php" script. RateIt version 2.2 is vulnerable.
  • Ref: http://evuln.com/vulns/124/summary.html
  • 06.16.53 - CVE: CVE-2006-1805
  • Platform: Web Application - SQL Injection
  • Title: PowerClan Member.PHP SQL Injection
  • Description: PowerClan is a web-based portal. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "memberid" parameter of the "member.php" script. PowerClan version 1.14 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431005
  • 06.16.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlexBB Index.PHP SQL Injection
  • Description: FlexBB is a bulletin board application. Insufficient sanitization of the "flexbb_username" parameter of the "index.php" script exposes the application to an SQL injection issue. FlexBB version 0.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/17568
  • 06.16.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Article Publisher Pro Multiple SQL Injection Vulnerabilities
  • Description: Article Publisher Pro is a document publishing application. Insufficient sanitization of the the "cname" parameter of the "category.php" script and "art_id" parameter of the "articles.php" script exposes the application to multiple SQL injection issues. Article Publisher Pro version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17595
  • 06.16.56 - CVE: CVE-2006-1853
  • Platform: Web Application - SQL Injection
  • Title: ModernGigabyte ModernBill User.PHP SQL Injection
  • Description: ModernBill is a web-based hosting application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "ID" parameter of the "user.php" script. ModernGigabyte ModernBill versions 4.3.2 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html
  • 06.16.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PMTool Index.PHP SQL Injection
  • Description: PMTool is web-based project management software. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input of the "order" parameter. PMTool version 1.2.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17599/info
  • 06.16.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ThWboard Showtopic.PHP SQL Injection
  • Description: ThWboard is web-based bulletin board software. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "pagenum" parameter of the "showtopic.php" script. Thwboard Beta versions 2.84 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431354
  • 06.16.59 - CVE: CVE-2006-1899
  • Platform: Web Application - SQL Injection
  • Title: Neuron Blog Multiple SQL Injection Vulnerabilities
  • Description: Neuron Blog is a weblog application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "commentname", "commentmail", "commentwebsite", and "comment" parameters of the "pages/addcomment2.php" script. Neuron Blog versions 1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17608/info
  • 06.16.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WWWThread Multiple SQL Injection Vulnerabilities
  • Description: WWWThread is a message board application. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. WWWThreads version RC3 is affected.
  • Ref: http://www.securityfocus.com/bid/17615
  • 06.16.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AspSitem Haberler.ASP SQL Injection
  • Description: AspSitem is prone to an SQL injection issue due to insufficient sanitization of the "id" parameter in the "Haberler.asp" script. AspSitem version 1.83 is affected.
  • Ref: http://www.securityfocus.com/bid/17616
  • 06.16.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Plexum Multiple SQL Injection Vulnerabilities
  • Description: Plexum is a document publishing application. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "pagesize", "maxrec" and "startpos" parameters of the "plexum.php" script. Plexum version X5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17617
  • 06.16.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AWStats AWstats.PL Cross-Site Scripting
  • Description: AWStats is a server traffic statistics application. It is prone to a cross-site scripting vulnerability. Specifically, this issue affects the "config" URI parameter of the "awstats.pl" script. AWStats versions 6.5 (build 1.857) and prior are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/awstats-65-vuln.html
  • 06.16.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PCPIN Chat Main.PHP SQL Injection
  • Description: PCPIN Chat is website statistics software. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "login" parameter of the "main.php" script. PCPIN Chat version 5.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/17632
  • 06.16.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPSurveyor SurveyID Parameter SQL Injection
  • Description: PHPSurveyor is a web-based application for performing online surveys. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "surveyid" cookie parameter in the "save.php" script. PHPSurveyor version 0.995 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431508
  • 06.16.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mini-NUKE Pages.ASP SQL Injection
  • Description: Mini-NUKE is a content management application. Mini-NUKE is prone to an SQL injection vulnerability due to insufficient sanitization of the "id" parameter in the "pages.asp" script. Mini-NUKE version 2.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17636
  • 06.16.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bloggage Check_login.ASP Multiple SQL Injection Vulnerabilities
  • Description: Bloggage is a web log application. Insufficient sanitization of the "acc_name" and "password" parameters of the "check_login.asp" script exposes the application to an SQL injection issue. All versions of Bloggage are vunerable.
  • Ref: http://www.securityfocus.com/bid/17639
  • 06.16.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Neuron Blog Multiple HTML Injection Vulnerabilities
  • Description: Neuron Blog is a web blog application. It is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of user-supplied input to the "name" and "website" fields when creating a new comment. Neuron Blog versions 1.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17552
  • 06.16.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Blursoft Blur6ex Index.PHP Local File Include
  • Description: Blur6ex is a web-based blog and content management system (CMS) implemented in PHP. Blur6ex is prone to a local file include vulnerability. All versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/431284
  • 06.16.70 - CVE: CVE-2006-1806, CVE-2006-1807
  • Platform: Web Application
  • Title: MusicBox Multiple Input Validation Vulnerabilities
  • Description: MusicBox is a web-based application. It is vulnerable to multiple input validation issues such as cross-site scripting and SQL injection. This is due to insufficient sanitization of user-supplied input to the "index.php" script. MusicBox versions 2.3.3 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/musicbox-vuln.html
  • 06.16.71 - CVE: CVE-2006-1781
  • Platform: Web Application
  • Title: Monster Top List Functions.PHP Remote File Include
  • Description: Monster Top List is a web-based topsite script. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "root_path" variable of "sources/functions.php". Monster Top List version 1.4 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/monstertoplist.html
  • 06.16.72 - CVE: Not Available
  • Platform: Web Application
  • Title: ShoutBOOK Multiple HTML Injection Vulnerabilities
  • Description: ShoutBOOK is a bulletin board application. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input to the "Name" and "Comments" fields when creating a new message. ShoutBOOK versions 1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431130
  • 06.16.73 - CVE: Not Available
  • Platform: Web Application
  • Title: FlexBB Multiple HTML Injection Vulnerabilities
  • Description: FlexBB is a bulletin board application. It is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of user-supplied input to the thread name field when creating a new thread and a reply to any thread. FlexBB versions 0.5.7 BETA and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17539
  • 06.16.74 - CVE: Not Available
  • Platform: Web Application
  • Title: MODxCMS Index.PHP Directory Traversal
  • Description: MODxCMS is a content management system (CMS) implemented in PHP. MODxCMS is prone to a directory traversal vulnerability. The problem occurs with specially-crafted HTTP GET requests containing directory traversal strings supplied through the "id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/431010
  • 06.16.75 - CVE: CVE-2006-1551, CVE-2006-1789
  • Platform: Web Application
  • Title: PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
  • Description: PAJAX is a framework that is used to create remote asynchronous PHP objects in JavaScript. It is vulnerable to multiple remote PHP code execution issues due to insufficient sanitization of user-supplied data by the application. PAJAX versions 0.5.1 and earlier are vulnerable.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0270.html
  • 06.16.76 - CVE: CVE-2006-1817
  • Platform: Web Application
  • Title: Warforge.NEWS Multiple Input Validation Vulnerabilities
  • Description: Warforge.NEWS is a web-based news management application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "myaccounts.php" and "authcheck.php" scripts. Warforge.NEWS version 1.0 is vulnerable.
  • Ref: http://evuln.com/vulns/125/summary.html
  • 06.16.77 - CVE: CVE-2006-1819
  • Platform: Web Application
  • Title: PHPWebSite Config.PHP File Include
  • Description: PHPWebSite is prone to a remote and local file include vulnerability. The "hub_dir" parameter of "config.php" is not properly sanitized, allowing attackers to specify local file includes. PHPWebSite versions 0.10.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/17521
  • 06.16.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Sysinfo Multiple Input Validation Vulnerabilities
  • Description: Sysinfo is affected by multiple input validation issues. The application fails to sanitize user-supplied input to the "name" parameter of the "sysinfo.cgi" script exposing itself to an arbitrary shell commands execution issue. Insufficient sanitization of the "debugger" option can allow remote attackers to obtain the installation path. Sysinfo version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/17523
  • 06.16.79 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAlbum Language.PHP File Include
  • Description: PHPAlbum is a web-based photo album. It is vulnerable to a remote file include issue due to insufficient sanitization of the "data_dir" parameter of the "language.php" script. PHPAlbum versions 0.3.2.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17526/info
  • 06.16.80 - CVE: Not Available
  • Platform: Web Application
  • Title: BetaBoard User Profile HTML Injection
  • Description: BetaBoard is a web-based guest book application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to unspecified fields on a "User Profile" page. BetaBoard version 0.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431116
  • 06.16.81 - CVE: CVE-2006-1813
  • Platform: Web Application
  • Title: phpWebFTP Index.PHP Directory Traversal
  • Description: phpWebFTP is a web-based file transfer application designed to forward FTP traffic over HTTP to bypass firewall settings. phpWebFTP is prone to a directory traversal vulnerability. The problem occurs with specially-crafted HTTP POST requests containing directory traversal strings supplied through the "index.php" script. phpWebFTP version 3.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431115
  • 06.16.82 - CVE: Not Available
  • Platform: Web Application
  • Title: DbbS Multiple Input Validation Vulnerabilities
  • Description: DbbS is a bulletin board application. It is prone to multiple input validation vulnerabilities because the application fails to properly sanitize user-supplied input. DbbS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/17559
  • 06.16.83 - CVE: Not Available
  • Platform: Web Application
  • Title: phpGraphy Index.PHP Unauthorized Access
  • Description: phpGraphy is an image gallery application. It is prone to an unauthorized access vulnerability due to improper validation of credentials before granting access to sensitive scripts. phpGraphy version 0.9.12 fixes these issues.
  • Ref: http://www.securityfocus.com/bid/17567
  • 06.16.84 - CVE: CVE-2006-0873
  • Platform: Web Application
  • Title: Coppermine Index.PHP Local File Include
  • Description: Coppermine is a web-based image gallery application. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "index.php" script. Coppermine version 1.4.4 is vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/0669
  • 06.16.85 - CVE: CVE-2006-1837, CVE-2006-1838
  • Platform: Web Application
  • Title: Fuju News SQL Injection and Authentication Bypass Vulnerabilities
  • Description: Fuju News is a web-based news application. It is vulnerable to an SQL injection and Authentication Bypass issue due to a design flaw and insufficient sanitization of user-supplied input. Fuju News version 1.0 is vulnerable.
  • Ref: http://milw0rm.com/exploits/1682
  • 06.16.86 - CVE: CVE-2006-1895
  • Platform: Web Application
  • Title: phpBB BBCode.TPL PHP Code Execution
  • Description: phpBB is a bulletin board application. It is vulnerable to an arbitrary PHP code execution issue because the "includes/bbcode.php" script does not properly sanitize user template files. phpBB version 2.0.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17573
  • 06.16.87 - CVE: CVE-2006-1810, CVE-2006-1811
  • Platform: Web Application
  • Title: FlexBB Multiple Input Validation Vulnerabilities
  • Description: FlexBB is a web-based bulletin board application implemented in PHP. FlexBB is prone to multiple HTML and SQL injection vulnerabilities. Version 0.5.5 of FlexBB is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431121
  • 06.16.88 - CVE: Not Available
  • Platform: Web Application
  • Title: myEvent Multiple Remote File Include Vulnerabilities
  • Description: myEvent is a web-based event application. It is prone to multiple remote file include vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. myEvent version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17575
  • 06.16.89 - CVE: CVE-2006-1890
  • Platform: Web Application
  • Title: myEvent Multiple Input Validation Vulnerabilities
  • Description: myEvent is a web-based event application. It is vulnerable to multiple input validation issues such as cross-site scripting and SQL injection. This is due to insufficient sanitization of user-supplied input. myEvent version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17580/info
  • 06.16.90 - CVE: Not Available
  • Platform: Web Application
  • Title: RechnungsZentrale V2 Authent.PHP4 SQL Injection and Remote File Include
  • Description: RechnungsZentrale V2 is a billing application. It is vulnerable to an SQL injection and remote file include issue due to insufficient sanitization of user-supplied input to the "authent.php4" script. RechnungsZentrale V2 versions 1.1.3 and earlier are vulnerable.
  • Ref: http://www.g-0.org/code/rz2-adv.html
  • 06.16.91 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Net Tools Nettools.PHPArbitrary Shell Command Execution
  • Description: PHP Net Tools is a PHP application for gathering and recording network statistics. It is prone to an arbitrary command execution vulnerability. An attacker can inject and execute arbitrary shell commands through use of the pipe "|" character. This issue affects PHP Net Tools version 2.7.1.
  • Ref: http://www.securityfocus.com/bid/17601
  • 06.16.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Dubelu PhpGuestboo HTML Injection Vulnerability
  • Description: Dubelu PhpGuestbook is a web-based guest book application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the "Name", "Website", and "Comment" fields in the "PhpGuestbook.php" script. Dubelu PhpGuestbook versions 1.0 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html
  • 06.16.93 - CVE: Not Available
  • Platform: Web Application
  • Title: ActualScripts ActualAnalyzer Direct.PHP Remote File Include
  • Description: ActualAnalyzer is a web-based application that collects site statistics. It is prone to a remote file include vulnerability. ActualAnalyzer versions 8.23 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431351
  • 06.16.94 - CVE: CVE-2006-1849, CVE-2006-1850
  • Platform: Web Application
  • Title: xFlow Multiple Input Validation Vulnerabilities
  • Description: xFlow is web-based membership management software. xFlow is prone to multiple SQL injection and cross-site scripting vulnerabilities. xFlow version 5.46.11 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html
  • 06.16.95 - CVE: Not Available
  • Platform: Web Application
  • Title: TotalCalendar Multiple Remote File Include Vulnerabilities
  • Description: TotalCalendar is a web-based calendar application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "inc_dir" variable of the "about.php" and "auth.php" scripts. All versions of TotalCalendar are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/totalcalendar-remote-code-execution.html
  • 06.16.96 - CVE: CVE-2006-1848, CVE-2006-0713
  • Platform: Web Application
  • Title: LinPHA Multiple Unspecified Input Validation Vulnerabilities
  • Description: LinPHA is a web-based photo gallery application. It is vulnerable to multiple input validation issues such as cross-site scripting and SQL injection. This is due to insufficient sanitization of user-supplied input. LinPHA versions 1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17619/info
  • 06.16.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Internet Photoshow Index.PHP Remote File Include
  • Description: Internet Photoshow is a web-based photo gallery application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "page" variable of "index.php". All versions of Interactive Webdesign Internet Photoshop are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17620/info
  • 06.16.98 - CVE: Not Available
  • Platform: Web Application
  • Title: I-RATER Platinum Common.PHP Remote File Include
  • Description: I-RATER Platinum is a web-based image rating script. It is affected by a remote file include issue due to a failure in the application to sanitize user-supplied input to the "include_path" variable of the "common.php" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17623
  • 06.16.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Manic Web MWGuest MWguest.PHP HTML Injection
  • Description: MWGuest is a web-based guest book application. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "Homepage" field in the "mwguest.php" script. Manic Web MWGuest version 2.1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17630
  • 06.16.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Asterisk Recording Interface Audio.PHP Information Disclosure
  • Description: Asterisk Recording Interface (ARI) is a web-based interface to the Asterisk PBX application. It is vulnerable to an information disclosure issue due to insufficient sanitization of absolute paths or directory traversal sequences in the "recording" parameter of the "audio.php" script. Asterisk Recording Interface version 0.7.15 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/431655
  • 06.16.101 - CVE: CVE-2006-1795
  • Platform: Web Application
  • Title: @1 Table Publisher HTML Injection
  • Description: @1 Table Publisher is an application designed to allow quick editing of HTML tables. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the "Title of table" field when adding a new table. @1 Table Publisher version 2006.3.23 is vulnerable.
  • Ref: http://osvdb.org/ref/24/24236-upoint.txt
  • 06.16.102 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPLDAPAdmin Multiple Input Validation Vulnerabilities
  • Description: PHPLDAPAdmin is a web-based application for administering LDAP servers. It is vulnerable to numerous cross-site scripting issues due to insufficient sanitization of user-supplied input. PHPLDAPAdmin version 0.9.8 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
  • 06.16.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS XR MPLS Denial of Service
  • Description: Cisco IOS XR software runs on Cisco CRS-1 and Cisco 12000 series routers. The NetIO process on devices that run Cisco IOS XR with Multiple Multi Protocol Label Switching (MPLS) can restart when switching malicous MPLS packets. Cisco IOS XR version 3.3 resolves the issue.
  • Ref: http://www.securityfocus.com/bid/17607
  • 06.16.104 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Linux-Based Cisco Products Local Privilege Escalation
  • Description: Multiple Linux-based Cisco products are prone to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input to the "show" application. This vulnerability presents itself when a user is logged into affected devices via telnet or SSH. Attackers that include shell metacharacters may inject arbitrary commands that will be executed with superuser privileges.
  • Ref: http://www.securityfocus.com/archive/1/431367
  • 06.16.105 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys RT31P2 Remote Malformed SIP Packet Denial of Service
  • Description: Linksys RT31P2 devices are cable/DSL broadband routers with an integrated 3-port Ethernet switch with Voice Over IP (VoIP) functionality. These routers are affected by multiple denial of service issues when processing SIP packets with unspecified content. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17631
  • 06.16.106 - CVE: Not Available
  • Platform: Hardware
  • Title: Multiple Vendor AMD CPU Local FPU Information Disclosure
  • Description: Multiple vendors are susceptible to a local information disclosure vulnerability. This issue arises due to the failure of the affected operating systems to take into account the differing behavior of AMD CPUs. The operating systems expect AMD CPUs to save and restore the FOP, FIP, and FDP registers in the same manner as Intel CPUs, and this results in the register information remaining the same across context-switches. This issue affects Linux and FreeBSD operating systems that utilize generations 7 and 8 AMD CPUs.
  • Ref: http://www.securityfocus.com/bid/17600

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately.
-Dwight Leo, Defense Logistics Agency

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU