Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 28
July 17, 2006

SANS Newsletters Home

An enormous number of critical vulnerabilities were disclosed this week (three times the average week). Microsoft and Cisco products are heavily impacted - meaning nearly every large sight is affected. Try not to ignore the eBay and McAfee and Adobe and Macromedia (Flash) vulnerabilities.

Alan

PS Network Security 2006 courses are filling very quickly. If you will be coming to Las Vegas in early October for the courses, please reserve your seat. http://www.sans.org/ns2006

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 3 (#1, #3, #11)
    • Microsoft Office
    • 6 (#2, #4, #5, #6)
    • Other Microsoft Products
    • 7 (#9, #10)
    • Third Party Windows Apps
    • 2 (#12, #14)
    • Linux
    • 1
    • Solaris
    • 1
    • Unix
    • 3
    • Cross Platform
    • 8 (#7, #8)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 24
    • Network Device
    • 6 (#13, #15, #16)
    • Hardware
    • 2

*************** Sponsored By Blue Lane Technologies *********************

INSTANT PATCH PROTECTION WITHOUT TOUCHING THE SERVER

Eliminate reactive server patching, preserve application availability, and reduce the risk in deploying patches to critical servers. Put an end to the patching nightmare today with leading analyst named 'Cool Vendor in Security and Privacy', Blue Lane Technologies. http://www.sans.org /info.php?id=1230"> http://www.sans.org /info.php?id=1230

*************************************************************************

Summer Security Training Extravaganza

Over the next two months, you may attend one or more of 50 SANS courses in 20 cities on four continents. And if you cannot make those events, because of travel restrictions, you may attend live SANS courses with the best teachers in the world, without leaving your home. You can even take SANS courses online at your own schedule. Attendance at SANS educational events is experiencing the largest growth spurt in half a decade. Pick your class and register early to get a seat. http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

******************** Sponsored Link: **********************************

1) REGISTER NOW for SANS Ask the Expert webcast on July 18th at 1pm ET featuring SANS Instructor Ben Wright titled: The Law of IT System Logs. This webcast is sponsored by LogLogic. http://www.sans.org/info.php?id=1231

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Server Service Remote Code Execution (MS06-035)
  • Affected:
    • Microsoft Windows 2000 SP4
    • Microsoft Windows Server 2003 SP0/SP1
    • Microsoft Windows XP SP1/SP2

  • Description: Microsoft Windows is vulnerable to a remotely-exploitable vulnerability in the processing of mailslot messages. Mailslots are a form of intermachine and interprocess communication used on Windows-based operating systems. Mailslots are used by several applications, including the Alerter and Messenger services (enabled by default on Windows 2000). Windows fails to properly validate certain mailslot messages leading to a kernel (core of the operating system) heap overflow. By sending a specially-crafted mailslot request, an attacker could take complete control of the vulnerable system. Additionally, by sending specially-crafted SMB traffic, attackers may be able to view parts of kernel memory, and possibly discover sensitive information. Users are advised to block TCP and UDP ports 137, 139 and 445 at the network perimeter and disable services using mailslot functionality if possible.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All council sites are either in the process of deploying the update or will deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (3) HIGH: Microsoft Windows DHCP Client Service Remote Buffer Overflow (MS06-036)
  • Affected:
    • Microsoft Windows 2000 SP4
    • Microsoft Windows XP SP1/SP2
    • Microsoft Windows Server 2003
    • Microsoft Windows 98/98SE/ME are listed as vulnerable, but are not rated as "critically vulnerable" by Microsoft.

  • Description: Microsoft's DHCP client service for Windows, used to configure hosts automatically via the Dynamic Host Configuration Protocol (DHCP), suffers from a remotely-exploitable buffer overflow. By sending a specially-crafted DHCP packet to a vulnerable system, an attacker could take complete control of the system. Under most network configurations, an attacker must send this packet from the same subnet as the vulnerable system. Users are advised to filter DHCP traffic at the network perimeter and not to forward DHCP broadcast traffic between subnets.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All council sites are either in the process of deploying the update or will deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (5) HIGH: Microsoft Office Multiple Code Execution Vulnerabilities (MS06-038)
  • Affected:
    • Microsoft Office 2003 SP1/SP2
    • Microsoft Office XP SP3
    • Microsoft Office 2000 SP3
    • Microsoft Office 2004/X for Mac
    • Microsoft Project 2000/2002
    • Microsoft Visio 2002 SP2

  • Description: Various Microsoft Office products are vulnerable to code execution vulnerabilities. When a user opens a specially-crafted Office file via a malicious link or email message, an attacker could execute arbitrary code with the privileges of the current user. Note that, under most common configurations other than Office 2000, most Office document types will not open automatically after being downloaded. These vulnerabilities exist within core Office components, and therefore can affect a variety of Office file types such as Word documents, Excel spreadsheets etc. Users are advised to not open Office documents from untrusted sources. Technical details and a proof-of-concept for at least one of these vulnerabilities have been publicly posted.

  • Status: Microsoft Confirmed, updates available.

  • Council Site Actions: All council sites are either in the process of deploying the update or will deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (6) HIGH: Microsoft Office Multiple Filter Code Execution Vulnerabilities (MS06-039)
  • Affected:
    • Microsoft Office 2003 SP1/SP2
    • Microsoft Office XP SP3
    • Microsoft Office 2000 SP3
    • Microsoft Works Suite 2004/2005/2006

  • Description: Various Microsoft Office products are vulnerable to code execution vulnerabilities. When a user opens a specially-crafted Office file via a malicious link or email message, an attacker could execute arbitrary code with the privileges of the current user. These vulnerabilities exist in the code "filters" used to load and convert PNG and GIF image files. Hence, any Office product displaying these image types is potentially vulnerable. Note that, under most common configurations other than Office 2000, Office document types will not open automatically after being downloaded. Users are advised to not open Office documents from untrusted sources.

  • Status: Microsoft Confirmed, updates available.

  • Council Site Actions: All council sites are either in the process of deploying the update or will deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (7) HIGH: Adobe Acrobat Remote Buffer Overflow
  • Affected:
    • Adobe Acrobat 5.0, 5.0.5, 06.0.x on Windows and Macintosh

  • Description: Adobe Acrobat, the most popular PDF viewer on the Internet, is vulnerable to a buffer overflow when processing certain PDF files. When a user views a specially-crafted PDF file via a malicious link or email message, an attacker could execute arbitrary code with the privileges of the current user. In many common configurations, PDF files are opened automatically after downloading. Therefore, no user interaction beyond viewing an email or clicking on a malicious link would be necessary to exploit this vulnerability.

  • Status: Adobe confirmed, updates available.

  • Council Site Actions: Most of the responding council sites plan to update their systems during their next regular maintenance window. A few sites are still analyzing possible responses.

  • References:
  • (8) HIGH: Macromedia Flash Multiple Vulnerabilities
  • Affected:
    • Macromedia Flash version 8.0.24 and possibly earlier

  • Description: Macromedia Flash, a popular platform for rich Web content, is vulnerable to multiple undisclosed vulnerabilities. When a user views a specially-crafted SWF (Flash) file via a malicious link, an attacker could execute arbitrary code with the privileges of the current user. Flash is installed on all Windows XP and Mac OS X systems by default, and is common on many other platforms. Flash content is configured to display by default, and therefore no user interaction beyond clicking on a link is required to exploit this vulnerability.

  • Status: Macromedia confirmed, updates available.

  • Council Site Actions: Two of the responding council sites plan to take action on this item. One site is investigating possible actions; the other site plans to distribute the patch during their next regularly scheduled maintenance widow.

  • References:
  • (9) MODERATE: Microsoft IIS ASP Code Execution Vulnerability (MS06-034)
  • Affected:
    • Microsoft Internet Information Services (IIS) 5.0/5.1/6.0

  • Description: Microsoft Internet Information Services (IIS) servers using Active Server Pages (ASP) contain a code execution vulnerability. By placing a specially-crafted ASP page in a location where it will be processed by an IIS server, an attacker could execute arbitrary code with the privileges of the IIS process (often "IWAM" or "NetworkService"). Attackers must have valid login credentials and the ability to place files on the IIS server. Web site hosting providers typically allow authenticated users to upload web pages. Hence, the providers using IIS should apply this patch on a priority basis.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Two of the responding council sites are using the affected software. Both sites plan to deploy the updates during their next regularly scheduled maintenance window.

  • References:
  • (10) LOW: Microsoft ASP.NET Remote Information Disclosure (MS06-033)
  • Affected:
    • Microsoft .NET Framework 2.0

  • Description: Microsoft ASP.NET, Microsoft's web hosting and web services system from the .NET framework, suffers from a remote information-disclosure vulnerability. By sending a specially-crafted request to the ASP.NET web server, an attacker could cause the server to disclose information in the Application folders. By default, an attacker would need to know in advance the name of the object to be displayed. Users are advised to monitor web access logs and move files and other objects out of the Application folders, if possible.

  • Status: Microsoft Confirmed, updates available.

  • Council Site Actions: Three of the responding council sites are using the affective software. They all plan to deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (11) LOW: Microsoft Internet Explorer "RDS.DataControl" ActiveX Heap Corruption
  • Affected:
    • Microsoft Internet Explorer 6

  • Description: Microsoft Internet Explorer suffers from a heap corruption vulnerability. By instantiating the "RDS.DataControl" ActiveX control, an attacker can cause heap corruption by special manipulation of the "URL" attribute of the object. A denial-of-service condition has been confirmed; it has been suggested that remote code execution may be possible, but this has not been confirmed. Technical details for this exploit and a proof-of-concept have been publicly posted. This ActiveX control is considered obsolete by Microsoft. Users are advised to set the killbit for UUID "bd96c556-65a3-983a-00c04fc29e33". Note that by disabling this control, programs using Microsoft Remote Data Services may stop functioning properly. This flaw was reported by a researcher who plans to release a new flaw every day for the month of July in various browsers. The researcher has also reported other vulnerabilities in Microsoft Internet Explorer. Most of these vulnerabilities are DoS flaws.

  • Status: Microsoft has not confirmed, no updates available.

  • Council Site Actions: All of the responding council sites are awaiting additional information from the vendor. Should a patch become available, they will deploy during their next regularly scheduled maintenance window. References Proof-of-Concept http://metasploit.com/users/hdm/tools/browserfun/mobb_008.html Posting by H. D. Moore http://browserfun.blogspot.com/ 2006/07/mobb-8-rdsdatacontrol-url.html"> http://browserfun.blogspot.com/ 2006/07/mobb-8-rdsdatacontrol-url.html Browserfun Blog by H. D. Moore http://browserfun.blogspot.com/ Microsoft Support Document on Disabling ActiveX Controls ("killbits") http://support.microsoft.com/kb/240797

Other Software
  • (12) CRITICAL: McAfee ePolicy Orchestrator Framework Service Directory Traversal
  • Affected:
    • McAfee ePolicy Orchestrator version 3.5.5 and prior
    • Details: McAfee ePolicy Orchestrator, McAfee's remote security
    • management software, is vulnerable to a directory traversal attack. The
    • framework service, which runs on both ePolicy servers and clients on
    • port 8081, accepts commands via the HTTP protocol. By sending a
    • specially-crafted request, consisting of an XML document defining a
    • pathname and file contents, an attacker can overwrite the contents of
    • any file on the vulnerable system. This would allow an attacker to
    • obtain complete control of the affected system. No authentication is
    • required to exploit this vulnerability, and technical details for this
    • vulnerability have been publicly posted. Users are advised to block TCP
    • port 8081 at the network perimeter and upgrade as quickly as possible.
    • Note that an enterprise-wide compromise is possible by exploiting this
    • flaw.

  • Status: McAfee confirmed, updates available.

  • References:
  • (13) HIGH: Cisco Unified CallManager Remote Buffer Overflow
  • Affected:
    • Cisco Unified CallManager versions 5.0(1), 5.0(2), 5.0(3), 5.0(3a)
    • Details: Cisco Unified Call Manager, Cisco's VoIP (Voice over Internet
    • Protocol) call processor, is vulnerable to a remotely-exploitable buffer
    • overflow. By sending a SIP request with an overly-long "hostname"
    • attribute, an attacker could execute arbitrary code on the CallManager
    • device. Note that technical details for this vulnerability have been
    • publicly posted.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: Only one of the responding council sites is using the affected software and they are still considering which action they will take.

  • References:
  • (14) MODERATE: eBay Enhanced Picture Service ActiveX Component Buffer Overflow
  • Affected:
    • eBay Enhanced Picture Service ActiveX Component version 1.0.3 and possibly prior
    • Details: eBay Enhanced Picture Service provides eBay auctioneers with
    • the ability to easily host auction item pictures. The service can
    • install an ActiveX control on Windows systems. This control is
    • vulnerable to a buffer overflow. By causing a user to view a web page
    • that instantiates this control via a malicious link, an attacker could
    • execute arbitrary code with the privileges of the current user. Note
    • that no user interaction beyond clicking on the link would be required
    • to exploit this vulnerability. This control will be automatically
    • upgraded to a non-vulnerable version if a user views an eBay page that
    • utilizes the control. Users are advised to upgrade, or to disable the
    • control with the UUID 4C39376E-FA9D-4349-BACC-D305C1750EF3 via the
    • Microsoft "killbit" mechanism.

  • Status: eBay confirmed, updates available.

  • Council Site Actions: Only one of the responding council sites is using the affected software. They are still in the process of considering what action they will take.

  • References:
  • (15) MODERATE: Cisco Intrusion Prevention System Malformed Packet Denial-of-Service
  • Affected:
    • Cisco IPS 4200 Series
    • Cisco IPS 5.1(x)
    • Details: Cisco's Intrusion Prevention System (IPS) is vulnerable to a
    • remote denial-of-service vulnerability. By sending a specially-crafted
    • packet to a Cisco IPS, an attacker can cause the device to crash and
    • stop processing traffic. If the device is deployed in-line, this could
    • disrupt network traffic for all the systems behind the IPS. Once
    • crashed, the device is not accessible via any management interface and
    • must be power-cycled to resume its normal operation.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (16) MODERATE: Cisco Router Web Setup Insecure Default Configuration
  • Affected:
    • Cisco SOHO and 800 series routers running CRWS version 3.3.0 (31) or prior.
    • Details: Cisco SOHO and 800 series routers ship with Cisco Router Web
    • Setup, an easy-to-use web interface for router configuration. The web
    • setup interface allows complete control of the router remotely, and
    • should be protected by an administrator-defined authentication
    • mechanism. The default configuration of the CRWS subsystem does not have
    • an authentication method defined. CRWS normally runs on TCP port 80, and
    • by default is accessible to all IP addresses. If an attacker were able
    • to reach a vulnerable router on port 80 in its default configuration,
    • the attacker could take complete control of the vulnerable device. Users
    • are advised to enable authentication via the "enable secret" command.

  • Status: Cisco confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 28, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5078 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.28.1 - CVE: CVE-2006-1300
  • Platform: Windows
  • Title: Microsoft ASP.NET Application Folder Information Disclosure
  • Description: ASP.NET is a set of tools based on the .NET framework for building web applications. ASP.NET is prone to an information disclosure vulnerability. The problem occurs because the application fails to properly validate URI input. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-033.mspx
  • 06.28.2 - CVE: CVE-2006-1314
  • Platform: Windows
  • Title: Windows Server Driver Mailslot Remote Heap Buffer Overflow
  • Description: Microsoft Windows Server driver provides support for various server related tasks. It is vulnerable to a remote heap buffer overflow issue relating to its mailslot functionality. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx
  • 06.28.3 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Server Driver Remote Information Disclosure
  • Description: Microsoft Windows Server driver is susceptible to a remote information disclosure vulnerability. This issue is due to the failure of the driver to properly initialize memory prior to using it. See the Microsoft advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx
  • 06.28.4 - CVE: CVE-2006-3493
  • Platform: Microsoft Office
  • Title: Office MSO.DLL LsCreateLine() Potential Code Execution
  • Description: Microsoft Office is exposed to a potential code execution issue. This issue results from a boundary condition error. The issue arises when the application handles a specially crafted document containing an excessive amount of string values. The document is passed to the "LsCreateLine()" function of "mso.dll". Microsoft Office XP SP3 and earlier are affected.
  • Ref: http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx
  • 06.28.5 - CVE: CVE-2006-1302
  • Platform: Microsoft Office
  • Title: Microsoft Excel Selection Record Remote Code Execution
  • Description: Microsoft Excel is exposed to a remote code execution issue. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. This issue occurs when Excel handles specially crafted XLS files containing malformed "SELECTION" records.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx
  • 06.28.6 - CVE: CVE-2006-1540
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed String Parsing Code Execution
  • Description: Microsoft Office is susceptible to a remote code execution vulnerability. This issue is exploitable by Excel 2003 files containing a Unicode "Sheet Name" string with an invalid size. An attacker could also exploit the issue by placing the malicious document on the web and enticing victim users into opening it.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
  • 06.28.7 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office String Parsing Remote Code Execution
  • Description: Microsoft Office is susceptible to a remote code execution issue. This is due to improper handling of malformed strings in Office documents. This issue is related to how Office attempts to parse the length of records prior to copying them to allocated memory buffers. All versions are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
  • 06.28.8 - CVE:CVE-2006-1301,CVE-2006-1302,CVE-2006-1304,CVE-2006-1306,CVE-2006-1308,CVE-2006-1309,CVE-2006-2388,CVE-2006-3059
  • Platform: Microsoft Office
  • Title: Excel File Rebuilding Remote Code Execution
  • Description: Microsoft Excel is vulnerable to a remote code execution issue when processing malformed files. See the referenced advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx
  • 06.28.9 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Powerpoint Remote Code Execution Vulnerability
  • Description: Microsoft Powerpoint is prone to a remote code execution vulnerability. The vulnerability occurs when Powerpoint handles a specially malformed PPT file most likely exploiting an issue in the "MSO.DLL" library file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A malicious trojan named "Trojan.PPDropper.B" is actively exploiting this vulnerability.
  • Ref: http://secunia.com/advisories/21040/
  • 06.28.10 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer HtmlDlgSafeHelper Remote Denial of Service
  • Description: Microsoft Internet Explorer is vulnerable to a denial of service issue when the browser processes a malicious "HtmlDlgSafeHelper" object. Internet Explorer versions 6.0 and 6.0 SP1 are vulnerable. Ref: http://browserfun.blogspot.com/2006/07/mobb-11-htmldlgsafehelper-fonts.html
  • 06.28.11 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft IIS ASP Remote Code Execution
  • Description: Microsoft Internet Information Server (IIS) is susceptible to a remote code execution vulnerability. This issue is due to a failure of the application to properly bounds check user supplied input prior to copying it to an insufficiently sized memory buffer. This will allow attackers to execute code with the non-administrative "IWAM_%machinename%" or "NetworkService" accounts on affected computers.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
  • 06.28.12 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer 6 RDS.DataControl Denial of Service
  • Description: Microsoft Internet Explorer version 6 is reportedly prone to a denial of service vulnerability. This issue is triggered when an attacker manipulates the "RDS.DataControl" object to copy a malicious URL parameter from javascript. The "SysAllocStringLen" routine in the OLE32.dll library will perform an invalid length calculation on the data, which will lead to a memory read operation going beyond the current memory page. An access violation error and application crash will ensue. Ref: http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html
  • 06.28.13 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Object.Microsoft.DXTFilter Denial of Service
  • Description: Microsoft Internet Explorer is prone to a denial of service issue when the browser processes the "Object.Microsoft.DXTFilter" object. Please see the attached advisory for details.
  • Ref: http://browserfun.blogspot.com/2006/07/mobb-10-objectmicrosoftdxtfilter.html
  • 06.28.14 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Office Property Code Execution
  • Description: Microsoft Office is susceptible to a remote code execution issue. When malformed files are processed, corruption of process memory occurs leading to attacker supplied code execution. Please refer to the attached advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
  • 06.28.15 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer TriEditDocument Denial of Service
  • Description: Microsoft Internet Explorer is prone to a denial of service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious web site. Specifically, the vulnerability presents itself when the browser processes the "TriEditDocument" object. See the advisory for further details. Ref: http://browserfun.blogspot.com/2006/07/mobb-12-trieditdocument-url.html
  • 06.28.16 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer RevealTrans Denial of Service
  • Description: Microsoft Internet Explorer is prone to a denial of service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious web site. Specifically, the vulnerability presents itself when the browser processes the "DXImageTransform.Microsoft.RevealTrans" object. See the advisory for further details. Ref: http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html
  • 06.28.17 - CVE: CVE-2006-1176
  • Platform: Third Party Windows Apps
  • Title: eBay Enhanced Picture Service ActiveX Remote Buffer Overflow
  • Description: eBay Enhanced Picture Service ActiveX control is a Microsoft Windows application that allows a seller to upload pictures to an auction. It is prone to a buffer overflow vulnerability in the "EUPWALcontrol.dll" library of the COM object "EPUIMageControl Class". Versions 1.0.3.36 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18921
  • 06.28.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Qbik WinGate IMAP Service Directory Traversal
  • Description: Qbik WinGate is a Windows-based proxy server for sharing Internet connections. Its IMAP service is prone to a directory traversal vulnerability that arises because the application fails to sanitize user-supplied input when handling the "CREATE", "SELECT", "DELETE", "RENAME", "COPY", "APPEND", and "LIST" commands. Versions 6.1.2.1094 and 6.1.3.1096 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18908
  • 06.28.19 - CVE: Not Available
  • Platform: Linux
  • Title: libtunepimp Multiple Remote Buffer Overflow Vulnerabilities
  • Description: libtunepimp is a library used to tag audio files. It is affected by multiple remote buffer overflow vulnerabilities in the "lookuptools.cpp" source file. An attacker can trigger these issues by supplying a malicious audio file such as ".ogg" or ".mp3" to be processed by the library. libtunepimp versions 0.4.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18961
  • 06.28.20 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NIS Server YPServ Unspecified Denial of Service
  • Description: The ypserv utility distributes NIS databases to client systems within a NIS domain. It is exposed to a denial of service issue. The cause of this issue is currently unknown. Sun Solaris versions 8, 9, and 10 are vulnerable. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102462-1&searchclause=
  • 06.28.21 - CVE: Not Available
  • Platform: Unix
  • Title: libICE Unspecified Denial of Service
  • Description: The Inter-Client Exchange library (libICE) facilitates data communications between X clients. libICE is reported to be prone to an unspecified denial of service vulnerability. This issue was identified in Solaris 8 and 9 by Sun. It is conjectured that the library running on other platforms might be affected as well. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102503-1&searchclause=
  • 06.28.22 - CVE: Not Available
  • Platform: Unix
  • Title: LibVNCServer Remote Authentication Bypass
  • Description: LibVNCServer is a library designed to facilitate the creation of Virtual Network Computing (VNC) servers. It is vulnerable to an authentication bypass issue due to a flaw in the authentication process. All versions of LibVNCServer are vulnerable.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
  • 06.28.23 - CVE: Not Available
  • Platform: Unix
  • Title: KDE Konqueror ReplaceChild Denial of Service
  • Description: KDE Konqueror is prone to a denial of service vulnerability. The vulnerability presents itself when the browser processes the "replaceChild()" method for any DOM element. KDE Konqueror version 3.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18978
  • 06.28.24 - CVE: CVE-2006-3403
  • Platform: Cross Platform
  • Title: Samba Internal Data Structures Denial of Service
  • Description: Samba is freely available file and printer sharing software. It is exposed to a denial of service issue due to design of internal data structures. The problem occurs when a large number of share connection requests are sent by an attacker. This can result in excessive memory consumption and an eventual crash of the application. Samba versions 3.0.1 through 3.0.22 are affected.
  • Ref: https://issues.rpath.com/browse/RPL-496
  • 06.28.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SIPfoundry SIPXtapi CSeq Processing Remote Buffer Overflow
  • Description: SIPfoundry sipXtapi is a client library and software development kit (SDK) for SIP based user agents. SIPXtapi is reported to be prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself when the application handles a specially crafted "CSeq" value that is larger than 24 bytes.
  • Ref: http://www.securityfocus.com/archive/1/439617
  • 06.28.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MICO Object Key Remote Denial of Service
  • Description: MICO is a CORBA implementation. It is susceptible to a remote denial of service vulnerability. When the software receives incorrect object keys, it crashes due to an assertion failure in the "CORBA::ORBInvokeRec::set_answer_invoke()" function in the "orb.cc" source file. MICO versions 2.3.12RC3 and 2.3.12 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18869
  • 06.28.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Macromedia Flash Malformed SWF File Multiple Vulnerabilities
  • Description: The Macromedia Flash plug-in is susceptible to multiple remote vulnerabilities that present themselves when the application attempts to handle maliciously malformed SWF files. Version 8.0.24.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18894
  • 06.28.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Acrobat Remote Buffer Overflow
  • Description: Adobe Acrobat is a client application for reading, navigating, and printing PDF (Portable Document Format) files. Adobe Acrobat is affected by a remote buffer overflow vulnerability. This issue affects Acrobat 6.0.4 and prior versions.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb06-09.html
  • 06.28.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities
  • Description: Ruby is an object-oriented scripting language with support for SAFE level checking. It is vulnerable to multiple SAFE Level Restriction Bypass vulnerabilities in the "alias" functionality. Ruby versions 1.8.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18944
  • 06.28.30 - CVE: CVE-2006-3452
  • Platform: Cross Platform
  • Title: Adobe Acrobat / Adobe Reader Local Privilege Escalation
  • Description: Adobe Acrobat and Adobe Reader on Mac OSX are prone to a privilege escalation vulnerability which can allow local non-privileged users to potentially replace the files with malicious files. Adobe Acrobat and Reader versions 6.0.4 and earlier are vulnerable.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb06-08.html
  • 06.28.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ServerView Multiple Unspecified Input Validation Vulnerabilities
  • Description: ServerView is a server management application suite. It is affeceted by multiple cross-site scripting and directory traversal issues. Please see the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/18950/info
  • 06.28.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hosting Controller Error.ASP Cross-site Scripting
  • Description: Hosting Controller is a web hosting tool. It is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input to the "error" parameter of the "error.asp" script. Versions 6.1 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/18933
  • 06.28.33 - CVE: CVE-2006-2249
  • Platform: Web Application - Cross Site Scripting
  • Title: Cutenews Index.PHP Cross-site Scripting
  • Description: Cutenews is a news management application implemented in PHP. The application is prone to a cross-site scripting vulnerability because it fails to sanitize the "mod" parameter of the "index.php" script. Version 1.4.5 of the software is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18918/www.virangar.org
  • 06.28.34 - CVE: CVE-2006-3514
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP-Blogger Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHP-Blogger is a web log application. PHP-Blogger is prone to multiple cross-site scripting vulnerabilities due to various scripts. PHP-Blogger versions 2.2.4 and 2.2.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18909
  • 06.28.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MIMESweeper For Web Access Denied Cross-site Scripting
  • Description: MIMESweeper For web is a policy based content security application. Insufficient sanitization of user-supplied input exposes the application to a cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18916/info
  • 06.28.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CommonSense CMS Search.PHP Cross-site Scripting
  • Description: CommonSense CMS is a web-based content management application implemented in PHP. The application is prone to a cross-site scripting vulnerability because it fails to sanitize the "q" parameter of the "search.php" script. CommonSense CMS version 5.0 is vulnerable. Ref: msg://bugtraq/419aa9950607070218j4a1e36c3m3ae9cc7302f24789@mail.gmail.com
  • 06.28.37 - CVE: CVE-2006-0984
  • Platform: Web Application - Cross Site Scripting
  • Title: EJ3 TOPo Class_DB_Text.PHP Multiple Remote PHP Script Code Injection Vulnerabilities
  • Description: EJ3 TOPo is a free top system implemented in PHP. EJ3 TOPo is prone to multiple remote PHP code-injection vulnerabilities. The application fails to sanitize user-supplied input in the "descripcion" and the "pais" parameters of the "code/class_db_test.php" script before storing it in a PHP file within the data directory. Versions 2.2.178 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/18935
  • 06.28.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FlexWATCH Network Camera Cross-Site Scripting
  • Description: FlexWATCH Network Camera is an online surveillance system. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the camera script. FlexWATCH versions 3.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/439648
  • 06.28.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal webform Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Drupal is a content-management application. The webform module of Drupal is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input to various scripts. webform versions 4.6 and 4.7 released prior to July 8, 2006 are affected by these issues.
  • Ref: http://www.securityfocus.com/bid/18947
  • 06.28.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FLV Player Multiple Cross-Site Scripting Vulnerabilities
  • Description: FLV Player is a web-based video image player. It is exposed to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "url' parameter of the "player.php" and "popup.php" scripts. FLV Player version 8 is affected.
  • Ref: http://www.securityfocus.com/bid/18954
  • 06.28.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Lazarus Guestbook Multiple Cross-Site Scripting Vulnerabilities
  • Description: Lazarus Guestbook is a web-based guestbook application. It is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the "show" parameter of "codes-english.php" and the "img" parameter of "picture.php". These issues affect version 1.6.
  • Ref: http://www.securityfocus.com/bid/18956
  • 06.28.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Photocycle Photocycle.php Parameter Cross-Site Scripting
  • Description: Photocycle is an online photo manager. It is exposed to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "phppage" parameter of the "photocycle.php" script. Photocycle version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18964
  • 06.28.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SaPHPLesson Add.PHP SQL Injection
  • Description: SaPHPLesson is a web-based tutoring application. Insufficient sanitization of the "forumid" parameter of the "add.php" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18934
  • 06.28.44 - CVE: CVE-2006-3560
  • Platform: Web Application - SQL Injection
  • Title: Graffiti Forums Topics.PHP SQL Injection Vulnerability
  • Description: Graffiti Forums is a web-based forum implemented in PHP. The application fails to properly sanitize user-supplied input to the "f" parameter in the "topics.php" script.
  • Ref: http://www.securityfocus.com/archive/1/439605
  • 06.28.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DGNews Search.PHP SQL Injection
  • Description: DGNews is a web-based photo album application implemented in PHP. It is prone to an SQL injection vulnerability. DGNews 1.5.1 is vulnerable.
  • Ref: http://www.newangels-team.eu/
  • 06.28.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CommonSense CMS Search.PHP Date Parameter SQL Injection
  • Description: CommonSense CMS is a web-based content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "q" parameter of the "search.php" script. CommonSense CMS version 5.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18893
  • 06.28.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AjaxPortal LoginADP Function SQL Injection
  • Description: AjaxPortal is a web portal application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "Username" field on the "ajaxp.php" page.
  • Ref: http://www.securityfocus.com/bid/18897
  • 06.28.48 - CVE: CVE-2006-3518
  • Platform: Web Application - SQL Injection
  • Title: Webvizyon SayfalaAltList.ASP SQL Injection
  • Description: Webvizyon is a web portal application. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "ID" parameter in the "SayfalaAltList.asp" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/439599
  • 06.28.49 - CVE: CVE-2006-3238, CVE-2006-3239
  • Platform: Web Application - SQL Injection
  • Title: VBZooM Multiple SQL Injection Vulnerabilities
  • Description: VBZooM is a web-based portal application written in PHP. VBZooM is prone to multiple SQL injection vulnerabilities. VBZoom 1.11 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18937
  • 06.28.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPBB 3 Memberlist.PHP SQL Injection
  • Description: PHPBB is a web-based bulletin board. Insufficient sanitization of the "ip" parameter in the "memberlist.php" script exposes the application to multiple SQL injection issues. PHPBB version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/18969
  • 06.28.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Farsinews Tiny_mce_gzip.PHP Directory Traversal
  • Description: Farsinews is a web-based news reader application. It is prone to a directory traversal vulnerability due to improper sanitization of user-supplied input to the "language" parameter of "tiny_mce_gzip.php". Farsinews version 3.0BETA1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18925
  • 06.28.52 - CVE: Not Available
  • Platform: Web Application
  • Title: PC_CookBook PCCookBook.PHP Remote File Include
  • Description: PC_CookBook is a web-based cookbook. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "mosConfig_absolute_path" parameter in the "pccookbook.php" script. PC_CookBook versions 0.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/439618
  • 06.28.53 - CVE: Not Available
  • Platform: Web Application
  • Title: SMF Forum SMF.PHP Remote File Include
  • Description: SMF Forum is a module for Mambo. SMF Forum is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter in the "smf.php" script. SMF Forum version 1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18924
  • 06.28.54 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB For Mambo Multiple Remote File Include Vulnerabilities
  • Description: phpBB for Mambo is a web-based bulletin. It is prone to multiple remote file include vulnerabilities due to improper sanitization of user-supplied input to the "phpbb_root_path" parameter of the "download.php" and "attach_rules.php" scripts. Versions 1.2.4-RC3 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/18914
  • 06.28.55 - CVE: CVE-2006-3528
  • Platform: Web Application
  • Title: MamboXChange SimpleBoard SBP Parameter Multiple Remote File Include Vulnerabilities
  • Description: MamboXChange SimpleBoard is a bulletin board. It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "sbp" parameter of the "index.php", "file_upload.php" and the "image_upload.php" scripts. SimpleBoard version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18917
  • 06.28.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Sabdrimer CMS Advanced1.PHP Remote File Include
  • Description: Sabdrimer CMS is a content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "pluginpath[0]" parameter in the "advanced1.php" script. Sabdrimer CMS version 2.2.4 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1996
  • 06.28.57 - CVE: Not Available
  • Platform: Web Application
  • Title: RW::Download Stats.PHP Remote File Include
  • Description: RW::Download is a download manager application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "root_path" parameter in the "stats.php" script. All versions of RW::Download are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/439524
  • 06.28.58 - CVE: CVE-2006-3556
  • Platform: Web Application
  • Title: ExtCalendar Remote File Include
  • Description: ExtCalendar is a web-based calendar implemented in PHP. It is prone to a remote file include vulnerability. Version 2.0 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/439451
  • 06.28.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Pivot Multiple Input Validation Vulnerabilities
  • Description: Pivot is a tool to create weblogs. It is affected by multiple remote file include and cross-site scripting issues due to insufficient sanitization of user-supplied data. Pivot version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/439495
  • 06.28.60 - CVE: Not Available
  • Platform: Web Application
  • Title: BosClassifieds InsPat Parameter Multiple Remote File Include Vulnerabilities
  • Description: BosClassifieds is a web-based classifieds advertisement system. It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "insPath" parameter of the following scripts: "index.php", "recent.php", "account.php", "classified.php" and "search.php". All versions of BosClassifieds are affected.
  • Ref: http://www.securityfocus.com/bid/18883
  • 06.28.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo Multiple Input Validation Vulnerabilities
  • Description: Papoo is a web-based content management application. Papoo is prone to multiple input validation vulnerabilities in various scripts. Papoo versions 2.1.2, 2.1.5 and 3.00 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/439518
  • 06.28.62 - CVE: Not Available
  • Platform: Web Application
  • Title: ATutor Multiple Input Validation Vulnerabilities
  • Description: ATutor is an online teaching application. It is affected by multiple SQL injection and cross-scripting issues due to insufficient sanitization of user-supplied input. ATutor version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/439522
  • 06.28.63 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Multiple HTML Injection
  • Description: phpBB is a bulletin-board system. It is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of user-supplied input in various fields of the "Management" and "Create a theme" portions of the application. phpBB version 2.0.21 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18931
  • 06.28.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Multiple Input Validation Vulnerabilities
  • Description: Phorum is a web-based message board application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting and SQL injection issues. Phorum version 5.1.14 is affected.
  • Ref: http://www.securityfocus.com/bid/18941
  • 06.28.65 - CVE: CVE-2006-3568
  • Platform: Web Application
  • Title: Fantastic GuestBook GuestBook.PHP HTML Injection Vulnerabilities
  • Description: Fantastic GuestBook is a web-based guestbook. Fantastic GuestBook is exposed to multiple HTML injection issues due to insufficient sanitization of user-supplied input to the "firstname", "lastname" and "nickname" input boxes of the "guestbook.php" script. Fantastic GuestBook version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18942
  • 06.28.66 - CVE: Not Available
  • Platform: Web Application
  • Title: FlexWatch AIndex.ASP Authorization Bypass
  • Description: FlexWatch is a web-based surveillance system implemented in ASP. FlexWatch is prone to an authorization bypass vulnerability. The problem is due to the way the application uses predictable cookie data as part of the authorization mechanism for validating script downloads. Versions 3.0 and prior are affected.
  • Ref: http://www.securityfocus.com/archive/1/439648
  • 06.28.67 - CVE: CVE-2006-0759, CVE-2006-0758, CVE-2006-0757
  • Platform: Web Application
  • Title: HiveMail Multiple Input Validation Vulnerabilities
  • Description: HiveMail is a web-based message board application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. HiveMail versions 1.3 and earlier are vulnerable.
  • Ref: http://pridels.blogspot.com/2006/07/hivemail-vuln.html
  • 06.28.68 - CVE: CVE-2005-1716
  • Platform: Web Application
  • Title: EJ3 Topo Index.PHP Unauthorized Access
  • Description: EJ3 Topo is a web-based top system application. It is vulnerable to an unauthorized access issue due to insufficient sanitization of user-supplied input to the "ID" parameter of the "index.php" script. EJ3 Topo versions 2.2.178 and earlier are vulnerable. Ref: http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html
  • 06.28.69 - CVE: Not Available
  • Platform: Web Application
  • Title: FatWire Content Server Authentication Bypass
  • Description: FatWire Content Server is a portal-based content management system. It is prone to an authentication bypass vulnerability because it fails to properly ensure that remote web-based users are properly authenticated. FatWire Content Server version 5.5 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/18958
  • 06.28.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Ottoman Multiple Remote File Include Vulnerabilities
  • Description: Ottoman is a web-based content management system. It is affected by multiple remote file include issues due to insufficient sanitization of user-supplied input. Ottoman version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/18962
  • 06.28.71 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Event Calendar Calendar.PHP Remote File Include
  • Description: PHP Event Calendar is an event scheduler and news archive application implemented in PHP. The application is prone to a remote file include vulnerability. PHP Event Calendar 1.4 is vulnerable.
  • Ref: http://www.solpotcrew.org/adv/solpot-adv-01.txt
  • 06.28.72 - CVE: Not Available
  • Platform: Web Application
  • Title: FlatNuke Index.php Remote File Include
  • Description: FlatNuke is a content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "mod" parameter in the "index.php" script. FlatNuke versions 2.5.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/439975
  • 06.28.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Forum 5 PM.PHP Local File Include
  • Description: Forum 5 is a web forum application. It is prone to a local file include vulnerability due to insufficient sanitization of user-supplied input to the "GLOBALS [template]" parameter of the "pm.php" script. Phorum versions 5.1.14 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/439976
  • 06.28.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Koobi Pro Multiple Input Validation Vulnerabilities
  • Description: Koobi Pro is a web-based message board. It is prone to multiple input validation vulnerabilities due to improper sanitization of user-supplied input to the "showtopic" parameter of the "index.php" script. Koobi Pro version 5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/18970
  • 06.28.75 - CVE: Not Available
  • Platform: Network Device
  • Title: Juniper Networks JUNOS IPv6 Packet Processing Remote Denial of Service
  • Description: Juniper Networks JUNOS is prone to a remote denial of service vulnerability that arises when the application is flooded with specially crafted IPv6 packets. All versions of JUNOS built prior to May 10, 2006 running on M-series, T-series, and J-series routers are vulnerable. Ref: http://www.juniper.net/support/security/alerts/EXT-PSN-2006-06-017.txt
  • 06.28.76 - CVE: Not Available
  • Platform: Network Device
  • Title: Juniper Networks DX Web Login HTML Injection
  • Description: Juniper Networks DX is a data center acceleration system for web enabled and IP based business applications. It is affected by an HTML injection issue in the "username" input boxes of the login page. Juniper Networks DX version 5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/439758
  • 06.28.77 - CVE: Not Available
  • Platform: Network Device
  • Title: Finjan Appliance Plaintext Password Storage Information Disclosure
  • Description: Finjan Appliance is a web security solution. It is prone to an information disclosure vulnerability because the device stores username and password pairs in plaintext in "ps_fdb.bak" of the "backup_YYYY_MM_DD_hh_mm_ss.tar" file.
  • Ref: http://www.securityfocus.com/bid/18940
  • 06.28.78 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Unified CallManager Multiple Remote Vulnerabilities
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. It is affected by arbitrary command execution and arbitrary file overwrite issues. Please refer to the referenced advisory for details.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
  • 06.28.79 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Router Web Setup (CRWS) Authentication Bypass
  • Description: Cisco Router Web Setup (CRWS) is a web-based administrative interface for configuring Cisco routers. It is prone to an authentication bypass vulnerability because it fails to properly sanitize user input. Remote attackers are able to gain administrative access to affected routers. CRWS versions 3.0.0b21 and earlier are reported to be vulnerable. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0bc3.shtml#details
  • 06.28.80 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Intrusion Prevention System Malformed Packet Denial Of Service
  • Description: Cisco Intrusion Prevention System (IPS/IDS) is a family of devices that provide threat prevention services. It is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle malformed IP packets. See the advisory for further details. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0bc7.shtml
  • 06.28.81 - CVE: Not Available
  • Platform: Hardware
  • Title: Network Appliance Data ONTAP Security Restriction Bypass
  • Description: The Network Appliance Data ONTAP operating system is used in conjunction with IBM storage devices. It is exposed to a issue that may permit attackers to bypass security restrictions, and execute SNMP-related commands, with the possibility of gaining access to sensitive information. Data ONTAP Versions prior to 7.1.1 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18951
  • 06.28.82 - CVE: Not Available
  • Platform: Hardware
  • Title: PerForms Performs.PHP Remote File Include
  • Description: PerForms is a Joomla component to create dynamic forms. It is prone to a remote file include issue due to insufficient sanitization of user-supplied input to the "mosConfig_absolute_path" variable of the "performs.php" script. PerForms version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/439997

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

SANS provides the best education you will ever find.
-Mike Gauthier, Heartland Business Systems

AMEX gift card with Mentor class

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU