Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 42
October 23, 2006

SANS Newsletters Home

A long time ago, Novell was a safe operating environment because the attackers ignored it. As you'll see from the first item, that's no longer true. The reason: competition for victims has caused the cyber criminals to look beyond Windows and UNIX to other operating systems and especially to applications and appliances. A more subtle, and more troubling, element of this week's @RISK newsletter is the number of new web application vulnerabilities discovered (more than 66 this week alone). They are not called "critical," because they are in software that is not as widely used as Windows or UNIX. But to the people who run those software packages - they are very critical.

Those web application vulnerabilities are often caused by programmers who were never taught about the common errors and how to avoid them. In December, twenty two government and commercial organizations in three countries are going to be testing a new exam that hopes to measure how well programmers have mastered knowledge about the common security errors and what to do about them. Eight more organizations can participate. Qualifications include (1) you employ at least 200 programmers, and (2) you are willing to ask nearly all of them to try the exam and provide feedback (anonymously), and (3) you will help answer the key questions needed to decide how to move the project forward. If you are interested (no commitment needed, but you do have to have at least 200 programmers) email SPA@sans.org with a description of your organization and the number of programmers you employ. SPA stands for secure programming assessment.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Microsoft Office
    • 1
    • Third Party Windows Apps
    • 5
    • Mac OS
    • 1
    • BSD
    • 2
    • Solaris
    • 1
    • UNIX (#3)
    • Cross Platform
    • 15 (#1, #2, #4)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 4
    • Web Application
    • 66
    • Hardware
    • 3

*********** Sponsored By Core Security Technologies ***********

WIN a $250 BestBuy gift card from Core Security Technologies! Listen to the joint Gartner and SANS webcast as they discuss the future of information security. Register here http://www.sans.org/info/1567

View the webcast and automatically be entered into a drawing for a $250 gift card from Core Security Technologies!

*************************************************************************

Three Great SANS Training Conferences Coming Up (and a $1,000 challenge) San Jose, New Orleans and Washington DC. Shon Harris and Eric Cole will be teaching the CISSP prep courses in San Jose and DC respectively. We'll pay a $1000 prize to any person who is the first to identify a higher rated CIISP prep teacher than Eric and Shon. In DC, Ed Skoudis will be teaching Hacker Exploits, Jason Fossen will be teaching Windows Security, Stephen Northcutt will be teaching comprehensive security management, Josh Wright will be teaching Wireless Security, Mike Poor will be teaching Intrusion Detection, Rob Lee will be teaching Forensics and there are more. The same $1000 challenge goes for every one of them. The faculty sets SANS apart. You have simply never had a better teacher of these topics. Many of those same teachers will also be in New Orleans.

That's why more than 8,000 students have written comments like this: ++ "I have attended courses by several of SANS rivals, and SANS blew them away." - Alton Thompson, US Marines

New Orleans: Nov. 14-21, http://www.sans.org/neworleans06/event.php

San Jose: Dec. 4-9 http://www.sans.org/siliconvalley06/index.php

Washington DC: Dec. 9-16 http://www.sans.org/cdieast06/event.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Third Party Windows Apps
Mac Os
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Hardware

*************************** Sponsored Links: **************************

1) Insider threat research report shows CEO_s in denial. Download the report now from ArcSight. http://www.sans.org/info/1568

2) Security professionals will focus on fighting the most common threats to data at the SANS Secure Storage & Encryption Summit, December 6-7. http://www.sans.org/info/1569

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Oracle Critical Patch Update October 2006
  • Affected:
    • A number of Oracle products including: Oracle Database Server, Oracle
    • Application Express, Oracle Application Server, Oracle Collaboration
    • Suite, Oracle E-Business Suite, Oracle Pharmaceutical Applications and
    • Oracle PeopleSoft/JDE Tools. ( For specific versions of the affected
    • products, please consult the Oracle advisory.)

  • Description: Oracle has released a cumulative security patch for a wide range of products on October 17, 2006. This critical update patches over 100 vulnerabilities that can be exploited via HTTP or Oracle Net protocol. Oracle Application Express is the most severely affected product according to the CVSS ratings for its vulnerabilities (computed by Oracle). Although Oracle's advisory has reported low CVSS scores on a large number of database flaws (i.e. the flaws are moderate or low severity), NGSSoftware points out that some of the database flaws can be exploited without a valid userid/password. Hence, Oracle Database and Application Express patches should be applied on a priority basis.

  • Status: Apply the Oracle Critical Patch Update for October 2006. NGSSoftware also reports that updates are not available for some platforms.

  • Council Site Actions: Most of the reporting council sites are taking action on this item and plan to role out the patches at some point in the future. A few sites will use the next regularly scheduled system maintenance window. Other sites are processing through their normal, but rigorous Oracle patch regression testing process, and will deploy the patches once testing is complete and successful.

  • References:
  • (3) HIGH: Asterisk Cisco Skinny Parsing Integer Overflow
  • Affected:
    • Asterisk versions 1.2.x prior to 1.2.13
    • Asterisk versions 1.0.x prior to 1.0.12

  • Description: Asterisk is an open-source PBX server for UNIX-based systems and is being deployed from small and medium to large enterprises for VoIP services. Asterisk contains a heap-based buffer overflow that can be triggered by a specially crafted Skinny protocol packet. An unauthenticated attacker, who can connect to the Asterisk server's port 2000/tcp, can exploit the overflow to execute arbitrary code with root privileges. Proof-of-concept exploit has been publicly posted.

  • Status: Vendor confirmed. Asterisk versions 1.2.13, 1.0.12 and 1.4.x are not vulnerable.

  • Council Site Actions: Only one of the reporting council sites is using the affected software. They are still in the process of evaluating if their configuration is vulnerable.

  • References:
  • (4) MODERATE: ClamAV PE File Processing Overflow
  • Affected:
    • ClamAV versions prior to 0.88.5

  • Description: ClamAV is an open-source antivirus software designed mainly for scanning emails on UNIX mail gateways. The software includes a virus scanning library - libClamAV. This library is used by many third party email, web, FTP scanners as well as mail clients. The library contains a heap-based buffer overflow that can be triggered by specially crafted executable (PE) files. The attacker can send the malicious files via email, web, FTP or a file share, and exploit the heap-based overflows to execute arbitrary code on the system running the ClamAV library. The technical details can be obtained by comparing the fixed and the affected versions of the software. Note that for compromising the mail/web/FTP gateways no user interaction is required.

  • Council Site Actions: Only one of the reporting council sites is using the affected software and only on a very limited basis. They are in the process of applying the DSA-1196-1 update.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 42, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5224 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.42.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow
  • Description: Microsoft Class Package Export Tool is a utility for MS windows. It is exposed to a local buffer overflow issue due to a failure of the application to properly size attacker-supplied data before copying it into an insufficiently sized memory buffer. Version 5.0.2752.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20561
  • 06.42.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Unspecified Remote Denial of Service
  • Description: Microsoft PowerPoint is vulnerable to an unspecified remote denial of service issue. This issue is due to a failure of the application to properly handle specially-crafted files. Powerpoint 2003 is vulnerable. Ref: http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
  • 06.42.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SafeWord RemoteAccess Local Information Disclosure Vulnerability
  • Description: SafeWord RemoteAccess is an authentication tool used to generate and store pass codes. It is exposed to an information disclosure issue because it stores sensitive data with insecure permissions. Version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/20509
  • 06.42.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Utimaco Safeguard Encryption Key Information Disclosure
  • Description: Utimaco Safeguard Easy is a data protection and encryption application. It is exposed to an information disclosure issue because it fails to protect sensitive information from unprivileged users.
  • Ref: http://www.securityfocus.com/bid/20529
  • 06.42.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion
  • Description: Internet Security Systems BlackICE PC Protection is a firewall/IDS implementation for desktop systems running Microsoft Windows. It is prone to a file deletion vulnerablity because an attacker can delete "filelock.txt" using the native API function "ZwDeleteFile". By deleting this text file, an attacker can modify any file that was listed in the text file. Versions 3.6.cpu and 3.6.cpj are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20546
  • 06.42.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PassGo Defender Local Insecure Default Directory Permissions
  • Description: PassGo Defender is a two-factor authentication system which runs on the Microsoft Active Directory environment. The application's default settings allow local users to access the application directory and read or modify the contents. Specifically, the default setting grants the "Everyone" group "Full Control". Version 5.2 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/20600
  • 06.42.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Airmagnet Enterprise Management Multiple Vulnerabilities
  • Description: Airmagnet enterprise management is a LAN integrity management solution. It is affected by multiple cross-site scripting, HTML injection and man in the middle type of attacks. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20602
  • 06.42.8 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Xcode Openbase Privilege Escalation
  • Description: Apple Xcode is a development application for the Mac OS X operating system. A privilege escalation issue exists because the application executes "gnutar" with root privileges and does not handle the "TAR_OPTIONS" parameter. An attacker may exploit this issue to include this parameter and call a malicious application under the "gzip" name to be executed with the root privileges. Please refer to the advisory for vulnerable versions.
  • Ref: http://www.securityfocus.com/bid/20562
  • 06.42.9 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD Scheduler Policy Local Denial of Service
  • Description: FreeBSD is prone to a local denial of service vulnerability due to a failure of the kernel to require superuser privileges to alter the kernel's scheduling priority. Specifically, local unprivileged users may call the "sched_setscheduler()" function to alter the kernel's scheduling priority. FreeBSD versions 5.5-RELEASE through 6.0-RELEASE-p10 are vulnerable to this issue.
  • Ref: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/posix4/p1003_1b.c
  • 06.42.10 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD Ftrucante Local Denial of Service
  • Description: FreeBSD is vulnerble to a local denial of service issue because the kernel fails to properly handle "ftruncate()" calls on certain file types. FreeBSD versions 6.0-RELEASE-p5 and 6.1-RELEASE-p10 are vulnerable.
  • Ref: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ufs/ufs/ufs_vnops.c
  • 06.42.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris TCP Fusion Local Denial of Service
  • Description: Sun Solaris is vulnerable to a local denial of service issue. This occurs in the TCP loopback connections where both ends of the connection are on the same system and causes an error in the "tcp_fuse_rcv_drain()" function resulting in a system crash. Sun Solaris 10 is vulnerable. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102667-1&searchclause=
  • 06.42.12 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kmail CGI Unspecified Remote Authentication Bypass
  • Description: Kmail CGI is a mail client application. It is affetced by an authentication bypass vulnerability. Kmail CGI versions prior to 1.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/20506
  • 06.42.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee Network Agent Remote Denial of Service
  • Description: McAfee Network Agent is prone to a remote denial of service issue when it receives excessive amounts of data to TCP port 6646. McAfee Network Agent version 1.0.178.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20496
  • 06.42.14 - CVE: CVE-2006-4154
  • Platform: Cross Platform
  • Title: Apache Mod_TCL Remote Format String
  • Description: Apache mod_tcl is a module for Apache 2.x servers that implements a TCL interpreter. It is prone to a remote format string vulnerability due to improper sanitization of user-supplied input prior to including it in the format-specifier argument of a formatted-printing function. Apache mod_tcl version 1.0 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20527
  • 06.42.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Clam Anti-Virus PE Rebuilding Heap Buffer Overflow
  • Description: ClamAV is prone to a heap buffer overflow vulnerability because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. ClamAV version 0.88.4 is affected.
  • Ref: http://www.securityfocus.com/bid/20535
  • 06.42.16 - CVE: CVE-2006-5295
  • Platform: Cross Platform
  • Title: Clam Anti-Virus CHM Unpacker Denial of Service
  • Description: ClamAV is an anti-virus application for Windows and Unix-like operating systems. It is exposed to a denial of service vulnerability. This is due to an unspecified failure in the CHM unpacker that leads to a crash. Version 0.88.4 of Clam Anti-Virus is affected.
  • Ref: http://www.securityfocus.com/archive/1/448845
  • 06.42.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KMail HTML Element Handling Denial Of Service
  • Description: KMail is a mail client for the KDE desktop environment. It is prone to a denial of service vulnerability because the application fails to handle specially crafted emails. Versions 1.9.1 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20539
  • 06.42.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NVidia Binary Graphics Driver For Linux Buffer Overflow
  • Description: The Nvidia binary graphics driver is exposed to a buffer overflow vulnerability. NVidia Driver for Linux versions 8774 and 8762 are affected.
  • Ref: http://www.securityfocus.com/bid/20559
  • 06.42.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libksba Signature Verification Denial of Service
  • Description: Libksba is a library enabling other applications easy access to X.509 certificates and CMS capabilities. The library crashes when verifying a signature with a malformed X.509 certificate. An attacker can cause a denial of service by assigning a malicious X.509 certificate to a signature and enticing a user to verify said signature with a product that relies upon the KSBA library. SUSE Linux version 0.9.12 of the libksba library is affected by this issue. As well as Ubuntu libksba8 version 0.9.9-2ubuntu0.5.04.
  • Ref: http://www.securityfocus.com/bid/20565
  • 06.42.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP dtmail Attachment Argument Buffer Overflow
  • Description: HP dtmail is a desktop email application. A buffer overflow vulnerability exists in dtmail when processing an overly-long argument to the "-a" flag of the application. The problem occurs due to insufficient bounds checking when copying a filename argument into an internal memory buffer. This vulnerability exists in dtmail version 5.1b.
  • Ref: http://www.securityfocus.com/bid/20580
  • 06.42.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle October 2006 Security Update Multiple Vulnerabilities
  • Description: Oracle has released a Critical Patch Update advisory for October 2006 to address multiple vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. The Oracle advisory describes 101 vulnerabilities in all. Please visit the reference link for more information. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
  • 06.42.22 - CVE: CVE-2006-4819
  • Platform: Cross Platform
  • Title: Opera Web Browser URI Tag Parsing Heap Buffer Overflow
  • Description: Opera Web Browser is a web client available for multiple platforms. It is exposed to a heap buffer overflow issue because it fails to sufficiently bounds check user-supplied data before copying it to the heap. Specifically, when the application parses a tag which contains a URI it copies the URI to a 256 byte buffer on the heap. URI data in excess of 256 bytes will overwrite neighboring memory. Opera versions 9.01 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20591
  • 06.42.23 - CVE: CVE-2006-5330
  • Platform: Cross Platform
  • Title: Flash Player Plugin HTTP Header Injection Weakness
  • Description: The Flash Player plugin is an addon to enable web browsers to display Flash content. It is vulnerable to an injection of arbitrary HTTP headers due to insufficient sanitization of user-supplied input to the "XML.addRequestHeader()" and "XML.contentType" parameters. Adobe Flash Player plugin versions 9.0.16 for Windows and 7.0.63 for Linux are vulnerable.
  • Ref: http://download2.rapid7.com/r7-0026/
  • 06.42.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Highwall Management Interface Multiple Input Validation Vulnerabilities
  • Description: Highwall Enterprise and Highwall Endpoint are wireless intrusion detection systems (IDS). It is prone to multiple SQL injection and cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Highwall Enterprise and Highwall Endpoint management interface version 4.0.2.11045 is affected.
  • Ref: http://www.securityfocus.com/bid/20605
  • 06.42.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Asterisk Chan_Skinny Remote Buffer Overflow
  • Description: Asterisk is a private branch exchange (PBX) application. It is prone to a remote heap based buffer overflow vulnerability in the "chan_skinny" channel driver for Cisco SCCP phones. Versions 1.2.11 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20617
  • 06.42.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yahoo! Messenger Service Remote Buffer Overflow Vulnerabilities
  • Description: Yahoo! Messenger is affected by a remote buffer overflow issue because it fails to properly bound check user-supplied data before copying it to an insufficiently sized memory buffer. Yahoo! Messenger 8 with Voice is affected.
  • Ref: http://www.securityfocus.com/bid/20625
  • 06.42.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Xoops Search.PHP Cross-Site Scripting
  • Description: Xoops is web portal software. Insufficient sanitization of the "term" parameter of the "modules/newbb/search.php" script exposes the application to a cross-site scripting issue.
  • Ref: http://www.securityfocus.com/bid/20514
  • 06.42.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MySQLDumper SQL.PHP Cross-Site Scripting
  • Description: MySQLDumper is an application that makes a database secure from cron jobs. It is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "db" parameter of the "sql.php" script file. Version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/20460
  • 06.42.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GContact Multiple Cross-Site Scripting Vulnerabilities
  • Description: GContact is a web-based address book application. It is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to multiple scripts and parameters. GContact version 0.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/20530
  • 06.42.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: H-Sphere WebShell Login.PHP Cross-Site Scripting
  • Description: WebShell is a web-based file management package for the H-Sphere web hosting application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "login" parameter of the "login.php" script. H-Sphere versions 2.5.1 Beta 1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20532
  • 06.42.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TorrentFlux Startpop.PHP Cross-Site Scripting
  • Description: TorrentFlux is a web-based torrent manager. It is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data to the "torrent" parameter of the "startpop.php" script file. Version 2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20534
  • 06.42.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webgenius GOOP Gallery Index.PHP Cross-Site Scripting
  • Description: GOOP Gallery is a directory-based photo gallery. It is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "image" parameter of the "index.php" script. GOOP Gallery versions 2.0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20554
  • 06.42.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPList Index.PHP Cross-Site Scripting
  • Description: PHPList is a directory based photo gallery. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "p" parameter of the "index.php" script. PHPList version 2.10.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20577
  • 06.42.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F5 FirePass 1000 SSL VPN My.AccTab.PHP3 Cross-Site Scripting
  • Description: F5 FirePass 1000 is an SSL VPN appliance which utilizes PHP for the web based user interface. The user interface is vulnerable to cross-site scripting attacks due to insufficient sanitization of the "sid" parameter of the "my.acctab.php3" script. Version 5.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20583
  • 06.42.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DEV Web Manager System Index.PHP Cross-Site Scripting
  • Description: DEV Web Manager System is a content management system. Insufficient sanitization of the "action" parameter in the "index.php" script exposes the application to a cross-site scripting issue. DEV Web Manager version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/20590
  • 06.42.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: db-central CMS Search Cross-Site Scripting
  • Description: db-central CMS is a web-based content management system. It is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "needle" parameter when performing a search. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20622
  • 06.42.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Serendipity Administration Page Multiple Cross-Site Scripting Vulnerabilities
  • Description: Serendipity is a weblog application implemented in PHP. The software is vulnerable to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input to multiple scripts and parameters. Versions prior to 1.0.2 are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/archive/1/449189
  • 06.42.38 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Def-Blog Comadd.PHP SQL Injection
  • Description: Def-Blog is a web-based blog application. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "article" parameter of "comadd.php" before using it in an SQL query. This issue affects version 1.0.1 and earlier.
  • Ref: http://www.securityfocus.com/bid/20552
  • 06.42.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simplog Comments.PHP SQL Injection
  • Description: Simplog is a web-based blog application implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "cid" parameter of "comments.php". Version 0.9.3.1 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20556
  • 06.42.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kinesis Interactive Cinema System Index.ASP SQL Injection
  • Description: Kinesis Interactive Cinema System is a web site management system. Insufficient sanitization of the "index.asp" script exposes the application to an SQL injection issue.
  • Ref: http://www.securityfocus.com/bid/20607
  • 06.42.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BSQ Sitestats Joomla Component HTML Injection and SQL Injection Vulnerabilities
  • Description: BSQ Sitestats is a Joomla component that handles site-visitor statistics. It is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Versions 1.8.0 and 2.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/20614
  • 06.42.42 - CVE: Not Available
  • Platform: Web Application
  • Title: Genepi Genepi.PHP Remote File Include
  • Description: Genepi is a PHP library for building editors. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "topdir" parameter of the "genepi.php" script. Genepi versions 1.6 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20510
  • 06.42.43 - CVE: Not Available
  • Platform: Web Application
  • Title: Bloq Page[Path] Multiple Remote File Include Vulnerabilities
  • Description: Bloq is a weblog system implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user supplied input to the "page[path]" parameter of several scripts. Version 0.5.4 is vulnerable to these issues.
  • Ref: http://www.securityfocus.com/archive/1/448603
  • 06.42.44 - CVE: Not Available
  • Platform: Web Application
  • Title: lat2cyr Lat2Cyr.PHP Remote File Include
  • Description: lat2cyr is a Latin to Cyrillic translator for phpBB. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of "lat2cyr.php". lat2cyr versions 1.0.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20513
  • 06.42.45 - CVE: Not Available
  • Platform: Web Application
  • Title: SpamOborona Admin_Spam.PHP Remote File Include
  • Description: SpamOborona is an anti-spam tool for phpBB. It is exposed to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "admin/admin_spam.php" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20515
  • 06.42.46 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB News Defilante Horizontale PHPBB_Root_Path Parameter Remote File Include
  • Description: News Defilante Horizontale is a component to phpBB bulletin board. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpbb_root_path" parameter of the "functions_newshr.php" script. News Defilante Horizontale versions 4.1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448655
  • 06.42.47 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB PlusXL PHPBB_Root_Path Parameter Remote File Include
  • Description: phpBB PlusXL is a modified version of the phpBB bulletin board to include added features. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter of the "constants.php" script. This issue affects versions 2 and prior.
  • Ref: http://www.securityfocus.com/bid/20315
  • 06.42.48 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB Add Name Module Not_Mem.PHP Remote File Include
  • Description: The Add Name component is a module for the phpBB bulletin board. It is prone to a remote file include vulnerability due to insufficient sanitization of the "phpbb_root_path" parameter of the "non_mem.php" script. All known versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20516
  • 06.42.49 - CVE: Not Available
  • Platform: Web Application
  • Title: Alex DownloadEngine Spaw_Root Remote File Include
  • Description: DownloadEngine is a web-based application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "spaw_root" parameter of the "admin/includes/spaw/spaw_control.class.php" script. DownloadEngine version 1.4.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448574
  • 06.42.50 - CVE: CVE-2006-5307
  • Platform: Web Application
  • Title: Afgb Guestbook Htmls Multiple Remote File Include Vulnerabilities
  • Description: Afgb Guestbook is a guestbook application implemented in PHP. Afgb Guestbook is prone to multiple remote file include vulnerabilities because it fails to properly sanitize user supplied input to the "Htmls" parameter of several scripts. Version 2.2 is reported to be affected.
  • Ref: http://www.milw0rm.com/exploits/2529
  • 06.42.51 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyConferences Menus.Inc.PHP Remote File Include
  • Description: phpMyConferences is a conferencing tool implemented in PHP. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "lvc_include_dir" parameter of the "menus.inc.php" script. Versions 8.0.2 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20505
  • 06.42.52 - CVE: Not Available
  • Platform: Web Application
  • Title: Maluinfo PHPBB_Root_Path Parameter Remote File Include
  • Description: Maluinfo is a Brazilian version of phpBB bulletin board. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "bb_usage_stats.php" script. Version 206.2.38l is affected.
  • Ref: http://www.securityfocus.com/bid/20507
  • 06.42.53 - CVE: Not Available
  • Platform: Web Application
  • Title: CDSAgenda Sendalertemail.PHP Remote File Include
  • Description: CDSAgenda is a meeting, conference and agenda manager application. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "AGE" parameter of the "SendAlertEmail.php" script. CDSAgenda version 4.2.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20508
  • 06.42.54 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Security PHPBB_Security.PHP Remote File Include
  • Description: phpBB Security is a security module for phpBB. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "phpbb_security.php" script. This issue affects version 1.0.1.
  • Ref: http://www.securityfocus.com/bid/20518
  • 06.42.55 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Prillian French Lang_Prillian_Faq.PHP Remote File Include
  • Description: The Prillian French component is a module for the phpBB bulletin board. Insufficient sanitization of the "phpbb_root_path" parameter of the "lang_prillian_faq.php" script exposes the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20520
  • 06.42.56 - CVE: Not Available
  • Platform: Web Application
  • Title: RamaCMS ADODB.Inc.PHP Remote File Include
  • Description: RamaCMS is a content manager system. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "adodb.inc.php" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20523
  • 06.42.57 - CVE: CVE-2006-5223
  • Platform: Web Application
  • Title: phpBB Admin User Viewed Posts Tracker Module Remote File Include
  • Description: Admin User Viewed Posts Tracker is a third party phpBB module to track site usage. The Admin User Viewed Posts Tracker is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpbb_root_path" parameter of the "functions_user_viewed_posts.php" script. Admin User Viewed Posts Tracker versions 1.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448445
  • 06.42.58 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPHT Topsites Common.PHP Remote File Include
  • Description: PHPHT Topsites is a web application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpht_real_path" parameter of the "common.php" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20491
  • 06.42.59 - CVE: CVE-2006-5302
  • Platform: Web Application
  • Title: Redaction System Lang_Prefix Multiple Remote File Include Vulnerabilities
  • Description: Redaction System is a visual content management system. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "lang_prefix" parameter of various scripts. Redaction System version 1.0000 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20499
  • 06.42.60 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Import Tools component PHP Remote File Include
  • Description: The Import Tools component is a module for the phpBB bulletin board. It is prone to a remote file include vulnerability due to insufficient sanitization of the "phpbb_root_path" parameter of the "functions_mod_user.php" script. Versions 0.1.4 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20525
  • 06.42.61 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Amazonia Component Zufallscodepart.PHP Remote File Include
  • Description: The Amazonia component is a module for the phpBB bulletin board. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "zufallscodepart.php" script.
  • Ref: http://www.securityfocus.com/archive/1/448644
  • 06.42.62 - CVE: CVE-2006-5304
  • Platform: Web Application
  • Title: IncCMS Core Inc_Dir Remote File Include
  • Description: IncCMS Core is an extension website framework. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "inc_dir" parameter of the "inc/settings.php" script. IncCMS Core version 1.0.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20531
  • 06.42.63 - CVE: CVE-2006-5210
  • Platform: Web Application
  • Title: IronWebMail Directory Traversal Information Disclosure
  • Description: IronWebMail is a security application designed to proxy and sanitize webmail traffic. It is vulnerable to an information disclosure issue due to insufficient sanitization of HTTP GET requests containing "/IM_FILE()" sequences. IronWebMail versions earlier to 6.1.1 HotFix-17 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20436
  • 06.42.64 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyConferences Config.Inc.PHP Remote File Include
  • Description: phpMyConferences is a conferencing application implemented in PHP. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "lvc_include_dirr" parameter of the "config.inc.php" script. Versions 8.0.2 and prior are vulnerable to this issue.
  • Ref: http://sedre.loria.fr/phpMyConference/
  • 06.42.65 - CVE: Not Available
  • Platform: Web Application
  • Title: ViewVC UTF-7 Charset Unspecified HTML Injection
  • Description: ViewVC is a web-based interface for CVS and Subversion version control repositories manager. Insufficient sanitization of user-supplied input exposes the application to an HTML injection issue. ViewVC versions 1.0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20543
  • 06.42.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Asbru Software Web Content Editor Shell Command Execution Vulnerability
  • Description: The Asbru Software Web Content Editor is a content management application. The application is susceptible to a shell command execution vulnerability. The application fails to properly sanitize user-supplied input before using it in a process creation function call. This issue affects versions earlier than 6.0.22.
  • Ref: http://www.securityfocus.com/bid/20544
  • 06.42.67 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBurningPortal Multiple Remote File Include Vulnerabilities
  • Description: PHPBurningPortal is a web portal application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied data to the "lang_path" parameter of the "quest_delete.php", "quest_edit.php" and "quest_news.php" scripts. PHPBurningPortal versions 1.0.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20547
  • 06.42.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo MostlyCE HTMLTemplate.PHP Remote File Include
  • Description: MostlyCE is a WYSIWYG editor add-on for the Mambo content management system, written in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "htmltemplate.php" script.
  • Ref: http://www.securityfocus.com/archive/1/448786
  • 06.42.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Osprey GetRecord.PHP Remote File Include
  • Description: Osprey is a peer-to-peer content distribution system. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "lib_dir" parameter of the "GetRecord.php" script. This issue affects versions 1.0 and earlier.
  • Ref: http://www.securityfocus.com/bid/20552
  • 06.42.70 - CVE: Not Available
  • Platform: Web Application
  • Title: AROUNDMe P_New_Password.TPL.PHP Remote File Include
  • Description: AROUNDMe is an extensible website framework. Insufficient sanitization of the "templatePath" parameter of the "p_new_password.tpl.php" script exposes the application to a remote file include issue. AROUNDMe versions 0.5.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20553
  • 06.42.71 - CVE: Not Available
  • Platform: Web Application
  • Title: CyberBrau Track.PHP Remote File Include
  • Description: CyberBrau is a beer brewing recipe application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "path" parameter of the "track.php" script. CyberBrau versions 0.9.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20555
  • 06.42.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Smarty Smarty.Class.PHP Remote File Include
  • Description: Smarty is a content management system that is implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of the "filename" parameter of "Smarty.class.php". Version 2.6.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20557
  • 06.42.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Campware Campsite Thankyou.PHP Remote File Include
  • Description: CampSite is a web publishing tool implemented in PHP. CampSite is affected by a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "g_documentRoot" parameter of the "thankyou.php" script. Versions 2.6.1 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20519
  • 06.42.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Lodel CMS Calcul-Page.PHP Remote File Include
  • Description: Lodel CMS is a publishing application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "home" parameter of the "calcul-page.php" script. Version 0.7.3 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20551
  • 06.42.75 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB ACP User Registration PHPBB_Root_Path Parameter Remote File Include
  • Description: ACP User Registration is an add on for the phpBB content management system. Insufficient sanitization of the "phpbb_root_path" parameter exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/20558
  • 06.42.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Maintain Example6.PHP Remote File Include
  • Description: Maintain is a web-based DNS and DHCP management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phphtmllib" parameter in the "example6.php" script. Maintain version 3.0.0 RC2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/448780
  • 06.42.77 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerMovieList Edit User HTML Injection
  • Description: PowerMovieList is a movie database application implemented in PHP. The application is prone to an HTML injection vulnerability because it fails to properly sanitize user supplied input before using it in dynamically generated content. Malicious input can be supplied through the "email" field of the "Edit User" script named "edituser.php".
  • Ref: http://www.securityfocus.com/bid/20564
  • 06.42.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Comdev One Admin Pro Adminfoot.PHP Remote File Include
  • Description: Comdev One Admin Pro is a web application that allows users to create and customize PHP modules. Insufficient sanitization of the "path[docroot]" parameter of the "adminfoot.php" script exposes the application to a remote file include issue. Comdev One version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/20566
  • 06.42.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Conference Systems Fullpath Remote File Include
  • Description: Open Conference Systems is a web publishing tool. It is affected by a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "fullpath" parameter of the "include/themes.inc.php" and "include/footer.inc.php" scripts. Version 1.1.3 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/20567
  • 06.42.80 - CVE: Not Available
  • Platform: Web Application
  • Title: SuperMod Multiple Remote File Include Vulnerabilities
  • Description: SuperMod is a portal building system application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "sourcedir" parameter of the "Offline.php", "Sources/Offline.php", and "content/portalshow.php" scripts. SuperMod version 3.0.0 is vulnerable.
  • Ref: http://milw0rm.com/exploits/2553
  • 06.42.81 - CVE: Not Available
  • Platform: Web Application
  • Title: SuperMod Multiple Remote File Include Vulnerabilities
  • Description: SuperMod is a forum. It is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied data to the "sourcedir" parameter of the "Offline.php", "Sources/Offline.php" and "content/portalshow.php" scripts. SuperMod version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20568
  • 06.42.82 - CVE: Not Available
  • Platform: Web Application
  • Title: P-News P-news.PHP Remote File Include
  • Description: P-News is a forum implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of the "pn_lang" parameter of the "p-news.php" script. Versions 1.16 and 1.17 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20569
  • 06.42.83 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Archive for Search Engines PHPBB_Root_Path Parameter Remote File Include
  • Description: Archive for Search Engines is an add-on for the phpBB content management system. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "templates/archive/archive_topic.php" script.
  • Ref: http://www.securityfocus.com/bid/20571
  • 06.42.84 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenDock FullCore Remote File Include Vulnerabilities
  • Description: OpenDock FullCore is a content management system. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied data to the "$doc_directory" parameter of multiple scripts. Version 4.4 is reported to be affected.
  • Ref: http://www.securityfocus.com/bid/20573
  • 06.42.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Specimen Image Database Remote File Include
  • Description: Specimen Image Database is a searchable database of biodiversity data. Insufficient sanitization of the "$dir" parameter of the "client.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/20574
  • 06.42.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpMyManga Multiple Remote File Include Vulnerabilities
  • Description: PhpMyManga is a web-based gallery. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "actionsPage" and "formPage" parameters of the "template.php" script. PhpMyManga versions 0.8.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20572
  • 06.42.87 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPRecipeBook Import_MM.Class.PHP Remote File Include
  • Description: PHPRecipeBook is a web based cookbook tool. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g_rb_basedir" parameter of the "classes/Import_MM.class.php" script file. PHPRecipeBook versions 2.18 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20575
  • 06.42.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Boonex Dolphin Index.php Remote File Include
  • Description: Dolphin is an online community application implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of the "dir['inc']" parameter of the "index.php" script. Versions 5.2 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20576
  • 06.42.89 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyBibli Multiple Remote File Include Vulnerabilities
  • Description: phpMyBibli is a library application, implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to properly sanitize user-supplied input to the several script and parameter groups. phpMyBibli versions 2.1 and prior are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/archive/1/448954
  • 06.42.90 - CVE: Not Available
  • Platform: Web Application
  • Title: TorrentFlux Admin.PHP Multiple HTML Injection Vulnerabilities
  • Description: TorrentFlux is a web-based torrent application. It is prone to multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input to the 'action", "file" and "user_id" parameters of the "admin.php" script. Version 2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20579
  • 06.42.91 - CVE: Not Available
  • Platform: Web Application
  • Title: VBulletin Registration Requests Remote Denial of Service
  • Description: VBulletin is an online bulletin board. The "register.php" script fails to handle registration requests exposing it to a remote denial of service issue. VBulletin version 3.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20581
  • 06.42.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Alice-CMSGuestbook/Index.PHP Remote File Include
  • Description: Alice-CMSGuestbook is a web-based content management system. It is exposed to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "CONFIG[local_root]" parameter of the "modules/guestbook/index.php" script.
  • Ref: http://www.securityfocus.com/bid/20585
  • 06.42.93 - CVE: Not Available
  • Platform: Web Application
  • Title: WSN Forum Avatar Upload PHP Code Execution
  • Description: WSN Forum is a web-based forum application written in PHP. The application is prone to an arbitrary PHP code execution vulnerability when uploading avatar images. The "prestart.php" script fails to properly sanitize configuration variables and allows a malicious user to inject script code using the "pathtoconfig" parameter. Versions 1.3.4 and prior are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/20586
  • 06.42.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Brim Multiple Remote File Include Vulnerabilities
  • Description: Brim is an MVC framework implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to properly sanitize user-supplied input to the "$renderer" parameter of several scripts. Brim versions 1.2.0pre3 and 1.2.1 are vulnerable to these issues.
  • Ref: http://www.milw0rm.com/exploits/2589
  • 06.42.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Outburst Easynews Authentication Bypass
  • Description: PHP Outburst Easynews is a news management application. It is prone to an authentication bypass vulnerability. This issue arises due to an improper authentication check in the "admin.php" file. The application allows an unauthorized user to login as an administrator by supplying a value of "0" to the "en_login_id" parameter. Easynews 4.4.1 and 4.4.0 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20596
  • 06.42.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Cerberus Helpdesk Rpc.PHP Unauthorized Access
  • Description: Cerberus Helpdesk is an email management and trouble ticket application. It is exposed to an unauthorized-access vulnerability because it contains an error in the way authentication is controlled in the "rpc.php" script. Version 3.2.1 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/20598
  • 06.42.97 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Live Helper Multiple Remote File Include Vulnerabilities
  • Description: PHP Live Helper is a customer support application implemented in PHP. PHP Live Helper is prone to multiple remote file include vulnerabilities because it fails to properly sanitize user supplied input to the "pb_lang" parameter of the "admin.php" and "pbook.php" scripts.
  • Ref: http://www.securityfocus.com/archive/1/449106
  • 06.42.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Zorum DBProperty.PHP Remote File Include
  • Description: Zorum is a bulletin board implemented. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "appDirName" parameter of the "dbproperty.php" script. Version 3.5 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20606
  • 06.42.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Lou Portail Admin_Module.PHP Remote File Include
  • Description: Lou Portail is a web portal application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "g_admin_rep" parameter of the "admin_module.php" script. Lou Portail version 1.4.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20609
  • 06.42.100 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Lotus Notes Local Insecure Default Directory Permissions
  • Description: IBM Lotus Notes is a tool for email, calendar, scheduling, and collaboration tasks. The application is prone to a vulnerability regarding insecure default permissions on the application directory. Specifically, the permissions are set to "Full Control" for the "Everyone" group.
  • Ref: http://secunia.com/secunia_research/2005-29/advisory/
  • 06.42.101 - CVE: Not Available
  • Platform: Web Application
  • Title: YapBB YapBB_Session.PHP Remote File Include
  • Description: YapBB is a bulletin board application. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "cfgIncludeDirectory" parameter of the "yapbb_session.php" script. Versions 1.2 Beta 2 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20615
  • 06.42.102 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Post Avatar Arbitrary File Upload
  • Description: PHP-Post is a web-based forum application. It is vulnerable to an arbitrary file upload issue due to insufficient verification of the content of uploaded avatars in the "avatar.php" script. PHP-Post version 1.01 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20616
  • 06.42.103 - CVE: Not Available
  • Platform: Web Application
  • Title: LoCal Calendar System LcUser.PHP Remote File Include
  • Description: LoCal Calendar System is an equipment reservation and user management system, implemented in PHP. The application is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "LIBDIR" parameter of the "lcUser.php" script. Version 1.1 is vulnerable to this issue.
  • Ref: http://www.milw0rm.com/exploits/2595
  • 06.42.104 - CVE: Not Available
  • Platform: Web Application
  • Title: phpPowerCards Remote Code Execution
  • Description: phpPowerCards is a postcard application implemented in PHP. It is prone to an arbitrary code execution vulnerability due to improper sanitization of user-supplied input to the "file" variable of the "txt.inc.php" script. Version 2.10 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20620
  • 06.42.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Free FAQ Index.PHP Remote File Include
  • Description: Free FAQ is a frequently asked questions application. Insufficient sanitization of the "cmd" parameter of the "index.php" script exposes the application to a remote file include issue. Free FAQ version 1.0.e is affected.
  • Ref: http://www.securityfocus.com/bid/20621
  • 06.42.106 - CVE: Not Available
  • Platform: Web Application
  • Title: EPNadmin Constantes.Inc.PHP Remote Code Execution
  • Description: EPNadmin is a postcard application. It is vulnerable to an arbitrary code execution issue due to insufficient sanitization of user-supplied input to the "language" variable of the "constantes.inc.php" script. EPNadmin version 0.7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20624
  • 06.42.107 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Poll Answer HTML Injection
  • Description: DCP-Portal is a web portal application implemented in PHP. It is prone to an HTML injection vulnerability due to insufficient sanitization of the "answer" field of the "poll" section of the application. Version 6.0 SE is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20636
  • 06.42.108 - CVE: Not Available
  • Platform: Hardware
  • Title: Cisco 2700 Series Wireless Location Appliance Default Administrator Password
  • Description: The Cisco 2700 Series Wireless Location Appliance is an internet connectivity device. It is exposed to a default administrative password issue. Cisco 2700 Series Wireless Location Appliance versions earlier than 2.1.34.0 are affected.
  • Ref:
  • 06.42.109 - CVE: Not Available
  • Platform: Hardware
  • Title: Kerio WinRoute Firewall Denial of Service Vulnerability
  • Description: Kerio WinRoute Firewall is a network appliance designed for home and small office setups. It is exposed to a remote denial of service vulnerability. This issue occurs when the device fails to properly handle malformed DNS responses. Versions 6.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20584
  • 06.42.110 - CVE: Not Available
  • Platform: Hardware
  • Title: eXtensible Open Router Platform OSPFv2 Remote Denial of Service
  • Description: The eXtensible Open Router Platform is prone to a remote denial of service issue because the software fails to properly handle malformed OSPF link state advertisements. eXtensible Open Router Platform versions 1.2 and 1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/20597

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I've been managing multi-million dollar projects for years but always felt muddled as to the formal activities required. Halfway through the SANS PM course, things are becoming clear at last.
-Matt Harvey, US DOJ

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.