Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 3
January 27, 2006

SANS Newsletters Home

Important vulnerabilities were discovered last week for anti-virus product F-Secure (#1), back-up product EMC Legato (#2), Cisco Call Manager (#4) and AOL's You've Got Pictures Active X control (#3). Overall more than 85 new vulnerabilities were reported, but if all of Oracle's vulnerabilities patched last week (#5) were counted, that number would have nearly doubled. Users of Vertitas Netbackup should verify that the patches were installed, as exploits for VolumeManager daemon (vmd) (#7) have been found, and Internet Storm Center is reporting widespread scanning of the vmd port.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 8 (#3, #4)
    • Linux
    • 5
    • HP-UX
    • 1
    • BSD
    • 1
    • Solaris
    • 1
    • Unix
    • 3
    • Cross Platform
    • 20 (#1, #2, #5, #8)
    • Web Application
    • 41
    • Network Device
    • 5 (#6, #7)
    • Hardware
    • 1

****************** Sponsored by SANS Onsite Training ********************

SANS TRAINING! YOUR LOCATION & SCHEDULE! LOWER COST!

For organizations that need to train a large number of students, OnSite Information Security Training can deliver all the SANS courses to any location. You can save your travel budget and reduce your total cost more than 50%! Contact us at onsite@sans.org for more information.

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
BSD
Solaris
Unix
Cross Platform
Web Application
Network Device
Hardware

*************************** Sponsored Links: ****************************

1) New eBook on Information Theft Prevention provides the latest advice & best practices around information security. Learn more. http://www.sans.org/info.php?id=993

2) Free SANS WhatWorks Webcast "WhatWorks in Penetration Testing: Improving System Health with Care New England" Wednesday, January 25 at 1:00 PM EST (1800 UTC/GMT) http://www.sans.org/info.php?id=994

3) Save Time! SANS WhatWorks case studies and webcasts showcase real user interviews that illustrate effective internet security technologies. http://www.sans.org/info.php?id=995

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: F-Secure Anti-virus ZIP Processing Overflow
  • Affected:
    • F-Secure Anti-virus for desktops as well as gateway systems

  • Description: F-Secure Anti-virus software deployed on client as well as gateway systems contains a buffer overflow in processing specially crafted zip archives. The overflow may be exploited to execute arbitrary code to completely compromise the system running the AV software. In addition, the software also contains a vulnerability in processing zip and rar archives that can be exploited to bypass scanning of these archives containing malware. The technical details required to craft such malicious archives have not been posted yet.

  • Status: F-Secure has released hotfixes for its entire product line. Gateway systems should be patched on a priority basis.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (3) HIGH: AOL You've Got Pictures ActiveX Control Overflow
  • Affected:
    • AOL versions 8.0, 8.0 Plus, 9.0 Classic

  • Description: AOL You've Got Pictures service provides sharing, printing, organizing and storing photos for AOL members. The Picture Finder Tool ActiveX control installed by this program contains a buffer overflow that can be exploited by a malicious webpage to execute arbitrary code on an AOL user's system. No technical details regarding how to trigger the overflow have been publicly posted.

  • Status: Upgrade to AOL 9.0 Optimized or AOL 9.0 Security Edition. AOL has also released a hot fix. AOL automatically patched a number of user systems beginning October 2005, and commented that the vulnerability may not be as widespread at this time.

  • Council Site Actions: All of the responding council sites are currently blocking AOL traffic at their network perimeters and they also restrict ActiveX controls. Thus they felt no action was necessary.

  • References:
  • (4) HIGH: Cisco Call Manager Multiple DoS Vulnerabilities
  • Affected:
    • Cisco CallManager version 3.2 and prior
    • Cisco CallManager versions 3.3.x prior to 3.3(5)SR1a
    • Cisco CallManager versions 4.0.x prior to 4.0(2a)SR2c
    • Cisco CallManager versions 4.1.x prior to 4.1(3)SR2

  • Description: Cisco Call Manager, which runs on Windows platform, is the main server in a Cisco enterprise VoIP deployment. The Call Manager is responsible for the call processing and routing functions. The Call Manager contains the following vulnerabilities: (a) Opening a large number of TCP connections to the port 2000/tcp causes the Call Manager to consume memory and CPU resources resulting in a DoS condition. (b) Opening a large numbers of TCP connections to ports 2001/tcp, 2002/tcp or 7727/tcp disrupts the Call Manager and Windows Services Manager interaction that results in restarting the Call Manager. Note that these vulnerabilities are easy to exploit and causing a denial-of-service to Call Manager may result in loss of phone service in an enterprise.

  • Status: Cisco has released fixed versions of Call Manager for all the affected versions that fix the DoS as well as privilege escalation vulnerabilities. Customers using Call Manager should upgrade immediately.

  • References:
Other Software
  • (7) MODERATE: 3Com TippingPoint IPS Denial of Service
  • Affected:
    • TippingPoint OS version 2.1.3.6323 and prior
    • TippingPoint OS version 2.2.0.6504 and prior

  • Description: TippingPoint IPS contains a vulnerability that can be triggered by a specially crafted HTTP session containing a negative content length header. The flaw results in a high CPU utilization that may result in a denial of service. Note that TippingPoint IPS has been shipping with a filter to block the negative content length HTTP header anomaly in its "Recommended" settings. Hence, only HTTP flows crafted in a certain fashion with negative content length can trigger this flaw.

  • Status: TippingPoint released a fix for its customers within 5 hrs after the problem was discovered at a few customer locations. Customers including the unaffected ones should upgrade to the fixed releases of the TOS - 2.1.4.6324 and 2.2.1.6506. These versions can be downloaded from the TippingPoint Threat Management Center.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
  • (8) Veritas Netbackup Shared Library Overflow

  • Description: Exploit code has been released for Veritas Netbackup shared library overflow vulnerability that was announced in November 2005. Specifically the exploit code targets the Volume Manager daemon (vmd) that listens on port 13701/tcp. Widespread scanning of that port has been observed by the SANS Internet Security Center. Block the TCP ports used by Veritas backup software as indicated in the previous @RISK newsletter.

  • Council Site Actions: Only one of the responding council sites is currently using the affected software. They plan to install the patch during their next regularly scheduled system update.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4808 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.3.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service
  • Description: Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to properly parse certain specially crafted IMG element in a malformed XML block. A null pointer dereference condition arises and causes the application to crash.
  • Ref: http://www.securityfocus.com/bid/16240
  • 06.3.2 - CVE: CVE-2006-0212
  • Platform: Third Party Windows Apps
  • Title: Toshiba Bluetooth Stack File Upload Directory Traversal
  • Description: Toshiba Bluetooth Stack is bluetooth software. It is vulnerable to a directory traversal issue in the OBEX Push services. Toshiba Bluetooth Stack versions 4.0.11 and earlier are vulnerable.
  • Ref: http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
  • 06.3.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Helmsman HomeFtp Remote Denial of Service
  • Description: Helmsman HomeFtp is an FTP server for Microsoft Windows. It is prone to a remote denial of service vulnerability. Successful authentication is required to exploit this issue. The issues manifests when a "NLST" command is sent to the FTP service without a required "PORT" or "PASV" command proceeding it. Helmsman HomeFTP version 1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16238
  • 06.3.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow
  • Description: AmbiCom Blue Neighbors is Bluetooth software for Microsoft Windows platforms. It is vulnerable to a buffer overflow issue due to a failure of the software to properly check user-supplied data prior to copying it to an insufficiently sized memory buffer. AmbiCom Blue Neighbors version 2.50 build 2500 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16258/info
  • 06.3.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL You've Got Pictures ActiveX Control Buffer Overflow
  • Description: AOL You've Got Pictures is a digital photography application. Insufficient sanitization of user supplied data in the "YGPPicFinder.DLL" library exposes the application to a denial of service condition. It is possible to invoke the object from a malicious web page to trigger this condition. The affected ActiveX control was distributed in various versions of AOL Client Software, and on the You've Got Pictures Web site prior to 2004.
  • Ref: http://www.securityfocus.com/bid/16262
  • 06.3.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WehnTrust Path Specification Local Privilege Escalation
  • Description: Wehnus WehnTrust is a host-based intrusion prevention system. It is affected by an arbitrary file execution issue. The application adds a registry key to automatically start a service upon computer restarts without using properly quoted paths. Due to the lack of quoting "C:Program.exe" and other locations will be tried during the search for the intended executable. If one of the files exists, it will be executed with SYSTEM privileges. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16268
  • 06.3.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service
  • Description: Computer Associates Unicenter Remote Control (URC) application is used to remotely control Windows systems. DM Primer is a service that runs on client computers. Computer Associates Unicenter Remote Control DM Primer is prone to a denial of service vulnerability due to failure of the application to handle exceptional conditions in a proper manner. All versions of Unicenter Remote Control are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/16276/exploit
  • 06.3.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation
  • Description: Check Point VPN-1 SecureClient is a VPN client application. It is prone to a vulnerability that could allow an arbitrary file to be executed. The "SR_Watchdog.exe" process attempts to spawn the "SR_GUI.exe" process during startup without using properly quoted paths. Due to the lack of quoting, "C:Program.exe" and other locations will be tried during the search for the intended executable. If one of the files exists, it will be executed with elevated privileges inherited from "SR_Watchdog.exe". Check Point Software VPN-1 version 4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/422263
  • 06.3.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: F-Secure Multiple Archive Handling Vulnerabilities
  • Description: F-Secure is vulnerable to multiple issues when handling archives of various formats. These issues could allow a remote attacker to run arbitrary code in a vulnerable system. Please refer to the link below for a list of vulnerable versions.
  • Ref: http://www.f-secure.com/security/fsc-2006-1.shtml
  • 06.3.10 - CVE: CVE-2005-3356
  • Platform: Linux
  • Title: Linux Kernel mq_open System Call Unspecified Denial of Service
  • Description: Linux kernel is vulnerable to a local denial of service issue in the mq_open system call. Successful exploitation results in a system crash. This issue affects Linux kernel versions 2.6.9 and earlier.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0101.html
  • 06.3.11 - CVE: CVE-2005-4605
  • Platform: Linux
  • Title: Linux Kernel ProcFS Kernel Memory Disclosure
  • Description: The Linux kernel is vulnerable to a local memory disclosure issue due to the procfs code (proc_misc.c) that allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. Linux Kernel versions before 2.6.15 are vulnerable.
  • Ref: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00014.html
  • 06.3.12 - CVE: CVE-2006-0095
  • Platform: Linux
  • Title: Linux Kernel DM-Crypt Local Information Disclosure
  • Description: The Linux kernel contains support for a Device Mapper, which allows administrators to create logical block devices from existing devices. It is susceptible to a local information disclosure vulnerability due to a failure of the module to properly erase sensitive memory buffers prior to freeing the memory.This issue affects the Linux Kernel version series 2.6.
  • Ref: http://marc.theaimsgroup.com/?l=linux-kernel&m=113641114812886&w=2
  • 06.3.13 - CVE: CVE-2006-0096
  • Platform: Linux
  • Title: Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access
  • Description: The Linux kernel contains support for Sangoma S502/S508 series multi-protocol PC interface cards. These cards provide Frame Relay WAN networking support. The Linux kernel is susceptible to a local access validation vulnerability in the SDLA driver. For more information, please follow the reference link.
  • Ref: http://www.securityfocus.com/bid/16304
  • 06.3.14 - CVE: CVE-2005-2708
  • Platform: Linux
  • Title: Linux Kernel SEARCH_BINARY_HANDLER Local Denial of Service
  • Description: Linux kernel is vulnerable to a local denial of service issue because the "search_binary_handler" function of "exec.c" does not check a return code for a function call when virtual memory is low. Linux kernel 2.4 versions on 64-bit x86 architectures before 2.4.33-pre1 are vulnerable.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
  • 06.3.15 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX FTPD Remote Denial Of Service
  • Description: HP-UX ftpd is vulnerable to a remote denial of service issue. Unauthenticated attackers could exploit this issue to cause the FTP server to fail to respond. HP-UX version 11 releases 11.23 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/16316/info
  • 06.3.16 - CVE: CVE-2006-0226
  • Platform: BSD
  • Title: FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow
  • Description: FreeBSD is susceptible to a remote, kernel-level buffer overflow vulnerability due to improper bounds check on user-supplied network data. This issue is due to an integer overflow in the handling of corrupt 802.11 beacon or probe response frames and it occurs when scanning for existing wireless networks. The integer overflow results in a "memcpy()" operation copying attacker-supplied data past the end of an insufficiently sized kernel memory buffer. FreeBSD version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/16296
  • 06.3.17 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris LPSCHED Multiple Local Vulnerabilities
  • Description: Sun Solaris lpsched utility is used to start or restart the LP print service. It is affected by multiple local vulnerabilities. The vendor has reported that a local unprivileged attacker can exploit these issues to delete arbitrary files or disable the LP print service on a computer that is being used as a print server.
  • Ref: http://www.securityfocus.com/bid/16245
  • 06.3.18 - CVE: CVE-2005-4153
  • Platform: Unix
  • Title: GNU Mailman Large Date Data Denial of Service
  • Description: Mailman is software to help manage email discussion lists, much like Majordomo and SmartList. The application is exposed to a denial of service issue when it attempts to parse very large numbers of dates contained in email messages. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16248
  • 06.3.19 - CVE: CVE-2001-1494
  • Platform: Unix
  • Title: Util-Linux Script Command Arbitrary File Overwrite
  • Description: Util-linux is a software package that provides some implementations of standard UNIX utilities. It is affected by a issues that can allow local attackers to overwrite arbitrary files. The issue presents itself in the script command which is used to save terminal sessions. Util-linux versions 2.11n and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/16280
  • 06.3.20 - CVE: Not Available
  • Platform: Unix
  • Title: Ecartis PantoMIME Arbitrary Attachment Upload
  • Description: Ecartis is a mailing list manager. It is affected by an arbitrary attachment upload vulnerability. This issue presents itself when the PantoMIME functionality has been enabled. Ecartis can be configured to save email attachments that are sent to the "<$list>-request@<$hostname>" addresses to a web-accessible directory specified by the "pantomime-dir" variable. The problem arises because unauthorized users who are not subscribed to a mailing list can send email attachments that will be saved in the PantoMIME directory. Ecartis version 1.0.0 snapshot 20050909 is affetced.
  • Ref: http://www.securityfocus.com/bid/16317
  • 06.3.21 - CVE: CVE-2005-3340
  • Platform: Cross Platform
  • Title: Tux Paint Insecure Temporary File
  • Description: Tux Paint is a drawing application. It is reported that the "tuxpaint-import.sh" script creates temporary files in an insecure manner with unknown impact and attack vectors. Tux Paint versions 0.9.14 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/0193
  • 06.3.22 - CVE: CVE-2006-0044
  • Platform: Cross Platform
  • Title: Albatross Remote Arbitrary Code Execution
  • Description: Albatross is a toolkit for developing stateful CGI and Python Web applications. It is prone to an arbitrary code execution vulnerability because malicious user-supplied data may be insecurely used as part of a template. Albatross version 1.20 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16252
  • 06.3.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CounterPath eyeBeam SIP Header Data Remote Buffer Overflow
  • Description: CounterPath eyeBeam is a commercial SIP (Session Initiation Protocol) VOIP phone. It is affected by a denial of serivce issue. When SIP packets with header data with names of more than approximately 100 bytes are included in SIP packets, an internal memory buffer overrun causing the issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16248
  • 06.3.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 123 Flash Chat Server Arbitrary Remote File Creation
  • Description: 123Flash Chat server is a commercial real-time chat product implemented in Java. It is susceptible to an arbitrary remote file creation vulnerability due to insufficient sanitization of user-supplied input to the the username and password fields when creating new users. 123 Flash Chat server versions 5.0 and 5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/16235
  • 06.3.25 - CVE: CVE-2006-0315
  • Platform: Cross Platform
  • Title: EZDatabase Index.PHP Cross-Site Scripting
  • Description: EZDatabase is a database creation application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "p" parameter of the "index.php" script. EZDatabase versions 2.1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422071
  • 06.3.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GRSecurity Elevated Service Privileges Weakness
  • Description: The GRSecurity Linux Kernel patch is a source-code patch developed and maintained by the GRSecurity development team. It is vulnerable to a privilege escalation vulnerability due to a failure of the kernel to properly drop administrative roles. Please visit the reference link for more information of this vulnerability and the vulnerable versions.
  • Ref: http://www.securityfocus.com/bid/16261
  • 06.3.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache Geronimo Multiple Input Validation Vulnerabilities
  • Description: Apache Geronimo is the J2EE server project of the Apache Software Foundation. It is prone to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input. As a result HTML injection and cross-site scripting attacks are possible. Apache Geronimo version 1.0 is vulnerable.
  • Ref: http://www.oliverkarow.de/research/geronimo_css.txt
  • 06.3.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CMU SNMP SNMPTRAPD Daemon Remote Format String
  • Description: CMU SNMP a popular implementation of Simple Network Management Protocol. A remote format string vulnerability affects the CMU SNMP's snmptrapd daemon due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function. All current versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422086
  • 06.3.29 - CVE: CVE-2006-0246
  • Platform: Cross Platform
  • Title: Widexl Download Tracker Down.PL Cross-Site Scripting
  • Description: Download Tracker is a download management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "down.pl" script. Download Tracker version 1.06 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16265
  • 06.3.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Thunderbird File Attachment Spoofing
  • Description: Mozilla Thunderbird is an email client. It is affected by a file attachment spoofing issue which presents itself when an attacker crafts a malicious email attachment with a long filename containing white spaces and a "Content-Type" header that does not match the file's extension. Thunderbird versions prior to 1.5 are affected.
  • Ref: http://www.securityfocus.com/bid/16271
  • 06.3.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EMC Legato Networker Multiple Remote Vulnerabilities
  • Description: EMC Legato Networker is a server package designed to help share data, media and backup processes across a heterogeneous network. It is affected by multiple remote vulnerabilities. Version 7.2.1 of Legato Networker is vulnerable to these issues.
  • Ref: http://www.legato.com/support/websupport/product_alerts/011606_NW.htm
  • 06.3.32 - CVE: CVE-2006-0313
  • Platform: Cross Platform
  • Title: PDFDirectory Unspecified SQL Injection
  • Description: PDFdirectory is an application for storing group information then converting it to the PDF file format. It is vulnerable to an unspecified SQL injection issue due to insufficient sanitization of user-supplied input. PDFdirectory versions 0.2.11 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/16273
  • 06.3.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle January Security Update Multiple Vulnerabilities
  • Description: Oracle has released a Critical Patch Update advisory for January 2006 to address multiple vulnerabilities in various Oracle products. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
  • 06.3.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco IOS HTTP Service CDP Status Page HTML Injection
  • Description: Cisco IOS includes an HTTP service that provides router management services. It is reportedly prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied data. Cisco IOS version 11.2(8.11)SA6 is vulnerable, however, other versions of IOS 11 are likely affected as well.
  • Ref: http://www.idefense.com/intelligence/vulnerabilities/display.php? id=372 http://www.securityfocus.com/archive/1/422433
  • 06.3.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco CallManager CCMAdmin Remote Privilege Escalation
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. It is affected by a remote privilege escalation issue due to a failure of the application to properly enforce access controls. It is exploitable when Multi Level Administration is enabled and users are granted read-only administrative access via the CCMAdmin Web interface. Please see attached advisory for a list of affected versions.
  • Ref: http://www.securityfocus.com/bid/16282
  • 06.3.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
  • Description: Oracle 10g is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied data. Oracle 10g Release 1 and earlier versions are reported to be vulnerable.
  • Ref: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
  • 06.3.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco CallManager Multiple Remote Denial of Service Vulnerabilities
  • Description: Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. It is susceptible to multiple remote denial of service vulnerabilities. CallManager does not properly handle multiple connections correctly on TCP port 2000 which can ultimately lead to memory and CPU resources being consumed. It also has an issue with multiple connections to TCP ports 2001, 2002 and 7727 that can fill up the Windows message queue. This can prevent CallManager from communicating with Windows Service Manager ultimately causing CallManager to restart.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml
  • 06.3.38 - CVE: CVE-2006-0304
  • Platform: Cross Platform
  • Title: Dual DHCP DNS Server DHCP Options Remote Buffer Overflow
  • Description: Dual DHCP DNS Server is vulnerable to a remote buffer overflow issue due to insufficient boundary checks when handling excessive data through the DHCP options field. Dual DHCP DNS Server 1.0 is reported to be vulnerable.
  • Ref: http://aluigi.altervista.org/adv/dualsbof-adv.txt
  • 06.3.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BitComet Torrent File Handling Remote Buffer Overflow
  • Description: BitComet is a BitTorrent client for Windows platforms. It is prone to a buffer overflow vulnerability due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. BitComet version 0.60 is reported to be vulnerable; other versions may be affected as well.
  • Ref: http://www.securityfocus.com/archive/1/422361
  • 06.3.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities
  • Description: Kerio WinRoute Firewall is an enterprise level firewall that is also capable of proxying networks. It is prone to multiple denial of service vulnerabilities due to an improper sanitization of user-supplied input. Please follow the reference link for more information.
  • Ref: http://www.securityfocus.com/bid/16314/info
  • 06.3.41 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultimate Auction Item.PL Cross-Site Scripting
  • Description: Ultimate Auction is an online web auction application. Insufficient sanitization of the "item" parameter in the "item.pl" script exposes this issue. Ultimate Auction version 3.67 is affetced.
  • Ref: http://www.securityfocus.com/bid/16239
  • 06.3.42 - CVE: CVE-2006-0238
  • Platform: Web Application
  • Title: WP-Stats Author Parameter SQL Injection
  • Description: WP-Stats is a plug-in for WordPress to display statistical information. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "author" parameter of the "wp-stats.php" script. WP-Stats version 2.0 is vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/0192
  • 06.3.43 - CVE: Not Available
  • Platform: Web Application
  • Title: Benders Calendar Multiple SQL Injection Vulnerabilities
  • Description: Benders Calendar is a web calendar application. It is vulnerable to multiple SQL injection issues due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Benders Calendar version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422052
  • 06.3.44 - CVE: CVE-2006-0320
  • Platform: Web Application
  • Title: Bit 5 Blog Index.PHP SQL Injection
  • Description: Bit 5 Blog is a web blog application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "username" and "password" parameters of the "admin/index.php" script. Bit 5 Blog version 8.1 is vulnerable.
  • Ref: http://evuln.com/vulns/31/summary.html
  • 06.3.45 - CVE: CVE-2006-0240,CVE-2006-0239
  • Platform: Web Application
  • Title: 8Pixel.net SimpleBlog Multiple Input Validation Vulnerabilities
  • Description: SimpleBlog is a Web blog application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to parameters such as "view" and "comment". SimpleBlog 2.1 from 8pixel.net is vulnerable.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=21926
  • 06.3.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Bit 5 Blog AddComment.PHP HTML Injection
  • Description: Bit 5 Blog is a web blog application. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "comment" field of the "addcomment.php" script before using it in dynamically generated content. Bit 5 Blog version 8.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16246/exploit
  • 06.3.47 - CVE: Not Available
  • Platform: Web Application
  • Title: geoBlog ViewCat.PHP SQL Injection
  • Description: geoBlog is a web blog application implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "cat" parameter of the "viewcat.php" script. geoBlog version MOD_1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/16249
  • 06.3.48 - CVE: Not Available
  • Platform: Web Application
  • Title: Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
  • Description: Faq-O-Matic is a web-based frequently asked questions (faq) management application. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the "_duration", "file" and "cmd" parameters of the "fom.cgi" script. FAQ-O-Matic version 2.711 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16251/info
  • 06.3.49 - CVE: CVE-2006-0235
  • Platform: Web Application
  • Title: White Album Pictures.PHP SQL Injection
  • Description: White Album is a web-based photo album application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "dir" parameter of the "pictures.php" script. White Album version 2.5 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422105
  • 06.3.50 - CVE: Not Available
  • Platform: Web Application
  • Title: GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
  • Description: GTP iCommerce is used to create and manage ecommerce web sites. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "cat" and "subcat" parameters of "index.php".
  • Ref: http://www.securityfocus.com/bid/16255/exploit
  • 06.3.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultimate Auction ItemList.PL Cross-Site Scripting
  • Description: Ultimate Auction is an online web auction application. Insufficient sanitization of the "category" parameter in the "itemlist.pl" script exposes the application to a cross-site scripting issue. Ultimate Auction version 3.67 is affected.
  • Ref: http://www.securityfocus.com/bid/16254
  • 06.3.52 - CVE: CVE-2006-0205
  • Platform: Web Application
  • Title: Wordcircle Multiple Input Validation Vulnerabilities
  • Description: Wordcircle is a web-based education course management application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "v_login.php" script and other unspecified parameters. Wordcircle version 2.17 is vulnerable.
  • Ref: http://evuln.com/vulns/28/summary.html
  • 06.3.53 - CVE: Not Available
  • Platform: Web Application
  • Title: Light Weight Calendar Index.PHP Remote Command Execution
  • Description: Light Weight Calendar is a calendar application. It is prone to a remote command execution vulnerability due to improper sanitization of user-supplied input. The problem presents itself when attacker-supplied data to the "stam" parameter of the "index.php" script is not properly sanitized before being used in an "eval()" call. Light Weight Calendar version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/16229/exploit
  • 06.3.54 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Usercp.PHP SQL Injection
  • Description: MyBB is a bulletin board application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "threadmode" parameter of the "usercp.php" script before using it in an SQL query. MyBB version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/421913
  • 06.3.55 - CVE: Not Available
  • Platform: Web Application
  • Title: DDSN Interactive CM3CMS Admin Panel Index.ASP SQL Injection
  • Description: DDSN cm3 CMS is affected by an SQL injection issue. Insufficient sanitization of the "Username" field in the application's administrative interface login page exposes this issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16231
  • 06.3.56 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP Portal Multiple Input Validation Vulnerabilities
  • Description: DCP Portal is a web portal application. It is vulnerable to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input. All current versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/421914
  • 06.3.57 - CVE: CVE-2006-0211
  • Platform: Web Application
  • Title: Web Host Automation Ltd. Helm Cross-Site Scripting
  • Description: Helm from Web Host Automation Ltd. is a server management and hosting control application. It is vulnerable to a cross-site scripting issue is due to insufficient sanitization of user-supplied input to the "txtEmailAddress" parameter of the "forgotPassword.asp" script. Helm version 3.2.8 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/421791
  • 06.3.58 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Template Seller Pro Fullview.PHP Cross-Site Scripting
  • Description: Template Seller Pro is web site template sales application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "tempid" parameter of the "fullview.php" script.
  • Ref: http://www.securityfocus.com/bid/16233/exploit
  • 06.3.59 - CVE: Not Available
  • Platform: Web Application
  • Title: EZDatabaseRemote PHP Script Code Execution
  • Description: EZDatabase is a web application. EZDatabase is prone to a remote PHP script code execution vulnerability due to insufficient input sanitization of the "db_id" URI parameter of the "visitorupload.php" script. EZDatabase version 2.0 is vulnerable to these issues; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/16237/exploit
  • 06.3.60 - CVE: CVE-2006-0245
  • Platform: Web Application
  • Title: CubeCart Multiple Cross-Site Scripting Vulnerabilities
  • Description: CubeCart is an eCommerce script. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "index.php" script. CubeCart version 3.0.7-pl1 is vulnerable.
  • Ref: http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
  • 06.3.61 - CVE: Not Available
  • Platform: Web Application
  • Title: phpXplorer Workspaces.PHP Directory Traversal
  • Description: phpXplorer is a web based file viewer. Insufficient sanitization of the "../" sequence exposes the application to a directory traversal issue. phpXplorer version 0.9.33 is affected.
  • Ref: http://www.securityfocus.com/bid/16263
  • 06.3.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Netbula Anyboard Anyboard.CGI Cross-Site Scripting
  • Description: Anyboard is a Web collaboration application written in Perl. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "tk" parameter of the "anyboard.cgi" script. Netbula Anyboard version 9.9.56 is affected.
  • Ref: http://www.securityfocus.com/bid/16264
  • 06.3.63 - CVE: Not Available
  • Platform: Web Application
  • Title: RedKernel Referrer Tracker Rkrt_stats.PHP Cross-Site Scripting
  • Description: Referrer Tracker is a sales referral application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "rkrt_stats.php" script. Referrer Tracker version 1.1.0-3 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/16266/exploit
  • 06.3.64 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogPHP Index.PHP SQL Injection
  • Description: BlogPHP is Web blog software implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "username" parameter of the "index.php" script. BlogPHP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/16269
  • 06.3.65 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Fusebox Index.PHP Cross-Site Scripting
  • Description: PHP Fusebox is a framework for building ColdFusion and PHP Web sites. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "fuseaction" parameter of the "index.php" script. PHP Fusebox version 4.0.6 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422124
  • 06.3.66 - CVE: CVE-2006-0241
  • Platform: Web Application
  • Title: WebMobo WBNews Cross-Site Scripting
  • Description: WBNews is a web-based news application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "Name" field of the "comments.php" script. WebMobo WBNews versions 1.1.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422133
  • 06.3.67 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerPortal Multiple Cross-Site Scripting Vulnerabilities
  • Description: PowerPortal is a web portal application. Insufficient sanitization of the "search" parameter in the "search.php" and "index.php" scripts exposes the application to multiple cross-site scripting issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16317
  • 06.3.68 - CVE: Not Available
  • Platform: Web Application
  • Title: SMBCMS Local Site Search Cross-Site Scripting
  • Description: SMBCMS is a content management application written in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "text" parameter of the "Search" function. SMBCMS version 2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16281
  • 06.3.69 - CVE: Not Available
  • Platform: Web Application
  • Title: AOblogger Multiple Input Validation Vulnerabilities
  • Description: AOblogger is a web log application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input. AOblogger version 2.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422269
  • 06.3.70 - CVE: Not Available
  • Platform: Web Application
  • Title: HTMLtoNuke HTMLtonuke.PHP Remote File Include
  • Description: HTMLtoNuke is an application designed to display HTML pages on a PHPNuke Web site. Insufficient sanitization of the "filnav" parameter of the "phptonuke.php" script exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/16282
  • 06.3.71 - CVE: Not Available
  • Platform: Web Application
  • Title: phpXplorer Action.PHP Directory Traversal
  • Description: phpXplorer is a web-based file viewer. It is vulnerable to a directory traversal issue is due to insufficient sanitization of user-supplied input to the "sAction" parameter of the "action.php" script. phpXplorer version 0.9.33 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422434
  • 06.3.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Phpclanwebsite BBCode IMG Tag Script Injection
  • Description: Phpclanwebsite is a content management application written in PHP. It is prone to a script injection vulnerability due to insufficient sanitization of user-supplied input to the BBCode IMG tags. Phpclanwebsite version 1.23.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/16300
  • 06.3.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Douran FollowWeb Portal Register.ASPX Cross-Site Scripting
  • Description: FollowWeb is a web portal application. It is vulnerable to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "username" parameter of the "register.aspx" script. All current versions of FollowWeb are vulnerable.
  • Ref: http://www.securityfocus.com/bid/16302/info
  • 06.3.74 - CVE: Not Available
  • Platform: Web Application
  • Title: SaralBlog Multiple Input Validation Vulnerabilities
  • Description: Saralblog is a Web blog application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to the "website" parameter of the "view.php" script. Saralblog version 1.0 is vulnerable.
  • Ref: http://evuln.com/vulns/40/summary.html
  • 06.3.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Eggblog Multiple Input Validation Vulnerabilities
  • Description: Eggblog is a web blog application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input. Eggblog version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16305/info
  • 06.3.76 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Signature HTML Injection
  • Description: MyBB is a forum application written in PHP. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "Signature" field of the application. MyBB version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/16308
  • 06.3.77 - CVE: CVE-2005-4652
  • Platform: Web Application
  • Title: PHlyMail Multiple Input Validation Vulnerabilities
  • Description: PHlyMail is a web-based email system. Insufficient sanitization of user supplied input exposes the application to multiple SQL injection and cross-site scripting issues. PHlyMail version 3.0.2.07 has been released to fix this issue.
  • Ref: http://www.securityfocus.com/bid/16310
  • 06.3.78 - CVE: Not Available
  • Platform: Web Application
  • Title: My Amazon Store Manager Cross-Site Scripting
  • Description: My Amazon Store Manager is an e-commerce application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "q" parameter of the "search.php" script. My Amazon Store Manager version 1.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/16312
  • 06.3.79 - CVE: Not Available
  • Platform: Web Application
  • Title: ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
  • Description: ELOG Web Logbook is a logbook application. It is vulnerable to multiple remote vulnerabilities that can allow remote attackers to execute arbitrary code and gain access to sensitive information. ELOG versions prior to 2.6.1 are vulnerable.
  • Ref: http://midas.psi.ch/elog/download/ChangeLog
  • 06.3.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Netrix X-Site Manager Product_Details.PHP Cross-Site Scripting
  • Description: X-Site Manager is a content management and e-commerce application written in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "product_id" parameter of the "product_details.php" script.
  • Ref: http://www.securityfocus.com/bid/16313
  • 06.3.81 - CVE: Not Available
  • Platform: Web Application
  • Title: WebspotBlogging Login.PHP SQL Injection
  • Description: WebspotBlogging is a web log application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "username" field of "login.php" before using it in an SQL query. WebspotBlogging version 3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/16319/exploit
  • 06.3.82 - CVE: Not Available
  • Platform: Network Device
  • Title: ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
  • Description: ACT P202S VOIP WIFI Phones provides Voice Over IP (VOIP) service through 802.11b wireless networks. It is vulenrable to multiple remote vulnerabilities. ACT P202S VOIP WIFI Phones running firmware version 1.01.21 are prone to these issues.
  • Ref: http://www.securityfocus.com/bid/16288
  • 06.3.83 - CVE: Not Available
  • Platform: Network Device
  • Title: MPM HP-180W VOIP WIFI Phone Information Disclosure
  • Description: The MPM HP-180W VOIP WIFI phone is a hardware device. It is prone to an information disclosure vulnerability. This device listens for connections on UDP port 9090. A remote attacker can connect to this port, at which time the device conveys the device's MAC address and software version. This information could be useful in further attacks including denial of service attacks. MPM HP-180W phones with firmware version WE.00.17 are vulnerable to this issue. Due to code reuse, other devices and versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/16285/discuss
  • 06.3.84 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com TippingPoint IPS Remote Unspecified Denial Of Service
  • Description: 3Com TippingPoint IPS (Intrusion Prevention System) is a range of commercial network security devices providing inline protection from certain network security threats. It is vulnerable to a remote denial of service issue. TippingPoint IPS TOS versions before 2.2.1.6506 and 2.1.4.6324 are vulnerable.
  • Ref: http://isc.sans.org/diary.php?storyid=1042
  • 06.3.85 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS SGBP Remote Denial of Service
  • Description: Cisco IOS includes support for Stack Group Bidding Protocol (SGBP) which allows devices participating in Multichassis Multilink PPP (MMP) to locate each other and negotiate for a connection termination point. Cisco IOS SGBP is prone to a remote denial of service vulnerability. The issue presents itself when a device handles a specially crafted UDP packet over port 9900. Please refer to the attached advisory for a list of vulnerable versions.
  • Ref: http://www.securityfocus.com/bid/16303
  • 06.3.86 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys BEFVP41 IP Options Remote Denial of Service
  • Description: Linksys BEFVP41 devices are cable/DSL broadband routers with an integrated 4-port Ethernet switch with IPSec VPN capabilities. They are susceptible to a remote denial of service vulnerability due to improper handling of unexpected network traffic. Linksys BEFVP41 versions 1.42.7, BEFVP41 1.40.4, BEFVP41 1.40.3f are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/422266
  • 06.3.87 - CVE: Not Available
  • Platform: Hardware
  • Title: Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access Vulnerability
  • Description: Clipcomm CPW-100E VOIP Phones provide Voice Over IP (VOIP) service through 802.11b wireless networks. They are vulnerable to an issue that allows remote attackers to gain access to potentially sensitive information and corrupt memory. Clipcomm CPW-100E Phones running firmware version 1.1.12 and CP-100E phones running firmware version 1.1.60 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/16289/info

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Just amazing content and instruction, it's really a 'must do' for any info sec professional.
-Mark Austin, PHH Mortgage

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County