Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 41
October 16, 2006

SANS Newsletters Home

The quiet time for vulnerability discovery seems to have passed; more that 120 new vulnerabilities were reported this week. Among the critical problems, Microsoft vulnerabilities dominate, but AOL's "You've Got Pictures" buffer overflow could create a lot of new zombies.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 5 (#1, #6, #8, #11)
    • Microsoft Office
    • 12 (#2, #3, #4, #5)
    • Third Party Windows Apps
    • 5 (#7)
    • Linux
    • 6
    • BSD
    • 1
    • Solaris
    • 2
    • Unix
    • 1
    • Novell
    • 1
    • Cross Platform
    • 15 (#9)
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 11
    • Web Application
    • 54 (#10)
    • Network Device
    • 1

******************** Sponsored By Symark Software ***********************

Security and compliance go hand-in-hand. How can you meet compliance requirements and guard against unauthorized access or theft of data? Learn how PowerBroker, the most widely used solution for systems administration and controlling Unix/Linux root privileges, helps you meet data privacy and compliance requirements. Download the FREE White Paper " PowerBroker vs. sudo."

http://www.sans.org/info/1449

*************************************************************************

Where To Get the Technical Skills You Need To Lead Security Programs? Major US SANS Training Events in the Next 60 Days

New Orleans ( http://www.sans.org/neworleans06/ )and

Washington, DC ( http://www.sans.org/cdieast06/ )

Plus Amsterdam where we added an extra class because of the sell-out.

How Good Are SANS Courses.

++ "I have attended courses by several of SANS rivals, and SANS blew them away." - Alton Thompson, US Marines

++ "This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately." - Dwight Leo, Defense Logistics Agency, DLA

++ "The SANS classes have been uniformly excellent. To learn as much through traditional classes would have entailed weeks away from work." -- David Ritch, Department of Defense

Programs are scheduled in more than 40 cities in the next few months or you can attend live classes (or on-demand courses) without leaving your home, or you may even study online. Schedule: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Third Party Windows Apps
Linux
BSD
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** Sponsored Links: ***************************

1) "Utilizing IPv6 Addresses to Invalidate Lost or Stolen Smart Cards" -- FREE White Paper http://www.sans.org/info/1450

2) Register today for Community SANS Portsmouth, October 20 - October 28, http://www.sans.org/info/1451. Take SANS Firewalls course from course author Chris Brenton or SANS Hacker Techniques, Exploits and Incident Handling.

3) "AmbironTrustWave provides trusted information security and compliance management solutions. Trust is our middle name." http://www.sans.org/info/1452

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (6) HIGH: Microsoft Core XML Services Multiple Vulnerabilities (MS06-061)
  • Affected:
    • Microsoft XML Parser 2.6 and Microsoft XML Core Services 3.0, known to be used in:
    • Microsoft Windows 2000 SP 4
    • Microsoft Windows XP SP1/SP2
    • Microsoft Windows Server 2003 SP0/SP1

  • Description: The Microsoft XML Parser (used to parse XML documents) and Microsoft XML Core Services (used to perform operations on XML documents) contain multiple exploitable vulnerabilities: (1) A specially-crafted XSLT (Extensible Stylesheet Language Transformations) document could exploit a buffer overflow vulnerability in the XML parsing component and execute arbitrary code with the privileges of the current user. XSLT documents can be implicitly downloaded when viewing a web page, without further user interaction. (2) A specially-crafted web page could exploit a cross-site-scripting vulnerability in the XML Core Services component to bypass normal domain restrictions on web content.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to this issue. Most sites are deploying the patches on an expedited basis, while other sites plan to deploy the patch during their next regularly schedule maintenance window.

  • References:
  • (7) HIGH: AOL You've Got Pictures ActiveX Control Buffer Overflow
  • Affected:
    • America Online 9.0 Security Edition

  • Description: The America Online You've Got Pictures ActiveX Control, used to view and manage pictures, contains an exploitable vulnerability. A web page that instantiates this control could exploit this vulnerability and execute arbitrary code with the privileges of the current user. Reusable exploit code for this vulnerability is publicly available, and similar vulnerabilities have been widely exploited in the past. Note that the vulnerable ActiveX control will be automatically upgraded upon the user's next login to the America Online service.

  • Status: AOL confirmed, updates available. Users may be able to mitigate the impact of this vulnerability by disabling the affected ActiveX controls via Microsoft's "kill bit" mechanism. The affected CLSID is: "D670D0B3-05AB-4115-9F87-D983EF1AC747".

  • Council Site Actions: Only two of the reporting council sites are responding to this issue. One site is still investigating whether the ActiveX Control is present on their computers. The other site plans to implement fixes during their next regularly scheduled maintenance window.

  • References: iDefense Security Advisory
  • (8) MODERATE: Microsoft Object Packager Dialogue Spoofing Vulnerability (MS06-065)
  • Affected:
    • Microsoft Windows XP SP1/SP2
    • Microsoft Windows Server 2003 SP0/SP1

  • Description: Microsoft Object Packager, a tool that can be used to create software package files, contains a vulnerability. Due to a failure to properly validate file extensions, a specially-crafted package file could misrepresent the type of files being handled, allowing an attacker to install malicious files. Note that considerable user interaction is required to exploit this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to this issue. Most sites are deploying the patches on an expedited basis, while other sites plan to deploy the patch during their next regularly schedule maintenance window.

  • References:
  • (9) MODERATE: IBM WebSphere Multiple Undisclosed Vulnerabilities
  • Affected:
    • IBM WebSphere 6.1.0

  • Description: IBM WebSphere, a popular suite of enterprise applications and server software, contains multiple exploitable vulnerabilities. While details have not been released for these vulnerabilities, they are believed to include an authentication bypass or privilege escalation vulnerability, an information disclosure vulnerability, and at least one other vulnerability of unknown impact.

  • Status: IBM confirmed, updates available.

  • Council Site Actions: Three of the reporting council sites are investigating the potential impact of this vulnerability at their site. The other sites are not using this product.

  • References:
  • (11) LOW: Microsoft ASP.NET Cross Site Scripting Vulnerability (MS06-056)
  • Affected:
    • Microsoft .NET Framework 2.0

  • Description: Microsoft ASP.NET, Microsoft's .NET-based web development platform, contains a cross-site scripting vulnerability. A malicious web server could execute arbitrary script code in a user's web browser with the privileges of the current user. Note that attackers must host a malicious site and convince users to visit this site to exploit this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to this issue and plan to deploy during the update during their next regularly schedule maintenance window.

  • References:
  • (12) LOW: Microsoft Multiple TCP/IP Vulnerabilities (MS06-064)
  • Affected:
    • Microsoft Windows XP SP1/SP2
    • Microsoft Windows Server 2003 SP0/SP1

  • Description: Microsoft's implementation of TCP/IP contains multiple exploitable denial-of-service vulnerabilities: A specially-crafted ICMP or TCP message could cause an existing IPv6 connection to be dropped. Additionally, an attacker could exploit a failure to properly validate IPv6 TCP SYN packets, resulting in a system-wide denial-of-service condition. Attackers must belong to the same IPv6 network as the victim. Note that IPv6 support is not installed by default.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to this issue and plan to deploy during the update during their next regularly schedule maintenance window.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 41, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5214 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.41.1 - CVE: CVE-2006-4696
  • Platform: Windows
  • Title: Microsoft Windows SMB Rename Remote Denial of Service
  • Description: Windows is prone to a remote denial of service vulnerability because the Server service fails to properly handle SMB change requests. An attacker could exploit this issue by sending an "SMB RENAME" request while connected to an affected system. To exploit this issue, an attacker must have valid logon credentials.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-063.mspx
  • 06.41.2 - CVE: CVE-2006-4685
  • Platform: Windows
  • Title: Microsoft XML Core Services Information Disclosure
  • Description: Microsoft XML Core Services is exposed to an information disclosure vulnerability. This vulnerability is caused by an error in how server redirects are handled by the affected component. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx
  • 06.41.3 - CVE: CVE-2006-2387
  • Platform: Windows
  • Title: Microsoft Excel DATETIME Remote Code Execution
  • Description: Microsoft Excel is prone to a remote code execution vulnerability. This issue occurs when Excel handles .xls files with specifically malformed "DATETIME" records. Multiple versions of Excel are reported to be vulnerable. Please see the advisory for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx
  • 06.41.4 - CVE: CVE-2006-4692
  • Platform: Windows
  • Title: Microsoft Windows Object Packager Remote Code Execution
  • Description: The Microsoft Windows Object Packager is prone to a remote code execution vulnerability. This vulnerability could let an attacker spoof dialogues, enticing a victim into installing a file that has been misrepresented. Please see the advisory for further information.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx
  • 06.41.5 - CVE: Not Available
  • Platform: Windows
  • Title: Windows XML Core Services XSLT Buffer Overrun
  • Description: Extensible Stylesheet Language Transformations (XSLT) is used to manipulate XML data or extract content that needs to be reused. Microsoft Windows is prone to a remotely exploitable buffer overrun condition in the XSLT implementation of XML core services.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
  • 06.41.6 - CVE: CVE-2006-3651
  • Platform: Microsoft Office
  • Title: Microsoft Word Mail Merge Remote Code Execution
  • Description: Microsoft Word is prone to a remote code execution vulnerability because the application fails to properly handle malicious mail-merge files. When Word handles specially crafted mail-merge files, process memory becomes corrupted, and the attacker supplied code may then run with the privileges of the user running the application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx
  • 06.41.7 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Office Improper Memory Access Remote Code Execution
  • Description: Microsoft Office is prone to a remote code execution vulnerability because the software fails to properly handle malformed strings in Office documents. Please see the advisory below for details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
  • 06.41.8 - CVE: CVE-2006-3650
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed Chart Record Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution vulnerability because the software fails to properly handle malformed chart records in Office documents. Please Refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
  • 06.41.9 - CVE: CVE-2006-3647,CVE-2006-3651,CVE-2006-4534,CVE-2006-4693
  • Platform: Microsoft Office
  • Title: Word Malformed String Remote Code Execution
  • Description: Microsoft Word is vulnerable to a remote code execution issue when handling malformed strings contained in Microsoft Word documents. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx
  • 06.41.10 - CVE: CVE-2006-3867
  • Platform: Microsoft Office
  • Title: Microsoft Excel Lotus 1-2-3 File Handling Remote Code Execution
  • Description: Microsoft Excel is prone to a remote code execution vulnerability. This issue occurs when Excel handles certain unspecified Lotus 1-2-3 files. An attacker may craft a malicious file to cause memory corruption and exploit this issue. Multiple versions of Excel are reported to be vulnerable. Please see the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx
  • 06.41.11 - CVE: CVE-2006-3435,CVE-2006-3876,CVE-2006-3877,CVE-2006-4694
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Object Pointer Remote Code Execution
  • Description: Microsoft PowerPoint is vulnerable to a remote code execution issue when parsing a malformed "slide notes field". See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx
  • 06.41.12 - CVE: CVE-2006-3868
  • Platform: Microsoft Office
  • Title: Microsoft Office Smart Tag Remote Code Execution
  • Description: Microsoft Office is prone to a remote code execution vulnerability because the software fails to properly handle malformed Smart Tags in Office documents. When an Office application processes malicious Smart Tags, process memory becomes corrupted, and the attacker-supplied code may then run with the privileges of the user running the application. Multiple versions of office are reported to be vulnerable. Please see the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
  • 06.41.13 - CVE: CVE-2006-3435, CVE-2006-3876, CVE-2006-3877,CVE-2006-4694
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Data Record Remote Code Execution
  • Description: Microsoft PowerPoint is prone to a remote code execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user. The problem occurs when the application attempts to process a malicious PowerPoint file containing a malformed data record.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx
  • 06.41.14 - CVE: CVE-2006-3877
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Record Improper Memory Access Remote Code Execution
  • Description: Microsoft PowerPoint is prone to a remote code execution vulnerability. Attackers can trigger this issue by supplying an MSO Property Table that contains a count of properties that exceeds the size of the Property Table.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx
  • 06.41.15 - CVE: CVE-2006-3434,CVE-2006-3650,CVE-2006-3864,CVE-2006-3868
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed Record Remote Code Execution
  • Description: Microsoft Office is vulnerable to a remote code execution issue due to insufficient handling of malformed records in Office documents. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
  • 06.41.16 - CVE: CVE-2006-4693
  • Platform: Microsoft Office
  • Title: Microsoft Word Mac Remote Code Execution
  • Description: Microsoft Word for Mac is prone to a remote code-execution vulnerability when parsing Word files. An attacker could exploit this issue by creating a Word file containing a malformed string that allows remote machine code to be executed. Microsoft Word "X" and "2004" are reported to be vulnerable.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx
  • 06.41.17 - CVE: CVE-2006-3875
  • Platform: Microsoft Office
  • Title: Microsoft Excel COLINFO Remote Code Execution
  • Description: Microsoft Excel is prone to a remote code execution vulnerability. This issue occurs when Excel handles specifically malformed "XLS" files. Specifically, this vulnerability is triggered when the application parses and processes malicious files that contain a malformed "COLINFO" record. Successful exploits may allow remote attackers to execute arbitrary machine code in the context of the user running the application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx
  • 06.41.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Automated Support Assistant ActiveX Control Buffer Overflow
  • Description: An ActiveX control shipped with Symantec Automated Support Assistant and some other Symantec products is prone to a stack based buffer overflow. Please see the attached advisory for a list of affected software.
  • Ref: http://www.securityfocus.com/bid/20348
  • 06.41.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec AntiVirus IOCTL Kernel Privilege Escalation
  • Description: Symantec AntiVirus is prone to a privilege escalation vulnerability. The problem occurs in the NAVENG and NAVEX15 device drivers. Specifically, improper address-space validation occurs when handling a specially crafted IRP sent to the IOCTL handler function. Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel level privileges. Successful exploits may facilitate a complete system compromise. This issue affects only Symantec and Norton antivirus products running on Microsoft Windows NT, Windows 2000, and Windows XP. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html
  • 06.41.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SHTTPD Remote Buffer Overflow
  • Description: SHTTPD is a web server. It is affected by a remote buffer overflow issue while handling HTTP POST requests. SHTTPD version 1.34 is affected.
  • Ref: http://www.securityfocus.com/bid/20393
  • 06.41.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL You've Got Pictures SetAlbumName ActiveX Control Buffer Overflow
  • Description: AOL You've Got Pictures (YGP) Pic Downloader ActiveX control is prone to a buffer overflow vulnerability. The application fails to sufficiently bounds check user supplied data used in the "SetAlbumName()" method before copying it into a buffer. AOL versions 9.0 Security Edition, 9.0 and prior are affected.
  • Ref: http://www.securityfocus.com/archive/1/448410
  • 06.41.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Toshiba Bluetooth Stack Unspecified Remote Memory Corruption
  • Description: Toshiba Bluetooth Stack is prone to an unspecified remote memory corruption vulnerability. Toshiba Bluetooth Stack versions 3 through 4.00.35 are affected.
  • Ref: http://www.securityfocus.com/bid/20489
  • 06.41.23 - CVE: CVE-2006-3741
  • Platform: Linux
  • Title: Linux Kernel Itanium PerfMonCTL Local Denial of Service
  • Description: The Linux kernel is prone to a denial of service vulnerability. This issue stems from a flaw in the kernel's support of the Itanium architecture that causes the consumption of all file descriptors. This issue resides in the "sys_perfmonctl()" system call. This issue is exploitable only on the Itanium architecture running Linux kernel versions prior to 2.6.18.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0689.html
  • 06.41.24 - CVE: CVE-2005-4811
  • Platform: Linux
  • Title: Linux Kernel UnMap_HugePage_Area Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service vulnerability because it fails to properly handle unexpected errors. Specifically, the "unmap_hugepage_area()" function improperly assumes that page table entries must always exist, but "mmap()" errors before pre-faults may invalidate this assumption. Linux kernel versions 2.6.0 through 2.6.12 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20362
  • 06.41.25 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel ATM SkBuff Dereference Remote Denial of Service
  • Description: The Linux kernel is prone to a remote denial of service issue which is triggered when the kernel processes incoming ATM data. Kernel versions 2.6.0 up to and including 2.6.17 are affected.
  • Ref: http://www.securityfocus.com/bid/20363
  • 06.41.26 - CVE: Not Available
  • Platform: Linux
  • Title: KMail Mail Handling Denial of Service
  • Description: KMail is a mail client for KDE desktop environment. KMail is prone to an unspecified denial of service vulnerability. This issue occurs because the application fails to handle specially crafted emails. In order to exploit this issue the mail client must be configured to render HTML email. KMail versions 1.9.1 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20369
  • 06.41.27 - CVE: CVE-2006-0456
  • Platform: Linux
  • Title: Linux Kernel S/390 Copy_From_User Local Information Disclosure
  • Description: The Linux kernel is prone to a local information disclosure vulnerability on the S/390 architecture because the kernel fails to properly initialize kernel memory prior to returning it to user-space programs. Specifically, if an attacker appends to a file from an invalid memory address, the "copy_from_user()" function will receive a fault during a memory read operation. Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture are vulnerable to this issue.
  • Ref: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6. git;a=commit;h=52149ba6b0ddf3e9d965257cc0513193650b3ea8
  • 06.41.28 - CVE: Not Available
  • Platform: Linux
  • Title: Red Hat Fedora Core Libtool-LTDL Relative Path Arbitrary Code Execution
  • Description: The Red Hat Fedora Core Linux operating system is prone to an arbitrary code execution vulnerability due to the libtool-ltdl library using relative paths to resolve and load libraries. GNU Libtool-ltdl version 1.5.22-2.3 is reported to be vulnerable.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930
  • 06.41.29 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD Systrace STRIOCREPLACE Local Integer Overflow
  • Description: OpenBSD systrace is prone to a local integer overflow vulnerability. This issue affects the "STRIOCREPLACE" functionality of systrace. Local attackers may be able to exploit this issue to completely compromise an affected computer. Disclosure of kernel memory or denial of service conditions may result from attacks as well. OpenBSD versions 3.8 and 3.9 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20392
  • 06.41.30 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 Aggregated Network Device Local Insecure Permissions
  • Description: Sun Solaris 10 is exposed to a local insecure-permissions vulnerability because the operating system fails to properly secure access to raw sockets on aggregated network devices. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102606-1&searchclause=
  • 06.41.31 - CVE: CVE-2006-4842
  • Platform: Solaris
  • Title: Sun Solaris Netscape Portable Runtime API Local Privilege Escalation
  • Description: The Netscape Portal Running API allows compliant applications to use various low level services in a platform independent manner. The Netscape Portable Runtime API running on Solaris 10 is prone to a local privilege escalation vulnerability. This issue occurs because environment variables are used to specify log files to be created with elevated privileges. Version 4.6.1 running on the Solaris 10 is reported to be vulnerable.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1
  • 06.41.32 - CVE: Not Available
  • Platform: Unix
  • Title: FreeBSD PTrace PT_LWPINFO Local Denial of Service
  • Description: FreeBSD is exposed to a local denial of service vulnerability. This issue occurs because of an input-validation flaw related to the handling of integers. FreeBSD version 6.0-RELEASE is affected.
  • Ref: http://www.securityfocus.com/archive/1/448185
  • 06.41.33 - CVE: Not Available
  • Platform: Novell
  • Title: Novell BorderManager IPSec/IKE Remote Denial of Service
  • Description: Novell BorderManager is a security tool providing firewall and VPN functionality. It is commercially available for Microsoft Windows. Novell BorderManager is affected by a remote denial of service vulnerability because it fails to properly handle user supplied input when a certain combination of IPSec and IKE application settings are in effect. Novell BorderManager version 3.8 is vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm
  • 06.41.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: X.Org XDM XSession Script Race Condition
  • Description: The X.Org X Windows server is an X Window System. The XDM XSession script is prone to a race condition that allows a local unprivileged user to view the xdm primary or alternate error log. If an attacker timed it appropriately, they could gain read access to the "$HOME/.xsession-errors" log before the chmod command secures the file.
  • Ref: http://www.securityfocus.com/bid/20400
  • 06.41.35 - CVE: CVE-2006-5143
  • Platform: Cross Platform
  • Title: Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities
  • Description: Multiple Computer Associates products are prone to a heap-based buffer overflow vulnerability and a stack-based buffer overflow vulnerability. Please refer to the link below for details.
  • Ref: http://www.securityfocus.com/archive/1/447862
  • 06.41.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CA Multiple Products Discovery Service Remote Buffer Overflow Vulnerabilities
  • Description: Multiple Computer Associate products are vulnerable to a remote stack based buffer overflow issues. See the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/447839
  • 06.41.37 - CVE: CVE-2006-4980
  • Platform: Cross Platform
  • Title: Python Repr() Function Remote Code Execution
  • Description: Python is susceptible to a remote code execution vulnerability. The issue is due to a failure of the application to properly handle UTF-32/UCS-4 strings. The vulnerability exists in the "repr()" function.
  • Ref: http://www.securityfocus.com/bid/20376
  • 06.41.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Secure Desktop SSL VPN Session Multiple Information Disclosure Vulnerabilities
  • Description: Cisco Secure Desktop is a secure desktop client. It is prone to multiple information disclosure vulnerabilities because the application leaves sensitive information on the computer after an SSL VPN session terminates. Versions 3.1 and 3.1.1 are reported to be vulnerable. Please see the advisory for further details.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20061009-csd.shtml
  • 06.41.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ZABBIX Multiple Unspecified Remote Code Execution Vulnerabilities
  • Description: ZABBIX is an application for monitoring a company's IT infrastructure for performance and availability. It is prone to multiple unspecified remote code execution vulnerabilities. Reports indicate that these issues facilitate format string and buffer overflow attacks. ZABBIX version 1.1.2 is reported vulnerable.
  • Ref: http://www.securityfocus.com/bid/20416
  • 06.41.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSSH-Portable Existing Password Remote Information Disclosure
  • Description: OpenSSH is a freely available, open source implementation of the Secure Shell protocol. It is reported that OpenSSH contains an information disclosure weakness. This issue exists in the portable version of OpenSSH. It is reported that it is possible to verify access credentials for users with an existing system password by measuring SSH authentication timing differences.
  • Ref: http://www.securityfocus.com/archive/1/448025
  • 06.41.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BtitTracker Arbitrary File Deletion Vulnerabilities
  • Description: BtitTracker is a bit torrent tracking application. It is exposed to arbitrary file deletion issues due to input validation errors allowing an attacker to delete files in the context of a web server running the application. BtitTracker version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/20422
  • 06.41.42 - CVE: CVE-2006-3888, CVE-2006-3887
  • Platform: Cross Platform
  • Title: AOL You've Got Pictures ActiveX Controls Buffer Overflow Vulnerabilities
  • Description: AOL You've Got Pictures (YGP) ActiveX controls are prone to multiple unspecified buffer overflow vulnerabilities. A user can invoke the object from a malicious web page to trigger the condition. AOL Client Software versions 9.0 and prior are reported to be vulnerable. Please see the advisories for further detail.
  • Ref: http://www.kb.cert.org/vuls/id/WDON-6T7RLV http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8
  • 06.41.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe ColdFusion MX Verity Library Local Privilege Escalation
  • Description: Adobe ColdFusion MX is a web development application. It is exposed to a local privilege escalation issue. This issue resides in the Verity library search engine. Versions 7.00, 7.01 and 7.02 are affected.
  • Ref: http://www.securityfocus.com/bid/20431
  • 06.41.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Breeze Unspecified Directory Traversal
  • Description: Adobe Breeze is a web-based video conferencing communication system available for multiple platforms. It is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. Adobe Breeze versions 5.1 and 5.0 are affected.
  • Ref: http://www.securityfocus.com/bid/20438
  • 06.41.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Contribute Publishing Server Local Information Disclosure
  • Description: Adobe Contribute Publishing Server is an application to track user access and publishing activities on web-sites. It is affected by a local information disclosure issue.
  • Ref: http://www.securityfocus.com/bid/20439
  • 06.41.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Multiple Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. It is affected by multiple vulnerabilities. IBM WebSphere Application Server versions prior to 6.1.0.2 are affected.
  • Ref: http://www.securityfocus.com/bid/20455
  • 06.41.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Earth KML/KMZ Files Buffer Overflow
  • Description: Google Earth is prone to a buffer overflow vulnerability. This issue presents itself when Google Earth tries to process malformed ".kml" and ".kmz" files. Google Earth version v4.0.2091(beta) is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20464
  • 06.41.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Version Control Agent Remote Unauthorized Access and Privilege Escalation
  • Description: HP Version Control Agent is prone to a unspecified remote unauthorized access and privilege escalation vulnerability. An authenticated attacker to the HP Version Control Agent may gain unauthorized access to the HP Version Control Repository manager account on a remote computer. HP Version Control Agent versions prior to 2.1.5 are affected.
  • Ref: http://www.securityfocus.com/bid/20465
  • 06.41.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TorrentFlux Admin.PHP Cross-Site Scripting
  • Description: TorrentFlux is a web-based torrent manager. Insufficient sanitization of the "user_agent" parameter of the "admin.php" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/20371
  • 06.41.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Interspire FastFind Index.PHP Cross-Site Scripting
  • Description: Interspire FastFind is a search engine tool. Insufficeint sanitization of the "query" parameter of the "index.php" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/20380
  • 06.41.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eXpBlog Multiple Cross-Site Scripting Vulnerabilities
  • Description: eXpBlog is a blogging application. It is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data to the "$_SERVER['PHP_SELF']" variable of the "kalender.php" script and the "$_POST["captcha_session_code"]" variable of the "pre_details.php" script. eXpBlog 0.3.5 and prior versions are affected by these issues.
  • Ref: http://www.securityfocus.com/bid/20420
  • 06.41.52 - CVE: CVE-2006-1331
  • Platform: Web Application - Cross Site Scripting
  • Title: Noah's Classifieds Index.PHP Cross-Site Scripting
  • Description: Noah's Classifieds is a general purpose web advertising application written in PHP. Noah's Classifieds is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "frommethod" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/448296
  • 06.41.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPList Public Pages MultipleCross-Site Scripting Vulnerabilities
  • Description: phpList is a newsletter application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. phpList versions prior to 2.10.3 are affected.
  • Ref: http://www.securityfocus.com/bid/20483
  • 06.41.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: 4Images Details.PHP Cross-Site Scripting
  • Description: 4images is an image gallery management system. It is vulnerable to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "mode" parameter of the "details.php" script. Version 1.7.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20488
  • 06.41.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Classifieds CatID Parameter Multiple SQL Injection Vulnerabilities
  • Description: PHP Classifieds is a bulletin-board application implemented in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient input sanitization of the "catid" parameter of the "search.php" and "index.php" scripts. Version 7.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20359
  • 06.41.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo Login SQL Injection
  • Description: Mambo is a modular content management system (CMS) implemented in PHP. The application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "usercookie[password]" parameter of the "login()" (version 4.5) or "loginUser()" (version 4.6) function before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/20366
  • 06.41.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AckerTodo Login.PHP Multiple SQL Injection Vulnerabilities
  • Description: ackerTodo is a list manager implemented. It is exposed to multiple SQL-injection issues because it fails to properly sanitize user-supplied input to the "user_login", "user_pass", and "num_tasks" parameters of "login.php" before using it in SQL queries. ackerTodo version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/20372
  • 06.41.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HazirSite Giris_Yap.ASP SQL Injection
  • Description: HazirSite is a web-based application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to an unspecified parameter of the "giris_yap.asp" script. HazirSite version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20375
  • 06.41.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Emek Portal Uyegiris.ASP SQL Injection
  • Description: Emek Portal is a web based portal application implemented in ASP. It is prone to an SQL injection vulnerability due to insufficient input sanitization of the "k_a" and "sifre" parameters of "uyegiris.asp". Version 2.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20378
  • 06.41.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cahier De Textes SQL Injection Vulnerabilities
  • Description: Cahier de textes is a web-based application. It is exposed to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. The "matiere_ID" variable of the "lire.php" script is affected. The "classe_ID" variable of the "lire_a_faire.php" script is also affected. Cahier de textes version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20389
  • 06.41.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 4Images Search.PHP SQL Injection
  • Description: 4Images is an image gallery application. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "search_user" parameter of "search.php" before using it in an SQL query. This issue affects versions 1.7.x.
  • Ref: http://www.securityfocus.com/bid/20394
  • 06.41.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Moodle Blog Module SQL Injection
  • Description: Moodle is an educational training application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "tag" parameter of the "/blog/index.php" script. Moodle version 1.6.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20395
  • 06.41.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AAIPortal Unspecified SQL Injection Vulnerabilities
  • Description: AAIportal is an authentication portal for the SWITCHaai infrastructure. It is exposed to multiple unspecified SQL-injection issues because it fails to properly sanitize user-supplied input to an unspecified parameter. AAIportal versions 1.3.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20414
  • 06.41.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Etomite Unspecified SQL Injection
  • Description: Etomite is a content management system. It is vulnerable to an unspecified SQL injection issue due to insufficient sanitization of user-supplied input to unknown parameters and scripts. Etomite versions 0.6.1 and earlier are vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=409565
  • 06.41.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XeoPort Index.PHP SQL Injection
  • Description: XeoPort is a web-based application. Insufficient sanitization of the "$xp_body_text" parameter of the "index.php" script exposes the application to a SQL-injection issue. XeoPort versions 0.81 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20475
  • 06.41.66 - CVE: Not Available
  • Platform: Web Application
  • Title: iSearch ISEARCH_PATH Parameter Remote File Include
  • Description: iSearch is a web-based application that allows users to build a searchable database of their Web site. iSearch is affected by a remote file include vulnerability. iSearch 2.16 and prior versions are reported to be affected.
  • Ref: http://www.securityfocus.com/bid/20401
  • 06.41.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Deep CMS Index.PHP Remote File Include
  • Description: Deep CMS is a content management system. Insufficient sanitization of the "ConfigDir" parameter of the "index.php" script exposes the application to remote a file include issue. Deep CMS version 2.0a is affected.
  • Ref: http://www.securityfocus.com/bid/20402
  • 06.41.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Ciamos CMS Config.PHP Remote File Include
  • Description: Ciamos is a content management application. It is exposed to a remote file include issue. This issue is due to a failure in the application to properly sanitize user-supplied input to the "module_cache_path" parameter of the "config.php" script. Ciamos CMS versions 0.9.6b and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20403
  • 06.41.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Dimension of PhpBB Phpbb_Root_Path Multiple Remote File Include Vulnerabilities
  • Description: Dimension of phpBB is a modification of the phpBB online bulletin-board system. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/themen_portal_mitte.php", "includes/logger_engine.php", and "includes/functions_kb.php" scripts. Dimension of phpBB versions 0.2.5 and 0.2.6 are affected by these issues.
  • Ref: http://milw0rm.com/exploits/2481
  • 06.41.70 - CVE: Not Available
  • Platform: Web Application
  • Title: BerliOS Security Suite Logger_Engine.PHP Remote File Include
  • Description: BerliOS Security Suite is security module for phpBB. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "logger_engine.php" script. BerliOS Security Suite version 1.0.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20370
  • 06.41.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Nivisec User Viewed Posts Tracker PHP_Root_Path Parameter Remote File Include
  • Description: Nivisec User Viewed Posts Tracker is a module for phpBB that shows which bulletin board posts have been viewed. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "functions_user_viewed_posts.php" script. This issue affects version 1.0 and earlier.
  • Ref: http://www.securityfocus.com/bid/20385
  • 06.41.72 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeForum FPath Variable Remote File Include
  • Description: FreeForum is a web-based forum application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "fpath" parameter of the "forum.php" script. FreeForum version 0.9.7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20388
  • 06.41.73 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyNews CFG_INCLUDE_DIR Multiple Remote File Include Vulnerabilities
  • Description: phpMyNews is a web application used to add news articles to a Web site. It is exposed to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "cfg_include_dir" parameter of various scripts. phpMyNews versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20396
  • 06.41.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Live! Help Script File Include
  • Description: PHP Live! is a customer support application implemented in PHP. It is prone to a file include vulnerability due to insufficient input sanitization of the "css_path" parameter of the "help.php" script. Versions 3.1 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20390
  • 06.41.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Freenews Moteur.PHP Remote File Include
  • Description: Freenews is a web-based news script. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user supplied input to the "chemin" parameter of the "moteur.php" script. This issue affects version 1.1.
  • Ref: http://www.securityfocus.com/bid/20405
  • 06.41.76 - CVE: Not Available
  • Platform: Web Application
  • Title: WebYep Webyep_SIncludePath Multiple Remote File Include Vulnerabilities
  • Description: WebYep is a content manager. It is exposed to a remote file include issue due to insufficient sanitization of the "webyep_sIncludePath" parameter in multiple scripts. WebYep version 1.1.9 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/20406
  • 06.41.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Doc Doc_Directory Parameter Multiple Remote File Include Vulnerabilities
  • Description: Easy Doc is a document tool. It is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "doc_directory" parameter of various scripts. Easy Doc versions 1.4 and earlier affected.
  • Ref: msg://bugtraq/20061009050616.31019.qmail@securityfocus.com
  • 06.41.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Blog Doc_Directory Parameter Multiple Remote File Include Vulnerabilities
  • Description: Easy Blog is a web log application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "doc_directory" parameter of various scripts. Easy Blog versions 1.4 and earlier are vulnerable.
  • Ref: http://advisories.echo.or.id/adv/adv50-theday-2006.txt
  • 06.41.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Docmint Required.php Remote File Include
  • Description: Docmint is a content manager implemented in PHP. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "MY_ENV['BASE_ENGINE_LOC']" parameter of the "engine/required.php" script. This issue affects Docmint versions 2.0 and prior.
  • Ref: http://www.securityfocus.com/bid/20409
  • 06.41.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Gallery Doc_Directory Parameter Multiple Remote File Include Vulnerabilities
  • Description: Easy Gallery is an image gallery application implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "doc_directory" parameter of several scripts. Easy Gallery 1.4 and prior versions are affected by these issues.
  • Ref: http://www.securityfocus.com/bid/20411
  • 06.41.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo LaiThai Multiple Input Validation Vulnerabilities
  • Description: Mambo LaiThai is a Thai implementation of the Mambo content manager. Insufficient sanitization of user-supplied input exposes the application to multiple SQL injection and cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/20413
  • 06.41.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Blue Smiley Organizer Unspecified SQL Injection Vulnerabilities
  • Description: Blue Smiley Organizer is a web-based organizer implemented in PHP. It is prone to multiple unspecified SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to an unspecified parameter before using it in an SQL query. Versions prior to 4.46 are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/20417
  • 06.41.83 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpBB SpamBlockerMod Phpbb_Root_Path Remote File Include
  • Description: SpamBlockerMod is a spam control related module for the phpBB system. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "phpbb_root_path" parameter of the "includes/antispam.php" script. Version 1.0.2 is reported to be affected. Other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/20501
  • 06.41.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmedia Explorer Core.Lib.PHP Remote File Include
  • Description: Webmedia Explorer is a content manager. Insufficient sanitization of the "path_include" parameter in the "includes/core.lib.php" script exposes the application to a remote file include issue. Webmedia Explorer version 2.8.7 is affected.
  • Ref: http://www.securityfocus.com/bid/20421
  • 06.41.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Eazy Cart Multiple Input Validation and Authentication Bypass Vulnerabilities
  • Description: Eazy Cart is a web-based shopping system. It is vulnerable to multiple input validation issues such as data injection, cross-site scripting, and authentication bypass. See advisory for details.
  • Ref: http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
  • 06.41.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Hastymail IMAP SMTP Command Injection
  • Description: Hastymail is a webmail IMAP client. It is prone to an IMAP / SMTP command injection vulnerability because it fails to sufficiently sanitize user-supplied input to an unspecified variable. An authenticated attacker could embed an "end of command" sequence followed by an arbitrary IMAP / SMTP command. Versions 1.5 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/20424
  • 06.41.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Eboli Index.PHP Remote File Include
  • Description: Eboli is affected by a remote file include vulnerability because it fails to properly sanitize user supplied input to the "contentSpecial" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/20429
  • 06.41.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Jasmine-Web Index.PHP Remote File Include
  • Description: Jasmine-Web is a web-based news script. Insufficient sanitization of the "section" parameter of the "index.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/20430
  • 06.41.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Compteur Param_Editor.PHP Remote File Include
  • Description: Compteur is a web-based application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "folder" parameter of the "param_editor.php" script. Compteur version 2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20432
  • 06.41.90 - CVE: Not Available
  • Platform: Web Application
  • Title: RegistroTL Main.PHP Remote File Include
  • Description: RegistroTL is a registration recognition application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "page" paramter of the "main.php" script. RegistroTL versions 0.5b and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20433
  • 06.41.91 - CVE: CVE-2006-4617
  • Platform: Web Application
  • Title: vtiger CRM Multiple Remote File Include Vulnerabilities
  • Description: vtiger CRM is an open source customer relationship management application implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "calpath" parameter of several scripts. vtiger CRM versions 4.2 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20435
  • 06.41.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Album Photo Sans Nom Getimg.PHP Remote File Include
  • Description: Album Photo Sans Nom is a web-based photo album. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "img" parameter of the "getimg.php" script. Album Photo Sans Nom versions 1.6 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20441
  • 06.41.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Softerra PHP Developer Library Grid3.lib.PHP Remote File Include Vulnerabilities
  • Description: Softerra PHP Developer Library is a development library. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "$cfg_dir" and "$lib_dir" parameters of the "grid3.lib.php" script. Softerra PHP Developer Library version 1.5.3 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/2511
  • 06.41.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPLibre Tribuna Libre Ftag.PHP Remote File Include
  • Description: Tribuna Libre is a web-based guest book implemented in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "mostrar" parameter of the "ftag.php" script. Version 3.12 Beta is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20443
  • 06.41.95 - CVE: CVE-2006-4844
  • Platform: Web Application
  • Title: Claroline Import.lib.PHP Remote File Include
  • Description: Claroline is a course creation and management application for e-learning. This application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data to the "$includePath" parameter of the "import.lib.php" script. Version 1.8.0 rc1 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/20444
  • 06.41.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Flatnuke Userlang Local File Include
  • Description: FlatNuke is a content management system. It is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "userlang" parameter. This issue affects versions 2.5.8 and prior.
  • Ref: http://www.securityfocus.com/bid/20445
  • 06.41.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Jinzora Media.PHP Remote File Include
  • Description: Jinzora is a web-based media streaming and management system. Insufficient sanitization of the "include_path" parameter of the "media.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/20446
  • 06.41.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Exhibit Engine Photo_Comment.PHP Remote File Include
  • Description: Exhibit Engine is an online photo gallery application. It is exposed to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data to the "toroot" parameter of the "photo_comment.php" script. Version 1.5 rc4 is affected.
  • Ref: http://www.securityfocus.com/bid/20447
  • 06.41.99 - CVE: CVE-2006-2864
  • Platform: Web Application
  • Title: BlueShoes Framework GoogleSearch.PHP Remote File Include
  • Description: BlueShoes Framework is a content management application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "APP[path][lib]" parameter of the "GoogleSearch.php" script. BlueShoes Framework version 4.6 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448182
  • 06.41.100 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpMyAgenda Language Local File Include
  • Description: PhpMyAgenda is a content manager written in PHP. The application is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "language" parameter of the "templates/header.php3" script. This issue affects version 3.1 Beta 1.
  • Ref: http://www.milw0rm.com/exploits/2500
  • 06.41.101 - CVE: Not Available
  • Platform: Web Application
  • Title: FOAFgen Redir.PHP Remote File Include
  • Description: FOAFgen is an application used to batch convert vCards and LDIF collections to FOAF format. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "foaf" parameter of the "redir.php" script. This issue affects version 0.3.0.
  • Ref: http://www.securityfocus.com/bid/20454
  • 06.41.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo LaiThai Unspecified Cross-Site Scripting
  • Description: Mambo LaiThai is a Mambo Thai edition project. It is exposed to an unspecified cross-site scripting attack because it fails to sufficiently sanitize user-supplied input to an unknown parameter of an unspecified script. Version 4.5.4 security patch 2 is affected.
  • Ref: http://www.securityfocus.com/bid/20458
  • 06.41.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Asbru Web Content Management Unauthorized Remote Access
  • Description: Asbru Web Content Management is a web-based content management system. It is vulnerable to an unspecified remote unauthorized access issue. Asbru Web Content Management versions prior to 6.1.22 are vulnerable.
  • Ref: http://wcm.asbrusoft.com/page.php/id=727
  • 06.41.104 - CVE: Not Available
  • Platform: Web Application
  • Title: FlatNuke Index.PHP Arbitrary File Upload Vulnerability
  • Description: FlatNuke is a content management system (CMS). It is exposed to an arbitrary file upload vulnerability because it fails to sufficiently sanitize user-supplied input to the "myforum" cookie parameter of the "index.php" script file. Versions 2.5.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20466
  • 06.41.105 - CVE: Not Available
  • Platform: Web Application
  • Title: CommunityPortals Bug.PHP Remote File Include
  • Description: CommunityPortals is a web-based portal application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied data to the "cp_root_path" parameter of the "bug.php" script. CommunityPortals version 1.0 Build 12-31-18 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448311
  • 06.41.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Dokeos Multiple Remote File Include Vulnerabilities
  • Description: Dokeos is a web-based e-learning and course management application. Insufficient sanitization of user-supplied input exposes the application to multiple remote file include issues. Dokeos version 1.6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/20468
  • 06.41.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Call-Center-Software Multiple Input Validation and Information Disclosure Vulnerabilities
  • Description: Call-Center-Software is an application designed to track and manage customer service type phone call activity. It is is prone to multiple cross-site scripting, SQL injection and information disclosure vulnerabilities. Versions 0.93 and prior are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/20474
  • 06.41.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Xeobook Multiple SQL Injection Vulnerabilities
  • Description: Xeobook is a guestbook script. Xeobook is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. Specifically, it fails to properly sanitize input to the "$HTTP_USER_AGENT", "$gb_entry_text", "$gb_location", "$gb_fullname", and "$gb_sex" parameters of the "sign.php" script. Xeobook 0.93 and prior versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20476
  • 06.41.109 - CVE: Not Available
  • Platform: Web Application
  • Title: SH-News Scriptpath Parameter Multiple Remote File Include Vulnerabilities
  • Description: SH-News is a web-based news management application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "scriptpath" parameter of various scripts. SH-News version 3.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20478
  • 06.41.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Leicestershire Community Portals Cp_Root_Path Remote File Include
  • Description: Leicestershire Community Portals is a community oriented website and portal software. Insufficient sanitization of the "cp_root_path" parameter of the "includes/import-archive.php" script exposes the application to a remote file include issue. This issue affects version 1.0 build 20051018.
  • Ref: http://www.securityfocus.com/bid/20479
  • 06.41.111 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP News Reader Phpbb.inc.PHP Remote File Include
  • Description: PHP News Reader is a web-based news reader. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "CFG[auth_phpbb_path]" parameter of the "auth/phpbb.inc.php" script. Versions 2.6.2 and 2.6.4 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20480
  • 06.41.112 - CVE: Not Available
  • Platform: Web Application
  • Title: E-Uploader Pro Config.PHP Remote File Include
  • Description: E-Uploader Pro is a web-based uploader script written in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "language" parameter of the "include/config.php" script. This issue affects versions 1.0 and prior.
  • Ref: http://www.rahim.webd.pl/exploity/Exploits/99.txt
  • 06.41.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Minichat FTag.PHP Remote File Include
  • Description: Minichat is a web messaging application. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "mostrar" parameter of the "ftag.php" script. This issue affects version 6.
  • Ref: http://www.securityfocus.com/bid/20482
  • 06.41.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Journals System PhpBB Phpbb_Root_Path Multiple Remote File Include Vulnerabilities
  • Description: Journals System is a package for phpBB. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to various scripts. Journals System for phpBB version 1.0.2 RC2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448443
  • 06.41.115 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP TopSites Config.PHP Remote File Include
  • Description: PHP TopSites is a toplist application written in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "fullpath" parameter of the "config.php" script. Version 1.022 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20486
  • 06.41.116 - CVE: Not Available
  • Platform: Web Application
  • Title: ExtCalThai Mambo Component Multiple Remote File Include Vulnerabilities
  • Description: ExtCalThai is a web-based calendar component for the Mambo content management system implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "CONGIF_EXT[LANGUAGES_DIR]" parameter of the "admin_events.php' script and the "CONFIG_EXT[LIB_DIR]" parameter of the "lib/mail.inc.php" script. ExtCalThai verions 0.9.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448431
  • 06.41.117 - CVE: Not Available
  • Platform: Web Application
  • Title: MiniBB Keyword Replacer Plugin Remote File Include
  • Description: Keyword Replacer is a plugin module for MiniBB, which is a web-based forum application that is implemented in PHP. MiniBB is prone to a remote file include vulnerability due to insufficient input sanitization of the "pathToFiles" parameter of the "addon_keywordreplacer.php" script. Version 1.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20492
  • 06.41.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Insert User PHPBB PHPBB_Root_Path Remote File Include
  • Description: Insert User is a phpBB module for user registration; it is implemented in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "functions_mod_user.php" script. This issue affects versions 0.1.2 and prior.
  • Ref: http://www.securityfocus.com/bid/20493
  • 06.41.119 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeWPS Upload.PHP Remote Command Execution
  • Description: FreeWPS is prone to a command execution vulnerability because it fails to sanitize user-supplied input in the "FILES" parameter of the "upload.php" script. FreeWPS version 2.11 is affected.
  • Ref: http://www.securityfocus.com/bid/20494
  • 06.41.120 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys WRT54GX V2.0 WAN Port UPnP Vulnerability
  • Description: The Linksys WRT54GX is a wireless router. It is vulnerable to unauthorized configuration changes via the Universal Plug and Play (UPnP) because UPnP is available to both the LAN and WAN interface. Linksys WRT54GX with firmware version 2.00.05 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20415/info

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The vendor-neutral instructional approach goes a long way in providing a broad base of information without bias.
-Keith Rice, Bank of America

Securing the Internet of Things - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.