@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed software

• (1) HIGH: AOL Nullsoft Winamp Multiple Buffer Overflows
• (2) HIGH: AOL YGPPicDownload.dll ActiveX Control Buffer Overflows
• (3) UPDATE: Oracle Critical Patch Update October 2006 The technical details for many of the vulnerabilities patched by Oracle in the October patch have been publicly posted.

Exploit Code

• (4) CRITICAL: Novell eDirectory iMonitor Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 06.43.1 - Internet Explorer ADODB.Connection Execute Denial of Service
• 06.43.2 - Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
• 06.43.3 - Microsoft .NET Framework Request Filtering Bypass

Third Party Windows Apps

• 06.43.4 - Symantec AntiVirus SAVRT.SYS Local Privilege Escalation
• 06.43.5 - QK SMTP Remote Buffer Overflow
• 06.43.6 - Cruiseworks Cws.exe Doc Buffer Overflow
• 06.43.7 - Desknet Unspecified Remote Buffer Overflow
• 06.43.8 - DataWizard FTPXQ Server Multiple Remote Vulnerabilities
• 06.43.9 - Nullsoft Winamp Ultravox Multiple Remote Heap Overflow Vulnerabilities
• 06.43.10 - AOL YGGPDownload DownloadFileDirectory ActiveX Controls Buffer Overflow
• 06.43.11 - AOL YGPPDownload AddPictureNoAlbum ActiveX Controls Buffer Overflow

Linux

• 06.43.12 - GNU Screen Multiple Denial of Service Vulnerabilities

HP-UX

• 06.43.13 - HP-UX SWPackage Local Buffer Overflow
• 06.43.14 - HP-UX LibC TZ Environment Variable Local Buffer Overflow
• 06.43.15 - HP-UX Swask Local Format String Vulnerability
• 06.43.16 - HP-UX Software Distributor SWModify Local Buffer Overflow

BSD

• 06.43.17 - FreeBSD Crypto Local Denial of Service

Novell

• 06.43.18 - Novell eDirectory iMonitor HTTPSTK Buffer Overflow
• 06.43.19 - Novell eDirectory EvtFilteredMonitorEventsRequest Multiple Vulnerabilities

Cross Platform

• 06.43.20 - Symantec Mail Security for Domino Server Premium AntiSpam Email Relay
• 06.43.21 - Novell eDirectory NCP Packet Processing Remote Heap Overflow
• 06.43.22 - Cruiseworks Cws.EXE Doc Directory Traversal
• 06.43.23 - GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
• 06.43.24 - Sun Java System/iPlanet Messaging Server Webmail JavaScript Injection
• 06.43.25 - RevilloC MailServer Remote SMTP Buffer Overflow
• 06.43.26 - PostgreSQL Multiple Local Denial of Service Vulnerabilities
• 06.43.27 - Smartgate SSL Server Directory Traversal Information Disclosure
• 06.43.28 - Mutt NFS Insecure Temporary File Creation
• 06.43.29 - Cisco Security Agent Remote Port Scan Denial of Service
• 06.43.30 - Axalto Protiva Local Information Disclosure
• 06.43.31 - wvWare Multiple Integer Overflow Vulnerabilities
• 06.43.32 - Wireshark Multiple Protocol Dissectors Denial of Service Vulnerabilities

Web Application - Cross Site Scripting

• 06.43.33 - RMSOFT Gallery System Images.PHP Cross-Site Scripting
• 06.43.34 - Simple Machines Forum Index.PHP Cross-Site Scripting
• 06.43.35 - Drupal Unspecified Cross-Site Scripting
• 06.43.36 - KnowledgeBank Multiple Cross-Site Scripting Vulnerabilities
• 06.43.37 - cPanel Multiple Cross-Site Scripting
• 06.43.38 - SimpNews Multiple Cross-Site Scripting Vulnerabilities
• 06.43.39 - Zwahlen's Online Shop Cat Parameter Cross-Site Scripting

Web Application - SQL Injection

• 06.43.40 - GeoNetwork Opensource Login SQL Injection
• 06.43.41 - PHP-Nuke Encyclopedia Module SQL Injection
• 06.43.42 - UltraCMS Username and Password SQL Injection
• 06.43.43 - XChangeboard LoginNick SQL Injection
• 06.43.44 - Segue CMS Unspecified SQL Injection
• 06.43.45 - Casinosoft Casino Script Config.PHP SQL Injection
• 06.43.46 - Web Group Communication Center Quiz.PHP SQL Injection
• 06.43.47 - Hosting Controller Multiple SQL Injection Vulnerabilities
• 06.43.48 - Snitz Forums 2000 Pop_Mail.ASP SQL Injection
• 06.43.49 - Discuz! AdminCP.PHP SQL Injection
• 06.43.50 - PHP-Nuke Search Module Author SQL Injection Vulnerability
• 06.43.51 - PacPoll Check.ASP Multiple SQL Injection Vulnerabilities
• 06.43.52 - Drupal Extended Tracker Unspecified SQL Injection

Web Application

• 06.43.53 - PHP Generator Of Object SQL Database Function.PHP3 Remote File Include
• 06.43.54 - Trawler Multiple Remote File Include Vulnerabilities
• 06.43.55 - JaxUltraBB Delete.PHP HTML Injection
• 06.43.56 - PH Pexplorer Language Local File Include
• 06.43.57 - Net_DNS RR.PHP Remote File Include
• 06.43.58 - Mambo MambWeather Module Savant2_Plugin_Options.PHP Remote File Include
• 06.43.59 - PGOSD Function.PHP3 Remote File Include
• 06.43.60 - EZ-Ticket Common.PHP Remote File Include
• 06.43.61 - SpeedBerg SPEEDBERG_PATH Multiple Remote File Include Vulnerabilities
• 06.43.62 - SchoolAlumni Portal Multiple Input Validation Vulnerabilities
• 06.43.63 - pandaBB Multiple Remote File Include Vulnerabilities
• 06.43.64 - ATutor Multiple Remote File Include Vulnerabilities
• 06.43.65 - Ingo Procmail Driver Shell Command Execution
• 06.43.66 - Power Phlogger Rel_Path Remote File Include
• 06.43.67 - DigitalHive Base_Include.PHP Remote File Include
• 06.43.68 - Segue CMS Themesdir Remote File Include
• 06.43.69 - Power Phlogger Config.Inc.PHP3 Remote File Include
• 06.43.70 - Maarch View Documents Information Disclosure
• 06.43.71 - Delta Scripts PHP Classifieds Functions.PHP Remote File Include
• 06.43.72 - Mambo Multiple Input Validation Vulnerabilities
• 06.43.73 - OneOrZero Open Source Task Management and Help Desk System Information Disclosure
• 06.43.74 - RSSonate Multiple Remote File Include Vulnerabilities
• 06.43.75 - Open Meetings Filing Application Multiple Remote File Include Vulnerabilities
• 06.43.76 - Virtual Law Office Multiple Remote File Include Vulnerabilities
• 06.43.77 - Castor RS.PHP Remote File Include
• 06.43.78 - Kawf Main.PHP Remote File Include
• 06.43.79 - Trawler Web CMS Multiple Remote File Include Vulnerabilities
• 06.43.80 - Shop-Script Multiple HTTP Response Splitting Vulnerabilities
• 06.43.81 - MDWeb Multiple Remote File Include Vulnerabilities
• 06.43.82 - WikiNi Multiple HTML Injection Vulnerabilities
• 06.43.83 - SourceForge Database.PHP Remote File Include
• 06.43.84 - JumbaCMS Functions.PHP Remote File Include
• 06.43.85 - OTSCMS OTSCMS.PHP Multiple Remote File Include Vulnerabilites
• 06.43.86 - 2BGal Multiple Remote File Include Vulnerabilities
• 06.43.87 - Der Dirigent Multiple Remote File Include Vulnerabilities
• 06.43.88 - Intelimen InteliEditor Lib.Editor.Inc.PHP Remote File Include
• 06.43.89 - CMS Faethon Mainpath Parameter Multiple Remote File Include
• 06.43.90 - Ascended Guestbook Embedded.PHP Remote File Include
• 06.43.91 - Crafty Syntax Live Help Multiple Remote File Include Vulnerabilities
• 06.43.92 - Uber Project Document Management System Secure.PHP Remote File Include
• 06.43.93 - ArticleBeach Script Index.PHP Remote File Include
• 06.43.94 - ImageView Index.PHP Remote File Include
• 06.43.95 - phpMyConferences Init.PHP Remote File Include
• 06.43.96 - JaxUltraBB Topic Reply Remote PHP Script Code Execution
• 06.43.97 - Comment IT PathToComment Parameter Remote File Include
• 06.43.98 - PacPoll Polllog Cookie Multiple Authentication Bypass Vulnerabilities
• 06.43.99 - MiniHTTPServer Web Forum and File Sharing Server Add User Authentication Bypass
• 06.43.100 - Multi-Page Comment System Path Parameter Multiple Remote File Include Vulnerabilities
• 06.43.101 - GestArt Aide.PHP Remote File Include
• 06.43.102 - MAXdev MD-Pro Multiple HTTP Response Splitting
• 06.43.103 - PHP League Config.PHP Remote File Include
• 06.43.104 - miniBB BB_Func_Txt.PHP Remote File Include

Network Device

• 06.43.105 - INCA IM-204 Information Disclosure
• 06.43.106 - 3Com SS3 4400 Switch Information Disclosure

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5233 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 06.43.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Internet Explorer ADODB.Connection Execute Denial of Service
• Description: Microsoft Internet Explorer is vulnerable to a denial of service issue when the browser processes the "Execute" method of the "ADODB.Connection.2.7" object. Microsoft Internet Explorer versions 6.0 SP1 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/20704

• 06.43.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
• Description: Microsoft Internet Explorer 7 is vulnerable to a popup window address bar spoofing issue because it is possible to display a popup window with only a portion of the address bar initially displayed to the user. Microsoft Internet Explorer version 7 on Windows XP with Service Pack 2 is vulnerable.
• Ref: http://secunia.com/advisories/22542/

• 06.43.3 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft .NET Framework Request Filtering Bypass
• Description: Microsoft .NET framework is vulnerable to an issue that may permit the bypassing of content filtering. Microsoft .NET version Framework 2.0 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20753

• 06.43.4 - CVE: CVE-2006-3455
• Platform: Third Party Windows Apps
• Title: Symantec AntiVirus SAVRT.SYS Local Privilege Escalation
• Description: Symantec AntiVirus and Symantec Client Security are exposed to a privilege escalation issue. The problem occurs in SAVRT.SYS. Specifically, improper address-space validation occurs when handling user-supplied input to the "DeviceIOControl()" function. Please refer to the link below for further details.
• Ref: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.23.html

• 06.43.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: QK SMTP Remote Buffer Overflow
• Description: QK SMTP is an SMTP server. It is vulnerable to a buffer overflow issue because the application fails to handle requests larger then 4096 bytes passed to the "RCPT TO" command. OK SMTP versions 3.0.1 and earlier are vulnerable.
• Ref: http://secunia.com/advisories/22563/

• 06.43.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Cruiseworks Cws.exe Doc Buffer Overflow
• Description: Cruiseworks is a groupware suite. It is reported to be prone to a remote buffer overflow vulnerability because the application fails to validate input passed to the "doc" parameter of the "/scripts/cruise/cms.exe" application before using it in a "sprintf()" function. Cruiseworks version 1.09c and 1.09d are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20699

• 06.43.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Desknet Unspecified Remote Buffer Overflow
• Description: Desknet is a groupware application. Insufficient sanitization of user-supplied input exposes the application to a remote buffer overflow issue. Desknet's version V4.5J R2.4 is affected.
• Ref: http://www.securityfocus.com/bid/20716

• 06.43.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DataWizard FTPXQ Server Multiple Remote Vulnerabilities
• Description: DataWizard FtpXQ Server is an enterprise level FTP server available for Microsoft Windows. The application is prone to multiple remote vulnerabilities. Version 3.01 is vulnerable. Please refer to the provided link for details.
• Ref: http://www.securityfocus.com/bid/20721

• 06.43.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Nullsoft Winamp Ultravox Multiple Remote Heap Overflow Vulnerabilities
• Description: AOL Nullsoft Winamp is a media player from AOL. It is vulnerable to multiple Ultravox related remote heap buffer overflow vulnerabilities due to improper boundary checks. NullSoft Winamp versions 5.3 and earlier are vulnerable. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431

• 06.43.10 - CVE: CVE-2006-5501
• Platform: Third Party Windows Apps
• Title: AOL YGGPDownload DownloadFileDirectory ActiveX Controls Buffer Overflow
• Description: AOL YGPPDownload "downloadFileDirectory" ActiveX control is prone to a heap based buffer overflow issue as it fails to bounds check user-supplied input in the "downloadFileDirectory" property. AOL Client Software 9.0 Security is affected.
• Ref: http://www.securityfocus.com/bid/20745

• 06.43.11 - CVE: CVE-2006-5501,CVE-2006-5502
• Platform: Third Party Windows Apps
• Title: AOL YGPPDownload AddPictureNoAlbum ActiveX Controls Buffer Overflow
• Description: AOL YGPPDownload ActiveX control is prone to a heap based buffer overflow vulnerability. The issue exists in the "AddPictureNoAlbum()" function. A user can invoke the object from a malicious web page to trigger the condition. The AOL YGPPDownload ActiveX control is vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20747

• 06.43.12 - CVE: CVE-2006-4573
• Platform: Linux
• Title: GNU Screen Multiple Denial of Service Vulnerabilities
• Description: GNU Screen is exposed to multiple denial of service vulnerabilities. The vendor has reported that these issues arise due to improper handling of some UTF-8 characters. A remote attacker may trigger these issues and deny services to legitimate users. GNU Screen versions prior to 4.0.3 are affected.
• Ref: http://www.securityfocus.com/bid/20727

• 06.43.13 - CVE: CVE-2006-2574
• Platform: HP-UX
• Title: HP-UX SWPackage Local Buffer Overflow
• Description: HP-UX is prone to a local buffer overflow vulnerability because it fails to bound check the "-S" optional argument in SWPackage before copying it into an insufficiently sized buffer. Versions B.11.23 and prior are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20706

• 06.43.14 - CVE: Not Available
• Platform: HP-UX
• Title: HP-UX LibC TZ Environment Variable Local Buffer Overflow
• Description: HP-UX is exposed to a local buffer overflow issue when overly long values are passed to executables via the "TZ" environment variable. Strings longer than approximately 3000 bytes are sufficient to overflow the memory buffer. HP-UX versions B.11.11 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/20718

• 06.43.15 - CVE: Not Available
• Platform: HP-UX
• Title: HP-UX Swask Local Format String Vulnerability
• Description: HP-UX is prone to a local format string vulnerability because it fails to properly sanitize user-supplied input in the "swask" utility. HP-UX version B.11.11 U 9000/785 is affected.
• Ref: http://www.securityfocus.com/bid/20726

• 06.43.16 - CVE: Not Available
• Platform: HP-UX
• Title: HP-UX Software Distributor SWModify Local Buffer Overflow
• Description: HP-UX is prone to a local buffer overflow issue when the "swmodify" function of the Software Distributor fails to bound check the "-S" optional argument. HP-UX versions B.11.23 and earlier are affected.
• Ref: http://support.avaya.com/elmodocs2/security/ASA-2006-106.htm

• 06.43.17 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD Crypto Local Denial of Service
• Description: FreeBSD is prone to a local denial of service vulnerability when the CIOCKEY "ioctl()" command is called on "/dev/crypto" with an excessively large "crp-nbits" value. An attacker may leverage this issue to crash the affected computer. FreeBSD version 6.1 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20713

• 06.43.18 - CVE: Not Available
• Platform: Novell
• Title: Novell eDirectory iMonitor HTTPSTK Buffer Overflow
• Description: iMonitor is a web-based management interface used for eDirectory which is directory server software. It is affected by a buffer overflow issue because the HTTP stack fails to perform sufficient bounds checks on the request header. eDirectory versions 8.7.3.8 and earlier are affected. Ref: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-2974603&sliceId=&dialogID=16690465&stateId=0%200%2016688551

• 06.43.19 - CVE: Not Available
• Platform: Novell
• Title: Novell eDirectory EvtFilteredMonitorEventsRequest Multiple Vulnerabilities
• Description: Novell eDirectory is a directory server software package. The "evtFilteredMonitorEventsRequest" function is vulnerable to two security issues. It is affected by a buffer overflow issue and an invalid free issue because it fails to perform sufficient bounds checking on client supplied data. eDirectory versions 8.8 and 8.8.1 are affected.
• Ref: http://www.securityfocus.com/bid/20663

• 06.43.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Symantec Mail Security for Domino Server Premium AntiSpam Email Relay
• Description: Symantec Mail Security for Domino Server provides protection against security risks, unwanted content and spam on Domino servers. Symantec Mail Security for Domino Server 5.1.0 is affected. Please refer to the link below for further details.
• Ref: http://www.symantec.com/avcenter/security/Content/2006.10.19.html

• 06.43.21 - CVE: CVE-2006-4177
• Platform: Cross Platform
• Title: Novell eDirectory NCP Packet Processing Remote Heap Overflow
• Description: eDirectory is a directory server software package available for multiple platforms. Novell eDirectory server is prone to a heap overflow vulnerability because the server fails to perform sufficient bounds checks on NCP data provided by the client before copying it into an insufficiently sized buffer. eDirectory versions 8.8.1 and 8.8 were reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20664

• 06.43.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Cruiseworks Cws.EXE Doc Directory Traversal
• Description: Cruiseworks is a groupware suite. It is prone to a directory traversal vulnerability due to insufficient input sanitization of the "doc" parameter of the "/scripts/cruise/cws.exe" executable. Versions 1.09c and 1.09d are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20698

• 06.43.23 - CVE: CVE-2006-5456
• Platform: Cross Platform
• Title: GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
• Description: GraphicsMagick is an image processing application available for multiple platforms. The application is prone to multiple buffer overflow vulnerabilities. GraphicsMagick version 1.1.7 and prior are vulnerable. Ref: http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9

• 06.43.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System/iPlanet Messaging Server Webmail JavaScript Injection
• Description: Sun Java Messaging Server and iPlanet Messaging Server are prone to a vulnerability that may permit the execution of arbitrary attacker supplied JavaScript. This issue exists in the Webmail facility and may be exploited by injecting hostile script code through emails. This issue is due to a failure in the application to properly sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/20708

• 06.43.25 - CVE: Not Available
• Platform: Cross Platform
• Title: RevilloC MailServer Remote SMTP Buffer Overflow
• Description: RevilloC MailServer supports SMTP and POP3. It is affected by a buffer overflow issue when it process the SMTP "MAIL FROM" or "RCPT TO" commands. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/20709

• 06.43.26 - CVE: Not Available
• Platform: Cross Platform
• Title: PostgreSQL Multiple Local Denial of Service Vulnerabilities
• Description: PostgreSQL is a relational database suite. It is exposed to multiple local denial of service issues. PostgreSQL versions 8.1.4 and earlier are affected.
• Ref: http://www.postgresql.org/about/news.664

• 06.43.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Smartgate SSL Server Directory Traversal Information Disclosure
• Description: The Smartgate SSL Server is prone to a remote information disclosure vulnerability because it fails to properly sanitize user-supplied input. Version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/20722

• 06.43.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Mutt NFS Insecure Temporary File Creation
• Description: Mutt is a text-based email client for Unix-based operating systems. It fails to securely create temporary files in a secure manner. Specifically, the vulnerability is due to a race condition in the "safe_open()" function that occurs when creating temporary files on an NFS filesystem. Versions 1.5.12 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/20733

• 06.43.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Security Agent Remote Port Scan Denial of Service
• Description: Cisco Security Agent is a network security application with threat protection capabilities. It is affected by a denial of service issue due to a failure of the application to properly handle unexpected network traffic. The Linux version of the application is affected.
• Ref: http://www.securityfocus.com/bid/20737

• 06.43.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Axalto Protiva Local Information Disclosure
• Description: Axalto Protiva is a commercially available authentication server. It is prone to a local information disclosure vulnerability because the application allows all users to read the "keytool.config" and "authserver.config" files by default. These files contain the Keystore password and the Active Directory LDAP credentials. Version 1.1 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20755

• 06.43.31 - CVE: Not Available
• Platform: Cross Platform
• Title: wvWare Multiple Integer Overflow Vulnerabilities
• Description: wvWare is a library to parse Word 2000, 97, 95 and 6 file formats. It is prone to multiple integer overflow vulnerabilities due to insufficient bounds checking in the "wvGetLFO_records()" and the "wvGetLFO_PLF()" functions. This issue may be exploited via a maliciously crafted Word document. Versions 1.2.2 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/20761

• 06.43.32 - CVE: CVE-2006-5468, CVE-2006-4805, CVE-2006-5740,CVE-2006-5469, CVE-2006-4574
• Platform: Cross Platform
• Title: Wireshark Multiple Protocol Dissectors Denial of Service Vulnerabilities
• Description: Wireshark is prone to multiple denial of service vulnerabilities. These issues affect the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors. The issue affecting the MIME Multipart arises due to an off-by-one error, which can potentially lead to arbitrary code execution. Wireshark versions prior to 0.99.4 are affected.
• Ref: http://www.wireshark.org/security/wnpa-sec-2006-03.html

• 06.43.33 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: RMSOFT Gallery System Images.PHP Cross-Site Scripting
• Description: RMSOFT Gallery System is an image gallery application for XOOPS. It is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "kw" parameter of the "images.php" script. RMSOFT Gallery System version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/20676

• 06.43.34 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Simple Machines Forum Index.PHP Cross-Site Scripting
• Description: Simple Machines Forum is a web-based forum application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "action" parameter of the "index.php" script. Version 1.1 RC2 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20629

• 06.43.35 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Unspecified Cross-Site Scripting
• Description: Drupal is a content management application. Insufficient sanitization of user-supplied input exposes the application to a cross-site scripting issue. Drupal versions 4.6x and 4.7x are affected.
• Ref: http://www.securityfocus.com/bid/20631

• 06.43.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: KnowledgeBank Multiple Cross-Site Scripting Vulnerabilities
• Description: KnowledgeBank is a web-based application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to multiple scripts and parameters. KnowledgeBank version 1.01 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20641/info

• 06.43.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: cPanel Multiple Cross-Site Scripting
• Description: cPanel is a customer relations management application. It is prone to multiple cross-site scripting issues as it fails to sanitize user-supplied input in the "theme" parameter of the "dosetmytheme" script and the "template" parameter of the "editzonetemplate" script. cPanel version 10.9.0 is affected while other versions may be vulnerable as well.
• Ref: http://www.securityfocus.com/bid/20683

• 06.43.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SimpNews Multiple Cross-Site Scripting Vulnerabilities
• Description: SimpNews is a web-based news application written in PHP. The software is vulnerable to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to multiple scripts and parameters. Multiple unspecified parameters of the "pwlost.php" and "index.php" scripts are vulnerable. SimpNews versions prior to 2.34.01 are vulnerable.
• Ref: http://www.securityfocus.com/bid/20714

• 06.43.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zwahlen's Online Shop Cat Parameter Cross-Site Scripting
• Description: Zwahlen's Online Shop is a web-based e-commerce application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "cat" parameter of the "/host/article.htm" script. The freeware version 5.2.2 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20682

• 06.43.40 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: GeoNetwork Opensource Login SQL Injection
• Description: GeoNetwork opensource is a web-based Geographic Metadata Catalog System. Insufficient sanitization of the "login" page script exposes the application to an SQL injection issue. GeoNetwork versions 2.0.2 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20671

• 06.43.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Nuke Encyclopedia Module SQL Injection
• Description: PHP-Nuke is a web-based content management system. It is prone to an SQL injection issue because it fails to sanitize user-supplied input to the "eid" parameter of the "Encyclopedia" module before using it in an SQL query. PHP-Nuke versions 7.9 and earlier are affected.
• Ref: http://www.neosecurityteam.net/index.php?action=advisories&id=27

• 06.43.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: UltraCMS Username and Password SQL Injection
• Description: UltraCMS is a web-based content management system. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "username" and "password" parameters before using it in an SQL query. UltraCMS version 0.9 is affected.
• Ref: http://www.securitytracker.com/alerts/2006/Oct/1017096.html

• 06.43.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: XChangeboard LoginNick SQL Injection
• Description: XChanegboard is a web-based forum application. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "loginNick" parameter used in user authentication. It is reported that "magic_quotes_gpc" must be disabled in the XChangeboard configuration for this attack to succeed. Version 1.70 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20643

• 06.43.44 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Segue CMS Unspecified SQL Injection
• Description: Segue CMS is a content management system. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to unspecified parameters. This issue affects versions prior to 1.5.8.
• Ref: http://www.securityfocus.com/bid/20645

• 06.43.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Casinosoft Casino Script Config.PHP SQL Injection
• Description: Casinosoft Casino Script is a web-based casino game application. Insufficient sanitization of the "cfam" parameter of the "lobby/config.php" script exposes the application to an SQL injection issue. Casinosoft version 3.2 is affected.
• Ref: http://www.securityfocus.com/bid/20646

• 06.43.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Web Group Communication Center Quiz.PHP SQL Injection
• Description: Web Group Communication Center is a web-based application written in PHP. The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "qzid" parameter of the "quiz.php" script file before using it in an SQL query. Versions 0.5.6 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/20653

• 06.43.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Hosting Controller Multiple SQL Injection Vulnerabilities
• Description: Hosting Controller is a web hosting tool implemented in ASP. The application is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to the "ForumID" parameter of the "EnableForum.asp" and "DisableForum.asp" script files. Versions 6.1 Hotfix 3.2 and prior are vulnerable.
• Ref: http://www.kapda.ir/advisory-442.html

• 06.43.48 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Snitz Forums 2000 Pop_Mail.ASP SQL Injection
• Description: Snitz Forums 2000 is a web-based application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "RC" parameter of the "pop_mail.asp" script. Snitz Forums 2000 version 3.4.06 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20712

• 06.43.49 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Discuz! AdminCP.PHP SQL Injection
• Description: Discuz! is a guestbook application implemented in PHP. The application is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied cookie data to the "recyclebin" parameter of the "admincp.php" script. This issue affects version 5.0.0.
• Ref: http://www.securityfocus.com/bid/20734

• 06.43.50 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Nuke Search Module Author SQL Injection Vulnerability
• Description: PHP-Nuke is a web-based content management system. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "author" parameter of "index.php" of the "Search" module . PHP-Nuke versions 7.9 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20740

• 06.43.51 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PacPoll Check.ASP Multiple SQL Injection Vulnerabilities
• Description: PacPoll is a web-based voting application. It is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. Specifically, the application fails to sanitize input to the "uid" and "pwd" parameters of the "Admin/check.asp" script. PacPoll versions 4.0 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20746

• 06.43.52 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drupal Extended Tracker Unspecified SQL Injection
• Description: Drupal Extended Tracker is a module that provides a link suggestion feature to site visitors. It is vulnerable to an unspecified SQL injection issue. Drupal Extended Tracker version 4.7 is vulnerable.
• Ref: http://drupal.org/node/91358

• 06.43.53 - CVE: Not Available
• Platform: Web Application
• Title: PHP Generator Of Object SQL Database Function.PHP3 Remote File Include
• Description: PHP Generator of Object SQL Database is an application used to generate objects based on SQL table descriptions. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "path" parameter of "misc/function.php3".
• Ref: http://www.securityfocus.com/archive/1/449475

• 06.43.54 - CVE: Not Available
• Platform: Web Application
• Title: Trawler Multiple Remote File Include Vulnerabilities
• Description: Trawler is a content management system. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to multiple scripts. Versions 1.8.1 and prior are vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20678

• 06.43.55 - CVE: Not Available
• Platform: Web Application
• Title: JaxUltraBB Delete.PHP HTML Injection
• Description: JaxUltraBB is a bulletin board application. Insufficient sanitization of the "contents" parameter of the "delete.php" script exposes the application to an HTML injection issue. JaxUltraBB version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/20679

• 06.43.56 - CVE: Not Available
• Platform: Web Application
• Title: PH Pexplorer Language Local File Include
• Description: PH Pexplorer is a file manager. It is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "Language" cookie parameter of the "explorer_load_lang.php" script. This issue affects version 0.24.
• Ref: http://www.securityfocus.com/bid/20665

• 06.43.57 - CVE: Not Available
• Platform: Web Application
• Title: Net_DNS RR.PHP Remote File Include
• Description: Net_DNS is a resolver library that is used to communicate to a DNS server. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpdns_basedir" parameter of the "DNS/RR.php" script. Net_DNS versions 0.3 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/20666

• 06.43.58 - CVE: Not Available
• Platform: Web Application
• Title: Mambo MambWeather Module Savant2_Plugin_Options.PHP Remote File Include
• Description: The Mambo MambWeather module is used to fetch weather data. It is prone to a remote file include issue because it fails to sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "Savant2_Plugin_options.php" script. Mambo MambWeather versions 1.8.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20667

• 06.43.59 - CVE: Not Available
• Platform: Web Application
• Title: PGOSD Function.PHP3 Remote File Include
• Description: PHP Generator of Object SQL Database (PGOSD) is used to generate objects from a table description in an SQL database. It is exposed to a remote file include vulnerability due to insufficient input sanitization of the "path" parameter of the "function.php3" script. Version 0 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20668

• 06.43.60 - CVE: Not Available
• Platform: Web Application
• Title: EZ-Ticket Common.PHP Remote File Include
• Description: EZ-Ticket is a web ticketing application implemented in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "ezt_root_path" parameter of the "common.php" script. EZ-Ticket version 0.0.1 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/20669

• 06.43.61 - CVE: Not Available
• Platform: Web Application
• Title: SpeedBerg SPEEDBERG_PATH Multiple Remote File Include Vulnerabilities
• Description: SpeedBerg is a set of tools for rapid development. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "SPEEDBERG_PATH" parameter in multiple scripts. SpeedBerg version 1.2 beta1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20670

• 06.43.62 - CVE: Not Available
• Platform: Web Application
• Title: SchoolAlumni Portal Multiple Input Validation Vulnerabilities
• Description: SchoolAlumni portal is a content management system. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. SchoolAlumni portal version 2.26 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20673

• 06.43.63 - CVE: Not Available
• Platform: Web Application
• Title: pandaBB Multiple Remote File Include Vulnerabilities
• Description: pandaBB for php-Nuke is a bulletin board application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "adminpath" and "basepath" parameters of the "displayCategory.php" script. All versions of pandaBB are vulnerable.
• Ref: http://secunia.com/advisories/22505/

• 06.43.64 - CVE: Not Available
• Platform: Web Application
• Title: ATutor Multiple Remote File Include Vulnerabilities
• Description: ATutor is a learning content management system. Insufficient sanitization of user-supplied input exposes the application to multiple file include issues. ATutor versions 1.5.3.2 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/449233

• 06.43.65 - CVE: Not Available
• Platform: Web Application
• Title: Ingo Procmail Driver Shell Command Execution
• Description: Ingo is an email filter rules manager for the Horde Framework. The application is prone to a shell command execution vulnerability because its procmail driver fails to properly sanitize user supplied input. This issue affects versions 1.1.1 and prior. Ref: http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.49&r2=1.55.2.59&ty=h

• 06.43.66 - CVE: Not Available
• Platform: Web Application
• Title: Power Phlogger Rel_Path Remote File Include
• Description: Power Phlogger is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "rel_path" parameter of the "config.inc.php3" script. Versions 2.0.9 and prior are vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20638

• 06.43.67 - CVE: Not Available
• Platform: Web Application
• Title: DigitalHive Base_Include.PHP Remote File Include
• Description: DigitalHive is a forum application. Insufficient sanitization of the "page" parameter of the "base_include.php" script exposes the application to a cross-site scripting issue. DigitalHive version 2.0 RC2 is affected.
• Ref: http://www.securityfocus.com/bid/20639

• 06.43.68 - CVE: Not Available
• Platform: Web Application
• Title: Segue CMS Themesdir Remote File Include
• Description: Segue CMS is a content management. It is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "themesdir" parameter of the "themesettings.inc.php" script. Versions 1.5.8 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20640

• 06.43.69 - CVE: Not Available
• Platform: Web Application
• Title: Power Phlogger Config.Inc.PHP3 Remote File Include
• Description: The application is prone to a remote file include vulnerability because it fails to properly sanitize user supplied input to the "rel_path" parameter of the "config.inc.php3" script. Version 2.0.9 is vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20644

• 06.43.70 - CVE: Not Available
• Platform: Web Application
• Title: Maarch View Documents Information Disclosure
• Description: Maarch is an open source framework for archiving and retrieving large volumes of static documents. It is exposed to an information disclosure issue. Versions earlier than 2.0.1 are affected.
• Ref: http://www.securityfocus.com/bid/20647

• 06.43.71 - CVE: Not Available
• Platform: Web Application
• Title: Delta Scripts PHP Classifieds Functions.PHP Remote File Include
• Description: Delta Scripts PHP Classifieds is a bulletin board application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "set_path" parameter of the "functions.php" script. Delta Scripts PHP Classifieds version 7.1 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/449295

• 06.43.72 - CVE: Not Available
• Platform: Web Application
• Title: Mambo Multiple Input Validation Vulnerabilities
• Description: Mambo is a content management system. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting, SQL injection and HTML injection issues. All current versions are affected.
• Ref: http://www.kapda.ir/advisory-444.html

• 06.43.73 - CVE: Not Available
• Platform: Web Application
• Title: OneOrZero Open Source Task Management and Help Desk System Information Disclosure
• Description: OneOrZero Open Source Task Management and Help Desk System are web-based applications. They are prone to an information disclosure vulnerability which could allow an attacker to take advantage of a flaw in the "forgot password" feature, and reset the administrative password to a default value. Versions 1.6.0 to 1.6.4 are vulnerable.
• Ref: http://www.securityfocus.com/bid/20651

• 06.43.74 - CVE: Not Available
• Platform: Web Application
• Title: RSSonate Multiple Remote File Include Vulnerabilities
• Description: RSSonate is an XML and RSS feed creation tool which can explore server databases. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "PROJECT_ROOT" parameter of various scripts.
• Ref: http://www.securityfocus.com/bid/20654

• 06.43.75 - CVE: Not Available
• Platform: Web Application
• Title: Open Meetings Filing Application Multiple Remote File Include Vulnerabilities
• Description: Open Meetings Filing Application is used for filing meeting notices and minutes. It is exposed to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "PROJECT_ROOT" parameter of various scripts. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/20656

• 06.43.76 - CVE: CVE-2004-1423
• Platform: Web Application
• Title: Virtual Law Office Multiple Remote File Include Vulnerabilities
• Description: Virtual Law Office is a web-based application. It is vulnerable to multiple remote file include issues due to insufficient sanitization to user-supplied input to the "phpc_root_path" parameter of the various scripts. All versions of Virtual Law Office are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/449397

• 06.43.77 - CVE: Not Available
• Platform: Web Application
• Title: Castor RS.PHP Remote File Include
• Description: CASTOR is a web-based framework application. It is prone to a remote file include vulnerability because it fails to sanitize user-supplied input to the "rootpath" parameter of the "lib/rs.php" script. CASTOR versions 1.1.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20658

• 06.43.78 - CVE: Not Available
• Platform: Web Application
• Title: Kawf Main.PHP Remote File Include
• Description: Kawf is a web-based forum. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "config.inc" parameter of the "main.php" script. Version 1.0 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20659

• 06.43.79 - CVE: Not Available
• Platform: Web Application
• Title: Trawler Web CMS Multiple Remote File Include Vulnerabilities
• Description: Trawler Web CMS is a content management system. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "path_red2" parameter of multiple scripts. Versions 1.8.1 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/20662

• 06.43.80 - CVE: Not Available
• Platform: Web Application
• Title: Shop-Script Multiple HTTP Response Splitting Vulnerabilities
• Description: Shop-Script is a shopping cart application. It is prone to multiple HTTP response splitting vulnerabilities due to insufficient input sanitization of the "index.php" script. All known versions are reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20685

• 06.43.81 - CVE: Not Available
• Platform: Web Application
• Title: MDWeb Multiple Remote File Include Vulnerabilities
• Description: MDWeb is a web-based portal application implemented in PHP. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "chemin_appli" parameter of the "form_org.inc.php" and "country_insert.php" scripts. This issue affects version 1.3.
• Ref: http://www.securityfocus.com/bid/20687

• 06.43.82 - CVE: Not Available
• Platform: Web Application
• Title: WikiNi Multiple HTML Injection Vulnerabilities
• Description: WikiNi is a web-based wiki application. It is prone to multiple HTML injection vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "name" and "email" parameters of "wakka.php". WikiNi versions prior to 0.4.4 are vulnerable.
• Ref: http://www.securityfocus.com/bid/20688

• 06.43.83 - CVE: Not Available
• Platform: Web Application
• Title: SourceForge Database.PHP Remote File Include
• Description: SourceForge is a development project hosting application. Insufficient sanitization of the "sys_dbtype" parameter of the "include/database.php" script exposes the application to a remote file include issue. SourceForge version 1.0.4 is affected.
• Ref: http://www.securityfocus.com/bid/20692

• 06.43.84 - CVE: Not Available
• Platform: Web Application
• Title: JumbaCMS Functions.PHP Remote File Include
• Description: JumbaCMS is a content management system. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "jcms_root_path" parameter of the "includes/functions.php" script. Build 2 is affected.
• Ref: http://www.securityfocus.com/bid/20693

• 06.43.85 - CVE: Not Available
• Platform: Web Application
• Title: OTSCMS OTSCMS.PHP Multiple Remote File Include Vulnerabilites
• Description: OTSCMS is a content manager. It is prone to multiple remote file include issues because it fails to properly sanitize user-supplied input to various scripts. OTSCMS versions 2.1.3 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20694

• 06.43.86 - CVE: Not Available
• Platform: Web Application
• Title: 2BGal Multiple Remote File Include Vulnerabilities
• Description: 2Bgal is web-based image gallery software that is implemented in PHP. The application is prone to multiple remote file include vulnerabilities. The "lang" parameter of the "admin/configuration.inc.php", "admin/creer_album.inc.php", and "admin/changepwd.php.inc" scripts is vulnerable to these issues. 2BGal version 3.0 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/20701

• 06.43.87 - CVE: Not Available
• Platform: Web Application
• Title: Der Dirigent Multiple Remote File Include Vulnerabilities
• Description: Der Dirigent is a content management system. Insufficient sanitization of the "cfg_dedi[dedi_path]" parameter in multiple scripts exposes the application to multiple file include issues. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/20702

• 06.43.88 - CVE: Not Available
• Platform: Web Application
• Title: Intelimen InteliEditor Lib.Editor.Inc.PHP Remote File Include
• Description: Intelimen InteliEditor is a web based WYSIWYG HTML editor. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sys_path" parameter of the "lib.editor.inc.php" script. Version 1.2.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/20703

• 06.43.89 - CVE: Not Available
• Platform: Web Application
• Title: CMS Faethon Mainpath Parameter Multiple Remote File Include
• Description: CMS Faethon is a content management system. It is prone to multiple remote file include vulnerabilities because it fails to sanitize user-supplied input to the "mainpath" parameter in the "admin/config.php" and "includes/rss-reader.php" scripts. CMS Faethon versions 2.0 and prior are vulnerable to these issues.
• Ref: http://www.securityfocus.com/bid/20705

• 06.43.90 - CVE: Not Available
• Platform: Web Application
• Title: Ascended Guestbook Embedded.PHP Remote File Include
• Description: Ascended Guestbook is a web-based guestbook. It is exposed to a remote file include vulnerability because the application fails to properly sanitize user-supplied input to the "CONFIG[path]" parameter of the "embedded.php" script. Versions 1.0.0 and earlier are vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20710

• 06.43.91 - CVE: Not Available
• Platform: Web Application
• Title: Crafty Syntax Live Help Multiple Remote File Include Vulnerabilities
• Description: Crafty Syntax Live Help is a web application that allows web site operators to monitor visitors and open chat sessions with the visitors. It is vulnerable to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "API_HOME_DIR" parameter of various scripts. Crafty Syntax Live Help version 2.9.9 is affected.
• Ref: http://www.securityfocus.com/archive/1/449575

• 06.43.92 - CVE: NOT SET YET
• Platform: Web Application
• Title: Uber Project Document Management System Secure.PHP Remote File Include
• Description: Uber Project Document Management System is a content manager. It is prone to a remote file include issue because it fails to sanitize user-supplied input to the "cfg[homepath]" parameter, used in the include path in "secure.php". Uber Project Document Management System version 1.0 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/20719

• 06.43.93 - CVE: Not Available
• Platform: Web Application
• Title: ArticleBeach Script Index.PHP Remote File Include
• Description: ArticleBeach Script is an application that provides various articles. It is prone to a remote file include issue because the application fails to sanitize user-supplied input to the "page" parameter of "index.php". ArticleBeach Script versions 2.0 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20730

• 06.43.94 - CVE: Not Available
• Platform: Web Application
• Title: ImageView Index.PHP Remote File Include
• Description: ImageView is a web-based photo album. It is prone to a remote file include vulnerability due to insufficient sanitization of the "user_settings" parameter of the "Cookie/index.php" script. Versions 5 and prior are vulnerable.
• Ref: http://www.securityfocus.com/bid/20731

• 06.43.95 - CVE: CVE-2006-5310
• Platform: Web Application
• Title: phpMyConferences Init.PHP Remote File Include
• Description: phpMyConference is a conferencing application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "lvc_include_dir" parameter of the "init.php" script. phpMyConference version 8.0.2 is vulnerable.
• Ref: http://www.frsirt.com/english/advisories/2006/4045

• 06.43.96 - CVE: Not Available
• Platform: Web Application
• Title: JaxUltraBB Topic Reply Remote PHP Script Code Execution
• Description: JaxUltraBB is a web-based application implemented in PHP. The application allows attackers to append arbitrary PHP code to the configuration file which results in the execution of the attacker supplied script code upon further HTTP requests. JaxUltraBB versions 2.0 and prior are vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20738

• 06.43.97 - CVE: Not Available
• Platform: Web Application
• Title: Comment IT PathToComment Parameter Remote File Include
• Description: Comment IT is a guestbook application. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "PathToComment" parameter of the "class_admin.php" and "class_comments.php" scripts. Comment IT Version 0.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/20739

• 06.43.98 - CVE: Not Available
• Platform: Web Application
• Title: PacPoll Polllog Cookie Multiple Authentication Bypass Vulnerabilities
• Description: PacPoll is a web-based voting application. Insufficient sanitization of the "polllog" cookie parameter in the "Admin/addpoll.asp" script exposes the application to multiple authentication bypass issues. PacPoll version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/20742

• 06.43.99 - CVE: Not Available
• Platform: Web Application
• Title: MiniHTTPServer Web Forum and File Sharing Server Add User Authentication Bypass
• Description: MiniHTTPServer Web Forum and File Sharing Server is a bulletin board and file sharing application. It is exposed to an authentication bypass issue because it fails to sanitize user-supplied input to the "FrmMailBox" and the "FrmUserPass" input boxes. This issue affects version 4.0.
• Ref: http://www.securityfocus.com/bid/20743/info

• 06.43.100 - CVE: Not Available
• Platform: Web Application
• Title: Multi-Page Comment System Path Parameter Multiple Remote File Include Vulnerabilities
• Description: Multi-Page Comment System is a content manager. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "path" parameter in the "include.php" and "functions.php" scripts. Multi-Page Comment System version 1.0.0 is vulnerable to these issues.
• Ref: http://www.securityfocus.com/bid/20751

• 06.43.101 - CVE: Not Available
• Platform: Web Application
• Title: GestArt Aide.PHP Remote File Include
• Description: GestArt is a web-based news reader application. Insufficient sanitization of the "aide" parameter of the "aide.php" script exposes the application to a remote file include issue. GestArt versions beta 1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/20750

• 06.43.102 - CVE: Not Available
• Platform: Web Application
• Title: MAXdev MD-Pro Multiple HTTP Response Splitting
• Description: MAXdev MD-Pro is a content management application. It is prone to multiple HTTP response splitting issues because it fails to sanitize user-supplied input to the "name", "file", "module" and "func" parameters of the "index.php" script and the "file" parameter of the "modules.php" script. MAXdev MD-Pro version 1.0.76 is affected.
• Ref: http://www.securityfocus.com/bid/20754

• 06.43.103 - CVE: Not Available
• Platform: Web Application
• Title: PHP League Config.PHP Remote File Include
• Description: PHP League is a league management application implemented in PHP. PHP League is prone to a remote file include vulnerability because the application fails to properly sanitize user-supplied input to the "cheminmini" parameter of the "config.php" script. Version 0.81 is vulnerable to this issue.
• Ref: http://www.securityfocus.com/bid/20756

• 06.43.104 - CVE: Not Available
• Platform: Web Application
• Title: miniBB BB_Func_Txt.PHP Remote File Include
• Description: miniBB is a web-based bulletin board application. Insufficient sanitization of the "pathToFiles" parameter of the "bb_func_txt.php" script exposes the application to a remote file include issue. miniBB versions 2.0.2 and prior are affected.
• Ref: http://www.securityfocus.com/bid/20757

• 06.43.105 - CVE: Not Available
• Platform: Network Device
• Title: INCA IM-204 Information Disclosure
• Description: INCA IM-204 devices are ADSL routers with an 802.11g wireless access point. They are vulnerable to a remote information disclosure issue due to insufficient sanitization of user-supplied input to the "getpage" parameter of the "/cgi-bin/webcm" page. All versions of INCA IM-204 ADSL Routers are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/449504

• 06.43.106 - CVE: CVE-2006-5382
• Platform: Network Device
• Title: 3Com SS3 4400 Switch Information Disclosure
• Description: The 3Com SS3 4400 Switch is prone to an information disclosure vulnerability due to a failure to properly secure access to network management packet data. An attacker may monitor traffic on the management VLAN to disclose SNMP read/write community strings. Firmware versions 5.11, 6.00 and 6.10 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/20736

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.