Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 25
June 26, 2006

SANS Newsletters Home

A tough week for media software. Users of both Real (Helix DNA server) and Microsoft (Winamp) face critical newly discovered vulnerabilities. IBM's DB2 database is also on the hit seta this week. You'll also notice in Part II that more than one hundred new Cross Site Scripting, SQL Injection, and other Web Application security flaws were discovered this week. That level of new discoveries is a strong foundation for an epidemic of attacks against web applications.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Microsoft Office
    • 1
    • Third Party Windows Apps
    • 6
    • Linux
    • 2
    • HP-UX
    • 1
    • Unix
    • 4
    • Cross Platform
    • 13
    • Web Application - Cross Site Scripting
    • 35
    • Web Application - SQL Injection
    • 26
    • Web Application
    • 39
    • Network Device
    • 1

*************** Sponsored By Blue Coat Systems, Inc. ********************

Get the latest whitepaper on VPN technology - Unified Remote Access: A Technical Comparison of VPN Architectures. This whitepaper analyzes the strengths and weaknesses of existing IPSec and SSL VPN architectures followed by an overview the latest technology that bridges the gaps between traditional IPSec VPN, SSL VPN, and endpoint security technologies. Download a copy now.

http://www.sans.org/info.php?id=1204

****************** Summer Security Training Extravaganza ****************

Over the next two months, you may attend one or more of 50 SANS courses in 20 cities on four continents. And if you cannot make those events, because of travel restrictions, you may attend live SANS courses with the best teachers in the world, without leaving your home. You can even take SANS courses online at your own schedule. Attendance at SANS educational events is experiencing the largest growth spurt in half a decade. Pick your class and register early to get a seat.

http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Linux
HP-UX
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

****************************** Sponsored Links: ************************

1) Upcoming ToolTalk Webcast: Auditors Present How to Reach Compliance Nirvana - PCI and Government Regulatory Compliance

http://www.sans.org/info.php?id=1205

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Real Networks Helix DNA Server Remote Buffer Overflows
  • Affected:
    • Real Networks Helix DNA Server versions 10.0.x and 11.0.x

  • Description: Real Network Helix DNA Server, a popular media streaming server, contains two remotely-exploitable buffer overflows. One of the overflows lies in the server's RTSP service and can be triggered by a specially crafted "User-Agent" header. The other overflow can be triggered by a malformed HTTP URL scheme. The flaws can be exploited to execute arbitrary code with the privileges of the server process, often root. Depending on the server configuration, no authentication would be necessary to exploit this vulnerability.

  • Status: Real confirmed, updates available.

  • References:
  • (2) HIGH: Nullsoft Winamp MIDI File Handling Buffer Overflow
  • Affected:
    • Nullsoft Winamp version 5.23 and prior

  • Description: Nullsoft Winamp, one of the popular media players on the Internet, contains a buffer overflow vulnerability. By tricking a user into opening a specially-crafted MIDI (a popular format for instrumental music) file in Winamp, an attacker can trigger this vulnerability and execute arbitrary code with the privileges of the current user. Note that depending on how the user has configured Winamp, no user interaction beyond clicking on a link or opening an email message may be necessary.

  • Status: Nullsoft confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (3) HIGH: Microsoft HLINK.DLL Link Memory Corruption Vulnerability (0-day)
  • Affected:
    • Potentially all Microsoft programs that use HLINK.DLL library

  • Description: A vulnerability has been identified in the Microsoft HLINK.DLL library. This library is used by many applications to parse hyperlinks. By passing an overly-long hyperlink into this library via a specially-crafted file, an attacker can execute arbitrary code with the privileges of the current user. To exploit this vulnerability, an attacker would need to trick a user into opening a specially-crafted file, and then clicking on a link in that file. It is currently not believed to be exploitable without user interaction. Users are advised not to click links in the documents from untrusted sources. Note that since this is a vulnerability in a core Microsoft Windows library, the number of applications affected is unknown. Proof-of-concept code has been written for Excel 2003 running on Windows XP SP1 and Windows 2000 SP4.

  • Status: Microsoft confirmed, no updates available.

  • Council Site Actions: All of the reporting council sites are awaiting additional information and a response from the vendor. They plan to deploy the patches during a regular update cycle once patches are released. One site commented that they will consider blocking affected file formats at their perimeters if there is a specific threat that they believe cannot be adequately handled through AV.

  • References:
  • (5) HIGH: Opera Web Browser JPEG Handling Remote Buffer Overflow
  • Affected:
    • Opera Web Browser 8.51 and prior

  • Description: The Opera Web Browser, a popular multiplatform web browser, contains a remotely-exploitable buffer overflow. By causing a vulnerable user to access a specially-crafted JPEG image file, an attacker can execute arbitrary code with the privileges of the current user. No user interaction beyond viewing a malicious web page is necessary.

  • Status: Opera confirmed, no patches available. Opera 9 (the current version of the browser) is reportedly not vulnerable.

  • Council Site Actions: Only one of the reporting council sites is using the affected software; however it is not supported by their central IT department. They are investigating whether the vendor has any mechanism for notifying end users of critical security updates (after the updates become available).

  • References:
Exploit Code
  • (6) Microsoft Routing and Remote Access Service Exploit (MS06-025)

  • Description: This vulnerability was reported in the @RISK Newsletter, volume 5, number 24. H. D. Moore has created an exploit based on the popular Metasploit framework. This exploit has been publicly released.

  • Council Site Actions: Most of the council sites plan to deploy (or have deployed) the patches during their regularly schedule system update process.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5051 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.25.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Excel Unicode Link Memory Corruption
  • Description: Microsoft Excel is prone to a memory corruption issue due to a failure of the application to properly bounds check user-supplied input prior to copying it to an insufficiently-sized memory buffer. Microsoft Excel versions 2002 SP3 and 2003 SP2 are vulnerable to this issue.
  • Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047005.html
  • 06.25.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp Malformed MIDI File Remote Buffer Overflow
  • Description: Winamp is a freely available media player from Nullsoft. It is susceptible to a buffer overflow issue due to improper bounds-check of input data before copying it into a fixed-size memory buffer. Winamp versions earlier than 5.22 are affected.
  • Ref: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-16.html
  • 06.25.3 - CVE: CVE-2006-0212
  • Platform: Third Party Windows Apps
  • Title: Toshiba Bluetooth Stack TOSRFBD.SYS Remote Denial of Service
  • Description: Toshiba Bluetooth Stack is bluetooth software for Windows platforms. It is affected by a denial of service issue in its "TOSRFBD.SYS" driver. The issue arises when affected devices handle "L2CAP" Echo Requests containing large payloads. Toshiba Bluetooth Stack for Windows versions 4.0.23 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18527
  • 06.25.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hosting Controller Unspecified Privilege Escalation
  • Description: Hosting Controller is an application that consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. Hosting Controller is exposed to a privilege escalation issue. Hosting Controller 6.1 Hotfix versions 2.4 and earlier are affected.
  • Ref: http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html
  • 06.25.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JaguarEdit ActiveX Control Information Disclosure
  • Description: The JaguarEdit ActiveX control is an anti-keylogger for Internet Explorer. It is affected by an information disclosure issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18576
  • 06.25.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ACLogic CesarFTP MKD Command Remote Buffer Overflow
  • Description: ACLogic CesarFTP is a FTP server application for the Microsoft Windows operating system. It is prone to a buffer overflow vulnerability when handling data through the MKD command. Version 0.99g of CesarFTP is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18596
  • 06.25.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trend Micro Control Manager Access Log HTML Injection
  • Description: Trend Micro Control Manager is a web-based management console designed to simplify coordination of outbreak security actions and management of Trend Micro products. It is affected by an HTML injection issue due to insufficient sanitization of the "username" parameter in the Access Log script. Trend Micro Control Manager version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/18619
  • 06.25.8 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel XT_SCTP-netfilter Remote Denial of Service
  • Description: The Linux kernel SCTP netfilter module is susceptible to a remote denial of service vulnerability. This issue allows remote attackers to cause affected kernels to enter into an infinite-loop condition. This occurs when the kernel attempts to process certain invalid SCTP packets with a chunk length of zero. Kernel versions prior to 2.6.17.1 are vulnerable to this issue.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.1
  • 06.25.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Signal_32.C Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue due to a design error in "signal_32.c". Local users can exploit this vulnerability to panic the kernel, denying further service to legitimate users. Linux kernel versions prior to 2.6.16.21 are affected.
  • Ref: http://www.securityfocus.com/archive/1/438168
  • 06.25.10 - CVE: CVE-2006-2551
  • Platform: HP-UX
  • Title: HP-UX Kernel Unspecified Local Denial of Service
  • Description: The HP-UX kernel is prone to an unspecified local denial of service vulnerability. The vendor has reported that a local user can cause a denial of service condition in the kernel. HP-UX versions B.11.23 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18603
  • 06.25.11 - CVE: Not Available
  • Platform: Unix
  • Title: WebWasher Remote ARJ Decoder Denial of Service
  • Description: WebWasher is free Internet filtering software. It is typically deployed at the gateway. WebWasher is susceptible to a remote denial of service vulnerability. Specifically, the ARJ decoding functionality of the vulnerable application fails to handle certain malformed files. Versions of WebWasher prior to version 5.3.0 build are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18521
  • 06.25.12 - CVE: Not Available
  • Platform: Unix
  • Title: NetPBM Pamtofits Remote Off-By-One Buffer Overflow
  • Description: Netpbm is a collection of utilities for the manipulation of graphic images. The "pnmtofits" utility is used to convert a Portable Any Map Graphic Bitmap (PNM) image into Flexible Image Transport System (FITS) format. Netpbm "pnmtofits" is prone to an off by one buffer overflow vulnerability. Netpbm versions 10.30 to 10.33 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18525
  • 06.25.13 - CVE: Not Available
  • Platform: Unix
  • Title: Usermin Change User Details Remote Denial of Service
  • Description: Usermin is a web-based user interface for Unix and Linux users. It is designed to allow users to access email and configure various user settings. Usermin is prone to a remote denial of service vulnerability. This issue affects version 1.110-3.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374609
  • 06.25.14 - CVE: Not Available
  • Platform: Unix
  • Title: MiMMS Media Stream Handling Remote Buffer Overflow
  • Description: MiMMS Media Stream Handling is a program designed to allow you to download streams using the MMS protocol. It is prone to a buffer overflow vulnerability. Version 0.0.9 of MiMMS Media Stream Handling is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18608
  • 06.25.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CHM Lib Extract_chmlib Directory Traversal
  • Description: CHM Lib is a library for dealing with Microsoft ITSS/CHM format files. It is exposed to a directory traversal issue due to insufficient sanitization of input. CHM Lib versions 0.37 and earlier are affected.
  • Ref: http://morte.jedrea.com/~jedwin/projects/chmlib/
  • 06.25.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Player Malformed VMX File Denial of Service
  • Description: VMware is virtualization software that allows multiple virtual machines to run on a single computer. VMware Player is susceptible to a denial of service vulnerability. Specifically, this issue is triggered when VMX virtual machine configuration files containing excessively long string values are supplied as an argument to the "ide1:0.filename" directive. VMware Player version 1.0.1 Build 19317 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437649
  • 06.25.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DotNetNuke Unspecified Security
  • Description: DotNetNuke is a web-based content management system. It is exposed to an unspecified security issue. An attacker can exploit this issue to compromise the application and gain the ability to upload files to the affected computer. DotNetNuke version 3.1.0 is affected.
  • Ref: http://www.dotnetnuke.com/
  • 06.25.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Groupmax Unexpected Request Remote Denial of Service
  • Description: Hitachi Groupmax is a collaboration server that includes email functionality. It is vulnerable to an unspecified denial of service issue while processing unexpected requests. Hitachi Groupmax version 07-20 and earlier are vulnerable. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS06-012_e/index-e.html
  • 06.25.19 - CVE: CVE-2006-3082
  • Platform: Cross Platform
  • Title: GnuPG Parse_User_ID Remote Buffer Overflow
  • Description: GNU Privacy Guard (GnuPG) is an open-source encryption application. Insufficient sanitization in the "parse_user_id()" function of the "parse-packet.c" file exposes the application to a remote buffer overflow issue. GnuPG versions 1.4.3 and 1.9.20 are affected.
  • Ref: http://www.securityfocus.com/bid/18554
  • 06.25.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Websphere Application Server Prior to 6.0.2.11 Multiple Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. WebSphere Application Server is exposed to multiple information disclosure issues. IBM WebSphere Application Server versions 6.0.2.9 and earlier are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876
  • 06.25.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Clearswift MAILsweeper for SMTP / Exchange Multiple Vulnerabilities
  • Description: MAILsweeper is a commercial application for filtering email content at the gateway level. It is prone to multiple vulnerabilities. These issues can allow remote attackers to bypass certain security restrictions and carry out denial of service attacks. MAILsweeper for SMTP version 4.3.19 and MIMEsweeper for Exchange version 4.3.19 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18584
  • 06.25.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Malicious HTML Processing Denial of Service
  • Description: Opera 9 is prone to a remote denial of service issue which occurs when the browser parses certain malicious HTML content with a large value supplied through the HREF tag. Opera version 9 is vulnerable to this issue. Opera version 8.x is not affected.
  • Ref: http://www.securityfocus.com/bid/18585
  • 06.25.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser JPEG Image Handling Remote Buffer Overflow
  • Description: The Opera web browser is susceptible to a remote buffer overflow vulnerability. This issue is triggered when the application attempts to process JPEG image files with excessively large dimensions. Opera versions prior to 9.0 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18594
  • 06.25.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Network Security Services Library Remote Denial of Service
  • Description: Mozilla Network Security Services library (NSS) is a set of libraries designed to support cross platform development of security enabled client/server applications. NSS is susceptible to a remote denial of service vulnerability. This issue presents itself when the library performs certain unspecified RSA cryptographic operations. 256 bytes of memory are leaked in each operation, allowing repeated attacks to consume excessive memory resources. NSS version 3.11 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/18604
  • 06.25.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RealNetworks Helix DNA Server Multiple Remote Code Execution Vulnerabilities
  • Description: RealNetworks Helix DNA Server is a multimedia content network server. It is vulnerable to multiple remote code execution issues due to buffer overflows. RealNetworks Helix DNA Server versions 10.0 and 11.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18606/info
  • 06.25.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Webmin Remote Directory Traversal
  • Description: Webmin is a web based UNIX/Linux system administration tool. Webmin is exposed to remote directory traversal. A remote attacker can access information outside the server root directory. This is due to an undetermined input validation error. Webmin versions 1.270 and earlier are affected.
  • Ref: http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
  • 06.25.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yahoo! Messenger Message Handling Denial of Service
  • Description: Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo! It is prone to a denial of service vulnerability. This issue affects version 7.5.0.814.
  • Ref: http://www.securityfocus.com/bid/18622
  • 06.25.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: e107 Search.PHP Cross-Site Scripting
  • Description: e107 is a content management system. e107 is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "search.php" script. e107 website system version 0.7.5 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437649
  • 06.25.29 - CVE: CVE-2006-3109
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco CallManager Cross-Site Scripting
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. It includes a web interface for remote administration by administrative users. Cisco CallManager is prone to a cross-site scripting vulnerability.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20060619-ccmxss.shtml
  • 06.25.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Datecomm Multiple Cross-Site Scripting Vulnerabilities
  • Description: Datecomm is a web-based content management application. It is exposed to multiple scripting issues due to insufficient sanitization of user-supplied input.
  • Ref: http://www.securityfocus.com/bid/18502
  • 06.25.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CMS Faethon Multiple Cross-Site Scripting Vulnerabilities
  • Description: CMS Faethon is a web-based content management application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "mainpath" parameter of the "data/header.php" and "data/footer.php" scripts. CMS Faethon version 1.3.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18505
  • 06.25.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MPCS Comment.php Cross-Site Scripting
  • Description: MPCS is a comment system. MPCS is exposed to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "pageid" parameter of the "comment.php" script. Tpvgames MPCS version 0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437754
  • 06.25.33 - CVE: CVE-2006-2423
  • Platform: Web Application - Cross Site Scripting
  • Title: SWSoft Confixx Pro Tools_Ftp_Pwaendern.PHP Cross-Site Scripting
  • Description: SWSoft Confixx Pro is a web-based control panel application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "account" parameter of the "tools_ftp_pwaendern.php" script. SWSoft Confixx Pro version 3 is vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/1817
  • 06.25.34 - CVE: CVE-2006-3095
  • Platform: Web Application - Cross Site Scripting
  • Title: IPostMX 2005 Userlogin.CFM and Account.CFM Cross-Site Scripting Vulnerabilities
  • Description: IPostMX 2005 is an open source web bulletin board. It is exposed to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "RETURNURL" parameter. Cole Barksdale iPostMX 2005 version 0 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/ipostmx-2005-vuln.html
  • 06.25.35 - CVE: CVE-2006-2984
  • Platform: Web Application - Cross Site Scripting
  • Title: IntegraMOD Index.PHP Cross-Site Scripting
  • Description: IntegraMOD is a distribution of phpBB that incorporates various third party modules. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "STYLE_URL" parameter of the "index.php" script. IntegraMOD versions 1.4.0 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/2236
  • 06.25.36 - CVE: CVE-2006-3080
  • Platform: Web Application - Cross Site Scripting
  • Title: Axent Forum viewposts.cfm Cross-Site Scripting
  • Description: Axent forum is a web-forum application. Insufficient sanitization of the "startrow" parameter of the "viewposts.cfm" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18473
  • 06.25.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wikkawiki Wakka.PHP Cross-Site Scripting
  • Description: Wikkawiki is a web wiki application. Insufficient sanitization of user-supplied input to the "wakka.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18481
  • 06.25.38 - CVE: CVE-2006-3079
  • Platform: Web Application - Cross Site Scripting
  • Title: SSPwiz Plus Cross-Site Scripting
  • Description: SSPwiz Plus is a web-based administration system for Slide Show Pro. The application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "index.cfm" script. SSPwiz Plus version 1.0.7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18482
  • 06.25.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DPVision Tradingeye Shop Details.CFM Cross-Site Scripting
  • Description: DPVision Tradingeye Shop is a web-based ecommerce shopping cart and CMS system. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "image" parameter of "details.cfm'. Tradingeye Shop version R4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18526
  • 06.25.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: The Edge eCommerce Shop ProductDetail.ASP Cross-Site Scripting
  • Description: The Edge eCommerce Shop is a web-based e-commerce application implemented in ASP. It is affected by a cross-site scripting vulnerability.
  • Ref: http://pridels.blogspot.com/2006/06/edge-ecommerce-shop-xss.html
  • 06.25.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sharky E-Shop Search_Prod_List.ASP Cross-Site Scripting
  • Description: Sharky E-Shop is a web-based ecommerce shopping cart application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "maingroup" and "secondgroup" parameters in the "search_prod_list.asp" script. Sharky E-Shop versions 3.05 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/06/sharky-e-shop-xss.html
  • 06.25.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sharky E-Shop Meny2.ASP Cross-Site Scripting
  • Description: Sharky E-Shop is a web-based ecommerce shopping cart. It is exposed to a cross-site scripting due to insufficient sanitization of user-supplied input to the "maingroup" parameter in "meny2.asp". Sharky E-Shop version 3.05 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/sharky-e-shop-xss.html
  • 06.25.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Simple File Manager FM.php Cross-Site Scripting
  • Description: Simple File Manager is a web based file management system. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "msg" parameter of the "fm.php" script. Simple File Manager version 0.24a is affected.
  • Ref: http://www.securityfocus.com/bid/18534
  • 06.25.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Arctic Index.PHP Cross-Site Scripting
  • Description: Arctic is a bulletin board written in PHP. Arctic is prone to a cross-site scripting vulnerability.
  • Ref: http://pridels.blogspot.com/2006/06/arctic-xss.html
  • 06.25.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyDirectory Multiple Cross-Site Scripting
  • Description: phpMyDirectory is a web-based content-management application. phpMyDirectory is exposed to multiple scripting issues due to insufficient sanitization of user-supplied input to the "PIC" parameter of "offer-pix.php" and to the "from" parameter of "cp/index.php". phpMyDirectory version 10.4.5 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/phpmydirectory-xss-vuln.html
  • 06.25.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AssoCIateD Index.PHP Cross-Site Scripting
  • Description: AssoCIateD is a web-based content management application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. AssoCIateD versions 1.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18541
  • 06.25.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyForum Topic.php Cross-Site Scripting
  • Description: phpMyForum is a web based forum application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "highlight" parameter of the "topic.php" script. phpMyForum versions 4.1.3 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18542
  • 06.25.48 - CVE: CVE-2006-3129
  • Platform: Web Application - Cross Site Scripting
  • Title: NC Linklist Index.PHP Cross-Site Scripting Vulnerabilities
  • Description: NC Linklist is a web-based link listing application written in PHP. NC Linklist is prone to multiple cross-site scripting vulnerabilities.
  • Ref: http://pridels.blogspot.com/2006/06/nc-linklist-xss-vuln.html
  • 06.25.49 - CVE: CVE-2006-0962
  • Platform: Web Application - Cross Site Scripting
  • Title: vuBB User Parameter Cross-Site Scripting
  • Description: vuBB is an interactive forum application. The application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "language/english.php" script. vuBB version 0.2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437657
  • 06.25.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Maximus SchoolMAX Error_msg Parameter Cross-Site Scripting
  • Description: Maximus SchoolMAX is a web-based content management system for schools. The application is prone to a cross-site scripting vulnerability.
  • Ref: http://www.securityfocus.com/bid/18563
  • 06.25.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vbulletin Member.PHP Cross-Site Scripting
  • Description: Vbulletin is a bulletin board application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "u" parameter of the "member.php" script. VBulletin versions 3.5.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437817
  • 06.25.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Thinkfactory UltimateGoogle Index.PHP Cross-Site Scripting
  • Description: Thinkfactory UltimateGoogle is a search engine tool. Insufficient sanitization of the "REQ" parameter in the "index.php" script exposes the application to a cross-site scripting issue. All versions are affected.
  • Ref: http://www.securityfocus.com/bid/18569
  • 06.25.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jira ConfigureReleaseNote.JSPA Cross-Site Scripting
  • Description: Jira is a tracking system written in JSP. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "projectId" parameter of the "secure/ConfigureReleaseNote.jspa" script. Jira version 3.6.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18575
  • 06.25.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ultimate eShop Index.CGI Cross-Site Scripting
  • Description: Ultimate eShop is a web-based e-commerce application written in CGI. The application is prone to a cross-site scripting vulnerability. Version 1.00 of the software is vulnerable to this issue.
  • Ref: http://pridels.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html
  • 06.25.55 - CVE: CVE-2006-3063
  • Platform: Web Application - Cross Site Scripting
  • Title: myPHP Guestbook Multiple Cross-Site Scripting Vulnerabilities
  • Description: myPHP Guestbook is a web-based guest book application. It is exposed to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various parameters in different scripts. myPHP Guestbook versions 2.0.1 and 2.0.0 are affected.
  • Ref: http://www.networkarea.ch/forum/topic.php?id=4
  • 06.25.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Enterprise Groupware System Index.PHP Cross-Site Scripting
  • Description: Enterprise Groupware System is a web-based content management system. It is exposed to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "module" parameter of "index.php". Enterprise Groupware System EGS versions 1.2.4 and earlier are affected. Ref: http://pridels.blogspot.com/2006/06/enterprise-groupware-system-xss-vuln.html
  • 06.25.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Namo DeepSearch Mclient.CGI Cross-Site Scripting
  • Description: Namo DeepSearch is a web-based search engine application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "p" parameter of the "mclient.cgi" script. DeepSearch version 4.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18589/info
  • 06.25.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Azureus Index.TMPL Cross-Site Scripting
  • Description: Azureus is a BitTorrent client. Insufficient sanitization of the "search" parameter in the "index.tmpl" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/18596
  • 06.25.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Open WebMail Openwebmail-read.PL Cross-Site Scripting
  • Description: Open WebMail is a web-based mail application written in PERL/CGI. The application is prone to a cross-site scripting vulnerability.
  • Ref: http://www.openwebmail.org/openwebmail/doc/changes.txt
  • 06.25.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NetSoft SmartNet Search.ASP and Search.JSP Cross-Site Scripting
  • Description: SmartNet is a web-based search engine application. Insufficient sanitization of the "searchFLD" parameter in the "search.asp" script exposes the application to a cross-site scripting issue. SmartNet version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/18600
  • 06.25.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AEwebworks Dating Software Multiple Cross-Site Scripting Vulnerabilities
  • Description: AEwebworks Dating Software is a web-based dating application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/18612
  • 06.25.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BNBT EasyTracker Cross-Site Scripting Vulnerabilities
  • Description: BNBT EasyTracker is a C++ implementation of the BitTorrent tracker. The application is prone to multiple cross-site scripting vulnerabilities. BNBT EasyTracker version 7.7 r3.2004.10.27 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18617
  • 06.25.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Stats Generator Pages.ASP SQL Injection
  • Description: ASP Stats Generator is a website counter application written in ASP. ASP Stats Generator is prone to an SQL injection vulnerability. ASP Stats Generator versions 2.1.1 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18512
  • 06.25.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vuBB Index.php SQL Injection
  • Description: vuBB is an interactive forum application. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "user" parameter of "index.php". vuBB version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437657
  • 06.25.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS MUNDO SQL Injection
  • Description: CMS Mundo is a content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the username parameter. CMS Mundo version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18451
  • 06.25.66 - CVE: CVE-2006-3056, CVE-2006-3055, CVE-2006-3054
  • Platform: Web Application - SQL Injection
  • Title: VBZoom Multiple SQL Injection Vulnerabilities
  • Description: VBZooM is a forum application written in PHP. The application is prone to multiple SQL injection vulnerabilities. See advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/437658
  • 06.25.67 - CVE: CVE-2006-2835
  • Platform: Web Application - SQL Injection
  • Title: SAPHPLesson Multiple SQL Injection Vulnerabilities
  • Description: The SAPHPLesson module is a forum application. It is vulnerable to multiple SQL injection issues due to insufficient sanitzation of user-supplied input to various scripts. SAPHPLesson versions 2.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437659
  • 06.25.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPNuke Module Name Multiple SQL Injection Vulnerabilities
  • Description: Module Name is a module for PHPNuke, which is a content management application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to various scripts. PHPNuke Module Name Module versions 7.0 and 1.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18493
  • 06.25.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HotPlugCMS Index.PHP SQL Injection
  • Description: HotPlugCMS is a web-based content management application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "/hotplugcms/administration/tblcontent/index.php" script.
  • Ref: http://www.securityfocus.com/bid/18488
  • 06.25.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Xarancms Xarancms_haupt.PHP SQL Injection
  • Description: Xarancms is a web-based content management system. Insufficient sanitization of the "id" parameter in the "xarancms_haupt.php" script exposes the application to an SQL injection issue.
  • Ref: http://www.securityfocus.com/bid/18520
  • 06.25.71 - CVE: CVE-2006-0492
  • Platform: Web Application - SQL Injection
  • Title: Calendarix Basic ID Parameter Multiple SQL Injection Vulnerabilities
  • Description: Calendarix Basic is a web-based calendar application. The application is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. Calendarix Basic version 0.7.20060401 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18469
  • 06.25.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VBZoom Forum.php SQL Injection
  • Description: VBZooM is a forum application. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "MainID" parameter of the "forum.php" script. VBZoom version 1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/18472
  • 06.25.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cline Communications Multiple SQL Injection Vulnerabilities
  • Description: Cline Communications is a web photo application implemented in PHP. The application is prone to multiple SQL injection vulnerabilities.
  • Ref: http://www.securityfocus.com/archive/1/437497
  • 06.25.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo Weblinks SQL Injection Vulnerability
  • Description: Mambo is a web-based content management system (CMS). It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "Name" field when clicking on "Submit Weblink". Mambo Open Source versions 4.6 and earlier are affected.
  • Ref: http://milw0rm.com/exploits/1922
  • 06.25.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TPL Design tplShop Category.PHP SQL Injection
  • Description: tplShop is a web-based e-commerce application. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "first_row" parameter of "category.php". TPL Design tplShop version 2.0 is affected.
  • Ref: http://pridels.blogspot.com/2006/06/tplshop-v-20-vuln.html
  • 06.25.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CavoxCms Index.PHP SQL Injection
  • Description: CavoxCms is a web-based content management application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. CavoxCms version 1.0.16 is vulnerable.
  • Ref: http://pridels.blogspot.com/2006/06/cavoxcms-sql-injection-vuln.h tml
  • 06.25.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Open-Realty Search.inc.PHP SQL Injection
  • Description: Open-Realty is a web-based real estate application. Insufficient sanitization of the "sorttype" parameter in the "search.inc.php" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18545
  • 06.25.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BtitTracker Torrents.PHP SQL Injection Vulnerabilities
  • Description: BtitTracker is a web-based bit torrent tracker application. BtitTracker is exposed to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "by" and "order" parameters to the "torrents.php" script. BtitTracker version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18549/
  • 06.25.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vuBB Email Parameter SQL Injection
  • Description: vuBB is an interactive forum application. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "email" parameter of "includes/functions.php". vuBB version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437657
  • 06.25.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WeBBoA ID Parameter SQL Injection
  • Description: WeBBoA is a web hosting script. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "id" parameter of the "host/yeni_host.asp" script. WeBBoA version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18564
  • 06.25.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IMGallery Galeria.PHP Multiple SQL Injection Vulnerabilities
  • Description: IMGallery is a web-based image gallery. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. IMGallery version 2.4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18566
  • 06.25.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: thinkWMS Multiple SQL Injection Vulnerabilities
  • Description: thinkWMS is a content management application. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input to the "id" and "catid" parameters to the "index.php" script and the "id" parameter in the "printarticle.php" script. thinkWMS versions 1.0 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18567
  • 06.25.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bluehouse Project PHPTrader Multiple SQL Injection Vulnerabilities
  • Description: phpTrader is an online trading application implemented in PHP. phpTrader is prone to multiple SQL injection vulnerabilities. These issues affect version 4.9 SP5.
  • Ref: http://www.securityfocus.com/bid/18468
  • 06.25.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DataLife Engine Subaction SQL Injection
  • Description: DataLife Engine is a web-based content management system. DataLife Engine is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "index.php" script. DataLife Engine version 4.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18592
  • 06.25.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Event Calendar SQL Injection
  • Description: PHP Event Calendar is a web-based calendar application. It is exposed to an SQL injection due to insufficient sanitization of user-supplied input to the "id" parameter of "calendar.php". PHP Event Calendar (provided by Code Walkers) version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18593/exploit
  • 06.25.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WoltLab Burning Board Multiple SQL Injection Vulnerabilities
  • Description: WoltLab Burning Board is an online web forum. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to various scripts. WoltLab Burning Board versions 2.3.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18597
  • 06.25.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBulletinBoard Usercp.PHP SQL Injection
  • Description: MyBulletinBoard is a web-based bulletin board. It is exposed to an SQL injection issue. This is due to insufficient sanitization of user-supplied input to the "showcodebutton" parameter of the "usercp.php" script. MyBulletinBoard versions 1.1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18602/references
  • 06.25.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softbiz Dating Script Multiple SQL Injection Vulnerabilities
  • Description: Softbiz Dating Script is a web-based dating script. It is exposed to multiple SQL injection issues due to insufficient sanitization of user-supplied input. SoftBiz Dating Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/18605/references
  • 06.25.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Live Helper Initiate.PHP Remote File Include
  • Description: PHP Live Helper is a customer support application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "abs_path" parameter of the "initiate.php" script. PHP Live Helper versions 2.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18509
  • 06.25.90 - CVE: CVE-2006-3132
  • Platform: Web Application
  • Title: Qto File Manager index.php Cross-Site Scripting
  • Description: Qto file manager is a web-based file management system. Insufficient sanitization of the "msg" parameter of the "index.php" script exposes the application to a cross-site scripting issue. File manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/18510
  • 06.25.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Bible Portal Rtf_parser.PHP Remote File Include
  • Description: Bible Portal is a web-based content-management application. Bible Portal is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "Admin/rtf_parser.php" script. Bible Portal version 2.12 is vulnerable.
  • Ref: http://milw0rm.com/exploits/1912
  • 06.25.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Eduha Meeting Index.PHP Arbitrary File Upload
  • Description: Eduha Meeting is a web-based application. It is prone to an arbitrary file upload vulnerability because the "Add Photo" feature of the "index.php" script checks only the file extension of uploaded files and not the contents.
  • Ref: http://www.securityfocus.com/bid/18499
  • 06.25.93 - CVE: CVE-2006-2994
  • Platform: Web Application
  • Title: Phaziz Guestbook Multiple HTML Injection Vulnerabilities
  • Description: Phaziz Guestbook is a web-based guestbook application. Insufficient sanitization of the "name", "email", "url and "text" form field parameters expose the application to multiple HTML injection issues. Phaziz Guestbook version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/18495
  • 06.25.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy CMS Choose_file.PHP Arbitrary File Upload
  • Description: Easy CMS is a content management application. Easy CMS is prone to an arbitrary file upload vulnerability. Easy CMS version 0.1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437705
  • 06.25.95 - CVE: Not Available
  • Platform: Web Application
  • Title: singapore gallery Index.PHP Directory Traversal and Cross-Site Scripting
  • Description: singapore gallery is an image gallery application. It is is prone to cross-site scripting and directory traversal vulnerabilities because it fails to properly sanitize user-supplied input. singapore gallery versions 0.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18518
  • 06.25.96 - CVE: CVE-2005-0379
  • Platform: Web Application
  • Title: Zeroboard Arbitrary File Upload
  • Description: Zeroboard is a bulletin board application. It is exposed to an arbitrary file upload issue. An attacker can exploit this issue to upload a malicious ".htaccess" file that will remove further file upload and code execution restrictions. Zeroboard versions 4.1pl8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18465/references
  • 06.25.97 - CVE: CVE-2006-2583
  • Platform: Web Application
  • Title: Nucleus CMS Multiple Remote File Include Vulnerabilities
  • Description: Nucleus CMS is a typical web-based content management system. It is prone to multiple remote file include vulnerabilities. Nucleus CMS versions 3.22 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437423
  • 06.25.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Ji-takz Remote File Include
  • Description: Ji-takz is a chat application. Ji-takz is exposed to a remote file include issue due to insufficient sanitization of the "mycfg" parameter of the "tag.class.php" script. Ji-takz Chat version 0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437430
  • 06.25.99 - CVE: Not Available
  • Platform: Web Application
  • Title: MCGuestbook Multiple Remote File Include Vulnerabilities
  • Description: MCGuestbook is a web-based guestbook application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "lang" parameter of various scripts. MCGuestbook version 1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437448
  • 06.25.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Indexu Multiple Remote File Include Vulnerabilities
  • Description: Indexu is a web portal application. It is exposed to multiple remote file include issues. These issues are due to insufficient sanitization of user-supplied input to the "admin_template_path" parameter of various scripts. Nicecoder indexu version 5.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437407
  • 06.25.101 - CVE: CVE-2006-2852
  • Platform: Web Application
  • Title: DotWidget For Articles Multiple Remote File Include Vulnerabilities
  • Description: DotWidget For Articles is a content management application. DotWidget for Articles is prone to multiple remote file include vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. DotWidget For Articles version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437483
  • 06.25.102 - CVE: Not Available
  • Platform: Web Application
  • Title: FlashChat Adminips.PHP Remote File Include
  • Description: FlashChat is a web-based chatroom application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "banned_file" parameter of the "adminips.php" script. FlashChat version 4.5.7 is affected.
  • Ref: http://www.securityfocus.com/bid/18480
  • 06.25.103 - CVE: CVE-2006-2970
  • Platform: Web Application
  • Title: TinyMuw Videopage.PHP and Quickchat.PHP HTML Injection
  • Description: TinyMuw is a content-based management system. TinyMuw is exposed to multiple HTML injection issues due to insufficient sanitization of user-supplied HTML to the input boxes of the "quickchat.php" and "videoPage.php" scripts. TinyMuw version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/436640
  • 06.25.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Wikkawiki Method Function Information Disclosure
  • Description: Wikkawiki is a calendar application. It is vulnerable to an information disclosure issue due to insufficient sanitization of user-supplied input to the "strstr()" function within the "Method()" function. WikkaWiki versions 1.1.6.1 and earlier are vulnerable.
  • Ref: http://wikkawiki.org/WikkaReleaseNotes
  • 06.25.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Eprayer Your Name Field HTML Injection
  • Description: Eprayer is a web-based application to receive and distribute prayer requests. It is exposed to an HTML injection issue due to insufficient sanitization of user-supplied HTML. EPrayer version ALPHA is affected.
  • Ref: http://www.securityfocus.com/archive/1/437269
  • 06.25.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Poll PHP Default Administrator Password
  • Description: Simple PHP Poll is a web-based polling application. Simple PHP Poll is prone to an authentication bypass vulnerability. The issue occurs because the administrator password is hardcoded into the application. All versions of Simple PHP Poll are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437484
  • 06.25.107 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Faethon Header.PHP Remote File Include
  • Description: CMS Faethon is a content management application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mainpath" parameter of the "header.php" script. CMS Faethon version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18489
  • 06.25.108 - CVE: Not Available
  • Platform: Web Application
  • Title: RahnemaCo Page.PHP PageID Remote File Include
  • Description: RahnemaCo is a web-based shopping cart system. Insufficient sanitization of the "pageid" parameter in the "page.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/18490
  • 06.25.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Free Realty Propview.PHP SQL Injection
  • Description: Free Realty is a web-based bulletin board application. It is exposed to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "sort" parameter of "propview.php". Free Realty versions 2.9-0.7 and earlier are affected.
  • Ref: http://pridels.blogspot.com/2006/06/free-realty-vuln.html
  • 06.25.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Dragons Kingdom Script Multiple HTML Injection Vulnerabilities
  • Description: Dragons Kingdom Script is a web-based adventure game. It is affected by multiple script injection issues due to insufficient sanitization of user-supplied input. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18535
  • 06.25.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Micro CMS MicroCMS-include.PHP Remote File Include
  • Description: Micro CMS is a customer-support application. Micro CMS is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "microcms_path" parameter of "microcms-include.php". Micro CMS version 0.3.5 is affected.
  • Ref: http://milw0rm.com/exploits/1929
  • 06.25.112 - CVE: Not Available
  • Platform: Web Application
  • Title: V3 Chat Instant Messenger Multiple Input validation Vulnerabilities
  • Description: V3 Chat Instant Messenger is an online instant messenger application. It is prone to multiple issues due to insufficient sanitization of user-supplied input. 3Chat Instant Messenger version 0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/437755
  • 06.25.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Ralf Image Gallery Multiple Input Validation Vulnerabilities
  • Description: Ralf Image Gallery is an image gallery application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. Ralf Image Gallery versions 0.7.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/437818
  • 06.25.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Clubpage Multiple Input Validation Vulnerabilities
  • Description: Clubpage is a content management application. It is prone to multiple input validation vulnerabilities because the application fails to properly sanitize user-supplied input. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18552
  • 06.25.115 - CVE: Not Available
  • Platform: Web Application
  • Title: BandSite Root_Path Remote File Include
  • Description: BandSite is a web-based content-management application targeted at bands; it is written in PHP. It is prone to a remote file include vulnerability. Versions 1.1.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18555
  • 06.25.116 - CVE: Not Available
  • Platform: Web Application
  • Title: cjGuestbook Comment HTML Injection
  • Description: cjGuestbook is a web-based guestbook application. It is exposed to an HTML injection issue due to insufficient sanitization of user-supplied input. cjGuestbook version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/438008
  • 06.25.117 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Subject field HTML injection
  • Description: e107 is a content management system . Insufficient sanitization of the "Subject" parameter exposes the application to an HTML injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18560
  • 06.25.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Ad Manager Pro IPath Multiple Remote File Include Vulnerabilities
  • Description: Ad Manager Pro is a web-based ad management application. Ad Management is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "ipath" parameter of the "common.php" and "ad.php" scripts. Ad Manager Pro version 2.6 is affected.
  • Ref: http://milw0rm.com/exploits/1923
  • 06.25.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Multiple HTML Injection Vulnerabilities
  • Description: Invision Power Board is a bulletin board application. It is vulnerable to mulitple HTML Injection issues due to insufficient sanitization of user-supplied input to various scripts. Invision Power Board versions before 2.1.6 (2006-06-19) are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18571/info
  • 06.25.120 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultimate Estate Multiple Input Validation Vulnerabilities
  • Description: Ultimate Estate is a real estate management application. It is exposed to multiple input validation issues due to insufficient sanitization of user-supplied input. Versions 1.0 and prior are reported to be vulnerable; other versions may also be affected.
  • Ref: http://pridels.blogspot.com/2006/06/ultimate-estate-vuln.html
  • 06.25.121 - CVE: Not Available
  • Platform: Web Application
  • Title: SmartSiteCMS Inc_Foot.PHP Remote File Include
  • Description: SmartSiteCMS is a content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "root" parameter of the "/include/inc_foot.php" script. SmartSiteCMS version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18579/info
  • 06.25.122 - CVE: Not Available
  • Platform: Web Application
  • Title: cjGuestbook Multiple HTML Injection Vulnerabilities
  • Description: cjGuestbook is a web-based guestbook application. It is exposed to multiple HTML injection issues. This is due to insufficient sanitization of user-supplied input. cjGuestbook version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18591/references
  • 06.25.123 - CVE: Not Available
  • Platform: Web Application
  • Title: W-Agora Inc_Dir Multiple Remote File Include Vulnerabilities
  • Description: W-Agora is a web-based forum application written in PHP. It is prone to multiple remote file include vulnerabilities.
  • Ref: http://advisories.echo.or.id/adv/adv34-theday-2006.txt
  • 06.25.124 - CVE: Not Available
  • Platform: Web Application
  • Title: Dating Agent Multiple Input Validation Vulnerabilities
  • Description: Dating Agent is a web-based dating and personal classified application implemented in PHP. It is exposed to multiple input validation issues due to insufficient sanitization of user-supplied input. Dating Agent PRO version 4.7.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/438160
  • 06.25.125 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Blue Dragon CMS Multiple Remote File Include Vulnerabilities
  • Description: PHP Blue Dragon CMS is a web-based content management application. It is prone to multiple remote file include vulnerabilities because it fails to properly sanitize user-supplied input to the "DragonRootPath" parameter of multiple scripts. PhpBlueDragon CMS version 2.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18609
  • 06.25.126 - CVE: Not Available
  • Platform: Web Application
  • Title: Harpia Multiple Remote File Include Vulnerabilities
  • Description: Harpia is a web-based content management application. It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the application. Harpia version 1.0.5 is affected.
  • Ref: http://www.milw0rm.com/exploits/1943
  • 06.25.127 - CVE: Not Available
  • Platform: Web Application
  • Title: vlbook Message HTML Injection
  • Description: vlbook is a web-based guestbook application. It is prone to multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied HTML and script code in the "Message" form field parameter. vlbook version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18618
  • 06.25.128 - CVE: Not Available
  • Platform: Network Device
  • Title: Fortinet FortiGate FTP Proxy Antivirus Engine Bypass
  • Description: Fortinet FortiGate is a series of antivirus firewall devices. FortiGate is exposed to an antivirus-engine scanning bypass. This issue occurs when files are transferred using the FTP protocol. An attacker can exploit this issue by transferring malicious files via FTP. Fortinet FortiOS versions 3.0 MR2 and earlier are affected.
  • Ref: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS has opened my eyes to things I never would have considered on my own research.
-Doug Wells, Media General, Inc.

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd