Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 31
August 8, 2006

SANS Newsletters Home

Lots of late-breaking announcements ahead of tomorrow's big Microsoft vulnerability release. Most notable are multiple critical Apple Mac vulnerabilities, independent of the wireless discussion that affects nearly every wireless card, albeit in different ways. And a security product, CA eTrust AV has a critical vulnerability. These need to be fixed today if they haven't already been patched. Note also that nearly 120 new vulnerabilities were discovered this week - that's a 6,000 vulnerabilities per year rate of discovery. Well over half are in web applications.

Next week is the deadline for the big early registration discount for SANS Network Security program in Las Vegas (October 1-8). This national conference offers far more than the world's best hands-on, immersion training in all aspects of security (20 tracks). It also boasts a big exhibition of the most important products in computer security, numerous evening sessions on the latest advances in technology and policy, Stay Sharp sessions on new hacker techniques and a dozen other topics, and much more.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 4
    • Microsoft Office
    • 1
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 7 (#2, #7)
    • Mac Os
    • 2 (#1)
    • Linux
    • 3
    • Solaris
    • 2
    • Unix
    • 6
    • Novell
    • 1
    • Cross Platform
    • 18 (#3, #4, #6)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 48 (#5, #8, #9, #10)
    • Hardware
    • 2

****************************************************************

Errata: In the previous issue of the @RISK newsletter it was wrongly reported that the iPolicy Network Security Manager is vulnerable to the flaw discussed in item #4. This information was gathered directly from the then posted eIQNetworks security advisory.

References: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0700.html

****************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Hardware

Errata: In the previous issue of the @RISK newsletter it was wrongly reported that the iPolicy Network Security Manager is vulnerable to the flaw discussed in item #4. This information was gathered directly from the then posted eIQNetworks security advisory.

References: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0700.html

PART I Critical Vulnerabilities

Part I is compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Computer Associates eTrust AntiVirus WebScan Multiple Vulnerabilities
  • Affected: eTrust AntiVirus WebScan versions 1.1.0.1047 and prior.

  • Description: Computer Associates eTrust AntiVirus WebScan uses an ActiveX component that contains multiple remotely-exploitable vulnerabilities. By causing a user to visit a malicious web page that instantiates the component and instructs it to update the application, an attacker could execute arbitrary code with the privileges of the current user, or severely limit the protection afforded to the user by the antivirus engine. Two of the flaws are due to improper validation of the updated files list: files may be replaced by malicious versions (leading to remote code execution) or outdated versions (leading to limited protection). Additionally, an overly-long filename in the updated file list may lead to a buffer overflow and arbitrary code execution. Note that no user interaction beyond visiting a malicious web page is necessary for exploitation.

  • Status: Computer Associates confirmed, updates available.

  • References:
  • (3) HIGH: Multiple Vendor WiFi Card Driver Vulnerabilities
  • Affected: WiFi (802.11a/b/g) wireless cards from multiple vendors.

  • Description: Researchers have discovered flaws in several device drivers for various WiFi network cards that could be exploited to execute arbitrary code. By sending specially-crafted WiFi protocol traffic to a target machine, an attacker can take complete control of the vulnerable system. A proof-of-concept for a third-party WiFi card under Mac OS X was demonstrated recently at the Black Hat 2006 security conference. According to the initial disclosure, flaws were discovered in several other operating system/WiFi card combinations. Because these flaws exist at the device driver level, the target machine does not need to be associated to a wireless network; simply having an active WiFi card is sufficient for exploitation. The list of vulnerable card/operating system combinations is currently unknown.

  • Status: Intel has released updated Microsoft Windows drivers that apparently fix this issue. However, Intel did not specifically reference the initial Black Hat 2006 disclosure in the update documentation. It is unknown what if any other vendors are affected.

  • Council Site Actions: All responding council sites are investigating this issue. Most will deploy the updates very soon; the others are still investigating how they will remediate the issue.

  • References:
  • (4) MODERATE: Mozilla Firefox Unspecified Remote Code Execution
  • Affected: Mozilla Firefox version 1.5 and prior

  • Description: Mozilla Firefox reportedly contains a vulnerability that can be exploited to execute arbitrary code. The flaw, a race condition, arises from the browser's failure to properly validate multiple "CSS" attributes stacked across "SPAN HTML" tags. No technical details for this vulnerability have been publicly posted. A proof-of-concept creating a denial-of-service condition has been publicly posted to the TOR network (an anonymous routing network). A remote code execution proof-of-concept is available for a fee, though this is not confirmed to work.

  • Status: Firefox has not confirmed, no updates available.

  • Council Site Actions: Most of the responding council sites do not yet formally support Firefox. However many sites use it and they rely on the user population employing the Auto Update feature to keep the software up to date.

  • References:
  • (5) MODERATE: PHP Functions Multiple Vulnerabilities
  • Affected: PHP version 4.4.3 and prior.

  • Description: PHP, the popular web-centric programming language, contains several remotely-exploitable vulnerabilities. The exact nature of these flaws has not been publicly disclosed. Flaws have been reported in the wordwrap(), tempnam(), error_log(), substr_compare(), and phpinfo() functions as well as the code used to parse session names. Users of these functions, and users who allow arbitrary individuals to upload PHP scripts, are advised to upgrade immediately. Because PHP is open source software, technical details for these vulnerabilities can be easily obtained by analyzing the source code.

  • Status: PHP confirmed, updates available.

  • Council Site Actions: Only one of the responding council sites plans to address this issue -- their servers will be updated within the next week.

  • References:
  • (6) MODERATE: LibTIFF Library Multiple Vulnerabilities
  • Affected: LibTIFF version 3.8.2 and prior

  • Description: LibTIFF, a popular library for parsing TIFF images, is reported to contain multiple remotely-exploitable vulnerabilities. The TIFF image file format is popular in scientific imaging and high-end graphics applications. By causing a user to view a specially-crafted TIFF image file, an attacker could execute arbitrary code with the privileges of the current user. LibTIFF is installed by default on Mac OS X systems, and installed on the vast majority of Linux, Unix, and Unix-like systems. Some applications may also install LibTIFF on Microsoft Windows systems. Depending on system configuration, no user interaction beyond viewing a malicious web page or email message would be necessary for exploitation. Because LibTIFF is open source software, technical details for these vulnerabilities can be easily obtained by analyzing the source code.

  • Status: Updates are available from various Linux vendors.

  • Council Site Actions: Only two of the responding council sites plan to remediate this issue and both will deploy the updates during their next regularly scheduled system update process.

  • References:
  • (7) MODERATE: McAfee SecurityCenter Unspecified Remote Code Execution
  • Affected: McAfee SecurityCenter 4.3 - 6.0.22

  • Description: McAfee SecurityCenter, a comprehensive client security suite, contains an unspecified remote code execution vulnerability. By causing a user to click on a malicious URL, an attacker could execute arbitrary code with the privileges of the current user. No technical details for this vulnerability have been publicly posted.

  • Status: McAfee confirmed, updates available. McAfee has also made the fixed versions available via their live update servers.

  • References:
Other Software
  • (8) CRITICAL: TWiki Arbitrary Remote Command Execution
  • Affected: TWiki versions 4.0.0 through 4.0.4

  • Description: TWiki, a popular enterprise collaboration platform, contains a remote command-execution vulnerability. By sending a specially-crafted HTTP POST request to the TWiki "configure" script (installed by default as "/twiki/bin/configure"), an attacker can execute arbitrary commands with the privileges of the web server process. This flaw is due to a failure to sanitize calls to the Perl "system()" function. The TWiki security advisory includes technical details and a proof-of-concept for this vulnerability.

  • Status: TWiki confirmed, updates available. Users are advised to implement server-based access control on the configure script (through, for example ".htaccess" files on Apache) and to limit the IP addresses that can connect to the configuration interface.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (9) HIGH: Jetbox Multiple Vulnerabilities
  • Affected: Jetbox CMS version 2.1 SR1 and possibly prior

  • Description: Jetbox, a popular content management system, contains multiple remotely-exploitable vulnerabilities. These vulnerabilities include remote command execution with the privileges of the web server process, cross-site scripting, session hijacking, and information disclosure. The remote command execution vulnerability requires that the PHP "magic_quotes_gpc" configuration directive be disabled. It is enabled by default on recent versions of PHP. Technical details for these vulnerabilities are publicly available.

  • Status: Jetbox has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5104 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.31.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows SMB PIPE Remote Denial of Service
  • Description: Microsoft Windows is reportedly prone to a remote denial of service vulnerability. This issue is triggered with specially crafted SMB PIPE traffic that causes a NULL pointer dereference in the "srv.sys" server driver.
  • Ref: http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx
  • 06.31.2 - CVE: Not Available
  • Platform: Windows
  • Title: Windows Graphical Device Interface Plus Library Denial of Service
  • Description: The Microsoft Windows Graphical Device Interface (GDI+) is a library that provides two-dimensional vector graphics, imaging, and typography functionality to Microsoft Windows XP and Windows Server 2003. Its "gdiplus.dll" library is exposed to a denial of service vulnerability. The vulnerability exists when the affected library is invoked by an application to process a specifically malformed image file.
  • Ref: http://www.securityfocus.com/archive/1/441548
  • 06.31.3 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Routing and Remote Access Denial of Service
  • Description: Microsoft Windows Routing and Remote Access is prone to a denial of service vulnerability. This issue is reportedly due to a NULL pointer dereference error when handling maliciously designed RRAS requests.
  • Ref: http://www.securityfocus.com/bid/19300
  • 06.31.4 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft August Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification that the vendor will be releasing twelve security bulletins for Windows and Office on August 8, 2006. - - Ten bulletins for Microsoft Windows. The highest severity rating for these issues is Critical. - - Two bulletins for Microsoft Office. The highest severity rating for these issues is Critical.
  • Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx
  • 06.31.5 - CVE: CVE-2006-3656
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Unspecified Code Execution
  • Description: Microsoft PowerPoint is exposed to an unspecified code execution issue. This issue arises when a vulnerable user opens a malicious read-only PowerPoint file and closes it. Microsoft PowerPoint 2003 SP2 French Edition is reported to be is affected; other versions may also be affected. Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt
  • 06.31.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer Deleted Frame Object Denial of Service
  • Description: Microsoft Internet Explorer is affected by a denial of service issue which presents itself when the browser attempts to access a property of an object that is placed inside a deleted frame. All current versions are affected. Ref: http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html
  • 06.31.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of Service
  • Description: Internet Explorer is prone to a denial of service vulnerability. This issue occurs when the browser processes the "NextRecordset" method of the "ADODB.Recordset" object. An attacker can trigger this issue by calling the affected method with a long string. This can result in invalid memory access in the "SysFreeString" function.
  • Ref: http://www.securityfocus.com/bid/19227
  • 06.31.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Easy File Sharing FTP Server Pass Command Remote Buffer Overflow
  • Description: Easy File Sharing FTP Server is prone to a buffer overflow vulnerability. This issue is due to a failure to properly sanitize data submitted with the "PASS" command. Version 2.0 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19243
  • 06.31.9 - CVE: CVE-2006-3925
  • Platform: Third Party Windows Apps
  • Title: InterActual Player ITIRecorder.MicRecorder ActiveX Control Remote Buffer Overflow
  • Description: InterActual Player is a client application that plays DVD-ROM content. InterActual Player ITIRecorder.MicRecorder ActiveX control is prone to a buffer overflow vulnerability. The issue arises when a large string is passed to an argument of the "Files" method. This issue affects versions 2.60.12.0201 with IARECORD.DLL (1.07.11.0620).
  • Ref: http://www.securityfocus.com/bid/19205
  • 06.31.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lhaplus LHA Extended Header Handling Buffer Overflow
  • Description: Lhaplus is a file compression utility for the Windows platform. It is exposed to a buffer overflow issue in its LHA file parsing routine when processing LZH file types due to improper boundary checks while reading an LZH extended header in decompressing maliciously designed LZH archives. Lhaplus version 1.52 (Japanese) is affected.
  • Ref: http://vuln.sg/lhaplus152-en.html
  • 06.31.11 - CVE: CVE-2006-3457
  • Platform: Third Party Windows Apps
  • Title: Symantec On-Demand Protection Encrypted Data Information Disclosure
  • Description: Symantec On-Demand Agent (SODA) and On-Demand Protection (SODP) provide a virtual desktop environment to secure web-based applications and services. They are prone to a vulnerability that could disclose potentially sensitive information, as files encrypted and saved on the local hard drive may be decrypted via an alternative method. The Windows versions of SODA 2.5 MR2 (build 2156) and prior, as well as the Windows versions of SODP 2.6 (build 2232) and prior, are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19248
  • 06.31.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Simpliciti Locked Browser JavaScript Kiosk Security Bypass
  • Description: Simpliciti Locked Browser is a security product used to limit the functionality of kiosk-based web browser applications. Due to improper input sanitization, an attacker may use malicious Javascript code to "break out" of the security restrictions implemented by the application and start the Windows Task Manager. Version 0 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19304
  • 06.31.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PC Tools AntiVirus Local Privilege Escalation
  • Description: PC Tools AntiVirus is an antivirus application for Windows. It is prone to a local privilege escalation vulnerability. The application does not set secure default permissions on the "PC Tools AntiVirus" directory and other child objects. PC Tools AntiVirus 2.1.0.51 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19322
  • 06.31.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Fenestrae Faxination Server Unspecified Command Execution
  • Description: Fenestrae Faxination Server is a fax server designed for Microsoft Exchange. It is prone to a remote unspecified command-execution vulnerability by sending malicious network packets to a vulnerable server. Versions 6.0 and prior are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19328
  • 06.31.15 - CVE: CVE-2006-3372
  • Platform: Mac Os
  • Title: Safari KHTMLParser::popOneBlock Denial of Service
  • Description: Safari is a web browser for Mac OS X. It is vulnerable to a denial of service issue when the browser attempts to process script code to redefine the document body inside a "<DIV>" HTML tag. Ref: http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
  • 06.31.16 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is prone to multiple security issues. Please refer to the Apple advisory below for details.
  • Ref: http://docs.info.apple.com/article.html?artnum=304063
  • 06.31.17 - CVE: CVE-2006-3633
  • Platform: Linux
  • Title: OSSP Shiela Shell Command Execution
  • Description: OSSP Shiela is an access control and logging tool for CVS. The application is susceptible to a shell command-execution vulnerability. The application fails to properly sanitize user-supplied input before using it in a "system()" function call. Users who have the ability to commit files to the CVS system can exploit this issue by composing malicious CVE repository files, and then executing malicious CVE commands containing the "&amp;", ";" and "|" characters. This issue reportedly affects versions 1.1.5 and prior.
  • Ref: http://www.securityfocus.com/bid/19199
  • 06.31.18 - CVE: CVE-2006-2481, CVE-2005-3620
  • Platform: Linux
  • Title: VMware ESX Multiple Information Disclosure
  • Description: VMware ESX is a virtualization server. It is prone to multiple information disclosure vulnerabilities that are caused by design flaws with regard to handling sensitive information in session cookies, and in improper filesystem permissions. Versions prior to 2.5.2 P4 are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19249
  • 06.31.19 - CVE: CVE-2006-3122
  • Platform: Linux
  • Title: ISC Memory.C DHCP Server Denial of Service
  • Description: ISC DHCP server is exposed to a denial of service issue. This issue occurs when an automatic IP address is assigned to a system due to an improper boundary condition residing in the "supersede_lease()" function of the "memory.c" file. DHCP versions 2 and 3 are affected.
  • Ref: http://www.securityfocus.com/bid/19348
  • 06.31.20 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris N1 Grid Engine Multiple Local Vulnerabilities
  • Description: Sun N1 Grid Engine is part of the Solaris Enterprise System. N1 Grid Engine is exposed to multiple security issues. Please refer to the link below for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102322-1&amp;searchclause=
  • 06.31.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Fire T2000 Incorrect DSA Signature Verification
  • Description: Sun Fire T2000 is a server hardware platform. It ships with Solaris 10. It is exposed to an incorrect DSA signature verification issue. The vendor has reported that the crypto provider in Solaris 10 3/05 HW2 does not properly verify a Digital Signature Algorithm (DSA) signature. Sun Fire version T2000 with Solaris 10 (3/05 HW2) is affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102543-1&amp;searchclause=
  • 06.31.22 - CVE: Not Available
  • Platform: Unix
  • Title: Osiris Logging.C Format String
  • Description: Osiris is network integrity monitoring control interface. Osiris is prone to a format string vulnerability due to failure to sanitize the data passed into the "fprintf()" function call of "logging.c". Version 4.2.0 is vulnerable to this issue.
  • Ref: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/100793
  • 06.31.23 - CVE: Not Available
  • Platform: Unix
  • Title: LibTIFF Next RLE Decoder Remote Heap Overflow
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The Next RLE Decoder for libTIFprone to a remote heap overflow vulnerability. This issue occurs because the application fails to check boundary conditions on certian RLE decoding operations.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
  • 06.31.24 - CVE: Not Available
  • Platform: Unix
  • Title: LibTIFF Sanity Checks Multiple Denial of Service Vulnerabilities
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. LibTIFF is affected by multiple denial of service vulnerabilities. The vulnerabilities exist in multiple unspecified arithmetic operations that are not validated, including bounds-checking to ensure offsets in TIFF directories are valid. Also, various codepaths resulted in client application calling the abort() function.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
  • 06.31.25 - CVE: Not Available
  • Platform: Unix
  • Title: Imendio Planner Filename Remote Format String
  • Description: Imendio Planner is a project management tool. It is prone to a remote format string vulnerability that arises in the "mrp_project_load()" function of "libplanner/mrp-project.c" when the application fails to load the specified file, and an error message is displayed. Version 0.13 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19307
  • 06.31.26 - CVE: Not Available
  • Platform: Unix
  • Title: Hobbit Monitor Config Information Disclosure
  • Description: Hobbit Monitor is a host and network monitoring system. It is prone to an information disclosure vulnerability that is due to a failure to properly verify access to restricted information in the "config" method. Versions 4.0 to 4.1.2p1 are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19317
  • 06.31.27 - CVE: Not Available
  • Platform: Unix
  • Title: Cryptographic Filesystem Daemon Local Denial of Service
  • Description: Cryptographic Filesystem (CFS) is prone to a local denial of service vulnerability. The vulnerability exists due to a unspecified integer overflow in the filesystem. A local attacker may crash the encryption daemon resulting in denial of service conditions to legitimate users.
  • Ref: http://www.securityfocus.com/bid/19320
  • 06.31.28 - CVE: CVE-2006-3818, CVE-2006-3817
  • Platform: Novell
  • Title: Novell GroupWise Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Novell GroupWise is a collaboration application providing corporate users with a centralized email, instant messaging, document management, and task scheduling environment. It is exposed to two unspecified cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to application or script parameters. Novell GroupWise versions 6.5.4 and earlier are affected.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm
  • 06.31.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Application Server and Web Server Information Disclosure
  • Description: Sun Java System Application Server and Sun Java System Web Server are prone to a remote information disclosure vulnerability. It may be possible for a remote unprivileged attacker to read files outside of the installation path.
  • Ref: http://www.securityfocus.com/bid/19200
  • 06.31.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle 10g Alter Session Integer Overflow
  • Description: Oracle 10g is prone to a integer overflow issue because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. Oracle 10g R2 is affected.
  • Ref: http://www.securityfocus.com/bid/19201
  • 06.31.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tamarack MMSd Components Malformed Packet Denial of Service
  • Description: Tamarack MMSd is an implementation of the RFC 1006 protocol, which specifies how to run the OSI transport protocol over TCP/IP. It is exposed to a denial of service issue due to a failure in the application to properly handle malformed IP packets. Tamarack MMSd versions earlier than 7.992 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/372878
  • 06.31.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Brightmail AntiSpam Control Center Multiple Vulnerabilities
  • Description: Symantec Brightmail AntiSpam 6.0 provides enterprises with an advanced anti-spam and email threat defense system. It is exposed to multiple issues. Please refer to link below for further details. Symantec Brightmail Anti-Spam versions 6.0.3 and earlier are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2006.07.27.html
  • 06.31.33 - CVE: CVE-2006-3747
  • Platform: Cross Platform
  • Title: Apache Mod_Rewrite Off-By-One Buffer Overflow
  • Description: Apache's mod_rewrite is a rule-based rewriting engine which rewrites requested URLs for the Apache web server. It is prone to a buffer overflow condition that presents itself on a system with the active configuration "RewriteEngine on". Versions 2.0.53-55 and prior to 1.3.35 are reported as vulnerable.
  • Ref: http://www.kb.cert.org/vuls/id/395412
  • 06.31.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yahoo! Messenger Remote Search String Arbitrary Browser Navigation
  • Description: Yahoo! Messenger is prone to a browser navigation vulnerability that may permit a remote attacker to open a browser window on the victim user's computer to an arbitrary page. Yahoo! Messenger version 7.5.0.814 is affected.
  • Ref: http://www.securityfocus.com/bid/19211/exploit
  • 06.31.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreePBX Shell Command Execution
  • Description: FreePBX is an Asterisk-based PBX software and is susceptible to a shell command execution vulnerability. The issue is due to the application's failure to properly sanitize user-supplied input to the "CALLERID(number)" and "CALLERID(name)" parameters in the "amp_conf/astetc/extensions.conf" file. Versions 2.1.1. and prior, with "Allow anonymous inbound SIP calls" configured, are reported as vulnerable.
  • Ref: http://freepbx.org/trac/changeset/2076
  • 06.31.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Open Cubic Player Multiple Buffer Overflow Vulnerabilities
  • Description: Open Cubic Player is a music player for multiple operating systems. It is affected by multiple remote buffer overflow vulnerabilities. These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Open Cubic Player version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/19262
  • 06.31.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Informix Dynamic Server Multiple Vulnerabilities
  • Description: IBM Informix Dynamic Server is an application server. It is vulnerable to multiple vulnerabilities ranging from gain elevated privileges to denial of service. This is caused by multiple functions. IBM Informix Dynamic Server versions 7.3, 9.4 and 10.0 are vulnerable.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21242921
  • 06.31.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee Multiple Products Unspecified Remote Code Execution
  • Description: Multiple products by McAfee are exposed to an unspecified code execution vulnerability. The cause of this issue is currently unknown. Please refer to link below for further details.
  • Ref: http://ts.mcafeehelp.com/faq3.asp?docid=407052
  • 06.31.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Barracuda Networks Spam Firewall Multiple Vulnerabilities
  • Description: Barracuda Networks Spam Firewall is a virus and spam firewall network device. Spam Firewall is exposed to multiple vulnerabilities. Please refer to the link below for further details. Barracuda Networks Spam Firewall versions 3.3.01.0001 to 3.3.03.053 are affected.
  • Ref: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
  • 06.31.40 - CVE: CVE-2006-3465
  • Platform: Cross Platform
  • Title: LibTIFF Library Anonymous Field Merging Denial of Service
  • Description: The LibTIFF library is a set of graphic handling routines for the Tag Image File Format. It is prone to a denial of service vulnerability. Fields with unexpected values can be produced by creating anonymous TIFF file fields, and merging them from information supplied by a codec.
  • Ref: http://www.securityfocus.com/bid/19287
  • 06.31.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL MERGE Priviledge Revoke Bypass
  • Description: MySQL is exposed to a privilege revoke bypass issue. The issue exists when a user is revoked access permissions from a table that was used to create another MERGE table. The second table created by the user will still grant permission to access the original table even though privileges were revoked. MySQL versions 5.1.10 and earlier are affected.
  • Ref: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
  • 06.31.42 - CVE: CVE-2006-3459
  • Platform: Cross Platform
  • Title: LibTIFF TiffFetchShortPair Remote Buffer Overflow
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is exposed to a buffer-overflow issue. This issue is due to improper proper boundary checks before copying user-supplied data into a finite sized buffer. The problem occurs in the "TIFFFetchShortPair()" function of "tif_dirread.c" file.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
  • 06.31.43 - CVE: CVE-2006-3463
  • Platform: Cross Platform
  • Title: LibTIFF EstimateStripByteCounts() Denial of Service
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is affected by a denial of service vulnerability, due to the "EstimateStripByteCounts()" function improperly handling the iteration of a 16 bit unsigned short over a 32 bit unsigned value, resulting in an infinite loop. Versions 3.8.2 and prior are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19284
  • 06.31.44 - CVE: CVE-2006-3460
  • Platform: Cross Platform
  • Title: LibTIFF TiffScanLineSize Remote Buffer Overflow
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is prone to a heap based buffer overflow vulnerability. The problem occurs in the jpeg decoder when the encoded jpeg stream may conflict with the data returned by TIFFScanLineSize() and TIFFReadScanline().
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
  • 06.31.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LibTIFF PixarLog Decoder Remote Heap Buffer Overflow
  • Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The PixarLog Decoder for LibTIFF is prone to a remote heap overflow issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19290
  • 06.31.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco CallManager Express SIP User Directory Information Disclosure
  • Description: Cisco CallManager is a software based call processing component of the Cisco IP telepony solution. It is prone to an information disclosure vulnerability because the application fails to prevent an attacker to manipulate the Session Initiation Protocol stack. An attacker could send messages back and forth and obtain the names of the users that are stored in the Session Initiation Protocol database. Cisco CallManager Express version 3.0 is affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml
  • 06.31.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Advanced Webhost Billing System Multiple Cross-Site Scripting Vulnerabilities
  • Description: Advanced Webhost Billing System (AWBS) is a web hosting and domain registration system. Insufficient sanitization of the "name", "AccountUsername" and "message" parameters of the "contact.php" script exposes the application to multiple cross-site scripting issues. AWBS version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/441532
  • 06.31.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyBulletinBoard UserCP.PHP Cross-Site Scripting
  • Description: MyBulletinBoard is web-based bulletin board application. It is prone to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "gallery" parameter of the "usercp.php" script. MyBulletinBoard versions 1.1.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19193/info
  • 06.31.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPNuke INP Modules.PHP Cross-Site Scripting
  • Description: PHPNuke INP is a web based content management system. Insufficient sanitization of the "name" parameter of the "modules.php" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/19208
  • 06.31.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dokeos Unspecified Cross-Site Scripting
  • Description: Dokeos is a web-based content management system (CMS). It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to unspecified parameters and scripts. Dokeos versions 1.6.4(patch 1) and earlier are vulnerable.
  • Ref: http://www.dokeos.com/news.php#145
  • 06.31.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Taskjitsu Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Taskjitsu is a web based application for tracking and managing tasks. It is exposed to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to unspecified parameters and scripts. Taskjitsu versions 2.03 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19251
  • 06.31.52 - CVE: CVE-2006-1898
  • Platform: Web Application - Cross Site Scripting
  • Title: TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
  • Description: TinyPHPForum is a web-based forum application implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities. The application fails to properly sanitize user-supplied input to the "siteName" parameter of the "header.php" script and to the "query" parameter of the "search.php" script. Version 3.6 of the software is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19260
  • 06.31.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenForum Multiple Cross-Site Injection Vulnerabilities
  • Description: OpenForum is a web-based forum application. It is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the "ofdisp" and "ofmsgid" parameters of the "openforum.asp" script. Version 1.2 beta is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19266
  • 06.31.54 - CVE: CVE-2006-3914
  • Platform: Web Application - Cross Site Scripting
  • Title: Blackboard Products Multiple HTML Injection Vulnerabilities
  • Description: Blackboard products are prone to multiple HTML-injection vulnerabilities. Blackboard Learning System (Release 6) and Blackboard Learning and Community Portal Suite (Release6)-6.2.3.23 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19308
  • 06.31.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: INM AG CMS G3 Search_String Cross-Site Scripting
  • Description: INM AG CMS G3 is a content management system. Insufficient sanitization of the "search_string" parameter exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/19324
  • 06.31.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal User.Module Cross-Site Scripting
  • Description: Drupal is a content management application. It is exposed to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "msg" parameter in the "user.module" module. Drupal versions 4.6x and 4.7x are affected.
  • Ref: http://www.securityfocus.com/bid/19325
  • 06.31.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ToendaCMS Index.PHP S Parameter Cross-Site Scripting
  • Description: ToendaCMS is a content-management application implemented in PHP. The application is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input to the "s" parameter of "index.php".
  • Ref: http://www.securityfocus.com/archive/1/442100
  • 06.31.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VBulletin Arbitrary File Upload
  • Description: VBulletin is a bulletin board application implemented in PHP. The application is prone to an input-validation vulnerability because it fails to properly sanitize user-supplied input for "PDF" uploads. An attacker may leverage this into a cross-site scripting attack by uploading a file containing malicious HTML and script code. Version 3.5.4 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19334
  • 06.31.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ATutor Multiple SQL Injection Vulnerabilities
  • Description: ATutor is an online teaching application. It is exposed to multiple SQL-injection issues due to insufficient sanitization of user-supplied input to the different parameters of the "index.php" script of the "links" module. ATutor version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/19232
  • 06.31.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-Scripts X-Protection Protect.PHP SQL Injection
  • Description: X-Protection is a login script implemented in PHP. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "username" and "password" parameters of the "protect.php" script. X-Protection version 1.10 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19235
  • 06.31.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-Scripts X-Poll Top.PHP SQL Injection
  • Description: X-Poll is used to create online opinion polls. Insufficient sanitization of the "poll" parameter of the "top.php" script exposes the application to an SQL injection issue. X-Poll version 1.10 is affected.
  • Ref: http://www.securityfocus.com/bid/19236
  • 06.31.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-Scripts X-Statistics X-Statistics.PHP SQL Injection
  • Description: X-Statistics is a script that gathers web site statistics. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the User-Agent field of "x-statistics.php" before using it in an SQL query. X-Statistics version 1.20 is affected.
  • Ref: http://www.securityfocus.com/bid/19237
  • 06.31.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Seir Anphin V666 Community Management System Multiple SQL Injection Vulnerabilities
  • Description: Seir Anphin V666 Community Management System is a web-based forum application. The application is prone to multiple SQL injection vulnerabilities.
  • Ref: http://www.securityfocus.com/archive/1/441720
  • 06.31.64 - CVE: Not Available10.2.0.2 are vulnerable.
  • Platform: Web Application - SQL Injection
  • Title: Oracle DBMS_Assert SQL Injection
  • Description: Oracle dbms_assert is a suite of functions used to sanitize input of malicious content. It is vulnerable to an SQL injection issue due to insufficient sanitizatin of user-supplied input to the "dbms_assert.qualified_sql_name()" function when processing input encapsulated in double quotes. Oracle versions 8.1.7.4 through
  • Ref: http://www.red-database-security.com/wp/bypass_dbms_assert.pdf
  • 06.31.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XMB Forum U2UID SQL Injection
  • Description: XMB Forum is a web-based message-board application. It is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input to the "u2uid" parameter of the "u2u.inc.php" script. XMB Forum version 1.9.6 is affected.
  • Ref: http://www.securityfocus.com/bid/19280
  • 06.31.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GeheimChaos Multiple SQL Injection Vulnerabilities
  • Description: GeheimChaos is affected by multiple SQL injection issues due to insufficient sanitization of the "gc.php" and "registieren.php" scripts. GeheimChaos versions 0.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19330
  • 06.31.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ChaosSoft CounterChaos HTTP_Referer SQL Injection
  • Description: CounterChaos is a web-based hit-counter implemented in PHP. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "$_SERVER["HTTP_REFERER"]" parameter before using it in an SQL query. Version 0.48c is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19344
  • 06.31.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Anychart Password Parameter SQL Injection
  • Description: Anychart is a web-based chart application. Insufficient sanitization of the "password" parameter of the application's login page exposes the application to an SQL injection issue. Anychart version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/19330
  • 06.31.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo com_bayesiannaivefilter Component Remote File Include
  • Description: The com_bayesiannaivefilter component is a bayesian spam filtering module for the Mambo content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "mosConfig_absolute_path" parameter of the "lang.php" script. The com_bayesiannaivefilter component version 1.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19231
  • 06.31.70 - CVE: Not Available
  • Platform: Web Application
  • Title: User Home Pages UHP_CONFIG.PHP Remote File Include
  • Description: User Home Pages is a module for Mambo CMS. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "uhp_config.php" script. Version 0.5 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19233
  • 06.31.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambatstaff MosConfig_Absolute_Path Remote File Include
  • Description: Mambatstaff is a user management module for Mambo CMS. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "mambatstaff.php" script. A successful attacker can compromise the application and gain access to the underlying system. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19222
  • 06.31.72 - CVE: CVE-2006-3949
  • Platform: Web Application
  • Title: Artlinks MosConfig_Absolute_Path Remote File Include
  • Description: Artlinks is a link display module for Mambo CMS. The Mambo Server component in artlinks is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "artlinks.dispnew.php" script.
  • Ref: http://www.securityfocus.com/archive/1/441541
  • 06.31.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Gallery Manager MosConfig_Absolute_Path Remote File Include
  • Description: Mambo Gallery Manager is a publishing module for Mambo CMS. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "help.mgm.php" script.
  • Ref: http://www.securityfocus.com/bid/19224
  • 06.31.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Liga Manager Online Joomla! Component Remote File Include
  • Description: Liga Manager Online Joomla! Component is a collection of various addons, modules, and templates for Liga Manager Online. Liga Manager Online Joomla! Component is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of "lmo.php". Version 2.0 of the software is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19234
  • 06.31.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Ajax Chat Multiple Remote Vulnerabilities
  • Description: Ajax Chat is a web-based chat application running in the web browser. It is vulnerable to multiple remote vulnerabilities due to insufficient sanitization of user-supplied input to various parameters. Ajax Chat version 0.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19238
  • 06.31.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Banex PHP MySQL Banner Exchange Multiple Remote Vulnerabilities
  • Description: PHP MySQL Banner Exchange is a web-based script for sharing banners across multiple web sites. It is exposed to multiple input validation issues due to insufficient sanitization of user-supplied input. PHP MySQL Banner Exchange version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/19240
  • 06.31.77 - CVE: Not Available
  • Platform: Web Application
  • Title: PortailPHP Inscription.PHP Remote File Include
  • Description: PortailPHP is a content management application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input in the "chemin" parameter of the "mod_membre/inscription.php" script. Version 1.7 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19207
  • 06.31.78 - CVE: Not Available
  • Platform: Web Application
  • Title: JD WordPress Multiple Remote File Include Vulnerabilities
  • Description: JD-WordPress is a module for the Joomla CMS. It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "mosConfig_absolute_path" parameter of various scripts. Joomla JD-WordPress version 2.0-1.0 RC2 affected.
  • Ref: http://www.securityfocus.com/bid/19209
  • 06.31.79 - CVE: Not Available
  • Platform: Web Application
  • Title: SecurityImages Component Multiple Remote File Include Vulnerabilities
  • Description: SecurityImages is a component for Mambo and Joomla. Insufficient sanitization of user-supplied input exposes the applicaiton to multiple remote file include vulnerabilities. Mambo version 3.05 and Joomla version 1.09 are affected.
  • Ref: http://www.securityfocus.com/bid/19217
  • 06.31.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery Theme.PHP Remote File Include
  • Description: Coppermine Photo Gallery is a web-based photo gallery. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "THEME_DIR" variable of the "theme.php" script. Coppermine Photo Gallery version 1.2.2b-Nuke is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/441530
  • 06.31.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Moskool Component Admin.Moskool.PHP Remote File Include
  • Description: Moskool is a school directory component available for Mambo and Joomla. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter in the "admin.moskool.php" script. Version 1.5 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19245
  • 06.31.82 - CVE: Not Available
  • Platform: Web Application
  • Title: myEvent Myevent.PHP Remote File Include
  • Description: myEvent is a logfile management application. Insufficient sanitization of the "myevent_path" parameter in the "myevent.php" script exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19246
  • 06.31.83 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Multiple Unspecified Security Vulnerabilities
  • Description: WordPress is a web-based publishing application. It is exposed to multiple unspecified security issues. WordPress versions 2.03 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/19247
  • 06.31.84 - CVE: CVE-2006-3969
  • Platform: Web Application
  • Title: Colophon Component Admin.Colophon.PHP Remote File Include
  • Description: Colophon is a publishing module for Joomla CMS. The Joomla Server component in Colophon is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "admin.colophon.php" script. Versions 1.2 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19252
  • 06.31.85 - CVE: Not Available
  • Platform: Web Application
  • Title: SQLiteWebAdmin Multiple Input Validation Vulnerabilities
  • Description: SQLiteWebAdmin is a database management script. It is prone to multiple input validation vulnerabilities because the application fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/19253
  • 06.31.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAuction PHPAds_Path Variable Remote File Include
  • Description: PHPAuction is a web-based auction system. Insufficient sanitization of the "phpAds_path" variable of the "view.inc.php" script exposes the application to a remote file include issue. PHPAuction version 2.1 with phpAdsNew 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/441716
  • 06.31.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Help Center Live Module.PHP Directory Traversal
  • Description: Help Center Live is a web-based help system. It is exposed to a directory traversal issue due to insufficient sanitization of user-supplied input to the "file" parameter of the "module.php" script. Help Center Live version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/19256
  • 06.31.88 - CVE: Not Available
  • Platform: Web Application
  • Title: vbPortal Log Remote Code Execution
  • Description: vbPortal is a content management system (CMS). It is exposed to a remote code execution issue. vbPortal versions 3.0.2 to 3.6.0 are affected.
  • Ref: http://www.securityfocus.com/bid/19257
  • 06.31.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPReactor EditProfile.PHP Remote File Include
  • Description: PHPReactor is a system of integrated web applications. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "pathtohomedir" parameter of the "editprofile.php" script. Version 1.2.7pl1 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19259
  • 06.31.90 - CVE: Not Available
  • Platform: Web Application
  • Title: MyNewsGroups Layersmenu.INC.PHP Remote File Include
  • Description: MyNewsGroups is a web-based news reader. Insufficient sanitization of the "myng_root" parameter of the "layersmenu.inc.php" script exposes the application to a remote file include issue. MyNewsGroups version 0.6b is affected.
  • Ref: http://www.securityfocus.com/archive/1/441734
  • 06.31.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht NewsLetter Index.PHP Remote File Include
  • Description: NewsLetter is a web-based newsletter implemented in PHP. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "NL_PATH" parameter of the "index.php" script. Versions 3.5 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/441807
  • 06.31.92 - CVE: Not Available
  • Platform: Web Application
  • Title: TSEP Copyright.PHP Remote File Include
  • Description: TSEP is a search engine application. It is prone to a remote file include vulnerability due to improper sanitization of user-supplied input to the "tsep_config[absPath]" variable of the "copyright.php" script.
  • Ref: http://www.securityfocus.com/bid/19268
  • 06.31.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht FileManager DWL_Download Remote File Include
  • Description: FileManager is a web-based file management application. It is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "dwl_download_path" and "dwl_include_path" parameters. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19270/discuss
  • 06.31.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht Quickie Quick_Path Parameter Remote File Include
  • Description: Quickie is a web-based comment system implemented in PHP. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "QUICK_PATH" parameter of "quickie.php". A successful attack may compromise the application and allow access to the underlying system. Version 0 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19271
  • 06.31.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht FAQ Script Index.PHP Remote File Include
  • Description: FAQ Script is a question and answer script. It is exposed to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "faq_path" parameter of the "index.php" script. FAQ Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/19272
  • 06.31.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht ShoutBox SB_Include_Path Parameter Remote File Include
  • Description: ShoutBox is a web-based comment and chat system. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "SB_INCLUDE_PATH" parameter of "index.php". Version 4.4 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19273
  • 06.31.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht GuestBook GB_PATH Parameter Remote File Include
  • Description: GuestBook is a web-based guestbook application implemented in PHP. GuestBook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the "GB_PATH" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/441810
  • 06.31.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Knusperleicht NewsPreporter News_include_path Remote File Include
  • Description: NewsPreporter is a web-based news administrator application. It is prone to a remote file include vulnerability due to improper sanitization of user-supplied input to the "news_include_path" variable of "index.php".
  • Ref: http://www.securityfocus.com/bid/19275
  • 06.31.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Voodoo Chat File_Path Parameter Remote File Include
  • Description: Voodoo Chat is a web-based chat system. Insufficient sanitization of the "file_path" parameter of the "index.php" script exposes the application to a remote file include issue. Voodoo Chat version 1.0RC1b is affected.
  • Ref: http://www.securityfocus.com/bid/19277/references
  • 06.31.100 - CVE: Not Available
  • Platform: Web Application
  • Title: TinyPHPForum Error.PHP Information Disclosure
  • Description: TinyPHPForum is a web forum application. It is prone to an information disclosure vulnerability. Unconfirmed reports indicate that the "err" parameter of the "error.php" script may be used to change the email address of a victim user's profile, and have their login username and password sent to an attacker controlled email address. Version 3.6 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19278
  • 06.31.101 - CVE: Not Available
  • Platform: Web Application
  • Title: ZoneX Usercp_Register.PHP Remote File Include
  • Description: ZoneX is a web-based guestbook application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "phpbb_root_path" variable of the "usercp_register.php" script. Version 1.3 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19338
  • 06.31.102 - CVE: Not Available
  • Platform: Web Application
  • Title: GaesteChaos Multiple Input Validation Vulnerabilities
  • Description: GaesteChaos is a guestbook. It is exposed to multiple input validation issues due to insufficient sanitization of user-supplied input. GasteChaos versions 0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19343
  • 06.31.103 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Live Helper Global.PHP Remote File Include
  • Description: PHP Live Helper is a PHP based customer support application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "abs_path" parameter of "global.php". A successful attack may compromise the application and the underlying system. Versions 2.0 and prior are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19349
  • 06.31.104 - CVE: Not Available
  • Platform: Web Application
  • Title: TinyPHPForum UpdatePF.PHP Authentication Bypass
  • Description: TinyPHPForum is a web-based forum application written in PHP. It is prone to an authentication bypass vulnerability, as the application fails to prevent an attacker from accessing admin scripts directly without requiring authentication. Version 3.6 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19281
  • 06.31.105 - CVE: Not Available
  • Platform: Web Application
  • Title: G3 Content Management Framework HTML Injection
  • Description: G3 Content Management Framework is prone to an HTML injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19302
  • 06.31.106 - CVE: CVE-2006-3583,CVE-2006-3584,CVE-2006-3585,CVE-2006-3586
  • Platform: Web Application
  • Title: Jetbox Multiple Input Validation Vulnerabilities
  • Description: Jetbox is a content management system. Jetbox is prone to multiple input validation issues. Jetbox CMS 2.1 SR1 is affected. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/archive/1/441980
  • 06.31.107 - CVE: Not Available
  • Platform: Web Application
  • Title: SaveWeb Portal SITE_Path Parameter Multiple Remote File Include Vulnerabilities
  • Description: SaveWeb Portal is a web-based content management system (CMS). It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "SITE_Path" parameter of multiple scripts. SaveWebPortal version 3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/442004
  • 06.31.108 - CVE: Not Available
  • Platform: Web Application
  • Title: OZJournal Multiple Input Validation Vulnerabilities
  • Description: OZJournal is a web log application. It is exposed to multiple input validation issues. OZJournals version 1.5 is affected. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/19311
  • 06.31.109 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBulletinBoard Avatar URL HTML Injection
  • Description: MyBulletinBoard is a web-based bulletin board application. It is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input in the "Avatar URL". Versions 1.1.6 and prior are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19314
  • 06.31.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Kayako eSupport Autoclose.PHP Remote File Include
  • Description: Kayako eSupport is a web-based customer support application. It is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "subd" parameter of the "autoclose.php" file. Kayako eSupport versions 2.3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19315
  • 06.31.111 - CVE: Not Available
  • Platform: Web Application
  • Title: TSEP Colorswitch.PHP Remote File Include
  • Description: TSEP is an open source search engine implemented in PHP. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "tsep_config[absPath]" variable of the "colorswitch.php" script. A successful attack may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions 0.942 and prior are reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19326
  • 06.31.112 - CVE: Not Available
  • Platform: Web Application
  • Title: VWar Multiple Input Validation Vulnerabilities
  • Description: Vwar is a web portal application. It is exposed to multiple input validation issues. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/19327
  • 06.31.113 - CVE: Not Available
  • Platform: Web Application
  • Title: pswd.js Insecure Password Hash Weakness
  • Description: pswd.js is a client-side authentication script. Applications running pswd.js are exposed to an insecure password-hash weakness. This issue occurs because the application fails to prevent first pre-image collisions from occurring when generating hashes of passwords. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/442120
  • 06.31.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Modernbill Config.PHP Remote File Include
  • Description: Modernbill is a billing, management and provisioning application. It is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "DIR" parameter of the "config.php" script. Modernbill version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/19335
  • 06.31.115 - CVE: Not Available
  • Platform: Web Application
  • Title: ME Download System Header.PHP Remote File Include
  • Description: ME Download System is a download script implemented in PHP. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "Vb8878b936c2bd8ae0cab" parameter of the "template/header.php" script. A successful attack may compromise the application and allow access to the underlying system. Version 1.3 is reported as vulnerable.
  • Ref: http://www.securityfocus.com/bid/19336
  • 06.31.116 - CVE: Not Available
  • Platform: Web Application
  • Title: SendCard Login.PHP Browser Redirection Authentication Bypass
  • Description: SendCard is a web-based greeting card application written in PHP. SendCard is prone to an authentication bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote attacker can exploit this issue to perform administrative functions without requiring authentication.
  • Ref: http://www.securityfocus.com/archive/1/442105
  • 06.31.117 - CVE: Not Available
  • Platform: Hardware
  • Title: Intel PRO/Wireless Network Connection Drivers Remote Code Execution
  • Description: The Intel PRO/Wireless Network Connection is the integrated wireless LAN solution for Intel Centrino mobile technology. The Intel PRO/Wireless drivers are prone to multiple remote code execution vulnerabilities that likely result from boundary condition errors. Intel PRO/Wireless 2200BG and 2915ABG prior to version 10.5 with driver version 9.0.4.16 for Windows are vulnerable.
  • Ref: http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
  • 06.31.118 - CVE: Not Available
  • Platform: Hardware
  • Title: Intel PRO/Wireless 2100 Network Connection Driver Local Privilege Escalation
  • Description: Intel PRO/Wireless Network Connection is the integrated wireless LAN solution for Intel Centrino mobile technology. The Wireless 2100 driver for Windows is prone to a local privilege escalation vulnerability. Versions prior to 7.1.4.6 with driver version 1.2.4.37 are reported as vulnerable. Ref: http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Wow! It's an incident handler's Christmas morning, tools, tools, tools. Very Applicable!
-Todd Davis, Symantec

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP