Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 24
June 19, 2006

SANS Newsletters Home

A *huge* week of Microsoft security problems (#2, #4, #5, #6, #7, #9, #10, #11), including a zero-day Excel vulnerability (#8). The IE vulnerabilities allow attackers to set up sites that infect visitors who do nothing more than visit the malicious sites. But don't overlook upgrading all versions of Adobe Reader (#7). And this week again saw more than 100 new vulnerabilities discovered, mostly in web applications - - demonstrating once again the huge liability organizations are taking on in deploying web applications written by people who have never been trained in how to avoid programming in security vulnerabilities, or in how to find and fix vulnerabilities other programmers have left in their applications. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 10 (#5, #6, #9, #10, #11)
    • Microsoft Office
    • 3 (#2, #4, #8)
    • Other Microsoft Products
    • 7 (#1, #3)
    • Third Party Windows Apps
    • 2 (#13, #14)
    • Linux
    • 4
    • HP-UX
    • 1
    • Cross Platform
    • 9 (#7, #12)
    • Web Application - Cross Site Scripting
    • 20
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 37
    • Network Device
    • 1
    • Updates
    • 1

************ SPONSORED BY SANS SUMMER TRAINING EXTRAVAGANZA ************* Over the next two months, you may attend one or more of 50 SANS courses in 20 cities on four continents. And if you cannot make those events, because of travel restrictions, you may attend live SANS courses with the best teachers in the world, without leaving your home. You can even take SANS courses online at your own schedule. Attendance at SANS educational events is experiencing the largest growth spurt in half a decade. Pick your class and register early to get a seat. http://www.sans.org *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** Sponsored Links: **************************

1) Free SANS Tool Talk Webcast tomorrow "Comprehensive Threat Management: Helping You Navigate The Data Security Quagmire" Tuesday, June 20 at 1:00 PM EDT (1700 UTC/GMT) http://www.sans.org/info.php? id=1196

2) Need help selecting an SSL VPN solution? Read security analyst Mark Bouchard's (CISSP) latest buyer's guide. http://www.sans.org/info.php? id=1197 *************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (4) HIGH: Microsoft PowerPoint Remote Code Execution (MS06-028)
  • Affected:
    • Microsoft Office 2000 SP3/2003 SP1 and SP2
    • Microsoft Office 2004/Office.v X for Mac
    • Microsoft PowerPoint 2000/2002/2003
    • Microsoft PowerPoint 2004/v. X for Mac

  • Description: Microsoft PowerPoint contains a file-format validation vulnerability that would allow an attacker to execute arbitrary code by tricking a vulnerable user into opening a specially-crafted Microsoft PowerPoint file. Any malicious code would be executed with the permissions of the user who opened the file. Note that user interaction would be required to exploit this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to all of the Microsoft issues. Some sites are already in the process of deploying the patches and others plan to deploy in the near future. Sites use the public Microsoft Update site or a local WSUS server.

  • References:
  • (5) HIGH: Microsoft Windows JScript Remote Command Execution (MS06-023)
  • Affected:
    • Microsoft Windows 2000 SP4/XP SP1 and SP2/2003/2003 SP1

  • Description: Microsoft Windows contains a memory corruption vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the current user. Due to a failure to properly handle JScript heap memory, an attacker can exploit this vulnerability via specially-crafted web page or email message. JScript is Microsoft's implementation of ECMAScript (commonly known as JavaScript). No user interaction beyond viewing the malicious web page or email message is required for exploitation.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to all of the Microsoft issues. Some sites are already in the process of deploying the patches and others plan to deploy in the near future. Sites use the public Microsoft Update site or a local WSUS server.

  • References:
  • (6) HIGH: Microsoft Windows ART Image Handling Remote Code Execution (MS06-022)
  • Affected:
    • Microsoft Windows XP SP1 and SP2/2003/2003 SP1

  • Description: Microsoft Windows contains a memory corruption vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the current user. Due to a failure to properly handle ART image files (a deprecated, mostly-unused but still-supported image format), an attacker can exploit this vulnerability via a specially-crafted ART image file. No user interaction is required beyond viewing the malicious web page or email message is required for exploitation.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to all of the Microsoft issues. Some sites are already in the process of deploying the patches and others plan to deploy in the near future. Sites use the public Microsoft Update site or a local WSUS server.

  • References:
  • (7) HIGH: Adobe Reader Multiple Unspecified Vulnerabilities
  • Affected:
    • Adobe Reader versions 7.0.7 and prior

  • Description: Adobe Reader, the most popular PDF reader on the Internet, contains multiple security vulnerabilities. The exact nature of the vulnerabilities is unknown, but Adobe has confirmed that at least one of the vulnerabilities can be exploited to execute arbitrary code with the privileges of the current user. All users are recommended to upgrade immediately.

  • Status: Adobe confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to this issue and they all plan to roll out the patches during their next regularly schedule system update process.

  • References:
  • (8) HIGH: Microsoft Excel Remote Code Execution (0-day)
  • Affected:
    • Microsoft Excel 2003 Service Pack 1 and prior

  • Description: Microsoft Excel is vulnerable to an unspecified remote code execution vulnerability. By sending a specially-crafted Excel file to a vulnerable user, an attacker can execute arbitrary code with the privileges of the logged-in user. The user must open the malicious file to be affected. This vulnerability is currently being exploited in a targeted attack; the exploit is not believed to be public at this time. Microsoft has added software to the Windows Live Safety Center to detect the malicious code installed by the exploit.

  • Status: Microsoft confirmed, no updates available. SANS Handler's list has posted a list of defenses.

  • References:
  • (9) MODERATE: Microsoft Windows TCP/IP Remote Code Execution (MS06-032)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Packs 1 and 2
    • Microsoft Windows Server 2003, no service packs and Service Pack 1

  • Description: The Microsoft Windows TCP/IP stack contains a remote code execution vulnerability. Systems running the Routing and Remote Access Service with IP Source Routing enabled are vulnerable. The Routing and Remote Access Service is disabled on all vulnerable versions of the operating system, but IP Source Routing is enabled on all versions but XP Service Pack 2 and Server 2003 Service Pack 1. Users running the vulnerable configuration are advised to update as soon as possible, and configure firewalls to block IP packets with Source Routing options.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to all of the Microsoft issues. Some sites are already in the process of deploying the patches and others plan to deploy in the near future. Sites use the public Microsoft Update site or a local WSUS server.

  • References:
  • (10) MODERATE: Microsoft Windows Routing and Remote Access Remote Code Execution (MS06-025)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Packs 1 and 2
    • Microsoft Windows Server 2003, no service packs and Service Pack 1

  • Description: The Microsoft Windows Routing and Remote Access Service contains a remote code execution vulnerability. By sending specially-crafted traffic to the vulnerable system, an attacker could execute arbitrary code. On Windows XP Service Pack 2 and Windows Server 2003 systems, valid local user credentials are required to successfully exploit this vulnerability; on other systems no such credentials are required. The Routing and Remote Access service is disabled by default on all vulnerable systems. Users running a vulnerable configuration are advised to update immediately and to block ports 135, 137, 138, 445 (UDP) and ports 135, 139, 445, and 593 (TCP) from the Internet. Note that this vulnerability is distinct from MS06-032. Non-public exploit code for this vulnerability has been published.

  • Status: Microsoft confirmed, updates available. Note that the patch affects dial-up scripting functionality.

  • Council Site Actions: All of the reporting council sites are responding to all of the Microsoft issues. Some sites are already in the process of deploying the patches and others plan to deploy in the near future. Sites use the public Microsoft Update site or a local WSUS server.

  • References:
  • (11) MODERATE: Microsoft Windows WMF Handling Overflow
  • Affected:
    • Microsoft Windows ME/98/98SE

  • Description: Microsoft Windows 98 and ME are vulnerable to a heap overflow when processing certain WMF (Windows Metafile) image files. By tricking a user into opening a Windows Metafile with a specially-crafted header, an attacker can execute arbitrary code with the privileges of the logged-in user. This vulnerability is limited to Windows 98, 98SE, and ME. It does not affect Windows 2000, XP or later. This is distinct from the previous WMF-handling vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (12) LOW: Sendmail MIME Message Denial-of-Service
  • Affected:
    • Sendmail versions 8.13.6 and prior

  • Description: Sendmail, the most popular mail transport agent on the Internet, contains a remotely-exploitable denial-of-service vulnerability. By sending a specially-crafted MIME message, an attacker could cause the Sendmail server to stop delivering mail.

  • Status: Sendmail confirmed, updates available.

  • Council Site Actions: Two of the reporting council sites are responding to this issue. One site plans to deploy the patches for their heavily used machines after some testing in the next few weeks. Their lightly used machines will automatically obtain patches via the auto update feature of the Linux distributors.

  • References:
  • (13) HIGH: WinSCP "scp" and "sftp" Protocol Handler Remote Command Injection
  • Affected:
    • WinSCP version 3.8.1 and prior

  • Description: WinSCP, a popular SCP and SFTP client for Windows, contains a remotely-exploitable command-injection vulnerability. By tricking a user into clicking on a specially-crafted "scp://" or "sftp://" link, an attacker can cause WinSCP to automatically download and execute an arbitrary file with the privileges of the current user. Exploit code has been publicly posted.

  • Status: No vendor confirmation, no updates available.

  • References:
  • (14) MODERATE: MailEnable Enterprise WebMail Remote Security Bypass
  • Affected:
    • MailEnable Enterprise versions 2.09 and prior

  • Description: MailEnable Enterprise is a popular enterprise email solution. The WebMail component is vulnerable to several security bypass vulnerabilities. Failure to properly validate user-supplied input allows remote attackers to gain administrative privileges over the MailEnable software. Exploit code has been publicly posted.

  • Status: No vendor confirmation, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5038 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.24.1 - CVE: CVE-2006-2376
  • Platform: Windows
  • Title: Windows GDI WMF Handling Heap Overflow
  • Description: The Microsoft Windows GDI Graphics Rendering Engine is vulnerable to a heap overflow issue when the component loads a specially crafted WMF (Windows Metafile) image. Microsoft Windows 98, 98SE and ME systems are vulnerable.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-026.mspx
  • 06.24.2 - CVE: CVE-2006-2370,CVE-2006-2371
  • Platform: Windows
  • Title: Windows Routing and Remote Access Remote Code Execution
  • Description: Microsoft Routing and Remote Access is a component of Microsoft Windows operating systems that handles network routing functions. It is vulnerable to a remote code execution due to crafted "RPC" requests. See advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx
  • 06.24.3 - CVE: CVE-2006-1303
  • Platform: Windows
  • Title: Microsoft Internet Explorer COM Object Instantiation Code Execution
  • Description: Microsoft Internet Explorer is exposed to a memory corruption issue. This is due to the incorrect way of instantiation of COM objects as ActiveX controls. Microsoft Internet Explorer versions 6.0 SP1 and earlier are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
  • 06.24.4 - CVE: CVE-2006-2373,CVE-2006-2374
  • Platform: Windows
  • Title: Microsoft Windows SMB Driver Local Privilege Escalation
  • Description: Server Message Block (SMB) is the Internet standard protocol that Windows uses to share files, printers, and serial ports, and to communicate between computers. The Microsoft SMB driver is prone to a local privilege escalation vulnerability. The problem occurs because of the way the affected software handles SMB requests. This issue is exploitable only from the local system.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx
  • 06.24.5 - CVE: CVE-2006-2374
  • Platform: Windows
  • Title: Microsoft SMB Driver Local Denial Of Service
  • Description: The Microsoft SMB driver is prone to a local denial of service vulnerability. This issue occurs because of the way the affected software handles SMB requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx
  • 06.24.6 - CVE: Not Available
  • Platform: Windows
  • Title: Windows Routing and Remote Access RASMAN Registry Remote Code Execution
  • Description: Windows Routing and Remote Access handles network-routing functions and provides Remote Access Services (RAS) for remote users. It is affected by a memory corruption issue that may lead to remote code execution. Please refer to the Microsoft advisory for more details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx
  • 06.24.7 - CVE: CVE-2006-2379
  • Platform: Windows
  • Title: Windows TCP/IP Protocol Driver Remote Buffer Overflow
  • Description: Microsoft Windows is vulnerable to a remote buffer overflow issue when the TCP/IP protocol driver fails to perform sufficient boundary checks. See advisory for futher details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx
  • 06.24.8 - CVE: CVE-2006-2380
  • Platform: Windows
  • Title: Microsoft Windows RPC Mutual Authentication Service Spoofing
  • Description: Microsoft Windows is susceptible to a vulnerability in the RPC component, specifically when using the mutual authentication mechanism with the SSL (Secure Socket Layer) protocol. The mutual authentication mechanism requires that both the client and the server exchange credentials before establishing communications. This mechanism is supposed to ensure that the client is connecting to a legitimate, trusted RPC service.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS06-031.mspx
  • 06.24.9 - CVE: Not Available
  • Platform: Windows
  • Title: Windows Malformed ART Image Remote Code Execution
  • Description: Windows is prone to a remote code execution issue when processing malformed ART images due to an unchecked buffer in the code responsible for displaying ART images. Please refer to the microsoft bulletin for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx
  • 06.24.10 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Routing and Remote Access Unspecified Remote Code Execution
  • Description: Microsoft Windows Routing and Remote Access is prone to an unspecified remote vulnerability. This is due to an integer signedness flaw in the affected software. The discoverer of this vulnerability has stated that this issue was silently patched by Microsoft with the release of MS06-025.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx
  • 06.24.11 - CVE: CVE-2006-2492
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Malformed Record Remote Code Execution
  • Description: Microsoft PowerPoint is exposed to a remote code execution issue. This is due to improper handling of malformed record data in PowerPoint documents. Microsoft PowerPoint versions 2003 SP3 and earlier are affected.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-028.mspx
  • 06.24.12 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Excel Unspecified Remote Code Execution
  • Description: Microsoft Excel is susceptible to an unspecified remote code execution issue. Malicious Excel files called "okN.xls" may contain the "Trojan.Mdropper.J" and "Downloader.Booli.A" malware files. Microsoft Excel 2003 SP1 and earlier are affected.
  • Ref: http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
  • 06.24.13 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution
  • Description: The DXImageTransform.Microsoft.Light ActiveX control is a multimedia filter that creates the effect of light shining on the content of an object. This issue occurs if the vulnerable ActiveX control receives unexpected data. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
  • 06.24.14 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Decoding Remote Code Execution
  • Description: Microsoft Internet Explorer is prone to a remote code execution vulnerability. This issue occurs when Internet Explorer decodes specially crafted UTF-8 encoded HTML. The parsing code fails to properly account for 5 and 6 byte UTF-8 octets, which may be exploited to cause a heap-based buffer overrun.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
  • 06.24.15 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Multipart HTML File Handling Remote Code Execution
  • Description: Internet Explorer is prone to a remote code execution issue. The problem occurs when an unsuspecting user uses the "Save as" function to save a malicious web page as a multipart HTML file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
  • 06.24.16 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Address Bar Spoofing Vulnerability
  • Description: Microsoft Internet Explorer is prone to an address bar spoofing issue because the address bar of a browser window may persist while the content displayed in the browser. Please refer to the attached advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
  • 06.24.17 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft JScript Memory Corruption
  • Description: JScript is a software component included in Windows operating systems. JScript is prone to a remote memory corruption issue because it fails to properly execute certain HTML script content. Please check the referenced advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx
  • 06.24.18 - CVE: CVE-2006-1193
  • Platform: Other Microsoft Products
  • Title: Exchange Server Outlook Web Access Script Injection
  • Description: Microsoft Exchange Server Outlook Web Access (OWA) is vulnerable to a script injection issue because the application fails to sanitize user-supplied input and improperly converts NULL bytes to space characters. Microsoft Exchange Server 2000 with SP1 through SP3 when running Outlook Web Access (OWA) are vulnerable.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-029.mspx
  • 06.24.19 - CVE: CVE-2006-0025
  • Platform: Other Microsoft Products
  • Title: Microsoft Windows Media Player Malformed PNG Remote Code Execution
  • Description: Microsoft Windows Media Player is prone to a remote code execution vulnerability related to handling of malicious PNG images. PNG images may be embedded in Windows Media Player skin files, so it is possible to exploit this issue by causing the application to load a malicious skin file, which could be hosted on an attacker-controlled web page or through email attachments. Microsoft has stated that web-based attack scenarios are not possible with Media Player 7.1 on Windows 2000 SP4 and Media Player XP on Windows XP SP2.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx
  • 06.24.20 - CVE: CVE-2006-2958
  • Platform: Third Party Windows Apps
  • Title: FilZip Remote Directory Traversal
  • Description: FilZip is a file archiving and compression application. It is vulnerable to a directory traversal when the application processes malicious RAR, TAR, GZ or JAR archives. FilZip versions 3.05 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/2255
  • 06.24.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinSCP URI Handler Remote Arbitrary File Access
  • Description: WinSCP is a freely available secure file transfer client for Windows. It is affected by an arbitrary file access issue. In typical installations the application installs several URI handlers such as "scp://" and "sftp://". The problem occurs when processing malicious URI that include extra command switches to be passed to the application. WinSCP version 3.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18384
  • 06.24.22 - CVE: CVE-2006-2916
  • Platform: Linux
  • Title: KDE ArtsWrapper Local Privilege Escalation
  • Description: KDE's artswrapper utility is used to execute KDE's sound server (artsd) with realtime privileges. KDE's artswrapper utility is exposed to a local privilege escalation issue. This is due to improper implementation of privilege dropping functionality when used with Linux 2.6 kernels. KDE versions 3.5.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/437362
  • 06.24.23 - CVE: CVE-2006-2449
  • Platform: Linux
  • Title: KDE KDM Session Type Symbolic Link
  • Description: KDM is the window display manager for KDE. KDM is prone to a vulnerability that may permit symbolic sink type attacks when processing a user's session type. The problem occurs because of how KDM handles the user's session type. That information is stored in the user's home directory and is accessible to the user. An attacker with local access could potentially exploit this issue to view files and obtain privileged information.
  • Ref: http://www.securityfocus.com/archive/1/437133
  • 06.24.24 - CVE: Not Available
  • Platform: Linux
  • Title: wv2 Remote Buffer Overflow
  • Description: The wv2 library allows applications to access Microsoft Word files. The wv2 library is vulnerable to a remote buffer overflow issue when malicious Microsoft Word files are processed. wv2 library version 0.2.2 is vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=424094&gr oup_id=10501
  • 06.24.25 - CVE: Not Available
  • Platform: Linux
  • Title: DHCDBD Remote Denial of Service
  • Description: DHCDBD is a daemon that provides a DBUS interface to dhclient. It allows other applications, such as NetworkManager, to query and control DHCP interfaces. It is prone to a remote denial of service vulnerability. The issue presents itself when the application handles DHCP hostnames of a single character. If this single character's ASCII value is less than 32, or greater than 127, then the application will crash due to an attempt to access unallocated memory. DHCDBD versions 1.10 and 1.22 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18459
  • 06.24.26 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Support Tools Manager Unspecified Local Denial of Service
  • Description: Support Tools Manager is a suite of tools, xstm, cstm, and stm, typically used for hardware diagnostic purposes. HP-UX is exposed to an unspecified local denial of service issue. This is due to improper handling of exceptional conditions. HP-UX versions B.11.23 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18457
  • 06.24.27 - CVE: CVE-2006-2971
  • Platform: Cross Platform
  • Title: 0verkill UDP Datagram Remote Denial of Service
  • Description: 0verkill is a text-based multiplayer game. A denial of service vulnerability affects 0verkill because it fails to properly handle certain UDP datagrams. This issue is due to an integer overflow flaw in the "recv_packet()" function that results in an attempt to access unallocated memory. 0verkill version 0.16 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/436659
  • 06.24.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nullsoft SHOUTcast Multiple HTML Injection Vulnerabilities
  • Description: Nullsoft SHOUTcast is a streaming audio server. It is prone to multiple HTML injection vulnerabilities because the application fails to properly sanitize user-supplied input. Nullsoft SHOUTcast version 1.9.5 is affected.
  • Ref: http://www.securityfocus.com/bid/18376
  • 06.24.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting
  • Description: Cisco VPN 3000 Series Concentrators and ASA 5500 Series Adaptive Security Appliances (ASA) are prone to cross-site scripting attacks via the WebVPN Clientless Mode. The issue is due to insufficient sanitization of HTML and script code from error messages that are displayed in the "dnserror.html" and "connecterror.html" pages. Please visit the reference link for more details.
  • Ref: http://www.securityfocus.com/bid/18419
  • 06.24.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PicoZip Zipinfo.DLL Buffer Overflow
  • Description: PicoZip is an application designed to process compressed ZIP, ACE and RAR files. It is affected by a buffer overflow issue when it processes ZIP, ACE and RAR files containing overly long embedded filenames. PicoZip version 4.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18425
  • 06.24.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server application. It is vulnerable to multiple denial of service vulnerabilities due to various issues. IBM DB2 Universal Database versions 8.11 and earlier are vulnerable.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1IY84096
  • 06.24.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sendmail Malformed MIME Message Denial of Service
  • Description: Sendmail is prone to a denial of service issue due to insufficient sanitization in the "mime8to7()" function. This issue is due to a failure in the application to properly handle malformed multi-part MIME messages. Please visit the reference link for details.
  • Ref: http://www.securityfocus.com/bid/18433/info
  • 06.24.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL Server Str_To_Date Remote Denial Of Service
  • Description: MySQL is susceptible to a remote denial of service vulnerability. Specifically, if the "str_to_date()" SQL function is called with "1, NULL" or "NULL, 1" arguments, the database server will crash. Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/437145
  • 06.24.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Reader Multiple Unspecified Security Vulnerabilities
  • Description: Adobe Reader is susceptible to multiple unspecified security vulnerabilities. At least one of these vulnerabilities may be exploited to execute arbitrary machine code in the context of the affected application. Versions of Adobe Reader prior to 7.0.8 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18445
  • 06.24.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Atrium Software Mercur Messaging Multiple Remote Denial of Service Vulnerabilities
  • Description: Mercur Messaging application is affected by multiple IMAP, SMTP, DNS related denial of service issues. Please see the attached advisory for details.
  • Ref: http://www.securityfocus.com/bid/18462
  • 06.24.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SixCMS List.PHP Cross-Site Scripting
  • Description: SixCMS is a web-based content management application implemented in PHP. Insufficient sanitization of the "page" parameter in the "list.php" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/18393
  • 06.24.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CEScripts Multiple Scripts Cross-Site Scripting Vulnerabilities
  • Description: CEScripts scripts are a collection of multi-purpose PHP scripts. CEScripts is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various scripts. All versions of CEScripts are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436805
  • 06.24.38 - CVE: CVE-2006-2903
  • Platform: Web Application - Cross Site Scripting
  • Title: Particle Links Cross-Site Scripting
  • Description: Particle Links is a web-based application to create website directories. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of the "username" parameter to the "admin.php" script. Particle Links version 1.2.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436112
  • 06.24.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ringlink Multiple Cross-Site Scripting Vulnerabilities
  • Description: Ringlink is affected by multiple cross-site scripting vulnerabilities due to insufficient sanitization of the "ringid" parameter in the "next.cgi", "stats.cgi" and "list.cgi" scripts. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18360
  • 06.24.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VanillaSoft Helpdesk Username Cross-Site Scripting
  • Description: VanillaSoft Helpdesk is a web-based application. Insufficient sanitization of the "username" parameter in the "default.asp" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18368
  • 06.24.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
  • Description: ViArt Shop is web-based shopping cart software. Insufficient sanitization of the "forum_id" parameter of the "forum.php" script and the "item_id" parameter of the "reviews.php" script exposes the application to multiple cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/18361
  • 06.24.42 - CVE: CVE-2006-3010
  • Platform: Web Application - Cross Site Scripting
  • Title: Open Business Management Multiple Cross-Site Scripting Vulnerabilities
  • Description: Open Business Management is a web-based business management application. It is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied HTML and script code from dynamically generated content.
  • Ref: http://www.securityfocus.com/bid/18348
  • 06.24.43 - CVE: CVE-2006-2955
  • Platform: Web Application - Cross Site Scripting
  • Title: KAPhotoservice Multiple Cross-Site Scripting Vulnerabilities
  • Description: KAPhotoservice is a web-based photo print order application. KAPhotoservice is prone to multiple cross-site scripting vulnerabilities. These issues affect version 7.5.
  • Ref: http://pridels.blogspot.com/2006/06/kaphotoservice-75-vuln.html
  • 06.24.44 - CVE: CVE-2006-3006
  • Platform: Web Application - Cross Site Scripting
  • Title: iFoto Index.PHP Cross-Site Scripting
  • Description: iFoto is a web-based image gallery application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "dir" parameter of the "index.php" script. iFoto versions 0.50 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/2290
  • 06.24.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Myscrapbook Singlepage.PHP Cross-Site Scripting
  • Description: Myscrapbook is a web-based content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "singlepage.php" script. Myscrapbook versions 3.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436792
  • 06.24.46 - CVE: CVE-2006-2639
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPSimpleChoose Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPSimpleChoose is a web-based randomizer application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to multiple unspecified input parameters. PHPSimpleChoose version 0.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435165
  • 06.24.47 - CVE: CVE-2006-3036
  • Platform: Web Application - Cross Site Scripting
  • Title: 35mmslidegallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: 35mmslidegallery is a web-based photo gallery implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities. These issues affect version 6.
  • Ref: http://www.securityfocus.com/archive/1/436959
  • 06.24.48 - CVE: CVE-2006-2423
  • Platform: Web Application - Cross Site Scripting
  • Title: Confixx FTP_index.PHP Cross-Site Scripting
  • Description: Confixx is a web-based control panel application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "lpath" parameter of the "ftp_index.php" script. Confixx versions 3.1.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18426/info
  • 06.24.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities
  • Description: The Horde Application Framework is a suite of applications. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various unspecified scripts. Horde versions 3.0.4-RC 2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437164
  • 06.24.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ListPics Cross-site Scripting
  • Description: ListPics is a web-based image application. It is exposed to a cross-site scripting issue due to insufficient sanitization of input to the "Info" parameter of the "istpics.asp" script. ListPics version 4.3 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html
  • 06.24.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin Multiple Cross-Site Scripting Vulnerabilities
  • Description: vBulletin is a web-based bulletin board application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "s" parameter of various scripts. vBulletin versions 3.5.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18444
  • 06.24.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco Secure ACS LoginProxy.CGI Cross-Site Scripting
  • Description: Cisco Secure ACS (Access Control Server) is an authentication, authorization, and accounting software package. It is exposed to a cross-site scripting issue due of insufficient sanitization of user-supplied input to the "LogonProxy.cgi" script. Cisco Secure ACS version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/18449/references
  • 06.24.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Invision Power Board Admin.PHP Cross-site Scripting
  • Description: Invision Power Board is affected by a cross-site scripting issue. Insufficient sanitization of the "phpinfo" parameter to the "admin.php" script exposes this issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18450
  • 06.24.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HotPlug CMS Login1.PHP Cross-Site Scripting
  • Description: HotPlug CMS is an open source content management system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "msg" parameter of the "login1.php" script. HotPlug CMS version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437359
  • 06.24.55 - CVE: CVE-2006-1222
  • Platform: Web Application - Cross Site Scripting
  • Title: Zeroboard Write_OK.PHP Cross-site Scripting Vulnerabilities
  • Description: Zeroboard is a bulletin board application. Zeroboard is prone to multiple cross-site scripting vulnerabilities.
  • Ref: http://www.securityfocus.com/bid/18458
  • 06.24.56 - CVE: CVE-2006-1133
  • Platform: Web Application - SQL Injection
  • Title: VBZoom Multiple SQL Injection Vulnerabilities
  • Description: VBZooM is a forum application. It is exposed to multiple SQL injection issues due to insufficient sanitization of user-supplied input to different parameters of various scirpts. VBZoom versions 1.11 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/436938
  • 06.24.57 - CVE: CVE-2006-3008
  • Platform: Web Application - SQL Injection
  • Title: Particle Links SQL Injection
  • Description: Particle Links is a web-based application. It is vulnerable to an SQL injection issue due to insufficient sanitization of the "topic" parameter of the "index.php" script. Particle Links version 1.2.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18342/info
  • 06.24.58 - CVE: CVE-2006-2978
  • Platform: Web Application - SQL Injection
  • Title: Mafia Moblog Big.PHP SQL Injection
  • Description: Mafia Moblog is a web portal and blog application. It is exposed to an SQL injection issue. This is due to insufficient sanitization of user-supplied input to the "img" parameter of the "big.php" script. Pearlabs Mafia Moblog version 6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/436410
  • 06.24.59 - CVE: CVE-2006-2959
  • Platform: Web Application - SQL Injection
  • Title: Snitz Forums inc_header.ASP SQL Injection
  • Description: Snitz Forums is a web-based forum application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "%strCookieURL%.GROUP" cookie parameter of the "inc_header.asp" script. Snitz Forums version 3.4.05 is vulnerable.
  • Ref: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
  • 06.24.60 - CVE: CVE-2006-3010
  • Platform: Web Application - SQL Injection
  • Title: Open Business Management SQL Injection Vulnerabilities
  • Description: Open Business Management is a web-based application. It is exposed to multiple SQL injection issues due to insufficient sanitization of user-supplied input to various scripts. Aliacom Open Business Management version 1.0.3 pl1 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss- vuln.html
  • 06.24.61 - CVE: CVE-2006-2792
  • Platform: Web Application - SQL Injection
  • Title: Woltlab Burning Board Multiple SQL Injection Vulnerabilities
  • Description: Woltlab Burning Board is a bulletin board application. Woltlab Burning Board is prone to multiple SQL injection vulnerabilities.
  • Ref: www.securityfocus.com/archive/1/437115
  • 06.24.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: APBoard SQL Injection Vulnerabilities
  • Description: APBoard is a multi-functional web-based forum system written in PHP. APBoard is prone to multiple SQL injection vulnerabilities.
  • Ref: http://www.securityfocus.com/archive/1/437271
  • 06.24.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBannerExchange Multiple SQL Injection Vulnerabilities
  • Description: phpBannerExchange is a web-based forum application. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to multiple scripts.
  • Ref: http://www.securityfocus.com/bid/18448
  • 06.24.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeluxeBB Multiple SQL Injection Vulnerabilities
  • Description: DeluxeBB is a web-based bulletin board application. It is prone to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied cookie data to the "hideemail", "languagex", "xthetimeoffset" and "xthetimeformat" parameters when registering for an account. DeluxeBB version 1.06 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18453
  • 06.24.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Chipmailer Login Page SQL Injection
  • Description: Chipmailer is a paid mail script. It is prone to an SQL injection vulnerabilitiy due to improper sanitization of the "anfang" parameter when loging into the main page. ChipMailer version 1.09 is affected.
  • Ref: http://www.securityfocus.com/bid/18463
  • 06.24.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Five Star Review Script Multiple Input Validation Vulnerabilities
  • Description: Five Star Review Script is a web-based script that allows users to rank items on the site. It is vulnerable to multiple HTML injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/18390
  • 06.24.67 - CVE: Not Available
  • Platform: Web Application
  • Title: SixCMS Detail.PHP Directory Traversal
  • Description: SixCMS is a web-based content-management application. Insufficient sanitization of the "template" parameter of the "detail.php" script exposes the application to a directory traversal issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18395
  • 06.24.68 - CVE: CVE-2006-2908
  • Platform: Web Application
  • Title: MyBB DomeCode Remote PHP Script Code Injection
  • Description: MyBB is a bulletin board application. It is vulnerable to a remote PHP code injection issue due to an insecure use of the "/e" regular expression modifier in a "preg_replace()" function call. MyBB versions 1.1.2 and earlier are vulnerable.
  • Ref: http://secunia.com/secunia_research/2006-40/advisory/
  • 06.24.69 - CVE: Not Available
  • Platform: Web Application
  • Title: i.List Multiple Input Validation Vulnerabilities
  • Description: i.List is a web-based topsite list. It is vulnerable to an HTML injection vulnerability in the "add.php" script and a cross-site scripting issue in multiple scripts.
  • Ref: http://www.securityfocus.com/bid/18355
  • 06.24.70 - CVE: Not Available
  • Platform: Web Application
  • Title: fx-APP Multiple HTML Injection Vulnerabilities
  • Description: fx-APP is a web-based content management system. Insufficient sanitization of user-supplied input exposes the application to multiple HTML injection issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18361
  • 06.24.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla IncludePath Remote File Include
  • Description: Joomla is a web content management application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "includepath" parameter of the "joomla.php" script. Joomla version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436707
  • 06.24.72 - CVE: CVE-2006-2983, CVE-2006-2982
  • Platform: Web Application
  • Title: Enterprise Payroll Systems AbsolutePath Remote File Include
  • Description: Enterprise Payroll Systems is a web-based timesheet and payroll application. Enterprise Payroll Systems is prone to a remote file include vulnerability.
  • Ref: http://milw0rm.com/exploits/1891
  • 06.24.73 - CVE: Not Available
  • Platform: Web Application
  • Title: OfficeFlow Multiple Input Validation Vulnerabilities
  • Description: OfficeFlow is web-based project management software. It is prone to multiple input validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. OfficeFlow version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/18367
  • 06.24.74 - CVE: CVE-2006-2996
  • Platform: Web Application
  • Title: LoveCompass aePartner Remote File Include
  • Description: LoveCompass aePartner is a web-based dating application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "dir[data]" variable of the "design.inc.php" script. LoveCompass aePartner versions 0.8.3 and earlier are vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1896
  • 06.24.75 - CVE: CVE-2006-2962
  • Platform: Web Application
  • Title: Empris Remote File Include
  • Description: Empris (Emergenices Personnel Information System) is a web-based job and volunteer management application. It is vulnerable to a remote file include issue is due to insufficient sanitization of user-supplied input to the "phormationdir" variable of the "sql_fcnsOLD.php" script. Empris version 20020923 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1895
  • 06.24.76 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Username Remote PHP Code Injection
  • Description: WordPress is a web-based content management system. Insufficient sanitization of the "username" parameter exposes the application to a code injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18372
  • 06.24.77 - CVE: CVE-2006-2998
  • Platform: Web Application
  • Title: Free QBoard Post.PHP Remote File Include
  • Description: Free QBoard is an Open Source tag board application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "qb_path" variable of the "post.php" script. Free QBoard versions 1.1 and earlier are vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1899
  • 06.24.78 - CVE: CVE-2006-2995
  • Platform: Web Application
  • Title: WebprojectDB Multiple Remote File Include Multiple Vulnerabilities
  • Description: WebprojectDB is a project management application. It is exposed to multiple remote file include issues. These issues are due to insufficient sanitization of user-supplied input to "INCDIR" parameter of the "nav.php" and "lang.php" scripts. WebprojectDB Versions 0.1.3 and earlier are affected.
  • Ref: http://www.milw0rm.com/exploits/1898
  • 06.24.79 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Lib.PHP Remote File Include
  • Description: DCP-Portal is a web portal application. It is prone to a remote file include vulnerability due to improper sanitization of user-supplied input to the "$root" variable of the "lib.php" library script.
  • Ref: http://www.securityfocus.com/bid/18380
  • 06.24.80 - CVE: Not Available
  • Platform: Web Application
  • Title: NPDS Multiple Input Validation Vulnerabilities
  • Description: NPDS is a web-based application. It is affected by multiple information disclosure and cross-site scripting issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18383
  • 06.24.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Adaptive Website Framework Remote File Include
  • Description: Adaptive Website Framework is a content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "spaw_root" variable of the "spaw_control.class.php" script. Adaptive Website Framework versions 1.11 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436804
  • 06.24.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Foing Remote File Include
  • Description: Foing is an mp3 portal application. It is exposed to a remote file include issue. This is due to insufficient sanitization of user-supplied input to the "foing_root_path" parameter of the "manage_songs.php" script. Foing versions 0.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/436793
  • 06.24.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Particle Whois Multiple Input Validation Vulnerabilities
  • Description: Particle Whois is a web-based application to setup a whois engine written in PHP. A Whois engine allows users to perform search on domain availability and fetch whois information. Particle Whois is prone to multiple input validation vulnerabilities.
  • Ref: http://www.securityfocus.com/bid/18346
  • 06.24.84 - CVE: Not Available
  • Platform: Web Application
  • Title: DoubleSpeak Multiple Remote File Include Vulnerabilities
  • Description: DoubleSpeak is a web-based content management system. Insufficient sanitization of user supplied input exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18401
  • 06.24.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Content-Builder Multiple Remote File Include Vulnerabilities
  • Description: Content-Builder is a web-based content management system (CMS). It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "rel", "lang_path" and "path[cb]" parameters of various scripts. Content-Builder versions 0.7.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/436892
  • 06.24.86 - CVE: CVE-2006-1613
  • Platform: Web Application
  • Title: aWebNews Visview.PHP Remote File Include
  • Description: aWebNews is a web-based news script. It is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "path_to_news" parameter of the "visview.php" script. aWebNews version 1.0 is affected.
  • Ref: http://root-security.org/danger/aWebNews.txt
  • 06.24.87 - CVE: Not Available
  • Platform: Web Application
  • Title: CzarNews Headlines.PHP Remote File Include
  • Description: CzarNews is a web-based news script. CzarNews is prone to a remote file include vulnerability.
  • Ref: http://www.root-security.org/danger/CzarNews.txt
  • 06.24.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Somery Team.PHP Remote File Include
  • Description: Somery is a web-based web logging script. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "checkauth" parameter of "team.php".
  • Ref: http://www.securityfocus.com/bid/18412
  • 06.24.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Hinton Design phphg Guestbook Signed.PHP Remote File Include
  • Description: phphg Guestbook is a web-based application. Insufficient sanitization of the "phphg_real_path" parameter of the "signed.php" script exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18413
  • 06.24.90 - CVE: Not Available
  • Platform: Web Application
  • Title: boastMachine Vote.PHP Remote File Include
  • Description: boastMachine is a web-based content management system. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "bmc_dir" parameter of the "vote.php" script. boastMachine version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18415
  • 06.24.91 - CVE: CVE-2006-2663
  • Platform: Web Application
  • Title: iFlance Multiple Input Validation Vulnerabilities
  • Description: iFlance is a freelance script. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. iFlance versions 1.1 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/1988
  • 06.24.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Simpnews Wap_short_news.PHP Remote File Include
  • Description: Simpnews is a web-based news reader application. It is exposed to a remote file include issue. This is due to insufficient sanitization of user-supplied input to the "path_simpnews" parameter of the "wap_short_news.php" script. Bosch SimpNews versions 2.13 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/436937
  • 06.24.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Wheatblog View_Links.PHP Remote File Include
  • Description: Wheatblog is a web-based content management system and web log. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "wb_inc_dir" parameter of "view_links.php".
  • Ref: http://www.securityfocus.com/bid/18416
  • 06.24.94 - CVE: Not Available
  • Platform: Web Application
  • Title: G-Shout Shoutbox.PHP Remote File Include
  • Description: G-Shout is a web-based shoutbox implemention. Insufficient sanitization of the "language" parameter of the "shoutbox.php" script exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18417
  • 06.24.95 - CVE: CVE-2006-2635
  • Platform: Web Application
  • Title: TikiWiki Multiple Input Validation Vulnerabilities
  • Description: TikiWiki is a wiki application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. TikiWiki versions 1.9.3.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437017
  • 06.24.96 - CVE: Not Available
  • Platform: Web Application
  • Title: My Photo Scrapbook Multiple Input Validation Vulnerabilities
  • Description: My Photo Scrapbook is a dynamic database driven web-based photo album application. It is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect versions 1.0 and prior.
  • Ref: http://www.securityfocus.com/bid/18418
  • 06.24.97 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpBB BBRSS.PHP Remote File Include
  • Description: bbrss for PhpBB is a RSS news feed plugin for PhpBB. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter of "bbrss.php".
  • Ref: http://www.securityfocus.com/bid/18432
  • 06.24.98 - CVE: Not Available
  • Platform: Web Application
  • Title: SF RahnemaCo Page.PHP Remote File Include Vulnerability
  • Description: RahnemaCo is a web-based shopping cart system. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "osCsid" parameter of the "page.php" script.
  • Ref: http://www.securityfocus.com/bid/18435
  • 06.24.99 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpBlueDragon CMS Template.PHP Remote File Include
  • Description: PhpBlueDragon CMS is a content management system. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the 'vsDragonRootPath" parameter of "template.php". Version 2.9.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18440
  • 06.24.100 - CVE: Not Available
  • Platform: Web Application
  • Title: ISPConfig Multiple Remote File Include Vulnerabilities
  • Description: ISPConfig is a web-based hosting control panel application. Insufficient sanitization in the "server.inc.php", "app.inc.php", "login.php" and "trylogin.php" scripts exposes the application to multiple file input issues. ISPConfig version 2.2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/18441
  • 06.24.101 - CVE: CVE-2006-2944
  • Platform: Web Application
  • Title: WebFORM and FORM2MAIL Open Email Relay
  • Description: WebFORM and FORM2MAIL are web-based email application front ends. They are vulnerable to a remote open mail relay issue due to insufficient sanitization of user-supplied input in the optional addresses form for both applications. WebFORM version 4.1 and FORM2MAIL version 1.21 are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/2234
  • 06.24.102 - CVE: CVE-2006-2503
  • Platform: Web Application
  • Title: DeluxeBB Multiple Remote File Include Vulnerabilities
  • Description: DeluxeBB is a web-based hosting control panel application. It is vulnerable to Multiple remote file include issues due to insufficient sanitization of user-supplied input to the "templatefolder" parameter of various scripts. DeluxeBB version 1.06 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437228
  • 06.24.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Symantec Security Information Manager Authentication Bypass
  • Description: Symantec Security Information Manager is vulnerable to an authentication bypass issue when the M4 Macro Library to transform raw rule definitions into Java code. Symantec Security Information Manager versions 4.0.2 build 28 and earlier are vulnerable.
  • Ref: http://www.symantec.com/avcenter/security/Content/2006.06.13b.html

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Years of experience downloaded into your brain in 6 days.
-Chris Koutras, Titan Corp

Forensics 526

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage