Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 44
November 6, 2006

SANS Newsletters Home

Another zero day for Microsoft - -this time in XML Core Services, and a similar problem for AOL ICQ users. Visual Studio users have a new worry, as well. Also, Apple's wireless adapters are now being exploited through multiple vulnerabilities.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2 (#1)
    • Other Microsoft Products 1 (#4)
    • Third Party Windows Apps 10 (#2)
    • Mac OS 1 (#6)
    • Linux
    • 1
    • Unix 2
    • Novell 1 (#3)
    • Cross Platform
    • 12
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 17
    • Web Application
    • 40
    • Network Device 2 (#5)

************************* Sponsored By SANS *****************************

The SANS Secure Storage & Encryption Summit, December 6-7, is the only educational program that focuses on how to fight back against the most common threats to data. This in-depth event will feature user-to-user discussions focused on mistakes to avoid and products that work. Includes a user case study of encryption built into the hard drives and many other innovations. Register today to get a place: http://www.sans.org/info/1766

*************************************************************************

Security Training Update:

+ Amsterdam (the Security Essentials class was sold out, but we added another section); Hacker Exploits has only 4 seats left: http://www.sans.org/amsterdam06/

+ New Orleans: All 12 tracks are open: http://www.sans.org/neworleans06

+ Washington, DC: All 18 tracks are open: http://www.sans.org/cdieast06/ Full calendar: http://www.sans.org/training_events/?ref=1433

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** Sponsored Link: ****************************

1) Register Today for SANS Ask the Expert Webcast: Network/Perimeter Security is missing today's most dangerous threats: Challenges with securing Web applications Wednesday, November 08 at 1:00 PM EST.

http://www.sans.org/info/1767

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Microsoft XML Core Services XMLHTTP ActiveX Control Remote Code Execution (0-day)
  • Affected:
    • Microsoft XML Core Services 4.0

  • Description: Microsoft XML Core Services, used to build XML-aware applications, contains an ActiveX control that contains a remote code execution vulnerability. A malicious web page that instantiates the XMLHTTP ActiveX control could exploit this vulnerability and execute arbitrary code with the privileges of the current user. Some technical details for this vulnerability have been publicly posted, and this vulnerability is being actively exploited in the wild. Users can mitigate the impact of this vulnerability by disabling the ActiveX control via Microsoft's "kill bit" mechanism, for CLSID "88d969c5-f192-11d4-a65f-0040963251e5".

  • Status: Microsoft confirmed, no updates available.

  • References:
  • (2) HIGH: America Online ICQ ICQPhone ActiveX Control Remote Code Execution
  • Affected:
    • America Online ICQ 5.1

  • Description: America Online (AOL) ICQ, a popular instant-messaging application, contains a remote code execution vulnerability. The ICQPhone ActiveX control, included by default with ICQ, can be directed to automatically download and execute an arbitrary file from any URL. This file will be executed with the privileges of the current user. A specially-crafted web page could instantiate this ActiveX control and exploit this vulnerability with no further user interaction. The vulnerable control will be automatically updated when the user logs in to the ICQ network. Users can mitigate the impact of this vulnerability by disabling the ActiveX control via Microsoft's "kill bit" mechanism, for CLSID "54BDE6EC-F42F-4500-AC46-905177444300".

  • Status: AOL confirmed, updates available.

  • References:
Other Software
  • (4) MODERATE: Microsoft Visual Studio ActiveX Remote Code Execution
  • Affected:
    • Microsoft Visual Studio 2005

  • Description: Microsoft Visual Studio, Microsoft's multi-language integrated development environment, contains an ActiveX control that contains a remote code execution vulnerability. A malicious web page which instantiates this control could exploit this vulnerability and execute arbitrary code with the privileges of the current user. Working exploit code and technical details for this vulnerability are publicly available, and it is believed that this vulnerability is being actively exploited in the wild. Users can mitigate the impact of this vulnerability by disabling instantiation of this control via Microsoft's "kill bit" mechanism for CLISD "7F5B7F63-F06F-4331-8A26-339E03C0AE3D".

  • Status: Microsoft confirmed, no updates available.

  • Council Site Actions: All responding council sites are responding to this item on some level. Most are evaluating whether to set the Kill Bit on installations. One site commented they have blocked this traffic using their perimeter active content protection mechanism. At another site, some of the users have set the Kill Bit on their own. One desktop support group does not plan to take action.

  • References:
  • (5) MODERATE: Cisco Security Agent Management Center Authentication Bypass
  • Affected:
    • Cisco Security Agent Management Center version 5.1 prior to Hotfix 5.1.0.79

  • Description: Cisco Security Agent Management Center (CSAMC, also known as Management Center for Cisco Security Agents), used to centrally configure and administer security policies, contains an authentication bypass vulnerability. When configured to authenticate administrator accounts via LDAP, attackers who provide a valid administrator username and a blank password can gain access to the CSAMC with the privileges of that administrator. Users are advised to disable LDAP authentication for administrator accounts if possible.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5247 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.44.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows NAT Helper Remote Denial of Service
  • Description: Microsoft Windows is prone to a remote denial of service vulnerability because the Server service fails to properly handle unexpected network traffic. Specifically, when the NAT Helper component of Microsoft Windows attempts to process malformed DNS queries, it may trigger a crash. DNS queries with the "Additional RR" field set to zero may trigger this issue. Exploiting this issue may cause affected computers to crash.
  • Ref: http://blog.ncircle.com/archives/2006/10/microsoft_ics_d.htm
  • 06.44.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Explorer MHTML Denial of Service
  • Description: Microsoft Internet Explorer is prone to a denial of service issue when it attempts to parse certain malformed HTML content, specifically the IFRAME tag, which causes a stack recursion overflow resulting in an application crash. Internet Explorer 7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20875
  • 06.44.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer RemoveChild Denial of Service
  • Description: Microsoft Internet Explorer is vulnerable to a denial of service issue when JavaScript code is repeatedly used to remove the HTML DOM elements. Microsoft Internet Explorer versions 6 and 7 are vulnerable. Ref: http://www.theserverpages.com/articles/webmasters/iexplorer/Internet_Explorer_6-and-7_Bug-or-Crash.html
  • 06.44.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Unisor CMS Login.ASP SQL Injection
  • Description: Unisor CMS is a web-based content management system. It is prone to an SQL injection issue because it fails to sanitize user-supplied input to the "user" and "pass" parameters of "login.asp" before using it in an SQL query. Unisor CMS version 0 is affected.
  • Ref: http://www.securityfocus.com/bid/20770
  • 06.44.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sophos Antivirus Multiple Denial of Service Vulnerabilities
  • Description: Sophos Antivirus is prone to multiple denial of service issues including excessive CPU consumption and buffer overflows. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20816
  • 06.44.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities
  • Description: Easy File Sharing Web Server is prone to multiple HTML injection, cross-site scripting and information disclosure vulnerabilities because user-supplied input to various scripts is not sufficiently sanitized. Version 4.0 of Easy File Sharing Web Server is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20823
  • 06.44.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Easy Web Portal Multiple Remote File Include Vulnerabilities
  • Description: Easy Web Portal is a content management system. It is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "chemin" parameter of the "i-accueil.php" and "- i-index.php" scripts. Version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/20825
  • 06.44.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: J-Owamp Web Interface Jowamp_ShowPage.PHP Remote File Include
  • Description: J-OWAMP is a Java implementation of OWAMP (One-way Active Measurement Protocol). It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "link" parameter of the "JOWAMP_ShowPage.php" script. J-OWAMP web interface versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20836
  • 06.44.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BlooMooWeb ActiveX Control Multiple Vulnerabilities
  • Description: BlooMooWeb is an online game available for Microsoft Windows. The application is prone to multiple vulnerabilities. An attacker can exploit this issue to download arbitrary files, execute arbitrary code with the context of the affected application and delete arbitrary files.
  • Ref: http://www.securityfocus.com/archive/1/450144
  • 06.44.10 - CVE: CVE-2006-4521
  • Platform: Third Party Windows Apps
  • Title: Novell eDirectory NMAS BerDecodeLoginDataRequeset Denial of Service
  • Description: The Novell eDirectory server NMAS is the Novell Modular Authentication System. It is exposed to a denial of service issue due to a mishandled pointer in the "BerDecodeLoginDataRequest" function from the "libnmasldap.so" module. Novell eDirectory versions 8.8.1 and 8.8 are affected.
  • Ref: http://www.securityfocus.com/archive/1/450243
  • 06.44.11 - CVE: CVE-2006-0187
  • Platform: Third Party Windows Apps
  • Title: Visual Studio 2005 WMI Object Broker Remote Code Execution
  • Description: Microsoft Visual Studio 2005 is a development tool for building applications. It is vulnerable to arbitrary code execution due to an unspecified error in the WMI Object Broker ActiveX Control. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/advisory/927709.mspx
  • 06.44.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Outpost Firewall PRO Local Denial of Service
  • Description: Outpost Firewall PRO is a firewall application. It is exposed to a denial of service vulnerability. This issue is due to a failure of the application to properly handle unexpected input. Outpost Firewall PRO version 4.0 (964.582.059) is affected.
  • Ref: http://www.securityfocus.com/bid/20860
  • 06.44.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SAP Web Application Server Remote Information Disclosure
  • Description: SAP Web Application Server is a component which acts as a web application server for other SAP products. The application is prone to a remote information disclosure vulnerability in its monitoring functionality. This issue allows attackers to read arbitrary files with the privileges of the application. By default, when the application runs under Microsoft Windows, the application runs using the "SAPServiceJ2E" account which is a member of the local administrator group. Versions 6.40 patch 135 and prior as well as 7.00 patch 55 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/450394
  • 06.44.14 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Airport Driver Remote Code Execution
  • Description: Apple Airport driver for Orinoco based Airport cards is prone to a vulnerability that could allow remote arbitrary code execution with kernel level privileges. The vulnerability exists when the affected driver is running in "active scanning" mode and receives a probe response which does not contain valid information element (IE) fields after the header. The Orinoco based Airport driver in Apple PowerBooks and iMacs from 1999 to 2003 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20862
  • 06.44.15 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel IPV6 Seqfile Handling Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service vulnerability. This issue is due to a design error in the way seqfiles are handled in the kernel. This causes kernel lock-up when handling maliciously crafted flowlabels. This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.
  • Ref: http://www.securityfocus.com/bid/20847
  • 06.44.16 - CVE: Not Available
  • Platform: Unix
  • Title: Vilistextum Remote Denial of Service and Buffer Overflow Vulnerabilities
  • Description: Vilistextum is an HTML to text/ASCII conversion application for UNIX/Linux variants. Vilistextum is prone to multiple remote vulnerabilities. The first issue is a memory leak in the "push_align()" function in the "util.c" source file. The second issue is due to an unspecified off-by-one buffer overflow in the "text.c" source file. Vilistextum versions prior to 2.6.9 are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/20813
  • 06.44.17 - CVE: CVE-2006-5397
  • Platform: Unix
  • Title: X.Org X Window Server LibX11 Xinput File Descriptor Leak
  • Description: The X.Org X Windows server is an open source X Window System. Within its libX11 library, the file descriptor read from the "XCOMPOSITE" environment variable is leaked by the "Xinput" module. Versions 1.0.2 and 1.0.3 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20845
  • 06.44.18 - CVE: Not Available
  • Platform: Novell
  • Title: Novell IManager Tomcat Denial of Service
  • Description: Novell iManager is a management portal for Novell's eDirectory server due to the improper handling of an HTTP Post request that contains a "Tree" parameter that is larger then 256 bytes. Novell iManager versions 2.5 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/20841
  • 06.44.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firefox Range Script Object Denial of Service
  • Description: Mozilla Firefox is vulnerable to a remote denial of service issue when a malformed HTML document containing the "createRange" method along with other operations is executed by the application. Mozilla Firefox versions 1.5.0.7 and earlier are vulnerable.
  • Ref: http://www.gotfault.net/research/advisory/gadv-firefox.txt
  • 06.44.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenPBS Multiple Local and Remote Vulnerabilities
  • Description: OpenPBS (Portable Batch System) is a batch software processing system. It is prone to multiple remote and local issues. OpenPBS affects SuSE Linux Professional 10.0 and prior and also SuSE Linux Personal 9.3 and prior.
  • Ref: http://www.securityfocus.com/bid/20776
  • 06.44.21 - CVE: CVE-2006-5467
  • Platform: Cross Platform
  • Title: Ruby CGI Module MIME Denial Of Service
  • Description: Ruby is an object oriented scripting language. It is prone to a remote denial of service vulnerability when the application's CGI module processes specific HTTP requests for multipart MIME bodies that contain an invalid boundary specifier. Multiple versions are reportedly vulnerable. Ref: http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
  • 06.44.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenWBEM Insecure Random Number Generator
  • Description: OpenWBEM is an enterprise grade open-source implementation of Web Based Enterprise Management. It is prone to an insecure random number generation vulnerability. OpenWBEM versions 3.2.0 through 3.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/20807
  • 06.44.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP NonStop Server Unauthorized Directory Access
  • Description: HP Nonstop Server is prone to a vulnerability that may permit unauthorized access to OSS directories because the application incorrectly evaluates access permissions on those directories. HP NonStop Server version G06.29 is affected.
  • Ref: http://www.securityfocus.com/bid/20824
  • 06.44.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Messenger Express Cross-Site Scripting
  • Description: Sun Java System Messenger Express is a webmail application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "user" parameter of the index page.
  • Ref: http://www.securityfocus.com/bid/20832
  • 06.44.25 - CVE: CVE-2006-5445
  • Platform: Cross Platform
  • Title: Asterisk Chan_Sip.c Unspecified Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application. Asterisk is prone to a remote denial of service issue as a vulnerability exists in the "channels/chan_sip.c" sip channel driver which may cause excessive system resource consumption. Asterisk versions prior to 1.2.13 and to 1.4.0-beta3 are affected.
  • Ref: http://www.infiltrated.net/asteroid/
  • 06.44.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: iPlanet Messaging Server Messenger Express Expression() HTML Injection
  • Description: iPlanet Messaging Server Messenger Express is a messaging and email application. It is prone to an HTML injection vulnerability due to insufficient sanitization of the "Expression()" Cascading Style Sheets function. Version 0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20838
  • 06.44.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mirapoint Web Mail Expression() HTML Injection
  • Description: Mirapoint Web Mail is a mail client application. It is prone to an HTML injection vulnerability because it fails to sufficiently sanitize script code from the "expression()" Cascading Style Sheets (CSS) function.
  • Ref: http://www.securityfocus.com/bid/20840
  • 06.44.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Security Agent Management Center Authentication Bypass
  • Description: Cisco Security Agent Management Center (CSAMC) is prone to an authentication bypass vulnerability. This issue occurs when an attacker attempts to authenticate to the application with a valid username and a blank password. If the software is configured to utilize an LDAP server to handle authentication requests, it fails to properly handle the error condition that occurs when blank passwords are handled. Versions 5.1 prior to 5.1.0.79 are vulnerable.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20061101-csamc.shtml
  • 06.44.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell Netmail Authentication Buffer Overflow
  • Description: Novell Netmail is an email and calendaring system. It is prone to a stack-based buffer overflow vulnerability. This issue occurs because the authentication component fails to perform sufficient bounds checks on username data provided by the client. Novell NetMail versions 3.52 D and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20853
  • 06.44.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Iodine DNS Response Stack Buffer Overflow
  • Description: Iodine is an application that allows IPV4 data to be tunneled through a DNS server. It is prone to a buffer overflow vulnerability that may be exploited by sending UDP packets that contain malicious DNS responses. Version 0.3.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20883
  • 06.44.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: iG Shop Change_Pass.PHP Cross-Site Scripting
  • Description: iG Shop is a web-based shopping cart system. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "change_pass.php" script. Version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/20768
  • 06.44.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Foresite CMS Index_2.PHP Cross-Site Scripting
  • Description: ForeSite CMS is a web-based content management system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "major_rls" parameter of the "index_2.php" script. All versions of ForeSite CMS are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/450046
  • 06.44.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpFaber CMS Htmlarea.PHP Cross-Site Scripting
  • Description: phpFaber CMS is a content management system implemented in PHP. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user supplied input to the "htmlarea.php" script. This issue affects version 1.3.36.
  • Ref: http://www.vigilon.com/resources/102506c.html
  • 06.44.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Netquery NQUser.PHP Cross-Site Scripting
  • Description: Netquery is a search tool module for various content management systems. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied to the "User-Agent" parameter of the "nquser.php" script. Netquery version 4.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20837
  • 06.44.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPMyAdmin UTF-7 Encoding Cross-site Scripting
  • Description: phpMyAdmin is a web-based administration interface for mySQL databases. The application is prone to a cross-site scripting vulnerability because it fails to sanitize HTML and script code from URI input before displaying it to users of the application. An attacker may craft a malicious URI containing UTF-7 encoded characters to exploit this issue. Versions 2.6.4 to 2.9.0.2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20856
  • 06.44.36 - CVE: CVE-2006-5063
  • Platform: Web Application - Cross Site Scripting
  • Title: ELOG Nonexistent File Download Cross-Site Scripting
  • Description: ELOG is a web log application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied URI input to the "index.php" script when attempting to download nonexistent files. ELOG version 2.6.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20881
  • 06.44.37 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BytesFall Explorer Multiple Unspecified SQL Injection Vulnerabilities
  • Description: BytesFall Explorer is a file manager application. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to various scripts. Versions prior to 0.0.7.2 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20800
  • 06.44.38 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Techno Dreams Guestbook Guestbookview.ASP SQL Injection
  • Description: Guestbook is a web-based guestbook application. Insufficient sanitization of the "key" parameter of the "guestbookview.asp" script exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20802
  • 06.44.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Aktueldownload Haber Scripti HaberDetay.ASP SQL Injection
  • Description: Aktueldownload Haber scripti is a web-based script. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "HaberDetay.asp" script. Aktueldownload Haber scripti version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20784
  • 06.44.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPEasyData Index.PHP SQL Injection
  • Description: PHPEasyData is a content management system. It is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script. PHPEasyData Pro 2.2.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20790
  • 06.44.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP My Ring Cherche.PHP SQL Injection
  • Description: PHP My Ring is an application that allows users to install a webring to their website. Insufficient sanitization of the "limite" parameter of the "cherche.php" script exposes the application to an SQL injection issue. PHP My Ring versions prior to 4.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/20792
  • 06.44.42 - CVE: CVE-2006-4892
  • Platform: Web Application - SQL Injection
  • Title: Techno Dreams Announcement MainAnnounce2.ASP SQL Injection
  • Description: Techno Dreams Announcement is an announcement and news script. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "key" parameter of the "MainAnnounce2.asp" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20794
  • 06.44.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LedgerSMB Unspecified SQL Injection Vulnerabilities
  • Description: LedgerSMB is an accounting application implemented in Perl. It is prone to multiple unspecified SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to unspecified parameters. Version 1.1.0 is vulnerable to these issues. Other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/20749
  • 06.44.44 - CVE: CVE-2006-5635
  • Platform: Web Application - SQL Injection
  • Title: Web Wiz Forum Search.ASP SQL Injection
  • Description: Web Wiz Forum is a bulletin board application implemented in ASP. The application is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "KW" parameter of the "search.asp" script.
  • Ref: http://www.securityfocus.com/bid/20778
  • 06.44.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PLS-Bannieres Bannieres.PHP SQL Injection
  • Description: PLS-Bannieres is a content manager application. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "id" parameter of the "bannieres.php" script.
  • Ref: http://www.securityfocus.com/bid/20779
  • 06.44.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easy NotesManager Multiple SQL Injection Vulnerabilities
  • Description: Easy NotesManager (eNM) is a web-based application for managing and organizing online notes. It is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of the "username" field of the login page, and the "search" field of the search page. Version 0.0.1 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/20803
  • 06.44.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pentaho BI Project Multiple Unspecified SQL Injection
  • Description: Pentaho BI Project is an open source business intelligence application. Insufficient sanitization of user-supplied input exposes the application to an SQL injection issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20806
  • 06.44.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenDocMan Username SQL Injection Vulnerability
  • Description: OpenDocMan is an open source document manager. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Versions 1.2p3, 1.2rc3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20809
  • 06.44.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E Annu Login SQL Injection
  • Description: E Annu is a web-based directroy application. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "name" parameter of the login page. Version 1.0 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20815
  • 06.44.50 - CVE: CVE-2006-5606
  • Platform: Web Application - SQL Injection
  • Title: BytesFall Explorer Sessions.Lib.PHP SQL Injection
  • Description: BytesFall Explorer is a file manager. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "sessions.lib.php" script before using it in an SQL query. BytesFall Explorer versions 0.7.2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/450152
  • 06.44.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: T.G.S. CMS Logout.PHP SQL Injection
  • Description: T.G.S. CMS is a content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "myauthorid" parameter of the "logout.php" script. T.G.S. CMS versions 0.1.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20850
  • 06.44.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DataparkSearch Malformed Hostname SQL Injection
  • Description: DataparkSearch is a search engine application. It is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data, specifically when processing malformed hostnames before using it in SQL queries. DataparkSearch versions 4.42 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20872
  • 06.44.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FreeWebShop Index.PHP SQL Injection
  • Description: FreeWebShop is a web-based shopping cart application. Insufficient sanitization of the "page" parameter of the "index.php" script exposes the application to an SQL injection issue. FreeWebShop version 2.2 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/2704
  • 06.44.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Ampache Guest Account Information Disclosure
  • Description: Ampache is a web-based audio file manager. It is exposed to an information disclosure issue due to an unspecified issue in session management. Versions 3.3.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20798
  • 06.44.55 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB Multiple Input Validation vulnerabilities
  • Description: PunBB is a bulletin board application. It is prone to multiple input validation issues because it fails to sanitize user-supplied data. PunBB versions 1.2.13 and prior are susceptible, while others may also be affected.
  • Ref: http://www.securityfocus.com/bid/20786
  • 06.44.56 - CVE: CVE-2006-5618
  • Platform: Web Application
  • Title: Netref 4 Cat_For_AFF.PHP Directory Traversal
  • Description: Netref 4 is a content management system (CMS) implemented in PHP. The application is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input to the "ad_direct" parameter of "cat_for_aff.php". Version 4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20789
  • 06.44.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Exhibit Engine Toroot Parameter Multiple Remote File Include Vulnerabilities
  • Description: Exhibit Engine Software is an application for developing web sites. It is exposed to remote file include issues because it fails to properly sanitize user-supplied input to the "toroot" parameter of the "fetchsettings.php" and the "styles.php" scripts. Version 1.22 is affected.
  • Ref: http://www.securityfocus.com/bid/20793
  • 06.44.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Freenews Aff_News.PHP Remote File Include
  • Description: Freenews is a web-based news script. It is prone to a remote file include issue because it fails to sanitize user-supplied input to the "chemin" parameter of the "aff_news.php" script. FreeNews version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/20795
  • 06.44.59 - CVE: Not Available
  • Platform: Web Application
  • Title: FAQ Administrator FAQ_Reply.PHP Remote File Include
  • Description: Faq Administrator is a message board application. It is prone to a remote file include vulnerability due to insufficient sanitization of the "email" parameter of "faq_reply". Version 2.1b is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20796
  • 06.44.60 - CVE: Not Available
  • Platform: Web Application
  • Title: MAXdev MD-Pro User.PHP Cross-Site Scripting
  • Description: MAXdev MD-Pro is a content management application. It is exposed a cross-site scripting issue because it fails to properly sanitize HTML and script code from URI input before displaying it to the users of the application. Maxdev MD-Pro version 1.0.76 is affected.
  • Ref: http://www.securityfocus.com/bid/20752
  • 06.44.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Thepeak Index.PHP Source Code Information Disclosure
  • Description: Thepeak File Upload Manager is a file upload and download application. It is prone to an information disclosure issue because the "file" parameter of the "index.php" script is known to accept base-64 encoded filenames. Thepeak File Upload Manager version 1.3 is susceptible, while others may also be affected.
  • Ref: http://www.securityfocus.com/bid/20760
  • 06.44.62 - CVE: Not Available
  • Platform: Web Application
  • Title: EZOnlineGallery Multiple Information Disclosure Vulnerabilities
  • Description: EZOnlineGallery is an image gallery application. It is prone to multiple information disclosure vulnerabilities. Numerous input validation problems allow any user to view arbitrary stored image files, or to deduce the directory structure of a target system by monitoring error generation. EZOnlineGallery versions 1.3 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20763
  • 06.44.63 - CVE: Not Available
  • Platform: Web Application
  • Title: MiniBill Menu_Builder.PHP Remote File Include
  • Description: MiniBill is a billing application for web hosting companies. Insufficient sanitization of the "config[page_dir]" parameter of the "menu_builder.php" script exposes the application to a remote file include issue. MiniBill versions 20061010 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20766
  • 06.44.64 - CVE: Not Available
  • Platform: Web Application
  • Title: TextPattern Publish.PHP Remote File Include
  • Description: TextPattern is a content management application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "txpcfg[txpath]" parameter of the "publish.php" script. TextPattern versions g1.19 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/449907
  • 06.44.65 - CVE: Not Available
  • Platform: Web Application
  • Title: TorrentFlux Dir.PHP Directory Traversal
  • Description: TorrentFlux is a web-based torrent client. It is prone to a directory traversal vulnerability due to insufficient sanitization of the "dir" parameter of the "dir.php" script. Version 2.1 is reported vulnerable.
  • Ref: http://www.securityfocus.com/bid/20771
  • 06.44.66 - CVE: Not Available
  • Platform: Web Application
  • Title: N/X WCMS NXHeader.Inc.PHP Remote File Include
  • Description: N/X WCMS is a web-based content manager. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data to the "c[path]" parameter of the "nxheader.inc.php" script. This issue affects version 4.1.
  • Ref: http://www.securityfocus.com/bid/20773
  • 06.44.67 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPTreeView TreeViewClass.PHP Remote File Include
  • Description: PHPTreeView is a sitemap and content index management application. Insufficient sanitization of the "TREEVIEW_SOURCE" parameter of the "treeviewclasses.php" script exposes the application to a remote file include issue.
  • Ref: http://www.securityfocus.com/bid/20764
  • 06.44.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Free File Hosting Forgot_Pass.PHP Remote File Include
  • Description: Free File Hosting is a web-based application. Insufficient sanitization of the "AD_BODY_TEMP" parameter of the "forgot_pass.php" script exposes the application to a remote file include issue. Free File Hosting versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20781
  • 06.44.69 - CVE: Not Available
  • Platform: Web Application
  • Title: EE Tool Ip.Inc.PHP Remote File Include Vulnerability
  • Description: EE Tool is a web-based electronic engineering application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cgipath" parameter of the "ip.inc.php" script. EE Tool version 0.4-1 is affected.
  • Ref: http://www.securityfocus.com/bid/20780
  • 06.44.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Free Image Hosting Forgot_Pass.PHP Remote File Include
  • Description: Free Image Hosting is a web-based application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "AD_BODY_TEMP" parameter of the "forgot_pass.php" script. Free Image Hosting version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20782
  • 06.44.71 - CVE: Not Available
  • Platform: Web Application
  • Title: MP3 Streaming DownSampler Core.Inc.PHP Remote File Include
  • Description: MP3 Streaming DownSampler is a web-based application. It is prone to a remote file include issue because it fails to sanitize user-supplied input to the "fullpath" parameter of the "core.inc.php" script. MP3 Streaming DownSampler version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20783
  • 06.44.72 - CVE: Not Available
  • Platform: Web Application
  • Title: FreePBX Upgrade.PHP Remote File Include
  • Description: FreePBX is an implementation of the Asterisk PBX software that includes a web-based configuration interface and other tools. The application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input to the "amp_conf['AMPWEBROOT']" parameter of "/upgrades/2.1beta1/upgrade.php". Version 2.1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20785
  • 06.44.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Website Software Common.PHP Remote File Include
  • Description: Simple Website Software is an application for developing web sites. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "SWSDIR" parameter of the "common.php" script. Simple Website Software version 0.99 is affected.
  • Ref: http://www.securityfocus.com/bid/20787
  • 06.44.74 - CVE: Not Available
  • Platform: Web Application
  • Title: QnECMS Adminfolderpath Parameter Multiple Remote File Include Vulnerabilities
  • Description: QnECMS is an content management application. It is prone to remote file include issues because it fails to sanitize user-supplied input to the "adminfolderpath" parameter of various scripts. QnECMS version 2.5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/20801
  • 06.44.75 - CVE: Not Available
  • Platform: Web Application
  • Title: EQDKP Backup.PHP Authentication Bypass
  • Description: EQDKP is a DKP (dragon kill point) monitoring system for MMO (massively multiplayer online) games. It is prone to an authentication bypass vulnerability because of a failure to sufficiently authenticate before granting access to the "backup/backup.php" script. Versions 1.3.1 p1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20805
  • 06.44.76 - CVE: Not Available
  • Platform: Web Application
  • Title: NitroTech Common.PHP Local File Include
  • Description: NitroTech is a content management system. It is prone to a local file include vulnerability due to insufficient sanitization of the "root" parameter of the "common.php" script. Version 0.0.3a is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20810
  • 06.44.77 - CVE: Not Available
  • Platform: Web Application
  • Title: MySource CMS Init_Mysource.PHP Remote File Include
  • Description: MySource CMS is a content management system. It is exposed to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "INCLUDE_PATH" parameter of the "init_mysource.php" script. Versions 2.16.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20817
  • 06.44.78 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPProfiles Reqpath Parameter Multiple Remote File Include Vulnerabilities
  • Description: PHPProfiles is a web-based application. It is prone to remote file include issues because it fails to sanitize user-supplied input to the "treqpath" parameter of the "body.inc.php", "upload_ht.inc.php" and "body_blog.inc.php" scripts. PHPProfiles version 2.1 Beta is susceptible, while others may also be affected.
  • Ref: http://www.securityfocus.com/bid/20819
  • 06.44.79 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke Journal Module Search.PHP SQL Injection
  • Description: PHP-Nuke is a web forum system. It is prone to an SQL injection issue because it fails to sanitize user-supplied data to the "forwhat" parameter of the "search.php" script file before using it in an SQL query. PHP-Nuke versions 7.9 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/20829
  • 06.44.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Gepi Savebackup.PHP Remote File Include
  • Description: Gepi is a content management system. It is prone to a remote file include vulnerability due to insufficient sanitization of the "filename" parameter of the "gestion/savebackup.php" script. Version 1.4.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20830
  • 06.44.81 - CVE: Not Available
  • Platform: Web Application
  • Title: The Search Engine Project Configfunction.PHP Remote File Include
  • Description: The Search Engine Project is a web-based search engine implemented in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "tsep_config[absPath]" parameter of the "configfunctions.php" script. Version 0.942 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20831
  • 06.44.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB Spider Friendly Module PHPBB_ROOT_PATH Parameter Remote File Include
  • Description: PHPBB Spider Friendly is a module for phpBB. It is prone to a remote file include issue because the application fails to sanitize user-supplied data to the "phpbb_root_path" parameter of the "admin/modules_data.php" script. PHPBB Spider Friendly version 1.3.10 is susceptible, while others may be affected as well.
  • Ref: http://www.securityfocus.com/bid/20844
  • 06.44.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Hosting Controller Multiple Input Validation Vulnerabilities
  • Description: Hosting Controller is a set of hosting automation tools. It is affected by multiple SQL injection, arbitrary directory creation and deletion issues. Hosting Controller version 6.1 running hot fix 3.2 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20848
  • 06.44.84 - CVE: Not Available
  • Platform: Web Application
  • Title: RSSonate Project_Root Parameter Remote File Include
  • Description: RSSonate is a web-based application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "PROJECT_ROOT" parameter of the "inc/session.php" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/20849
  • 06.44.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Zend Google Data Client Library Multiple Cross-Site Scripting
  • Description: Zend Google Data Client Library is a PHP application. It is prone to multiple cross-site scripting issues because it fails to sanitize user supplied input to unspecified parameters of the "/samples/basedemo.php" and "/samples/calenderdemo.php" scripts. Zend Google Data Client Library version 0.2.0 is susceptible, while others may also be affected.
  • Ref: http://www.securityfocus.com/bid/20851
  • 06.44.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Tikiwiki Information Disclosure and Cross-Site Scripting Vulnerabilities
  • Description: Twiki is a content management and wiki system. Insufficient sanitization of the "type" parameter of the "tiki-featured_link.php" script exposes the application to a cross-site scripting issue. Insufficient sanitization of the "sort_mode" parameter exposes the applicaiton to multiple information disclosure issues. Twiki version 1.9.5 is affected.
  • Ref: http://www.securityfocus.com/bid/20858
  • 06.44.87 - CVE: CVE-2006-5505
  • Platform: Web Application
  • Title: 2BGal Configuration.Inc.PHP Local File Include
  • Description: 2BGal is a web-based photo gallery application. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "lang" parameter of the "configuration.inc.php" script. 2BGal version 3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20859
  • 06.44.88 - CVE: Not Available
  • Platform: Web Application
  • Title: EFS Easy Address Book Web Server Data Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Easy Address Book Web Server is a web address book. It is prone to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "DATA" parameter of various scripts. Easy Address Book Web Server versions 1.2 and prior are susceptible.
  • Ref: http://www.securityfocus.com/bid/20861
  • 06.44.89 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress 2.04 Multiple Security Vulnerabilities
  • Description: WordPress is a web-based publishing application implemented in PHP. WordPress version 2.04 is prone to multiple security vulnerabilities. Please refer to the provided link for details.
  • Ref: http://www.securityfocus.com/bid/20869
  • 06.44.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Lithium CMS Arbitrary Code Injection and Local File Include
  • Description: Lithium CMS is a web-based content management system. It is affected by arbitrary code injection and a local file include issue. Lithium CMS versions 4.04c and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20871
  • 06.44.91 - CVE: Not Available
  • Platform: Web Application
  • Title: RunCMS Avatar Arbitrary File Upload
  • Description: RunCMS is a web-based content management system. It is vulnerable to an arbitrary file upload issue because it fails to properly verify the content of uploaded avatars. RunCMS versions 1.4.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/450396
  • 06.44.92 - CVE: Not Available
  • Platform: Web Application
  • Title: SAP Web Application Server Remote Denial of Service
  • Description: SAP Web Application Server is a component which acts as a web application server for other SAP products. It is prone to an unspecified remote denial of service vulnerability that crashes the "enserver.exe" process. Versions 6.40 patch 135 and prior, as well as 7.00 patch 55 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/20873
  • 06.44.93 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP HTMLEntities HTMLSpecialChars Buffer Overflow
  • Description: PHP is prone to multiple buffer overflow vulnerabilities because it fails to effectively bounds check user-supplied input to the "htmlentities()" and "htmlspecialchars()" functions before copying it to an insufficiently sized buffer. PHP version 5 is affected.
  • Ref: http://www.securityfocus.com/bid/20879
  • 06.44.94 - CVE: Not Available
  • Platform: Network Device
  • Title: Xsupplicant Stack Buffer Overflow
  • Description: Xsupplicant allows a workstation to authenticate with a RADIUS server using 802.1x and the Extensible Authentication Protocol. It is vulnerable to an unspecified stack based buffer overflow issue. Xsupplicant versions 1.2.7 and earlier are vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=453714&group_id=6023
    6
  • 06.44.95 - CVE: Not Available
  • Platform: Network Device
  • Title: ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router Information Disclosure
  • Description: ECI Telecom B-FOCuS ADSL2+ Combo332+ is a wireless 802.11b/g router and firewall. The router's Web Management interface fails to authenticate users who access the "/html/defs/" directory before providing access to sensitive information.
  • Ref: http://www.securityfocus.com/bid/20834

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Absolutely wonderful, both in presentation and content
-Don Seymour, TerpSys

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU