@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 18
May 9, 2006

The number of new vulnerabilities found this week exceeded 100 again. Most are in software that is not widely used, but MySQL users had multiple new critical vulnerabilities to concern them.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- Category
- # of Updates & Vulnerabilities
- Windows
- 1
- Other Microsoft Products
- 1
- Third Party Windows Apps
- 15
- Mac Os
- 1
- Linux
- 6
- Unix
- 2
- Cross Platform
- 16 (#2, #3, #4, #5)
- Web Application - Cross Site Scripting
- 17
- Web Application - SQL Injection
- 18
- Web Application
- 32 (#1)
- Network Device
- 3

**************** Sponsored By Blue Coat Systems, Inc. *******************

SSL VPNs: Lesson Learned

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

(1) MODERATE: Nagios Negative Content Length Buffer Overflow (2) MODERATE: Multiple MySQL Remote Code Execution and Information Disclosure Vulnerabilities (3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities (4) MODERATE: Mozilla Firefox "desi
(5) MODERATE: X11 XRender Extension Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

*************************************************************************

TRAINING UPDATE SANS FIRE 2006 IN WASHINGTON DC

July 5-13 - Bring your family for the fireworks and stay for SANS largest conference in Washington.

The industry's best security courses - extraordinary faculty; authoritative up-to-the-minute material - shows you how to do the job and gives you the confidence to go back and do it immediately.

"Jacked my paranoia level up around my ears, and then gave me the tools to manage the threat." (Don Geiger, DCPS Division of Technology)

Offers every one of SANS' 17 immersion training courses plus 12 short courses and a big exposition: SANS Security Essentials, Hacker Exploits, System Forensics, Intrusion Detection, Auditing, plus training for CISSP exam and all Technical certification required for DoD 8570 and more. Plus special evening sessions by the global security leaders who staff the Internet Storm Center.

http://www.sans.org/sansfire06/

************************************************************************* ************************ Sponsored Links: *******************************

1) Strata Guard Free Freeware version of StillSecure's award winning intrusion detection/ prevention system (IDS/IPS) Download now. http://www.sans.org/info.php?id=1140

2) SANS@Home - Security 601: Reverse-Engineering Malware - Hands-On with Lenny Zeltser starts June 6. Save $150 by registering before May 17! Live training delivered to your home PC. http://www.sans.org/athome/details.php?id=1418

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software

(1) MODERATE: Nagios Negative Content Length Buffer Overflow (2) MODERATE: Multiple MySQL Remote Code Execution and Information Disclosure Vulnerabilities (3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities (4) MODERATE: Mozilla Firefox "desi
Affected:
- Nagios version 2.x prior to 2.3
- Nagios version 1.x prior to 1.4
- Affected:
- MySQL version 4.1.x prior to 4.1.19
- MySQL version 5.0.x prior to 5.0.21
- MySQL version 5.1.x prior to 5.1.10
- Affected:
- LibTIFF versions prior to 3.8.1
- Affected:
- Firefox versions prior to 1.5.0.3
Description: Nagios is an open-source program that monitors networks, hosts and services. It is a popular network monitoring application used worldwide by many organizations. Nagios CGI scripts are primarily used to access the monitored information. The Nagios software contains a buffer overflow that can be triggered by an HTTP request containing a negative HTTP "Content-Length" header. A remote attacker could exploit this flaw to execute arbitrary code with the privileges of the Nagios user (often root). Note that a typical configuration may not require authentication for all Nagios scripts. Description: MySQL database server suffers from a buffer overflow and information disclosure vulnerabilities. The server contains a buffer overflow that can be triggered by specially crafted "COM_TABLE_DUMP" packets (used to dump database tables). An authenticated MySQL user can exploit this flaw to execute arbitrary code on the database server. Additionally, by sending specially-crafted "login" and "COM_TABLE_DUMP" requests to a MySQL process, an attacker could cause portions of the memory to be returned in the resulting error messages. This information can then be used in constructing exploit code. Proof-of-concept exploit for the "COM_TABLE_DUMP" flaw has been posted. Note that an unauthenticated attacker can exploit the vulnerabilities via any SQL injection flaws in a front-end web application. Description: The libtiff library provides various functions to store and read the Tag Image File Format (TIFF), a popularly used image file format. This library is used on Linux by GNOME and KDE applications, the Mozilla and Mozilla Firefox web browsers, the xv image manipulation program, and other popular applications. The library contains multiple buffer overflows that were discovered by supplying "fuzzed" TIFF images. A malicious image in a webpage or an HTML email may exploit the flaws to potentially execute arbitrary code on a Linux/Unix client. The technical details required to leverage the flaws have been posted. Description: Mozilla Firefox contains a DoS vulnerability that arises from the failure to properly parse certain JavaScript constructs. A specially-crafted web page can inject malicious code into a user's browser session, and potentially execute the code with the privileges of the logged-on user (not confirmed). The vulnerability is triggered when certain deleted objects are re-referenced while the "designMode" property is set. The "designMode" property is used for features such as building rich text editor in a webpage. The proof-of-concept exploit is included in the Mozilla Bugzilla.
Status: Vendor confirmed, patches available. Upgrade to MySQL versions 4.1.19, 5.0.21 and 5.1.10 (when available). Use firewalls to block port 3306/tcp from the Internet. Status: Upgrade to version 3.8.1. Linux vendors like RedHat have also released patched versions. Status: Upgrade to version 1.5.0.3. Ensure that the "autoupdate" feature is enabled in the "Tools->Options->Advanced" configuration section.
Council Site Actions: Only one of the responding council sites is running the affected software, and on a very small number of machines and possibly only one machine running the old Apache version. They will most likely update the software within the next month. Council Site Actions: One site has already updated its non-RedHat systems and is waiting on patches for the RedHat platforms. Another site is treating this as a very low threat since only a small number of important machines are running the affected software; no account can access the daemon over the network, and the total number of accounts is very small. They will most likely update these systems within the next month. Council Site Actions: Two of the reporting council sites are using the affected software. They plan to push out the patches during their next regularly scheduled system update cycle. Council Site Actions: Most of the council sites are using Firefox, but it is not supported by their central IT departments. However, most of the users have Auto Update turned on and expect the users to be updated in due time.
References:
- Vendor Advisory
- https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=78
  90
- http://www.nagios.org/development/changelog.php
- SecurityFocus BID
- Not posted yet.
- -----------------------------------------------------------------

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5002 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

06.18.1 - CVE: Not Available
Platform: Windows
Title: Microsoft May Advance Notification Multiple Vulnerabilities
Description: Microsoft has released advance notification that they will be releasing three security bulletins for Windows on May 9, 2006. The highest severity rating for these issues is Critical. - - One bulletin for Microsoft Exchange. The highest severity rating for this issue is Critical. - - Two bulletins for Microsoft Windows. The highest severity rating for these issues is Critical.
Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx

06.18.2 - CVE: Not Available
Platform: Other Microsoft Products
Title: Internet Explorer Unspecified OBJECT Tag Memory Corruption
Description: Microsoft Internet Explorer is prone to an unspecified memory corruption issue which can be exploited via a malicious web page to potentially execute arbitrary code in the context of the current user. Please see the attached advisory for details.
Ref: http://www.securityfocus.com/bid/17820

06.18.3 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Servant Salamander UnaceV2.DLL Buffer Overflow
Description: Servant Salamander is a small and fast two pane file manager with open plugin architecture. Servant Salamander is susceptible to a filename buffer overflow vulnerability. Servant Salamander version 2.5 RC1 resolves the issue.
Ref: http://www.securityfocus.com/archive/1/432357

06.18.4 - CVE: Not Available
Platform: Third Party Windows Apps
Title: WinISO Directory Traversal
Description: WinISO is an ISO and BIN file archiving application for Microsoft Windows. It is prone to a vulnerability that may allow an attacker to place files and to overwrite files in arbitrary locations on a vulnerable computer. This issue occurs when the application processes malicious ISO and BIN archives. This issue affects WinISO version 5.3.
Ref: http://www.securityfocus.com/bid/17721

06.18.5 - CVE: Not Available
Platform: Third Party Windows Apps
Title: EZB Systems UltraISO Directory Traversal
Description: UltraISO is an ISO and BIN file archiving application. An attacker can carry out attacks using directory traversal strings. This issue occurs when the application processes malicious ISO and BIN archives. Exploitation of this issue lets an attacker place potentially malicious files in arbitrary locations on a victim user's computer in the context of the user running the affected application. This issue affects UltraISO version 8.0.0.1392.
Ref: http://secway.org/advisory/AD20060428.txt

06.18.6 - CVE: CVE-2006-2155
Platform: Third Party Windows Apps
Title: Retrospect Backup Server Local Privilege Escalation
Description: Dantz Retrospect Backup Server is a network backup server. It is vulnerable to a local privilege escalation issue due to not ensuring that administrative privileges are dropped before executing applications. Dantz Retrospect Server versions 6.5, 7.0 and 7.5 are vulnerable.
Ref: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.5177423

06.18.7 - CVE: Not Available
Platform: Third Party Windows Apps
Title: ArGoSoft FTP Server RNTO Command Remote Buffer Overflow
Description: ArGoSoft FTP Server is affected by a buffer overflow issue when handling data through the RNTO command. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17789

06.18.8 - CVE: CVE-2006-2180
Platform: Third Party Windows Apps
Title: Golden FTP Server NLST Command Remote Buffer Overflow
Description: Golden FTP Server is a FTP server application for the Microsoft Windows operating system. It is prone to a buffer overflow vulnerability when handling data through the NLST command.
Ref: http://www.securityfocus.com/bid/17801

06.18.9 - CVE: CVE-2006-2173
Platform: Third Party Windows Apps
Title: FileZilla FTP Server MLSD Command Remote Buffer Overflow
Description: FileZilla FTP Server is vulnerable to a buffer overflow vulnerability due to insufficient handling of data through the MLSD command. FileZilla Server versions 0.9.16 b and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17802

06.18.10 - CVE: Not Available
Platform: Third Party Windows Apps
Title: WarFTPd WDM.EXE Remote Buffer Overflow Vulnerability
Description: WarFTPd is an FTP server application. It is vulnerable to a buffer overflow issue when receiving excessive data to the internal memory buffer. War FTP Daemon versions 1.82 RC10 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17803

06.18.11 - CVE: CVE-2006-2172
Platform: Third Party Windows Apps
Title: Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
Description: Gene6 FTP Server is an FTP server available for the Microsoft Windows platform. It is prone to multiple buffer overflow vulnerabilities when handling data through the "MKD", "RMD", "XMKD", and "XRMD" commands. This issue is reported to affect version 3.1.0.
Ref: http://www.securityfocus.com/bid/17810

06.18.12 - CVE: Not Available
Platform: Third Party Windows Apps
Title: BankTown ActiveX Control Remote Buffer Overflow
Description: BankTown provides an ActiveX control as a common certificate solution for banking services in Korea. BankTown ActiveX control is prone to a buffer overflow vulnerability. This issue affects the "URI" parameter of the "SetBannerURL()" function. BankTown ActiveX Control versions 1.5.2.50209 and 1.4.2.51817 are vulnerable.
Ref: http://www.securityfocus.com/bid/17815

06.18.13 - CVE: Not Available
Platform: Third Party Windows Apps
Title: UltraVNC Weak Challenge-Response Authentication
Description: UltraVNC is susceptible to a weak challenge-response authentication vulnerability. This issue is due to the use of insecure encryption during the authentication process of UltraVNC when configured to utilize the Microsoft Logon authentication mechanism. UltraVNC version 1.0.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17824

06.18.14 - CVE: CVE-2006-2212
Platform: Third Party Windows Apps
Title: Sami FTP Server Unspecified Authentication Buffer Overflow
Description: Sami FTP Server is an FTP server for various Microsoft Windows. It is prone to an unspecified buffer overflow vulnerability that affects the username and password commands of the affected FTP server, likely allowing remote, anonymous attackers to exploit this issue. Version 2.0.2 of Sami FTP Server is affected by this issue.
Ref: http://www.securityfocus.com/archive/1/432944

06.18.15 - CVE: Not Available
Platform: Third Party Windows Apps
Title: XM Easy Personal FTP Server Unspecified Authentication Buffer Overflow
Description: XM Easy Personal FTP Server is vulnerable to an unspecified buffer overflow issue due to insufficient boundary checking on user-supplied data before storing it in a finite-sized buffer. XM Easy Personal FTP Server version 4.3 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432960

06.18.16 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Cryptomathic ActiveX Control Remote Buffer Overflow
Description: Cryptomathic provides an ActiveX control to handle various cryptographic functions. It is affected by a buffer overflow issue due to an error in the "createPKCS10()" function of the "cenroll.dll" library. All versions of Cryptomathic are vulnerable.
Ref: http://www.securityfocus.com/bid/17852

06.18.17 - CVE: Not Available
Platform: Third Party Windows Apps
Title: ACFTP FTP Server User Command Remote Denial of Service
Description: ACFTP is an FTP server. It is vulnerable to a remote denial of service issue due to the application's failure to properly handle excessive data through the "USER" command. ACFTP version 1.4 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17855

06.18.18 - CVE: Not Available
Platform: Mac Os
Title: Mac OS X ImageIO OpenEXR Image File Remote Denial of Service
Description: OpenEXR is a software package and image file format by Industrial Light & Magic. It is affected by a denial of service issue due to improper processing of malformed OpenEXR image files. Please see the referenced advisory for a list of vulnerable versions.
Ref: http://www.securityfocus.com/bid/17768

06.18.19 - CVE: Not Available
Platform: Linux
Title: Linux Kernel SMBFS CHRoot Security Restriction Bypass
Description: The Linux Kernel is prone to a security restriction bypass vulnerability affecting the chroot implementation. A local attacker who is bounded by the chroot can bypass the filesystem security restriction through use of directory traversal strings such as "../". Please see the referenced advisory for details.
Ref: http://www.securityfocus.com/bid/17735

06.18.20 - CVE: CVE-2006-1863
Platform: Linux
Title: Linux Kernel CIFS CHRoot Security Restriction Bypass
Description: The Linux Kernel is prone to a security restriction bypass vulnerability affecting the chroot implementation. This issue is due to a failure in the kernel to properly sanitize user-supplied data. The problem affects chroot inside of a smb-mounted filesystem (cifs). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and gain unauthorized access to the filesystem. An attacker can bypass the filesystem security restriction through use of directory traversal strings.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434

06.18.21 - CVE: Not Available
Platform: Linux
Title: Linux Kernel SCTP-netfilter Remote Denial of Service
Description: The Linux kernel netfilter module is susceptible to a remote denial of service vulnerability. This issue is triggered when excessive kernel memory is consumed in an infinite loop. This problem stems from a memory leak in the kernel's "SCTP-netfilter" code. Kernel versions prior to 2.6.16.13 are vulnerable.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13

06.18.22 - CVE: Not Available
Platform: Linux
Title: Linux Kernel SELinux_PTrace Local Denial of Service
Description: The Linux kernel is vulnerable to a local denial of service issue due to a design error when SELinux is enabled and ptrace is utilized. The Linux kernel versions 2.6.16.13 and earlier are vulnerable.
Ref: http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2

06.18.23 - CVE: Not Available
Platform: Linux
Title: Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
Description: The Linux kernel contains support for running as a USB slave which enables Linux to run in embedded USB peripheral devices. It is prone to a remote buffer-overflow issue due to a failure of the kernel to properly bounds check user-supplied data in the "rndis_query_response()" function. Linux kernel versions in the version 2.6 series prior to 2.6.16 are affected.
Ref: http://www.securityfocus.com/bid/17831

06.18.24 - CVE: Not Available
Platform: Linux
Title: Linux-VServer Local Insecure Guest Context Capabilities
Description: The Linux-VServer project implements virtual servers for the Linux operating system. It is susceptible to a vulnerability regarding insecure guest context capabilities. The kernel fails to properly enforce security restrictions in guest hosts. This issue allows unprivileged users in guest hosts to perform various operations that should be restricted to superusers.
Ref: http://www.securityfocus.com/bid/17842

06.18.25 - CVE: CVE-2006-1526
Platform: Unix
Title: X.Org XRender Extension Buffer Overflow
Description: The X.Org X Windows System is a Windows server. It is prone to a buffer overflow vulnerability in the render extension. Visit the referenced advisory for details.
Ref: http://www.openbsd.org/errata.html#xorg

06.18.26 - CVE: Not Available
Platform: Unix
Title: CGI:IRC Client.C Remote Buffer Overflow and Denial of Service Vulnerabilities
Description: CGI:IRC is a web-based IRC client application implemented in Perl. It is is susceptible to multiple remote vulnerabilities. A buffer overflow vulnerability presents itself when overly large cookie data is processed by the application. A denial of service vulnerability presents itself due to the improper bounded usage of cookie data. This issue allows remote attackers to crash the affected application, denying service to legitimate users. Version 0.5.7 is vulnerable to these issues.
Ref: http://www.securityfocus.com/bid/17799

06.18.27 - CVE: Not Available
Platform: Cross Platform
Title: LibTiff Multiple Denial of Service Vulnerabilities
Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. LibTIFF is affected by multiple denial of service issues. Please read the attached advisory for details.
Ref: http://www.securityfocus.com/bid/17730

06.18.28 - CVE: CVE-2006-2025
Platform: Cross Platform
Title: LibTiff TIFFFetchData Integer Overflow
Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. Applications utilizing the LibTIFF library are prone to an integer overflow vulnerability. This issue occurs in the "TIFFFetchData()" function of "tif_dirread.c".
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

06.18.29 - CVE: CVE-2006-2026
Platform: Cross Platform
Title: LibTIFF Double Free Memory Corruption Vulnerability
Description: LibTIFF is a library designed to read and manipulate Tag Image File Format (TIFF) files. It is vulnerable to a memory corruption issue due to the cleanup functions of "tif_jpeg.c", "tif_pixarlog.c", "tif_fax3.c", and "tif_zip.c". LibTIFF version 3.8.1 or later resolves the issue.
Ref: http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

06.18.30 - CVE: Not Available
Platform: Cross Platform
Title: SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities
Description: SWS Web Server is a web server implementation that is designed to serve static web pages. It is prone to multiple format string and buffer overflow vulnerabilities that can be exploited to execute arbitrary code. These issues are due to a failure in the application to do proper bounds checking and to properly sanitize user-supplied input to "sws_web_server.c". SWS Web Server versions 0.1.7 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/432362

06.18.31 - CVE: Not Available
Platform: Cross Platform
Title: Oracle Multiple Unspecified Vulnerabilities
Description: Oracle products are vulnerable to multiple unspecified vulnerabilities. The issues include cross-site scripting, SQL injection, security bypass, and plaintext password. See the referenced advisory for further details.
Ref: http://www.red-database-security.com/advisory/upcoming_alerts.html

06.18.32 - CVE: Not Available
Platform: Cross Platform
Title: ResMgr Unauthorized USB Device Access
Description: ResMgr is a resource manager library daemon and PAM module. It is affected by an issue which permits unauthorized access to USB devices. Please see the attached advisory for a list of vulnerabile versions.
Ref: http://www.securityfocus.com/bid/17752

06.18.33 - CVE: CVE-2006-1989
Platform: Cross Platform
Title: Clam AntiVirus FreshClam Remote Buffer Overflow
Description: ClamAV is an antivirus application. It is vulnerable to a remote buffer overflow issue due to insufficient handling of large amount of bytes in the HTTP response header while attempting to retrieve updated signatures. ClamAV versions 0.88 and 0.88.1 are vulnerable.
Ref: http://www.clamav.net/doc/0.88.2/ChangeLog

06.18.34 - CVE: Not Available
Platform: Cross Platform
Title: MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
Description: MySQL is an open source relational database project. It is vulnerable to multiple remote issues such as buffer overflow and information disclosure. See the reference for futher details. MySQL versions 5.1.9 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432734

06.18.35 - CVE: Not Available
Platform: Cross Platform
Title: rsync Receive_XATTR Integer Overflow Vulnerability
Description: The rsync utility is used to synchronize files and directory structures across a network. Insufficient sanitization of the "name_len" and "datum_len" values exposes the application to an integer overflow issue. rsync versions prior to 2.6.8 are affected.
Ref: http://www.securityfocus.com/bid/17788

06.18.36 - CVE: Not Available
Platform: Cross Platform
Title: Oracle Unspecified DBMS_Assert Bypass
Description: Oracle is affected by an unspecified "dbms_assert" bypass issue. "dbms_assert" is a security function utilized to sanitize user-supplied input in order to prevent SQL injection vulnerabilities. See the advisory for details.
Ref: http://www.securityfocus.com/bid/17800

06.18.37 - CVE: Not Available
Platform: Cross Platform
Title: EjabberD Installer Insecure Temporary File Creation
Description: ejabberd is a distributed Jabber/XMPP server. The "ejabberd-1.1.1_1-linux-installer.bin" installation process creates temporary files in an insecure manner and with insecure file permissions. ejabberd version 1.1.1_2 has been released to fix this issue.
Ref: http://www.securityfocus.com/bid/17804

06.18.38 - CVE: Not Available
Platform: Cross Platform
Title: Quagga Information Disclosure and Route Injection Vulnerabilities
Description: Quagga is a routing package that has support for multiple dynamic routing protocols. It is susceptible to remote information disclosure and route injection vulnerabilities. These issues are due to flaws in the application that fail to properly ensure that required authentication and protocol configuration options are enforced. Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues.
Ref: http://www.securityfocus.com/bid/17808

06.18.39 - CVE: Not Available
Platform: Cross Platform
Title: LibTiff TIFFToRGB Denial of Service
Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is affected by a denial of service issue due to the "TIFFToRGB" function's improper handling of certain parameters. LibTIFF versions 3.8 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17809

06.18.40 - CVE: Not Available
Platform: Cross Platform
Title: zawhttpd Remote HTTP GET Denial of Service
Description: zawhttpd is an open source HTTP server. It is vulnerable to a remote denial of service issue due insufficient handling of handle GET requests containing excessive "" characters. zawhttp version 0.8.23 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432955

06.18.41 - CVE: Not Available
Platform: Cross Platform
Title: CA Resource Initialization Manager Local Privilege Escalation
Description: CA Resource Initialization Manager (CAIRIM) is susceptible to a local privilege escalation vulnerability. This issue is due to a flaw in the CAIRIM LMP SVC. This issue is due to a flaw in the interaction between CAIRIM LMP SVC and legitimate SVC invoking code. All versions of CA Resource Initialization Manager are vulnerable.
Ref: http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp

06.18.42 - CVE: Not Available
Platform: Cross Platform
Title: PHP Multiple Unspecified Vulnerabilities
Description: PHP is a general purpose scripting language. It is affected by multiple unspecified vulnerabilities. Please see the attached advisory for details.
Ref: http://www.securityfocus.com/bid/17834

06.18.43 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting
Description: NeoMail is a web-based email client application. Insufficient sanitization of the "sessionid" parameter in the "neomail.pl" script exposes the application to a cross-site scripting issue.
Ref: http://www.securityfocus.com/bid/17728

06.18.44 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PostNuke Multiple Cross-Site Scripting Vulnerabilities
Description: PostNuke is a content management application. Insufficient sanitization of the "Func" and "OP" parameter exposes the application to multiple cross-site scripting issues. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17743

06.18.45 - CVE: CVE-2006-2143
Platform: Web Application - Cross Site Scripting
Title: TextFileBB Multiple Cross-Site Scripting Vulnerabilities
Description: TextFileBB is a bulletin board application. It is vulernable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "[color]", "[size]" and "[url]" tags of unspecified scripts. TextFileBB version 1.0.16 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432461

06.18.46 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OrbitHYIP Multiple Cross-Site Scripting Vulnerabilities
Description: OrbitHYIP is a membership and referral application. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "referral" parameter of the "signup.php" script and the "id" parameter of the "members.php" script. OrbitHYIP version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/17766

06.18.47 - CVE: CVE-2006-2124
Platform: Web Application - Cross Site Scripting
Title: SunShop Shopping Cart Multiple Cross-Site Scripting Vulnerabilities
Description: SunShop Shopping Cart is an online shopping cart application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "index.pho" script. SunShop Shopping Cart version 3.5 is vulnerable.
Ref: http://pridels.blogspot.com/2006/05/sunshop-xss-vuln.html

06.18.48 - CVE: CVE-2006-2141
Platform: Web Application - Cross Site Scripting
Title: Collaborative Portal Server POS Parameter Cross-Site Scripting
Description: Collaborative Portal Server is a web content management application for the Zope web application framework. It is prone to a cross-site scripting vulnerability. Collaborative Portal Server version 3.4.0 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/cps-340-xss.html

06.18.49 - CVE: CVE-2006-2109
Platform: Web Application - Cross Site Scripting
Title: JSBoard Login.PHP Cross-Site Scripting
Description: JSBoard is a web-based discussion board application. It is prone to a cross-site scripting vulnerability due to the application's failure to properly sanitize user-supplied input to the "table" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/432714

06.18.50 - CVE: CVE-2006-2187
Platform: Web Application - Cross Site Scripting
Title: Zenphoto Multiple Cross-Site Scripting Vulnerabilities
Description: Zenphoto is a web-based photo album application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "index.php" script. Zenphoto versions 1.0.1 and earlier are vulnerable.
Ref: http://zone14.free.fr/advisories/2/

06.18.51 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XDT Pro Stats.PHP Cross-Site Scripting
Description: XDT Pro is a web content management application for the Zope web application framework. Insufficient sanitization of the "id" parameter in the "stats.php" script exposes the application to a cross-site scripting issue. XDT Pro version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/17781

06.18.52 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GeoBlog Viewcat.PHP Cross-Site Scripting
Description: GeoBlog is a web-log application. Insufficient sanitization of the "cat" parameter in the "viewcat.php" script exposes the application to a cross-site scripting issue. GeoBlog version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17784

06.18.53 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Virtual Hosting Control System Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities
Description: Virtual Hosting Control System is a web site management application. It is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input to the "year", "month" and "day" parameters of the "server_day_stats.php" script. Virtual Hosting Control System version 2.4.7.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432711

06.18.54 - CVE: CVE-2006-2163
Platform: Web Application - Cross Site Scripting
Title: Pinnacle Cart Index.PHP Cross-Site Scripting
Description: Pinnacle Cart is web-based shopping cart software implemented in PHP. It is prone to a cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input to the "setbackurl" parameter of the "index.php" script.
Ref: http://pridels.blogspot.com/2006/04/pinnacle-cart-xss.html

06.18.55 - CVE: CVE-2006-2188
Platform: Web Application - Cross Site Scripting
Title: CmScout Multiple Cross-Site Scripting Vulnerabilities
Description: CmScout is a content management application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various scripts. CmScout versions 1.10 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432725

06.18.56 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNews Multiple Cross-Site Scripting Vulnerabilities
Description: MyNews is a web-based news reader application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "hash" and "page" parameters of the "mynews.inc.php" script. MyNews version 1.6.2 is vulnerable.
Ref: http://www.cyber-soldiers.org/Dream/mynews.txt

06.18.57 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Albinator Multiple Cross-Site Scripting Vulnerabilities
Description: Albinator is a content management system. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. Albinator version 2.0.8 is affected.
Ref: http://www.securityfocus.com/bid/17826

06.18.58 - CVE: CVE-2006-2176
Platform: Web Application - Cross Site Scripting
Title: PHP Linkliste Linkliste.PHP Multiple Cross-Site Scripting Vulnerabilities
Description: PHP Linkliste is a web-based news reader application implemented in PHP. PHP Linkliste is prone to multiple cross-site scripting vulnerabilities. This issue affects version 1.0.
Ref: http://d4igoro.blogspot.com/2006/05/php-linkliste-10b-xss.html

06.18.59 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cute Guestbook Comments HTML Injection
Description: Cute Guestbook is a web-based guestbook application. It is prone to an HTML injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. All versions of Cute Guestbook are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432953

06.18.60 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Network Administration Visualized Multiple SQL Injection Vulnerabilities
Description: Network Administration Visualized is a networking monitoring application. It is vulnerable to multiple unspecified SQL injection issues due to insufficient sanitization of user-supplied input. Network Administration Visualized version 3.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17734

06.18.61 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DUclassified Detail.ASP SQL Injection
Description: DUclassified is affected by an SQL injection issue due to insufficient sanitization of the "iPro" parameter of the "detail.asp" script. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17722

06.18.62 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blog Mod Weblog_posting.PHP SQL Injection
Description: Blog Mod is prone to an SQL injection vulnerability. The application fails to properly sanitize user-supplied input to the "r" parameter of the "weblog_posting.php" script before using it in an SQL query. Blog Mod versions 0.2.4b and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432602

06.18.63 - CVE: CVE-2006-2214
Platform: Web Application - SQL Injection
Title: 4images Multiple SQL Injection Vulnerabilities
Description: 4images is an image gallery application, written in PHP. The application is prone to multiple unspecified SQL injection vulnerabilities due to improper sanitization of user-supplied input to the "sessionid" parameter of the "top.php" and "member.php" scripts.
Ref: http://www.securityfocus.com/archive/1/432590

06.18.64 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPNuke Downloads Module SQL Injection
Description: PHPNuke is a web-based content management system (CMS). It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "Downloads" module. PHP-Nuke versions 7.9 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17749

06.18.65 - CVE: CVE-2006-2139
Platform: Web Application - SQL Injection
Title: PHP Newsfeed Multiple SQL Injection Vulnerabilities
Description: PHP Newsfeed is a web-based news application implemented in PHP. The application is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. PHP Newsfeed version 2004/07/23 is vulnerable.
Ref: http://evuln.com/vulns/130/

06.18.66 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ruperts News Script Login.PHP SQL Injection
Description: Ruperts News Script is a news reader application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "username" parameter of the "login.php" script.
Ref: http://www.securityfocus.com/bid/17758

06.18.67 - CVE: CVE-2006-2128, CVE-2006-2129
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Pro Publish Multiple SQL Injection Vulnerabilities
Description: DeltaScripts PHP Pro Publish is a web-based application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "login.php", "search.php" and "art.php" scripts. DeltaScripts PHP Pro Publish version 2.0 is vulnerable.
Ref: http://evuln.com/vulns/130/summary.html

06.18.68 - CVE: CVE-2006-2136
Platform: Web Application - SQL Injection
Title: AZNEWS News.PHP SQL Injection
Description: AZNEWS is a news reader application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "ID" parameter of the "news.php" script. AZNEWS version 1.0 is vulnerable.
Ref: http://evuln.com/vulns/126/

06.18.69 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: MaxTrade Multiple SQL Injection Vulnerabilities
Description: MaxTrade is a web-based online trading script. The application is prone to multiple SQL injection vulnerabilities. Specifically, the application fails to sanitize input to the "categori" and "stranica" parameters of "pocategories.php". MaxTrade version 1.0.1 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/maxtrade-sql-inj.html

06.18.70 - CVE: CVE-2006-1135
Platform: Web Application - SQL Injection
Title: SBlog Search.PHP SQL Injection
Description: sBlog is a simple web log application implemented in PHP. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to various scripts. sBlog version 0.7.2 is vulnerable.
Ref: http://www.subjectzero.net/research/sblog.htm

06.18.71 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Gallery Post.PHP SQL Injection
Description: Invision Gallery is affected by an SQL injection issue due to insufficient sanitization of the "album" parameter in the "post.php" script. Invision Gallery version 2.0.7 resolves the issue.
Ref: http://www.securityfocus.com/bid/17793

06.18.72 - CVE: CVE-2006-2209
Platform: Web Application - SQL Injection
Title: Pacheckbook Index.PHP Multiple SQL Injection Vulnerabilities
Description: Pacheckbook is a web-based checkbook script implemented in PHP. The application is prone to multiple SQL injection vulnerabilities because it fails to sanitize input to the "entry" and "transtype" parameters of "index.php".
Ref: http://www.securityfocus.com/bid/17821

06.18.73 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Func_mod.PHP SQL Injection
Description: Invision Power Board is web forum software. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "func_mod.php" script. Invision Board versions 2.1.5 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432591/30/60/threaded

06.18.74 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Index.PHP SQL Injection
Description: Invision Power Board is web forum software. Insufficient sanitization of the "pid" parameter of the "index.php" script exposes the appliction to an SQL injection issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17839

06.18.75 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: saPHP Lesson Multiple SQL Injection
Description: saPHP Lesson is a forum application. Insufficient sanitization of user-supplied input exposes the application to multiple SQL injection issues. saPHP version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/17848

06.18.76 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Community Blog Mod.PHP SQL Injection
Description: Invision Community Blog is a web blog plugin module for Invision Power Board. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "ids" parameter of the "mod.php" script. Invision Community Blog versions 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17851

06.18.77 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Newsadmin Readarticle.PHP SQL Injection
Description: Newsadmin is a web-based news publishing application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "nid" parameter of the "readarticle.php" script. Newsadmin version 1.1 is vulnerable.
Ref: http://evuln.com/vulns/133/summary.html

06.18.78 - CVE: Not Available
Platform: Web Application
Title: I-RATER Platinum Config_settings.TPL.PHP Remote File Include
Description: I-RATER Platinum is a web-based image rating script. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "include_path" variable of the "config_settings.tpl.php" script.
Ref: http://www.securityfocus.com/bid/17731

06.18.79 - CVE: CVE-2006-2119
Platform: Web Application
Title: Artmedic Event Index.PHP Remote File Include
Description: Artmedic Event is a web application, implemented in PHP. Artmedic Event is prone to a remote file include vulnerability. All versions of Artmedic Event are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432404

06.18.80 - CVE: Not Available
Platform: Web Application
Title: CoolMenus Index.PHP Remote File Include
Description: CoolMenus is a menu builder script. Insufficient sanitization of the "page" parameter in the "index.php" script exposes the application to a remote file include issue. Coolmenus Event Script version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/17738

06.18.81 - CVE: CVE-2005-4190
Platform: Web Application
Title: Trac Wiki Macro Remote HTML Injection Vulnerabilities
Description: Trac is an issue tracking system. It is vulnerable to multiple unspecified HTML injection issues due to insufficent sanitization of user-supplied input to the "Wiki" macro of the application. Trac versions 0.9.4 and earlier are vulnerable.
Ref: http://projects.edgewall.com/trac/wiki/ChangeLog

06.18.82 - CVE: Not Available
Platform: Web Application
Title: Advanced GuestBook Addentry.PHP Remote File Include
Description: Advanced GuestBook for phpBB is a guestbook application. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "phpbb_root_path" variable of the "addentry.php" script. Versions 2.4.0 and prior are reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17745

06.18.83 - CVE: Not Available
Platform: Web Application
Title: Thyme Search Page HTML Injection
Description: Thyme is a calendar application. Insufficient sanitization of the "search" field on the "Search" page of the application allows theft of session cookie data. Extrosoft Thyme version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/17746

06.18.84 - CVE: Not Available
Platform: Web Application
Title: W-Agora BBCode Script Injection
Description: W-Agora is a bulletin board application. It is prone to a script injection vulnerability due to insufficient sanitization of user-supplied input to the BBCode tags of unspecified scripts. This issue is reported to affect version 4.20.
Ref: http://www.securityfocus.com/bid/17751

06.18.85 - CVE: CVE-2006-2116
Platform: Web Application
Title: PlanetGallery Gallery_admin.PHP Authentication Bypass
Description: PlanetGallery is an electronic postcard application. PlanetGallery is prone to an authentication bypass vulnerability because it fails to prompt for authentication credentials when navigating to the "/admin/gallery_admin.php" script.
Ref: http://www.securityfocus.com/bid/17753

06.18.86 - CVE: CVE-2006-2118
Platform: Web Application
Title: JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass
Description: JMK Picture Gallery is a web-based gallery application. It is vulnerable to an authentication bypass issue because the "admin_gallery.php3" script fails to prompt for authentication credentials. All versions of JMK Picture Gallery are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432575

06.18.87 - CVE: Not Available
Platform: Web Application
Title: DMCounter Kopf.PHP Remote File Include
Description: DMCounter is web statistics software. Insufficient sanitization of the "rootdir" parameter in the "kopf.php" script exposes the application to a remote file include issue. DMCounter version 0.9.2-b is affected.
Ref: http://www.securityfocus.com/bid/17756

06.18.88 - CVE: Not Available
Platform: Web Application
Title: HB-NS Multiple Input Validation Vulnerabilities
Description: HB-NS is a web-based newscript application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting and SQL injection issues. HB-NS version 1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/17752

06.18.89 - CVE: CVE-2006-2142
Platform: Web Application
Title: Limbo CMS SQL.PHP Remote File Include
Description: Limbo CMS is a web-based content management application implemented in PHP. It is prone to a remote file include vulnerability due to improper sanitization of user-supplied input to the "classes_dir" parameter of the "sql.php" script. This issue is reported to affect version 1.04.
Ref: http://milw0rm.com/exploits/1729

06.18.90 - CVE: Not Available
Platform: Web Application
Title: phpBB Knowledge Base Mod KB_constants.PHP Remote File Include
Description: Knowledge Base Mod is an add-on for phpBB. Insufficient sanitization of the "module_root_path" parameter in the "kb_constants.php" script exposes the application to a remote file include issue. phpBB versions 2.0.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17763

06.18.91 - CVE: CVE-2006-1905
Platform: Web Application
Title: Xine Filename Handling Remote Format String
Description: The xine package is a multimedia player for UNIX/Linux variants. The xine package is reported to be prone to a remote format string vulnerability. Version 0.99.4 of xine is vulnerable to this issue.
Ref: http://www.securityfocus.com/archive/1/432598

06.18.92 - CVE: Not Available
Platform: Web Application
Title: Simple Poll Authentication Bypass
Description: Free-PHP.net Simple Poll is a web-based polling application. It is vulnerable to an authentication bypass issue because failing to prompt for authentication credentials when navigating to the "/admin/" directory. Simple Poll version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432577

06.18.93 - CVE: Not Available
Platform: Web Application
Title: OpenPHPnuke Remote File Include
Description: OpenPHPnuke is a web-based content management system. Insufficient sanitization of the "root_path" parameter of the "master.php" script exposes the application to a remote file include issue. OpenPHPnuke version 2.3.3 is affected.
Ref: http://www.securityfocus.com/bid/17772

06.18.94 - CVE: Not Available
Platform: Web Application
Title: X7 Chat Index.PHP Local File Include
Description: X7 Chat is a web-based chatroom application. Insufficient sanitization in the "index.php" script of the "help_file" parameter against directory traversal sequences "../" exposes the application to a file include issue. X7 Chat versions 2.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17777

06.18.95 - CVE: Not Available
Platform: Web Application
Title: SF-Users Username HTML Injection
Description: SF-Users is a web-based user system implemented in PHP. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "username" field.
Ref: http://www.securityfocus.com/bid/17783

06.18.96 - CVE: Not Available
Platform: Web Application
Title: Russcomm Network LoginPHP Username HTML Injection
Description: loginphp is a web-based login script. It is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input to the "username" field before being displayed in the list of users.
Ref: http://www.securityfocus.com/archive/1/432729

06.18.97 - CVE: CVE-2006-2168
Platform: Web Application
Title: FileProtection Express Authentication Bypass
Description: FileProtection Express is a file security application. It is vulnerable to an authentication bypass issue because the application fails to verify cookie-based authentication credentials. FileProtection Express versions 1.0.1 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432728

06.18.98 - CVE: CVE-2006-2159
Platform: Web Application
Title: Russcom Network Loginphp Open EMail Relay
Description: Russcom Network Loginphp is a web-based login script. It is vulnerable to a remote open email relay issue due to insufficient sanitization of user-supplied input to the "mail()" function in the "help.php" script. All versions of Russcom Network Loginphp are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432729

06.18.99 - CVE: CVE-2006-2210, CVE-2006-2211
Platform: Web Application
Title: 312Soft PhP-Gallery Multiple Input Validation Vulnerabilities
Description: 312Soft PhP-Gallery is an image gallery application. It is vulnerable to information disclosure and cross-site scripting issues due to insufficient sanitization of user-supplied input to various scripts. 312Soft PhP-Gallery version 0.9 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432964

06.18.100 - CVE: Not Available
Platform: Web Application
Title: FtrainSoft Fast Click Multiple Remote File Include Vulnerabilities
Description: Fast Click is a hit counter application. Insufficient sanitization of the "path" parameter of the "show.php" and the "top.php" scripts exposes the application to a remote file include issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17813

06.18.101 - CVE: Not Available
Platform: Web Application
Title: Fast Click SQL Lite Show.PHP Remote File Include
Description: Fast Click SQL Lite is a web visitor counter application, implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "path" parameter of the "show.php" script. This issue is reported to affect versions 1.1.3 and prior.
Ref: http://www.securityfocus.com/bid/17819

06.18.102 - CVE: Not Available
Platform: Web Application
Title: PHPBB-Auction Auction_Common.PHP Remote File Include
Description: PHPBB-Auction is an auction module. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpbb_root_path" parameter of the "auction_common.php" script. PHPBB-Auction versions 1.3 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html

06.18.103 - CVE: Not Available
Platform: Web Application
Title: PunBB Multiple Input Validation Vulnerabilities
Description: PunBB is a bulletin board application. PunBB is prone to an HTML injection and a cross-site scripting vulnerability. Both vulnerabilities occur when malicious HTML and script code is sent to the "reg_message" parameter of the "index.php" script. PunBB version 1.2.11 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432950

06.18.104 - CVE: Not Available
Platform: Web Application
Title: Albinator Multiple Remote File Include Vulnerabilities
Description: Albinator is a web-based content management system. Insufficient sanitization of user-supplied input exposes the application to multiple remote file include issues. Albinator version 2.0.8 is affected.
Ref: http://www.securityfocus.com/bid/17825

06.18.105 - CVE: CVE-2006-2178, CVE-2006-2179
Platform: Web Application
Title: CyberBuild Multiple Input Validation Vulnerabilities
Description: CyberBuild is a web portal application. It is vulnerable to multiple input validation vulnerabilities such as cross-site scripting and SQL injection. This is due to insufficient sanitization of user-supplied input. All versions of CyberBuild are vulnerable.
Ref: http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html

06.18.106 - CVE: Not Available
Platform: Web Application
Title: Bigwebmaster Guestbook Multiple HTML Injection Vulnerabilities
Description: Bigwebmaster Guestbook is a web-based guestbook application. Insufficient sanitization of user-supplied input to the "addguest.cgi" script exposes the application to various HTML injection issues. Bigwebmaster Guestbook version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/17834

06.18.107 - CVE: Not Available
Platform: Web Application
Title: AWStats Remote Arbitrary Command Execution
Description: AWStats is an application that provides statistics on server traffic. It is prone to an arbitrary command execution vulnerability. A specially crafted request can be used to inject arbitrary commands into the perl open() function through use of the pipe "|" character. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. AWStats version 6.5-1 is vulnerable.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909

06.18.108 - CVE: CVE-2006-2158
Platform: Web Application
Title: Stadtaus Guestbook Index.PHP Remote File Include
Description: Stadtaus Guestbook is a web-based guestbook. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "include_files" array parameter. Stadtaus.com Guestbook version 1.7 is vulnerable.
Ref: http://www.stadtaus.com/forum/t-2600.html

06.18.109 - CVE: CVE-2006-1537
Platform: Web Application
Title: WebCalendar Username Enumeration
Description: WebCalendar is prone to a username enumeration vulnerability. Attempts to authenticate to the service result in differing error messages when unsuccessful. If the username entered does not belong to a valid user, then the application responds with "Invalid login", otherwise the application responds with either "Invalid login: incorrect password" or "Invalid login: no such user". Attackers may exploit this vulnerability to discern valid usernames.
Ref: http://www.securityfocus.com/archive/1/433053

06.18.110 - CVE: Not Available
Platform: Network Device
Title: Cisco Unity Express Expired Password Privilege Escalation
Description: Cisco Unity Express (CUE) is an optional hardware module for Cisco modular routers. It is prone to a vulnerability that could allow an unprivileged attacker to escalate their privilege level. The issue exists because the CUE HTTP management interface allows any authenticated user to change the password for an account with an expired password. CUE Advanced Integration Module (AIM) or Network Module (NM) running CUE software versions prior to 2.3(1) are affected by this issue.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml

06.18.111 - CVE: Not Available
Platform: Network Device
Title: Fujitsu NetShelter Unspecified DNS Denial Of Service
Description: Fujitsu NetShelter is a network firewall device. It is susceptible to an unspecified remote denial of service vulnerability. The problem occurs when malformed DNS datagrams of an undetermined nature are processed by the service. The service fails to handle the datagrams properly, and then crashes.
Ref: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

06.18.112 - CVE: CVE-2006-2213
Platform: Network Device
Title: hostapd Invalid EAPOL Key Length Remote Denial Of Service
Description: The hostapd application is an open source wireless access point and authentication server. It is vulnerable to a remote denial of service issue due to a insufficient handling of malformed EAPOL Key packets. The hostapd application versions 0.3.7 and earlier are vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1657

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Check Them Out!

I have attended several of SANS rivals and SANS blew them away!
-Alton Thompson, US Marines

SANS Pen Test Hackfest 2013 - Washington

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 18
May 9, 2006

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Other Microsoft Products

Third Party Windows Apps

Mac Os

Linux

Unix

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2006

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 18May 9, 2006

Current Newsletters

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Other Microsoft Products

Third Party Windows Apps

Mac Os

Linux

Unix

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered VulnerabilitiesWeek 18, 2006

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

Volume: V, Issue: 18
May 9, 2006

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2006