Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 19
May 15, 2006

SANS Newsletters Home

A slew of last-minute additions makes this week's issue larger than usual. Microsoft Exchange users have a particularly critical problem to solve. Your Blackberry users will scream, because they will be disabled, but if you don't fix it, unauthenticated attackers can take full control of your Exchange servers. (31 vulnerabilities this week), Verisign, Adobe, Real, EMC, Sophos, and Adobe users also have immediate work to do. Apple is distributing fixes for 31 vulnerabilities in OS/X and some for QuickTime, too.

Alan

PS. This Wednesday (May 17) is the early registration deadline for SANSFIRE, the largest security training conference and exposition in Washington DC. Eighteen immersion tracks. Wednesday is also the early registration deadline for SANS London.

SANSFIRE: http://www.sans.org/sansfire06/

SANS London: http://www.sans.org/london06/index.php

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 3 (#1, #5, #13)
    • Third Party Windows Apps
    • 7 (#9, #10, #11)
    • Mac Os
    • 1 (#2)
    • Linux
    • 4
    • Solaris
    • 1
    • Unix
    • 2
    • Novell
    • 2 (#12)
    • Cross Platform
    • 8 (#3, #4, #6, #7, #8)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 15
    • Web Application
    • 32
    • Network Device
    • 1

****************** Sponsored By Blue Coat Systems, Inc. *****************

New eBooklet - SSL VPNs: Lesson Learned Sponsored by: Blue Coat

Get the most out of SSL VPNs. Honest, technical, and to-the-point, this eBooklet, by analyst Don Jones, discusses what SSL VPNs promised, how they originally failed to deliver, and why the technology is making comeback. He'll answer your questions, explains the technology, and set you on the path to success. Learn more. http://www.sans.org/info.php?id=1162

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************ Sponsored Links: *******************************

1) Protect corporate data on stolen computers and avoid costly litigation. Delete data remotely with Computrace® Data Protection. http://www.sans.org/info.php?id=1163

2) Free white paper - consolidate, correlate, generate "rules-based" reports for millions of events a day. http://www.sans.org/info.php?id=1164

3) WhatWorks in Log Management - a county court finds a solution to centralize events and streamline reporting. http://www.sans.org/info.php?id=1165

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/index.php#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Exchange Calendar Properties Buffer Overflow (MS06-019)
  • Affected:
    • Microsoft Exchange Server 2000/2003

  • Description: Microsoft Exchange, one of the most widely-deployed email servers around the globe, contains a buffer overflow. An unauthenticated attacker can trigger the overflow by sending a specially crafted "calendar" request, and exploit the overflow to execute arbitrary code on the Exchange server with "SYSTEM" privileges. The problem occurs in the module that processes "vcal" and "ical" mime content types, which are used by the Exchange server and email clients when sending calendar requests. The technical details have not been posted. However, this flaw can be exploited to create a worm; hence, it should be patched on a priority basis.

  • Status: Apply the patch referenced in the Microsoft Bulletin MS06-019. Enterprises that are using Blackberry service or Goodlink Wireless service via Exchange may suffer disruption as users on mobile devices cannot send e-mail messages. In such cases, network or host intrusion prevention solutions should be used to block this attack.

  • Council Site Actions: All of the reporting council sites are responding to this item. Most are in the process of updating their systems now. A few have already completed the updates. A few sites are still investigating how to update without breaking their existing email delegations on the gateways, such as Blackberries and other RIM devices.

  • References:
  • (2) HIGH: Apple Mac OS X Security Update 2006-003
  • Affected:
    • Apple Mac OS X versions 10.4.6 and prior.
    • Description:
    • Apple announced fixes for thirty one vulnerabilities in Mac OS X version 10.4.6 and prior. These vulnerabilities include local and remote code execution, information disclosure, denial-of-service and local privilege escalation. The update fixes the 0-day vulnerabilities in OS X's handling of multiple image file formats.

  • Status: Apple confirmed, patches released.

  • References:
  • (5) HIGH: Adobe Macromedia Flash Player Remote Code Execution (MS06-020)
  • Affected:
    • Windows XP SP1 and SP2
    • Windows ME/98/98SE with Internet Explorer 6 SP1 installed

  • Description: This patch from Microsoft fixes remote code execution vulnerabilities in the Adobe Macromedia Flash player that ships by default with certain Windows versions. Adobe has previously issued updates for the affected versions of Flash player. A malicious flash player animation (".swf" file) can execute arbitrary code on an affected Windows system. The malicious SWF file can be posted on a webpage, shared folder, P2P folder or attached to an email message. Note that one of the Flash player vulnerabilities patched by this update has been publicly disclosed. Hence, this patch should be applied on a priority basis.

  • Status: Apply the patch referenced in the Microsoft Security Bulletin MS06-020.

  • Council Site Actions: All of the reporting council sites are responding to this item. Some have already upgraded their systems. A few are in the process of upgrading them now, or plan to upgrade in the near future.

  • References:
  • (6) MODERATE: Sophos Antivirus CAB File Processing Overflow
  • Affected:
    • Sophos Anti-Virus for Windows, Mac OS, Unix, Linux, NetWare, OS/2, OpenVMS and DOS
    • Sophos Anti-Virus Small Business Editions for Windows and Mac OS
    • PureMessage for Windows/Exchange and UNIX
    • PureMessage Small Business Edition
    • MailMonitor for Windows, Notes/Domino and Exchange

  • Description: Sophos Anti-virus products contain a heap-based overflow that can be triggered by specially crafted Microsoft Cabinet (".cab") files. The overflow can be exploited to execute arbitrary code on a system running the affected Sophos product if the option to inspect CAB files is enabled (disabled by default). Exploiting the mail gateways is easy as it does not require any user interaction. The antivirus library is also embedded in products sold by more than 20 vendors, and updates should be applied to any products listed at: http://www.sophos.com/partners/oem/

  • Status: Sophos confirmed, updates available.

  • References:
  • (7) MODERATE: Adobe Dreamweaver Server Behaviour SQL Injection
  • Affected:
    • DreamWeaver 8 and MX

  • Description: Adobe Dreamweaver is a leading web development tool that is used for creating a large number of websites. The code generated by Dreamweaver for Cold Fusion, PHP MySQL, ASP.NET and JSP server models contains SQL injection vulnerabilities. The flaws can be exploited to execute arbitrary SQL commands on the back-end database. The technical details to craft an exploit may be obtained from the steps outlined to mitigate risks for Dreamweaver MX.

  • Status: Adobe has released version 8.0.2 for Dreamweaver and also provided steps for mitigation for users of Dreamweaver MX. Please re-generate the affected website code using the updated Dreamweaver software.

  • Council Site Actions: Only one council site is using the affected software. They reported that it would be rare that the software is used for developing web sites that support SQL; thus they believe they are largely unaffected, but they still are investigating.

  • References:
Other Software
  • (8) HIGH: EMC Retrospect Client Packet Handling Remote Buffer Overflow
  • Affected:
    • Retrospect client for Windows/Mac/Linux/Netware

  • Description: EMC Retrospect is a multi-platform backup solution for small-medium businesses. The backup client contains a buffer overflow that can be triggered by sending a specially crafted packet to port 497/tcp or 497/udp. The flaw can be exploited to execute arbitrary code on the backup client. The technical details required to craft an exploit have not been posted yet.

  • Status: EMC confirmed. Patches are available for Windows, Mac, Linux and NetWare clients. A general security measure would be to block ports 497/tcp and 497/udp from the Internet.

  • Council Site Actions: Only one of the responding council sites is using the affected software, and on only a small number of Macintosh systems. They will encourage owners of the affected computers to remove Retrospect and switch to their supported backup solution. They expect a few users will choose to upgrade to a newer Retrospect Client within the next month.

  • References:
  • (9) HIGH: VeriSign i-Nav ActiveX Control Remote Code Execution
  • Affected:
    • Verisign VUpdater.Install ActiveX Control

  • Description: Verisign i-Nav plug-in allows a user to browse the Internet with internationalized domain names (IDNs) using Internet Explorer or Microsoft Outlook/Outlook Express. i-Nav's "VUpdater.Install" contains a remote code execution vulnerability. The problem arises because this ActiveX control's "InstallProduct" routine can be used to run an arbitrary executable. A malicious webpage or an HTML email can exploit this flaw to execute arbitrary code with the privileges of the logged-on user.

  • Status: Verisign has issued an update for the i-Nav plug-in.

  • Council Site Actions: Only one of the responding council sites is using the affect software, and on only a small number of systems. It is not supported by their central IT department. They are still investigating whether there is any efficient upgrade approach provided by the vendor, e.g., perhaps the software has a way to notify an end user that an update is needed.

  • References:
  • (11) MODERATE: Novell Client for Windows Buffer Overflow
  • Affected:
    • Novell client 4.83 SP3, 4.90 SP2 and 4.91 SP2 for Windows NT/2000/XP

  • Description: Novell client for Windows contains a buffer overflow that can be triggered by sending a specially crafted RPC message. The buffer overflow can be exploited to execute arbitrary code on the affected Windows system. No technical details about the flaw are yet available.

  • Status: Novell has released a patch for the Windows client.

  • Council Site Actions: One council site is in the process of migrating away from their Novell implementation. A second site is still investigating whether there is a widespread deployment of Novell Client within the one department that has a Novell implementation.

  • References:
  • (12) MODERATE: Novell NetWare Distributed Print Services Integer Overflow
  • Affected:
    • Novell Netware version 6.5

  • Description: Netware Distributed Print Services (NDPS/iPrint) contains an integer overflow vulnerability that can be exploited to execute arbitrary code on an affected Netware server. The technical details required to craft an exploit have not been posted yet.

  • Status: Novell confirmed. Apply the SP3, SP4 or SP5 for the affected server.

  • Council Site Actions: Only one of the responding council site is using the affected software. These systems are in the process of being migrated away from Novell.

  • References:
  • (13) UPDATE: Microsoft Distributed Transaction Coordinator Heap Overflow

  • Description: eEye has released technical details about a heap-based buffer overflow in the Microsoft Distributed Transaction Coordinator (MSDTC) RPC service that affects Windows NT 4.0, Windows 2000 SP2 and SP3 installations. Note that MS05-051 patched this overflow for Windows 2000 SP4, Windows XP and Windows 2003 systems. The patch is now available for Microsoft NT 4.0/2000 SP2/2000 SP3 systems for customers who have entered into a customer support agreement with Microsoft.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5014 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.19.1 - CVE: CVE-2006-0034
  • Platform: Windows
  • Title: Windows MSDTC Heap Buffer Overflow
  • Description: The Microsoft Distributed Transaction Coordinator (MSDTC) is a distributed transaction facility for the Windows platform. It is vulnerable to a remote heap buffer overflow issue because the destination buffer may be overrun during the string copy operation. See Microsoft advisory for details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS06-018.mspx
  • 06.19.2 - CVE: Not Available
  • Platform: Windows
  • Title: Windows MSDTC Invalid Memory Access Denial of Service
  • Description: The Microsoft Distributed Transaction Coordinator (MSDTC) is prone to a denial of service issue. This vulnerability can be exploited remotely to disrupt the MSDTC service and any services that depend on MSDTC. Please see the attached advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx
  • 06.19.3 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Explorer Position CSS Denial of Service
  • Description: Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue presents itself when a user hovers their mouse cursor over a table that has the CSS "position" attribute set. This results in an unhandled exception in "mshtml.dll", crashing the browser. Internet Explorer 6 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/17932
  • 06.19.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xeneo Web Server Source Disclosure
  • Description: Xeneo is a web server for Microsoft Windows. A problem with validating the filename extension results in the disclosure of the source code of scripts. By manipulating the filename extension with dot, slash and space characters, an attacker can trick the server into revealing the source code rather than serve the specified script file. This issue affects Xeneo version 2.2.22.0.
  • Ref: http://www.securityfocus.com/bid/17858
  • 06.19.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kerio WinRoute Firewall Unspecified Remote Denial of Service
  • Description: Kerio WinRoute Firewall is a network firewall and security application. Insufficient sanitization of SMTP and POP3 messages exposes the application to a denial of service issue. Kerio WinRoute Firewall versions 6.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17859
  • 06.19.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Intervations FileCopa User Command Remote Buffer Overflow
  • Description: FileCopa FTP Server is a file transfer application. It is affected by a buffer overflow issue in the USER command. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17881
  • 06.19.7 - CVE: CVE-2006-0561
  • Platform: Third Party Windows Apps
  • Title: Cisco Secure ACS Insecure Password Storage
  • Description: Cisco Secure ACS (Access Control Server) is an authentication, authorization, and accounting software package distributed by Cisco Systems. It is susceptible to an insecure password storage vulnerability. Specifically, passwords and the key used to encrypt them are both stored in the Windows registry, allowing attackers that have access to the registry to gain access to sensitive passwords. Cisco Secure ACS for Windows versions 3.x are affected by this issue.
  • Ref: http://www.securityfocus.com/archive/1/433286
  • 06.19.8 - CVE: CVE-2006-2161
  • Platform: Third Party Windows Apps
  • Title: TZipBuilder ZIP File Buffer Overflow
  • Description: TZipBuilder is an application and library designed to process compressed ZIP files. It is vulnerable to a buffer overflow issue due to insufficient handling of ZIP files with overly long embedded filenames. TZipBuilder versions 1.79.03.01 and earlier are vulnerable.
  • Ref: http://secunia.com/secunia_research/2006-26/advisory/
  • 06.19.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ICQ Banner Ad Cross-Application Scripting
  • Description: ICQ is prone to a cross-application scripting vulnerability. The problem occurs in the handling of banner ad content. The content is downloaded by ICQ and then displayed in an Internet Explorer COM object as local data. This results in the potentially malicious remote content being rendered in the "My Computer" security zone. ICQ versions 5.04 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/433360
  • 06.19.10 - CVE: CVE-2006-2273
  • Platform: Third Party Windows Apps
  • Title: Verisign i-Nav ActiveX Control Remote Buffer Overflow
  • Description: Verisign i-Nav ActiveX control is a software package that adds support for international domain names (IDN). It is vulnerable to a buffer overflow issue due to an insufficient boundry check of an unspecified parameter of the "VUpdater.Install" control. All versions of VeriSign i-Nav are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433589
  • 06.19.11 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X Security Update 2006-003 Multiple Vulnerabilities
  • Description: Apple Mac OS X is affected by multiple security issues. Apple released security update 2006-003 to address these issues. Please see the attached advisory for details.
  • Ref: http://docs.info.apple.com/article.html?artnum=303737
  • 06.19.12 - CVE: Not Available
  • Platform: Linux
  • Title: pstotext Arbitrary Script Code Execution
  • Description: The pstotext utility is a command line utility that utilizes GhostScript to convert PostScript files to plain text. It is susceptible to an arbitrary command execution vulnerability due to improper sanitization of user-supplied input to the filename. Version 1.9 of pstotext is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/17897
  • 06.19.13 - CVE: Not Available
  • Platform: Linux
  • Title: ISPConfig Session.INC.PHP Remote File Include
  • Description: ISPConfig is an open source hosting control panel. It is affected by a remote file include issue due to a failure in the application to properly sanitize user-supplied input to the "go_info[server][classes_root]" parameter of the "session.inc.php" script. ISPConfig version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/17909
  • 06.19.14 - CVE: CVE-2006-2275
  • Platform: Linux
  • Title: Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
  • Description: The Linux kernel SCTP module is susceptible to remote denial of service vulnerabilities. These issues are triggered when unexpected SCTP packets are handled by the kernel. The Linux kernel version 2.6.16 is vulnerable.
  • Ref: http://labs.musecurity.com/advisories/MU-200605-01.txt
  • 06.19.15 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Lease_Init Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service issue due to a design error in the "lease_init" function of the "fs/locks.c" file. Linux kernel versions earlier than 2.6.16.16 are affected.
  • Ref: http://www.securityfocus.com/bid/17943
  • 06.19.16 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris LibIKE IKE Exchange Denial of Service
  • Description: Sun Solaris is vulnerable to a denial of service issue with the "libike" IKE implementation if a malformed payload is sent during an IKE exchange. Solaris 9 and 10 are vulnerable.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-1
  • 06.19.17 - CVE: Not Available
  • Platform: Unix
  • Title: Inter7 Vpopmail Authentication Bypass
  • Description: Inter7 Vpopmail is mail management software. It is vulnerable to a remote authentication bypass issue because of a logic flaw in the application while handling plaintext password authentication during SMTP AUTH or APOP connections. Inter7 Vpopmail versions 5.4.15 and earlier are vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=415350
  • 06.19.18 - CVE: CVE-2006-0730
  • Platform: Unix
  • Title: Dovecot Remote Information Disclosure
  • Description: Dovecot is a mail server application. It is vulnerable to an information disclosure issue due to insufficient sanitization of directory traversal sequences in the IMAP LIST command. Dovecot versions 1.0 stable through 1.0 beta8 are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/0549
  • 06.19.19 - CVE: Not Available
  • Platform: Novell
  • Title: Novell NetWare Distributed Print Services Integer Overflow
  • Description: Novell Netware Distributed Print Services (NDPS/iPrint) is a communications layer for printer management. It is affected by an integer overflow issue due to an unspecified integer overflow in "DPRPCNLM.NLM" when handling malformed requests. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17922
  • 06.19.20 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Client Unspecified Buffer Overflow
  • Description: Novell Client is prone to an unspecified buffer overflow vulnerability. The problem occurs in "DPRPCW32.DLL". This issue exists in Novell Client 4.83 SP3, 4.90 SP2, and 4.91 SP2.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719. tm
  • 06.19.21 - CVE: CVE-2006-0994
  • Platform: Cross Platform
  • Title: Sophos Anti-Virus CAB File Scanning Remote Heap Overflow
  • Description: Sophos Anti-Virus is a commercially available virus scanning software. A remote heap overflow vulnerability exists in Sophos Anti-Virus Library when scanning CAB files. See advisory for further details.
  • Ref: http://www.sophos.com/support/knowledgebase/article/4934.html
  • 06.19.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Welcome Page Security Restriction Bypass
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. It is prone to a security restriction bypass vulnerability. Specifically, when security constraints with a pattern of "/*" are deployed, they will fail to match pages with paths consisting of just "/". For example, "/somepath/homepage.jsp" will properly require authentication, but "/somepath/" will not, even though they both resolve to the same "homepage.jsp" page.
  • Ref: http://www.securityfocus.com/bid/17900
  • 06.19.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Cisco Productions WebSense Content Filtering Bypass
  • Description: Multiple Cisco products can be configured to utilize the WebSense service to filter HTTP content. They are susceptible to a content filtering bypass vulnerability due to improper recognition of HTTP request traffic. If attackers fragment HTTP requests, the content filter will be bypassed as the affected device will not attempt to forward the request to the WebSense service to perform authorization checks. Cisco is tracking this issue as Bug IDs CSCsc67612, CSCsc68472 and CSCsd81734.
  • Ref: http://www.securityfocus.com/bid/17883
  • 06.19.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avahi Buffer Overflow and Denial of Service Vulnerabilities
  • Description: Avahi is an application to discover services available on the local network. The application is affected by multiple buffer overflow, denial of service and command execution issues. Avahi 0.6.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/17884
  • 06.19.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOBEX IRCP Arbitrary File Overwrite
  • Description: OpenOBEX is an open source implementation of the Object Exchange protocol. OpenOBEX's IRCP utility is susceptible to a remote file overwrite issue because it fails to verify that a destination file does not exist before creating one. OpenOBEX version 1.2 is vulnerable.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484
  • 06.19.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 3Com TippingPoint SMS Information Disclosure
  • Description: TippingPoint Security Management System (SMS) is an appliance for managing multiple Intrusion Prevention Systems (IPS). Insufficient sanitization of user-supplied input exposes the application to an information disclosure issue. Please refer to the attached advisory for details.
  • Ref: http://www.securityfocus.com/bid/17935
  • 06.19.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Enterprise Firewall / Gateway Security HTTP Proxy Internal IP Leakage
  • Description: Symantec Enterprise Firewall and Gateway Security products are prone to an information disclosure weakness. The NAT/HTTP proxy component of the products may reveal the internal IP addresses of protected computers when handling certain specially crafted HTTP requests. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html
  • 06.19.28 - CVE: CVE-2006-1458, CVE-2006-1459, CVE-2006-1460,CVE-2006-1461, CVE-2006-1462, CVE-2006-1463, CVE-2006-1464,CVE-2006-1465, CVE-2006-1453,CVE-2006-1454, CVE-2006-2238
  • Platform: Cross Platform
  • Title: QuickTime Multiple Integer and Buffer Overflow Vulnerabilities
  • Description: QuickTime Player is a media player. It is vulnerable to multiple integer overflow and buffer overflow issues. See advisory for further details. QuickTime Player versions 7.0.4 and earlier are vulnerable.
  • Ref: http://docs.info.apple.com/article.html?artnum=303752
  • 06.19.29 - CVE: CVE-2006-2262
  • Platform: Web Application - Cross Site Scripting
  • Title: Singapore Index.PHP Cross-Site Scripting
  • Description: Singapore is an image gallery application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "gallery" parameter of the "index.php" script. Singapore version 0.9.7 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433250
  • 06.19.30 - CVE: CVE-2006-2252
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenFAQ Validate.PHP HTML Injection
  • Description: OpenFAQ is a web-based FAQ (Frequently Asked Questions) manager. OpenFAQ is prone to an HTML injection vulnerability.
  • Ref: http://www.securityfocus.com/archive/1/433120
  • 06.19.31 - CVE: CVE-2006-2287
  • Platform: Web Application - Cross Site Scripting
  • Title: Vision Source CMS User Profile HTML Injection
  • Description: Vision Source CMS is a content management system implemented in PHP. Vision Source CMS is prone to an HTML injection vulnerability.
  • Ref: http://www.securityfocus.com/archive/1/433129
  • 06.19.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FaktoryStudios EasyEvent Index.PHP Cross-Site Scripting
  • Description: EasyEvent is a web-based event calendar. Insufficient sanitization of the "curr_year" parameter of the "index.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17891
  • 06.19.33 - CVE: CVE-2006-2249
  • Platform: Web Application - Cross Site Scripting
  • Title: CuteNews Multiple Cross-Site Scripting Vulnerabilities
  • Description: CuteNews is a news reader application. CuteNews is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "search.php" script. CuteNews version 1.4.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433058
  • 06.19.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EPublisherPro Moreinfo.ASP Cross-Site Scripting
  • Description: EPublisherPro is a website publishing application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "title" parameter of the "moreinfo.asp" script.
  • Ref: http://www.securityfocus.com/bid/17907
  • 06.19.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Live Helper Chat.PHP Cross-Site Scripting
  • Description: PHP Live Helper is a customer support application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "PHPSESSID" parameter of the "chat.php" script. PHP Live Helper version 2.0. Beta is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17960/info
  • 06.19.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jadu CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Jadu CMS is a news reader application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "register.php" script. All versions of Jadu CMS are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17929/info
  • 06.19.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ColdFusion Required Fields Cross-Site Scripting
  • Description: Adobe ColdFusion is an application server providing development and hosting infrastructure. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input when the "_required" flag is used in the name of HTML POST form data and an error occurs. Adobe ColdFusion versions 5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17938
  • 06.19.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ManageEngine OpManager Search.DO Cross-Site Scripting
  • Description: ManageEngine OpManager is a network monitoring and management application available for the Microsoft Windows operating system. It is prone to a cross-site scripting vulnerability. This issue affects version 6.0.
  • Ref: http://www.securityfocus.com/bid/17944
  • 06.19.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vizra A_Login.PHP Cross-Site Scripting
  • Description: Vizra is a web-based application implemented in PHP. Vizra is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "message" parameter of the "a_login.php" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17949
  • 06.19.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OZJournals Vname Parameter Cross-Site Scripting
  • Description: OZJournals is a web-based application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "vname" parameter when submitting a comment. OZJournals version 1.2 is vulnerable.
  • Ref: http://kiki91.altervista.org/exploit/ozjournals.txt
  • 06.19.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2005-Comments-Script Multiple Cross-Site Scripting Vulnerabilities
  • Description: 2005-Comments-Script is affected by multiple SQL injection issues due to insufficient sanitization of user-supplied input. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17895
  • 06.19.42 - CVE: CVE-2006-2263
  • Platform: Web Application - SQL Injection
  • Title: VP-ASP Shopping Cart Shopcurrency.ASP SQL Injection
  • Description: VP-ASP Shopping Cart is a shopping cart application. VP-ASP Shopping Cart is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "cid" parameter of the "shopcurrency.asp" script. VP-ASP versions prior to 6.08 are vulnerable.
  • Ref: http://milw0rm.com/exploits/1759
  • 06.19.43 - CVE: CVE-2006-2268
  • Platform: Web Application - SQL Injection
  • Title: Flexcustomer Login SQL Injection
  • Description: Flexcustomer is a web-based user management application. Flexcustomer is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the administrative and user login panels. Flexcustomer versions 0.0.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433125
  • 06.19.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Creative Community Portal Multiple SQL Injection Vulnerabilities
  • Description: Creative Community Portal is a web application designed to create online communities. Insufficient sanitization of user-supplied input exposes the application to multiple SQL injection issues. Creative Community Portal version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17890
  • 06.19.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Limbo CMS Index.PHP SQL Injection
  • Description: Limbo CMS is a content management application. Insufficient sanitization of the "catid" parameter in the "index.php" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17870
  • 06.19.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EvoTopsite Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: EvoTopsites is a web-based topsites script. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "cat_id" and "id" parameters of the "index.php" script. EvoTopsites versions 2.0 and Pro 2.0 are vulnerable.
  • Ref: http://www.hamid.ir/security/evotopsites.txt
  • 06.19.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MultiCalendars All_calendars.ASP SQL Injection
  • Description: MultiCalendars is a shopping cart application. Insufficient sanitization of the "calsids" parameter in the "all_calendars.asp" script exposes the application to an SQL injection issue. MultiCalendars version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/17903
  • 06.19.48 - CVE: CVE-2006-2103
  • Platform: Web Application - SQL Injection
  • Title: MyBB Showthread.PHP SQL Injection
  • Description: MyBB is a bulletin board application. The application is prone to an SQL injection issue due to insufficient sanitization of user-supplied input to the "comma" parameter of the "showthread.php" script. MyBB version 1.1.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433564
  • 06.19.49 - CVE: CVE-2006-2300
  • Platform: Web Application - SQL Injection
  • Title: EImagePro Multiple SQL Injection Vulnerabilities
  • Description: EImagePro is an image gallery application, implemented in PHP. The application is prone to multiple SQL-injection vulnerabilities.
  • Ref: http://www.securityfocus.com/bid/17911
  • 06.19.50 - CVE: CVE-2006-2296
  • Platform: Web Application - SQL Injection
  • Title: EDirectoryPro Search_result.ASP SQL Injection
  • Description: EDirectoryPro is an advanced link directory application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "keyword" parameter of the "search_result.asp" script. All versions of EDirectoryPro are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17912/info
  • 06.19.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DUWare DUGallery Login SQL Injection
  • Description: DUGallery is a bulletin-board application written in ASP. The application is prone to an SQL injection vulnerability.
  • Ref: http://www.securityfocus.com/archive/1/433410
  • 06.19.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ozzywork Galeri Admin Login SQL Injection
  • Description: Ozzywork Galeri is a web-based gallery application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "Login" and "password" fields of the "admin_default.asp" script. Ozzywork Galeri version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433358
  • 06.19.53 - CVE: CVE-2006-2042
  • Platform: Web Application - SQL Injection
  • Title: Dreamweaver Multiple SQL Injection Vulnerabilities
  • Description: Dreamweaver is a web development tool. The automantic code generator is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input. Dreamweaver versions 8.0 and earlier are vulnerable.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb06-07.html
  • 06.19.54 - CVE: CVE-2006-2046
  • Platform: Web Application - SQL Injection
  • Title: Application Dynamics Cartweaver ColdFusion SQL Injection Vulnerabilities
  • Description: Cartweaver ColdFusion is a shopping cart application. It is vulnerable to SQL injection attacks due to insufficient sanitization of user-supplied input to the "Details.cfm" and "Results.cfm" scripts. Cartweaver version 2.17.11 resolves this issue.
  • Ref: http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html
  • 06.19.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AliPAGER Elementz.PHP SQL Injection
  • Description: AliPAGER is an advanced link directory application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "ubild" parameter of the "elementz.php" script. AliPager version 1.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/17945
  • 06.19.56 - CVE: CVE-2006-2284
  • Platform: Web Application
  • Title: Claroline Multiple Remote File Include Vulnerabilities
  • Description: Claroline is a collaborative learning application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the authldap.php, ldap.inc.php and casProcess.inc.php scripts. Claroline and Doekos Open Source Learning and Knowledge Management Tool versions 1.7.5 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/1701
  • 06.19.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Ocean12 Calendar Manager Pro Multiple Input Validation Vulnerabilities
  • Description: Calendar Manager Pro is a calendar application, implemented in ASP. It is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Calendar Manager Pro version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17877
  • 06.19.58 - CVE: CVE-2006-2270
  • Platform: Web Application
  • Title: Jetbox CMS Config.PHP Remote File Include
  • Description: Jetbox CMS is a content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "relative_script_path" variable, which is used in the "config.php" script. Jetbox CMS version 2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433121
  • 06.19.59 - CVE: CVE-2006-0069
  • Platform: Web Application
  • Title: Chipmunk Blogger Multiple Input Validation Vulnerabilities
  • Description: Chipmunk Blogger is a blog management application. It is vulnerable to multiple input validation issues such has HTML injection and cross-site scripting. See the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/433122
  • 06.19.60 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Multiple Local File Include Vulnerabilities
  • Description: PHP-Fusion is a website management application. Insufficient sanitization of the "settings" parameter of the "last_seen_users_panel.php" script and the "localset" parameter of the "setup.php" script exposes the application to multiple file include issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17898
  • 06.19.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Timobraun Dynamic Galerie Multiple Input Validation Vulnerabilities
  • Description: Dynamic Galerie is an image gallery application. It is prone to a directory traversal vulnerability and a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "pfad" parameter of the "index.php" script. Ref: http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html
  • 06.19.62 - CVE: CVE-2006-2260
  • Platform: Web Application
  • Title: Drupal Project Module HTML Injection
  • Description: Drupal is an open-source content management system. Drupal is prone to an HTML injection vulnerability.
  • Ref: http://drupal.org/drupal-4.7.0
  • 06.19.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Chipmunk Forum Multiple Input Validation Vulnerabilities
  • Description: Chipmunk Forum is a bulletin board application. Insufficient sanitization of user-supplied input exposes the application to multiple HTML injection and SQL injection issues.
  • Ref: http://www.securityfocus.com/bid/17863
  • 06.19.64 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBloggie BBCode IMG Tag HTML Injection
  • Description: MyBloggie is a web log application implemented in PHP. It is prone to an HTML injection vulnerability due to improper sanitization of user-supplied input submitted in BBCode IMG tags. myBloggie versions 2.1.3 and 2.1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/17865
  • 06.19.65 - CVE: Not Available
  • Platform: Web Application
  • Title: PassMasterFlex Multiple HTML Injection Vulnerabilities
  • Description: PassMasterFle is a web-based authentication utility. Insufficient sanitization of user-supplied input exposes the application to multiple HTML injection issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17866
  • 06.19.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Online Universal Payment System Script Multiple Input Validation Vulnerabilities
  • Description: Online Universal Payment System Script is an ecommerce application. It is vulnerable to multiple input validation issues such as directoroy traveral and cross-site scripting. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/17889/info
  • 06.19.67 - CVE: CVE-2006-2261
  • Platform: Web Application
  • Title: ACal Day.PHP Remote File Include
  • Description: ACal is a web-based calendar application implemented in PHP. ACal is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "path" parameter of the "day.php" script. ACal versions 2.2.6 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/17886
  • 06.19.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Nagios Remote Negative Content-Length Buffer Overflow
  • Description: Nagios is an open source application designed to monitor networks and services for service interruptions. Insufficient sanitization of the "Content-Length" HTTP header exposes the application to a buffer overflow issue. Nagios versions prior to 2.3 in the 2.x series and versions prior to 1.4 in the 1.x series are affected.
  • Ref: http://www.securityfocus.com/bid/17879
  • 06.19.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Phil's Bookmark Script Admin.PHP Authentication Bypass
  • Description: Phil's Bookmark script is a web link bookmarking application. It is vulnerable to an authentication bypass issue because the "admin.php" script fails to prompt for authentication credentials. All versions of Phil's Bookmark script are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433222
  • 06.19.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Website Baker User Display Name HTML Injection
  • Description: Website Baker is a content management system. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input in user display names. Website Baker versions 2.6.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433130
  • 06.19.71 - CVE: CVE-2006-2282
  • Platform: Web Application
  • Title: X7 Chat Avatar URL HTML Injection
  • Description: X7 Chat is a web-based chatroom application. It is vulnerable to an HTML injection issue due to insufficient sanitization of HTML and script code from avatar URLs. X7 Chat versions 2.0.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433131
  • 06.19.72 - CVE: Not Available
  • Platform: Web Application
  • Title: openEngine Template Unauthorized Access
  • Description: openEngine is a web-based content management system. It is prone to an unauthorized access vulnerability due to improper sanitization of user-supplied input to the "template" parameter of the "website.php" script.
  • Ref: http://www.securityfocus.com/bid/17871
  • 06.19.73 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBBoard Email SQL Injection
  • Description: MyBBoard is a web-based bulletin board application implemented in PHP. MyBBoard is prone to an SQL injection vulnerability.
  • Ref: http://www.securityfocus.com/archive/1/433231
  • 06.19.74 - CVE: Not Available
  • Platform: Web Application
  • Title: StatIt Visible_count_inc.PHP Remote File Include
  • Description: StatIt is a web-based statistics application implemented in PHP. It is prone to a remote file include vulnerability due to improper sanitization of user-supplied input to the "statitpath" parameter of "visible_count_inc.php" script.
  • Ref: http://www.securityfocus.com/bid/17887
  • 06.19.75 - CVE: CVE-2006-2258, CVE-2006-2259
  • Platform: Web Application
  • Title: Maxx Schedule Multiple Input Validation Vulnerabilities
  • Description: Maxx Schedule is a web application for resource scheduling. Maxx Schedule is prone to multiple input validation vulnerabilities including a cross-site scripting vulnerability and a SQL injection vulnerability. Maxx Schedule version 1.0 is vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/17892
  • 06.19.76 - CVE: Not Available
  • Platform: Web Application
  • Title: UBlog Text Field HTML Injection
  • Description: Ublog is a web-based blog application. Insufficient sanitization of the "text" parameter exposes the application to a HTML injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17856
  • 06.19.77 - CVE: CVE-2006-2281
  • Platform: Web Application
  • Title: X-POLL Add.PHP Input Validation
  • Description: X-POLL is a web-based polling application. It is vulnerable to an input validation issue due to insufficient sanitization of user-supplied input to the "add.php" script. X-POLL version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/433220
  • 06.19.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Dokeos LDAP_VAR.INC.PHP Remote File Include
  • Description: Dokeos is a web-based e-learning and course management application. Insufficient sanitization of the "includePath" parameter of the "ldap_var.inc.php" script exposes the application to a remote file include issue. Dokeos version 1.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/17915
  • 06.19.80 - CVE: CVE-2006-1428
  • Platform: Web Application
  • Title: phpCOIN Email Address Information Disclosure
  • Description: phpCOIN is an application for client, order, and helpdesk management; it is implemented in PHP. It is prone to an information disclosure vulnerability.
  • Ref: http://www.securityfocus.com/bid/17959
  • 06.19.81 - CVE: Not Available
  • Platform: Web Application
  • Title: IdealBB Multiple Input Validation Vulnerabilities
  • Description: IdealBB is a bulletin board application implemented in PHP. It is prone to multiple input validation vulnerabilities because the application fails to properly sanitize user-supplied input. IdealBB version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/433248
  • 06.19.82 - CVE: CVE-2006-2292, CVE-2006-2291
  • Platform: Web Application
  • Title: IA-Calendar Multiple Input Validation Vulnerabilities
  • Description: Inhouse Associates IA-Calendar is a web calendar application. IA-Calendar is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/17925
  • 06.19.83 - CVE: Not Available
  • Platform: Web Application
  • Title: PAFileDB Pafiledb_Constants.PHP Remote File Include
  • Description: paFileDB is a web-based file management utility. Insufficient sanitization of the "module_root_path" parameter of the "pafiledb_constants.php" script exposes the application to a remote file include issue. paFileDB version version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17930
  • 06.19.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Aardvark Topsites PHP LostPW.PHP Remote File Include
  • Description: Aardvark Topsites PHP is affected by a remote file include issue due to a failure in the application to properly sanitize user-supplied input to the "CONFIG[path]" parameter of the "sources/lostpw.php" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/17940
  • 06.19.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Ozzywork Galeri Arbitrary File Upload
  • Description: Ozzywork Galeri is a web-based gallery application. It is vulnerable to an arbitrary file upload issue due to insufficient sanitization of input to the "add.asp" script. Ozzywork Galeri version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/17946/info
  • 06.19.86 - CVE: Not Available
  • Platform: Web Application
  • Title: NewsBoard ABBC.CSS.PHP Local File Include
  • Description: NewsBoard is a web-based news reader application. Insufficeint sanitization of the "design_path" parameter of the "abbc.css.php" script exposes the application to a local file include issue. NewsBoard version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/17947
  • 06.19.87 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Multiple Input Validation Vulnerabilities
  • Description: phpBB is a bulletin board application implemented in PHP. phpBB is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/433715
  • 06.19.88 - CVE: CVE-2006-2322
  • Platform: Network Device
  • Title: Cisco Application Velocity System Open TCP Proxy
  • Description: Cisco Application Velocity System (AVS) is a web-application accelerator package designed to act as a proxy for HTTP traffic to improve response times. AVS is susceptible to a remote open TCP proxy vulnerability due to a failure of the software to allow only valid TCP ports to be utilized by remote users. Specifically, attackers may specify arbitrary TCP ports to connect to through the affected proxy software. Versions of AVS prior to 5.0.1 are vulnerable to this issue.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS delivers the best training I have seen in the industry.
-Brian Hughes, Idaho State University

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc