Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 49
December 11, 2006

SANS Newsletters Home

Windows zero-day vulnerabilities and Adobe file handling problems headline this week's most critical vulnerabilities (#1-#3), but users of CA storage software should also consider the advice under #7.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 10 (#2)
    • Microsoft Office
    • 1 (#1)
    • Third Party Windows Apps
    • 11 (#3, #6, #7, #8, #9)
    • Mac Os
    • 3
    • Linux
    • 9
    • BSD
    • 1
    • Solar
    • 1
    • Unix
    • 2
    • Novell
    • 2
    • Cross Platform
    • 11 (#4, #10)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 31
    • Network Device
    • 3 (#5)
    • Hardware
    • 1

**************************** Sponsored By SANS **************************

Interested in enhancing your knowledge from a SANS training event? Your solution is the OnDemand Bundle for $379! An online training and assessment system that reinforces the concepts taught in the classroom. For more information email ondemand@sans.org or call (301) 654-7267.

*************************************************************************

Just 9 more days for the special savings on rooms (with Internet included) at the Disney Swan Hotel for SANS Security Bootcamp in January in Orlando. Even if you haven't gotten final approval for attending, it makes sense to make a hotel reservation now and cancel it if your employer doesn't allow you to come.

Orlando Jan. 13 (25 courses): http://www.sans.org/bootcamp07/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Third Party Windows Apps
Mac Os
Linux
BSD
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

************************** Sponsored Links: ***************************

1) Disk encryption with SafeGuard® Easy software provides the ultimate in laptop security. http://www.sans.org/info/2351

2) Rule #1- NOT Patching is NOT an option. To learn more, view this SANS Webcast: http://www.sans.org/info/2356

3) SAVE BIG! Get 30% off upcoming courses via SANS OnDemand. SEC309, SEC503, SEC508, SEC617, MGT524, AUD507. Contact ondemand@sans.org

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Word Multiple Unspecified Remote Code Execution Vulnerabilities (0day)
  • Affected:
    • Microsoft Word 2000
    • Microsoft Word 2002
    • Microsoft Office Word 2003
    • Microsoft Word Viewer 2003
    • Microsoft Word 2004 for Mac
    • Microsoft Word v. X for Mac
    • Microsoft Works 2004,2005, and 2006.

  • Description: Two zero-day vulnerabilities have been discovered in Microsoft Word. A specially-crafted Word document file could exploit these vulnerabilities to execute arbitrary code with the privileges of the current user. Word documents will not open without prompting on all versions of Word after Word 2000. At least two trojans are known to be exploiting one of these vulnerabilities in the wild; the other vulnerability is being exploited on a more limited basis.

  • Status: Microsoft confirmed, no updates available.

  • Council Site Actions: All of the responding council sites are waiting for confirmation and a patch from Microsoft. They plan to deploy the patch during their next regularly scheduled system maintenance window, or automatically through Microsoft's Automatic Update Feature.

  • References:
  • (3) CRITICAL: Adobe Download Manager AOM File Handler Buffer Overflow
  • Affected:
    • Adobe Download Manager Version 2.1 and prior

  • Description: Adobe Download Manager, used to download updates for Adobe software, contains a buffer overflow vulnerability that can be triggered by a specially-crafted AOM file. AOM files are used to specify information about updates. By default, AOM files are opened without prompting, including when downloaded from websites. A malicious AOM file could take advantage of this vulnerability to execute arbitrary code with the privileges of the current user. The Adobe Download Manager is installed by default with several Adobe products, including Acrobat Reader.

  • Status: Adobe confirmed, updates available.

  • Council Site Actions: Most of the responding council sites plan to address this issue in their next regularly scheduled maintenance window. Some sites rely on Adobe's Automatic update feature, thus if this application is available via that Automatic Update, it will get updated. Otherwise those sites will need to develop a strategy to distribute this application.

  • References:
  • (4) HIGH: IBM Tivoli Storage Manager Request Handling Multiple Vulnerabilities
  • Affected:
    • IBM Tivoli Storage Manager Versions 5.2.9 and 5.3.4 and prior

  • Description: IBM Tivoli Storage Manager, used to manage storage space across an enterprise, contains multiple buffer overflow vulnerabilities. By sending a specially-crafted request to the Storage Manager Service, an attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the server process. Users are advised to block TCP port 1500 at the network perimeter if possible.

  • Status: IBM confirmed, updates available.

  • Council Site Actions: Two of the responding council sites plan to address this issue. Both will deploy during their next regularly scheduled system maintenance window. One site is already blocking port 1500 at their network perimeters.

  • References:
  • (5) HIGH: Barracuda Spam Firewall UUlib Buffer Overflow
  • Affected:
    • Barracuda Networks Barracuda Spam Firewall versions 3.3.3, 3.1.18,
    • 3.1.17, 3.3.03.055, 3.3.03.053, 3.3.01.001, and 3.3.0.54

  • Description: Barracuda Networks Barracuda Spam Firewall ships with a version of the Convert-UUlib Perl module known to be vulnerable to a buffer overflow. A specially-crafted email message could exploit this vulnerability to take complete control of the vulnerable device. Technical details and a proof-of-concept for this vulnerability are publicly available.

  • Status: Barracuda Networks confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (6) HIGH: Citrix Presentation Server Client ActiveX Remote Code Execution
  • Affected:
    • Citrix Presentation Server Client for Windows versions prior to 9.230

  • Description: Citrix Presentation Server Client for Windows contains an ActiveX control which contains a heap overflow vulnerability in its "SendChannelData" method. A page that instantiates this control could exploit this vulnerability to execute arbitrary code with the privileges of the current user.

  • Status: Citrix confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable ActiveX control via Microsoft's "kill bit" mechanism for CLSID "238F6F83-B8B4-11CF-8771-00A024541EE3".

  • Council Site Actions: Two of the responding council sites are addressing this issue. One site will address in their next regularly scheduled system maintenance window. They will expedite or set the kill-bit if an exploit is released. The other site mostly has clients connecting from Mac OS X machines. They will send an email to potentially affected users.

  • References:
  • (7) HIGH: Computer Associates BrightStor ARCServe Buffer Overflow
  • Affected:
    • Computer Associates Server Protection Suite r2
    • Computer Associates Business Protection Suite for Microsoft SBS Premium and Standard Editions r2
    • Computer Associates Business Protection Suite r2
    • Computer Associates BrightStor ARCServe Backup versions prior to 11.5.SP2

  • Description: Computer Associates BrightStor ARCServe, a common enterprise backup solution, contains a buffer overflow vulnerability. By sending a specially-crafted request to the ARCServe process, an attacker could exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Currently, only the Microsoft Windows versions of the software are believed vulnerable. Because multiple vulnerabilities have been found in the Computer Associates backup products over the past few years, users are advised to block all ports opened by the software at the network perimeter.

  • Status: Computer Associates confirmed, updates available.

  • References:
  • (8) HIGH: AOL CDDBControlAOL ActiveX Control Buffer Overflow
  • Affected:
    • AOL versions 7.0 - 9.0

  • Description: AOL's client software includes the CDDBControlAOL ActiveX control, which contains a buffer overflow vulnerability in its "SetClientInfo()" method. By passing an overlong "ClientId" argument to this method, an attacker could exploit this vulnerability and execute arbitrary code with the privileges of the current user. In the default configuration, this method is not exploitable, however, it is possible to automatically alter the configuration to a vulnerable state by instantiating the CerebusCDPlayer ActiveX control. This may be related to an earlier issue with the CDDBControl ActiveX control outlined in an earlier edition of @RISK.

  • Status: AOL confirmed, updates available through AOL's automatic update feature.

  • References:
  • (9) MODERATE: Trend Micro OfficeScan Multiple Buffer Overflows
  • Affected:
    • Trend Micro OfficeScan versions 6.5 and 7.3 and prior

  • Description: Trend Micro OfficeScan, a popular enterprise security suite, contains multiple buffer overflows in its web console. By sending specially-crafted requests to the "Wizard.exe" or "CgiRemoteInstall.exe" programs, an attacker could exploit these buffer overflows and execute arbitrary code with the privileges of the affected process. Note that authentication is required to exploit these vulnerabilities. Users are advised to limit access to the web console if possible.

  • Status: Trend Micro confirmed, updates available. Referneces: Trend Micro Readme Files http://www.trendmicro.com /ftp/documentation/readme/osce_73_win_en_patch1.1_readme.txt"> http://www.trendmicro.com /ftp/documentation/readme/osce_73_win_en_patch1.1_readm
    e.txt http://www.trendmicro.com /ftp/documentation/readme/OSCE_6.5_win_en_patch8_Readme.txt"> http://www.trendmicro.com /ftp/documentation/readme/OSCE_6.5_win_en_patch8_Readme
    .txt Trend Micro Home Page http://www.trendmicro.com SecurityFocus BID http://www.securityfocus.com/bid/21442

Other Software
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5301 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.49.1 - CVE: Not Available
  • Platform: Windows
  • Title: VUPlayer M3U UNC Name Buffer Overflow
  • Description: VUPlayer is a freeware multiformat audio player. It is vulnerable to a stack based buffer overflow issue due to failure to properly verify the size of user-supplied data before copying it into an insufficient sized process buffer. Version 2.44 is affected.
  • Ref: http://www.securityfocus.com/bid/21363
  • 06.49.2 - CVE: Not Available
  • Platform: Windows
  • Title: Telnet-FTP Server Remote Denial of Service
  • Description: Telnet-FTP Server is a multiuser Telnet/FTP server. Telnet-Ftp Server is vulnerable to a denial of service issue due to insufficient sanitization of user supplied input data. Telnet-Ftp Server 1.0 build 1.250 is affected.
  • Ref: http://www.securityfocus.com/bid/21340/info
  • 06.49.3 - CVE: Not Available
  • Platform: Windows
  • Title: AtomixMP3 M3U File Path Buffer Overflow
  • Description: AtomixMP3 is an audio mixer and player. It is vulnerable to a stack based buffer overflow issue due to improper verification of the size of user-supplied data before copying it into an insufficiently sized memory buffer. AtomixMP3 versions 2.3 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/21380/info
  • 06.49.4 - CVE: Not Available
  • Platform: Windows
  • Title: Palm Desktop Application Directory Local Insecure Permissions
  • Description: Palm Desktop is a synchronization application for use with Palm Pilots and similar devices. It is vulnerable to an insecure permissions issue because sensitive user data is stored within the application directory using insecure permissions. Palm Desktop version 4.1.4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21382/info
  • 06.49.5 - CVE: Not Available
  • Platform: Windows
  • Title: Outpost Firewall PRO Security Bypass Weakness
  • Description: Outpost Firewall PRO is a firewall application. It is vulnerable to security bypass weakness that allows local privileged attackers to bypass security restrictions. Outpost Firewall PRO version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/453182
  • 06.49.6 - CVE: Not Available
  • Platform: Windows
  • Title: BlazeVideo HDTV PLF Stack Buffer Overflow
  • Description: BlazeVideo HDTV is a high definition television player. It is vulnerable to a stack based buffer overflow issue because it fails to properly handle malformed playlist files. BlazeVideo HDTV versions 2.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21399
  • 06.49.7 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Print Spooler GetPrinterData Denial of Service
  • Description: Microsoft Windows Print Spooler service (Spoolsv.exe) manages printing processes. It is vulnerable to a denial of service issue due to insufficient handling of malformed data. Print Spooler on Microsoft Windows 2000 SP4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21401/info
  • 06.49.8 - CVE: CVE-2006-6179
  • Platform: Windows
  • Title: Trend Micro OfficeScan Wizard and CgiRemoteInstall Multiple Buffer Overflow Vulnerabilities
  • Description: Trend Micro OfficeScan is an integrated enterprise level security product. The application is vulnerable to multiple unspecified buffer overflow issues. Versions prior to and including 6.5 and 7.3 are affected. See the advisory for further details.
  • Ref: http://www.frsirt.com/english/advisories/2006/4852
  • 06.49.9 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Explorer Frame Src Denial of Service
  • Description: Microsoft Internet Explorer is prone to a denial of service vulnerability because the application fails to handle exceptional conditions. The issue occurs when the application processes a malicious page that contains frames and the "frame src" HTML tag is set to the "3F" invalid character.
  • Ref: http://www.securityfocus.com/bid/21447
  • 06.49.10 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft December Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification that the vendor will be releasing six security bulletins in all (five for Windows and one for Microsoft Visual Studio) on December 12, 2006. The highest severity rating for these issues is "Critical".
  • Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx
  • 06.49.11 - CVE: CVE-2006-5994
  • Platform: Microsoft Office
  • Title: Microsoft Word Unspecified Remote Code Execution
  • Description: Microsoft Word is prone to an unspecified remote code execution vulnerability. Please see the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/advisory/929433.mspx
  • 06.49.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP Service Multiple Buffer Overflow Vulnerabilities
  • Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. It is prone to multiple buffer overflow vulnerabilities in the IMAP service due to a boundary error in the processing of arguments passed to the "EXAMINE", "SELECT", and "DELETE" commands within the "MEIMAPS.EXE" service. Multiple versions are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21362
  • 06.49.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BlazeVideo BlazeDVD Playlist Files Remote Memory Corruption
  • Description: BlazeDVD is a DVD player and recorder for Microsoft Windows. It is prone to a remote memory corruption vulnerability because the application fails to properly handle malformed playlist files. Versions 5.0 Professional and Standard are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21337
  • 06.49.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Adobe Reader and Acrobat AcroPDF.dll ActiveX Control Remote Code Execution Vulnerabilities
  • Description: Adobe Reader and Acrobat with AcroPDF.dll ActiveX control are vulnerable to multiple remote code execution issues. See the advisory for further details.
  • Ref: http://www.adobe.com/support/security/advisories/apsa06-02.html
  • 06.49.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Telnet-FTP Server Directory Traversal
  • Description: Telnet-FTP Server is a multiuser Telnet/FTP server for Windows. It is prone to a directory traversal vulnerability because the application fails to sufficiently sanitize user-supplied input to the "GET" and "PUT" commands. Telnet-FTP Server version 1.0 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21339
  • 06.49.16 - CVE: NOT SET YET
  • Platform: Third Party Windows Apps
  • Title: Songbird Media Player Denial of Service
  • Description: Songbird Media Player is a multimedia application designed for use on the Microsoft Windows operating system. A denial of service issue occurs when the Unicode conversion library parses malicious format strings in malformed "M3U" files. Songbird Media Player versions 0.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/21343/
  • 06.49.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow
  • Description: Novell ZENworks Asset Management is an application suite for IT management and business process automation. It is exposed to an integer overflow issue because the application fails to properly allocate dynamic memory. This results in heap memory being corrupted when malformed packets are received by the Collection Client daemon. This issue affects the "CClient.exe" and "Msg.dll" files. Novell ZENworks Asset Management 7.0 SP1 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21395
  • 06.49.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CoolPlayer Multiple Buffer Overflow Vulnerabilities
  • Description: CoolPlayer is an open source media player available for Microsoft Windows. It is prone to multiple unspecified buffer overflow vulnerabilities. Versions 215 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21396
  • 06.49.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell ZENworks Asset Management Collection Client Remote Integer Overflow
  • Description: Novell ZENworks Asset Management is an application suite for IT management and business process automation. It is prone to an integer overflow vulnerability because it fails to properly validate user-supplied data. This issue affects the "CClient.exe" executable and "Msg.dll" files. Novell ZENworks Asset Management 7.0 SP1 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21400
  • 06.49.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NVIDIA NView Keystone.EXE Local Denial of Service
  • Description: NVIDIA nView is a desktop management application for computers that have an NVIDIA graphics card installed. It is prone to a local denial of service vulnerability that occurs when the "keystone.exe" file is passed a specially crafted string. Version 3.5 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21260
  • 06.49.21 - CVE: CVE-2006-6334
  • Platform: Third Party Windows Apps
  • Title: Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow
  • Description: Citrix Presentation Server Client is an ICA client application that includes Citrix support. It is prone to a heap buffer overflow vulnerability because it fails to properly bounds check user-supplied data to the "DataSize" and "DataType" parameters of the "SendChannelData()" function before copying it into an insufficiently sized memory buffer. Citrix Presentation Server Client version 9.200 is vulnerable and others may also be affected.
  • Ref: http://support.citrix.com/article/CTX111827
  • 06.49.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP Service Remote Denial of Service
  • Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. The IMAP service is prone to a remote denial of service vulnerability that is caused by a NULL pointer dereference. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21493
  • 06.49.23 - CVE: Not Available
  • Platform: Mac Os
  • Title: Mac OS X Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption
  • Description: Apple Mac OS X is prone to a local memory corruption vulnerability. The application is prone to a local memory corruption issue due to failure of operating system to handle specially crafted arguments to a system call. Mac OS X version 10.4.8 is affected.
  • Ref: http://kernelfun.blogspot.com/2006/11/mokb-28-11-2006-mac-os-x.html
  • 06.49.24 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple AirPort Extreme Driver Beacon Frame Denial of Service.
  • Description: Apple AirPort Extreme driver is exposed to a denial of service issue. Please refer to the link below for further details. Ref: http://kernelfun.blogspot.com/2006/11/mokb-30-11-2006-apple-airport-extreme.html
  • 06.49.25 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple BOMArchiveHelper Multiple Remote Archive File Vulnerabilities
  • Description: Apple Mac OS X includes a BOMArchiveHelper application. This application is utilized to process compressed and archived files such as BZ, BZ2, CPIO, GZ, TAR, ZIP, and others. It is exposed to multiple remote vulnerabilities when processing malformed files. Please refer to the link below for further details. Ref: http://security-protocols.com/2006/12/04/bomarchivehelper-needs-some-lovin/
  • 06.49.26 - CVE: CVE-2006-5751
  • Platform: Linux
  • Title: Linux Kernel Get_FDB_Entries Buffer Overflow
  • Description: The Linux kernel is prone to a buffer overflow vulnerability due to a bounds checking flaw in the "get_fdb_entries()" function. Versions prior to 2.6.18.4 are reportedly vulnerable.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4
  • 06.49.27 - CVE: CVE-2006-6120
  • Platform: Linux
  • Title: KOffice PPT Files Integer Overflow
  • Description: KOffice is an integrated office suite. It is vulnerable to an unspecified integer overflow issue due to insufficient sanitization of user supplied data. KOffice versions prior to 1.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/21354/info
  • 06.49.28 - CVE: CVE-2006-4514
  • Platform: Linux
  • Title: LibGSF Remote Heap Buffer Overflow
  • Description: The GNOME Structured File Library (libgsf) is a utility library for reading and writing structured file formats. It is exposed to a remote heap buffer overflow issue. This issue occurs in the "gsf-infile-msole.c" file. Specifically, the "ole_init_info()" function only obtains enough memory for the number specified in "num_bat".
  • Ref: http://www.securityfocus.com/bid/21358
  • 06.49.29 - CVE: Not Available
  • Platform: Linux
  • Title: KDE JPEG KFile Info Plug-in EXIF Local Denial of Service
  • Description: The JPEG KFile Info plug-in is used by applications to show metadata for image files. It is vulnerable to a denial of service issue due to an EXIF parsing bug. KDE versions 3.1.0 to 3.5.5 are vulnerable.
  • Ref: http://www.kde.org/info/security/advisory-20061129-1.txt
  • 06.49.30 - CVE: CVE-2006-6303
  • Platform: Linux
  • Title: Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial of Service
  • Description: Yukihiro Matsumoto Ruby is an object oriented scripting language. Ruby is prone to a remote denial of service issue because the application's CGI library fails to properly handle specially crafted HTTP requests. This may result in denial of service conditions because the application falls into an infinite loop and consumes excessive CPU resources. Yukihiro Matsumoto Ruby versions 1.8.5 and earlier are affected. Ref: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
  • 06.49.31 - CVE: CVE-2006-6301
  • Platform: Linux
  • Title: DenyHosts Remote Denial of Service
  • Description: DenyHosts is an application designed to monitor SSH server authentication failure messages and block hosts that attempt to brute force SSH authentication credentials. Due to a flaw in the regular expression used to parse the log file, attackers attempting to authenticate with usernames containing whitespace characters may add arbitrary IP addresses to the "/etc/hosts.deny" file causing a remote denial of service to legitimate users.
  • Ref: http://www.securityfocus.com/bid/21468
  • 06.49.32 - CVE: CVE-2006-6302
  • Platform: Linux
  • Title: Fail2Ban Remote Denial of Service
  • Description: Fail2Ban is an application designed to prevent brute force attacks against network services. It is prone to a remote denial of service vulnerability that may allow attackers to add arbitrary IP addresses to the firewall or "/etc/hosts.deny" file. All known versions are vulnerable.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=157166
  • 06.49.33 - CVE: CVE-2006-6332
  • Platform: Linux
  • Title: MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
  • Description: TheMADWiFi device driver provides the Linux kernel device support for wireless LAN chipsets from Atheros. It is prone to multiple remote stack based buffer overflow vulnerabilities. MADWiFi device driver prior to version 0.9.2.1 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21486
  • 06.49.34 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel IBMTR.C Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue. This issue is triggered when the kernel processes incoming packets. This vulnerability resides in "drivers/net/tokenring/ibmtr.c" and arises when a malicious "ip_summed" value is supplied in a packet resulting in memory corruption. Kernel versions from 2.6.0 up to and including 2.6.19 are affected.
  • Ref: http://www.securityfocus.com/bid/21490
  • 06.49.35 - CVE: Not Available
  • Platform: BSD
  • Title: NetBSD ftpd and tnftpd Port Remote Buffer Overflow
  • Description: The tnftpd server is a port of the NetBSD ftp server. Both ftpd and tnftpd are vulnerable to a remote buffer overflow issue because the file "glob.c" is prone to an off by one flaw in a bounds checking statement. tnftpd version 20040810 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21377
  • 06.49.36 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Kernel Unspecified Local Denial of Service
  • Description: Sun Solaris is prone to a local denial of service issue due to an unspecified race condition in the operating system kernel. Solaris versions 8, 9, and 10 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102574-1
  • 06.49.37 - CVE: Not Available
  • Platform: Unix
  • Title: Sun Multiple Java System Request Smuggling Vulnerabilities
  • Description: Multiple Sun Java System servers are prone to an HTTP request smuggling attack. This is due to a failure to properly sanitize user-supplied input. Please see the advisory for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1&searchclause=
  • 06.49.38 - CVE: Not Available
  • Platform: Unix
  • Title: F-PROT Antivirus ACE Remote Denial of Service
  • Description: F-PROT Antivirus is an antivirus application. It is vulnerable to a denial of service issue due to failure of the application to properly handle certain file types, resulting in excessive consumption of system resources. F-PROT Antivirus version 4.6.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/453475
  • 06.49.39 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Client Username Information Disclosure and Denial of Service Vulnerabilities
  • Description: Novell Client is a workstation application to enable access to Novell NetWare network services. It is exposed to information disclosure and denial of service vulnerabilities because the application fails to properly sanitize user-supplied input to the "username" input box at the Novel Logon in the NMAS (Novell Modular Authentication Services) message window. Novell Client version 4.91 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21385
  • 06.49.40 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Client SRVLOC.SYS Remote Denial of Service
  • Description: Novell Client is a workstation application to enable access to Novell NetWare network services. It is vulnerable to a denial of service issue due to the failure of the "srvloc.sys" driver to properly handle malformed network traffic to port 427. Novell Client version 4.91 is affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html
  • 06.49.41 - CVE: CVE-2006-3893
  • Platform: Cross Platform
  • Title: Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: Newtone ImageKit is a set of ActiveX controls and DLL libraries used for various image-processing tasks. It is exposed to multiple unspecified buffer overflow vulnerabilities because it fails to perform adequate boundary checks on processed input data. Newtone ImageKit version 6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21375
  • 06.49.42 - CVE: CVE-2006-6201
  • Platform: Cross Platform
  • Title: Borland IDSQL32.DLL Library Remote Heap Buffer Overflow
  • Description: Borland's "idsql32.dll" library is a development library included with Borland Developer Studio and other products. It is used to add SQL functionality. The "idsql32.dll" library is vulnerable to a remote heap based buffer overflow issue due to lack of adequate bounds checking on user-supplied data. Borland's "idsql32.dll" library versions 5.1.0.4 and 5.2.0.2 are vulnerable.
  • Ref: http://secunia.com/advisories/22570
  • 06.49.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
  • Description: FreeQBoard is an advanced open source tag board server. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to various scripts. FreeQBoard versions 1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/453293
  • 06.49.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow
  • Description: Upload Progress Meter is an extension for PHP 5.2. It is exposed to a buffer overflow issue because it fails to perform adequate bounds checking before copying user-supplied data to an insufficiently sized buffer. Specifically, this issue affects the "uploadprogress_php_rfc1867_file()" routine of "uploadprogress.c". Upload Progress Meter versions 8215 to 8275 are affected.
  • Ref: http://www.securityfocus.com/bid/21417
  • 06.49.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Inside Systems Mail Error.PHP Cross-Site Scripting
  • Description: Inside Systems Mail is a web mail system. The application is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "error" parameter of the "error.php" script. Version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/453420
  • 06.49.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-lib RuleMatches Remote Buffer Overflow
  • Description: xine-lib is a library that allows various media players to play various media formats. The application is prone to a remote buffer overflow vulnerability because it fails to bound check the user-supplied data before copying it into the "rulematches" buffer.
  • Ref: http://www.securityfocus.com/bid/21435
  • 06.49.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Emdros Database Engine Multiple Unspecified Local Denial of Service Vulnerabilities
  • Description: Emdros Database Engine is a corpus query system for storage and retrieval of linguistic analyses of text. Emdros Database Engine is prone to multiple unspecified local denial of service vulnerabilities due to various unspecified memory leaks in the affected application that allow an attacker to exhaust all memory resources. Versions prior to 1.2.0.pre231 are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/21444
  • 06.49.48 - CVE: CVE-2006-6362
  • Platform: Cross Platform
  • Title: l2tpns Heartbeat Handling Denial of Service
  • Description: The l2tpns program is a Layer 2 Tunneling Protocol Network Server. It is vulnerable to a denial of service issue due to an error in the "cluster_process_heartbeat()" function in "cluster.c" when handling oversized heartbeat packets. l2tpns versions 2.1 and earlier are vulnerable. Ref: http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202
  • 06.49.49 - CVE: CVE-2006-5856
  • Platform: Cross Platform
  • Title: Adobe Download Manager AOM Buffer Overflow
  • Description: Adobe Download Manager is a client application for managing the retrieval of Adobe software products. It is vulnerable to a remote buffer overflow issue. See the advisory for further details. Adobe Download Manager versions 2.1 and earlier are vulnerable. Ref: http://www.adobe.com/support/security/bulletins/apsb06-19.html#instructions
  • 06.49.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 2X ThinClientServer Unauthorized Administrative Account Creation
  • Description: ThinClientServer is an application that provides for central deployment, configuration and management of thin clients. ThinClientServer is prone to a vulnerability that may permit the creation of an administrative account by an unauthorized remote attacker.
  • Ref: http://www.securityfocus.com/bid/21300
  • 06.49.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GnuPG OpenPGP Packet Processing Function Pointer Overwrite
  • Description: GNU Privacy Guard (GnuPG) is an encryption application available for numerous platforms. It is prone to a vulnerability that could permit an attacker to overwrite a function pointer. Specifically, the problem occurs when attacker controlled data is improperly utilized in a filter when processing OpenPGP packets.
  • Ref: http://www.securityfocus.com/bid/21462
  • 06.49.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chama Cargo Unspecified Cross-Site Scripting
  • Description: Chama Cargo is an ecommerce application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters and scripts. Chama Cargo versions prior to 4.37 are affected.
  • Ref: http://www.securityfocus.com/bid/21361
  • 06.49.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Woltlab Burning Board Register.PHP Cross-Site Scripting
  • Description: Woltlab Burning Board is a bulletin board. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "r_dateformat" parameter of the "register.php" script. Woltlab Burning Board versions 2.3.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21370
  • 06.49.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Blogn Unspecified Cross-Site Scripting
  • Description: Blogn is a web log application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to unspecified parameters and scripts. Blogn versions prior to 1.9.4 are affected.
  • Ref: http://www.securityfocus.com/bid/21347
  • 06.49.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ultimate HelpDesk Index.ASP Cross-Site Scripting
  • Description: Ultimate HelpDesk is a web-based help desk application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "keyword" parameter of the "index.asp" script. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/21402
  • 06.49.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPNews Link_Temp.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPNews is a web-based news reader. It is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to various parameters of the "link_temp.php" script. PHPNews version 1.3.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21404
  • 06.49.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Squirrelmail Multiple Cross-Site Scripting and Input Validation Vulnerabilities
  • Description: Squirrelmail is a web mail application. It is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the multiple parameters of the "webmail.php" and "compose.php" scripts when the "draft", "compose", or "mailto" functionality is utilized. Versions prior to 1.4.9a are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21414
  • 06.49.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BlueSocket BSC 2100 Admin.PL Cross-Site Scripting
  • Description: BlueSocket BSC 2100 web administration is a web interface for the BlueSocket policy based WLAN security software. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "ad_name" parameter of the "admin.pl" script. This issue affects versions prior to 5.2 and versions without the 5.1.1-BluePatch fix.
  • Ref: http://www.securityfocus.com/bid/21419
  • 06.49.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cerberus Helpdesk Spellwin.PHP Cross-Site Scripting
  • Description: Cerberus Helpdesk is a web-based helpdesk application. It is exposed to a cross-site scripting vulnerability. The "js" parameter of the "spellwin.php" script is affected. Cerberus Helpdesk versions 3.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21423
  • 06.49.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vt-Forum Lite Multiple Cross-Site Scripting Vulnerabilities
  • Description: Vt-Forum Lite is a web-based forum. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "StrMes" parameter of the "vf_info.asp" script and to unspecified parameters of the "vf_newtopic.asp" script. VT-Forum version 1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/453452
  • 06.49.61 - CVE: CVE-2006-6223
  • Platform: Web Application - Cross Site Scripting
  • Title: Google Search Appliance UTF-7 Cross-Site Scripting
  • Description: Google Search Appliances are commercial search devices. They are vulnerable to cross-site scripting due to insufficient sanitization of user-supplied scripts or HTML submitted as UTF-7 encoded URIs to the "q" parameter used in the Google Appliance API. Google Mini Search and Search Appliance are vulnerable.
  • Ref: http://www.kb.cert.org/vuls/id/989144
  • 06.49.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal CVS Management/Tracker Motivation Field Cross-Site Scripting
  • Description: Drupal is a content management application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Drupal CVS Management/Tracker version prior to 4.7.0-1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21455
  • 06.49.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Seditio/Land Down Under Polls.PHP SQL Injection
  • Description: Seditio and Land Down Under are web site engines. The application is vulnerable to an SQL injection issue due to insufficient sanitization of the "id" parameter of the "polls.php" script. Neocrome Seditio version 1.10 and Neocrome Land Down Under version 8.0 are affected.
  • Ref: http://www.securityfocus.com/bid/21366
  • 06.49.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RedBinaria SIAP CMS Login.ASP SQL Injection
  • Description: Redbinaria SIAP (Sistema Integrado de Administratcion de Portales) CMS is a web-portal content manager implemented in ASP. The application is vulnerable to SQL injection issue due to insufficient sanitization of user-supplied data to the "username" parameter of the "login.asp" script file before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/21346/info
  • 06.49.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: deV!Lz Clanportal Show Parameter SQL Injection
  • Description: deV!Lz Clanportal is a web-based portal. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize input to the "show" parameter of the "index.php" script. This issue affects version 1.3.6.
  • Ref: http://www.securityfocus.com/bid/21391
  • 06.49.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple DuWare Products Detail.ASP Multiple SQL Injection Vulnerabilities
  • Description: DuPaypal Pro, DuNews, and DuDownloads are web-based applications by DuWare. They are prone to multiple SQL injection vulnerabilities due to a lack of input sanitization of several parameters in the "detail.asp" script. Please see the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21405
  • 06.49.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Metyus Okul Yonetim Sistemi Uye_giris_islem.ASP SQL Injection
  • Description: Metyus Okul Yonetim Sistemi is a web-based portal system. The application is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "kullanici_ismi" and "sifre" parameters of the "uye_giris.islem.asp" script. MaxiASP Yonetimi version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/453419
  • 06.49.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UApplication UGuestbook Index.ASP SQL Injection
  • Description: Uguestbook is a guest book application for web sites. It is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.asp" script.
  • Ref: http://www.securityfocus.com/bid/21426
  • 06.49.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: dol storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities
  • Description: dol storye is a content management system. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied data to the "id_doc" and "id_aut" parameters of the "dettaglio.asp" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21463
  • 06.49.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iWare Professional Index.PHP SQL Injection
  • Description: iWare Professional is a web-based content management system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "D" parameter of the "index.php" script. iWare version 5.0.4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21467
  • 06.49.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Novell ZENworks Patch Management Downloadreport.ASP SQL Injection
  • Description: Novell ZENworks Patch Management is a web-based application for patch management. It is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input to the "agentid" and "pass" parameter of the "/dagent/downloadreport.asp" script. Novell ZENworks Patch Management versions prior to 6.3.2.700 are affected.
  • Ref: http://www.securityfocus.com/bid/21473
  • 06.49.73 - CVE: Not Available
  • Platform: Web Application
  • Title: ContentServ FileServer.php Local File Include
  • Description: ContentServ is a web-based content manager. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "src" parameter of the "admin/FileServer.php" script. ContentServ versions 4.0 and 4.1 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21369
  • 06.49.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Bitfolge Snif Index.PHP Remote File Include
  • Description: Bitfolge Snif is an application for creating directory indexes. It is exposed to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "externalConfig" parameter of the "index.php" script. Bitfolge Snif versions 1.5.2 and earlier are reported vulnerable to this issue while other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21378
  • 06.49.75 - CVE: Not Available
  • Platform: Web Application
  • Title: plx Pay Read Parameter Local File Include
  • Description: plx Pay is a web-based payment processing script implemented in PHP. It is prone to a local file include vulnerability due to insufficient input sanitization of the "read" parameter of the "index.php" script. Versions 3.x are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21379
  • 06.49.76 - CVE: Not Available
  • Platform: Web Application
  • Title: @lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities
  • Description: @lex Guestbook is a guestbook application. It is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input to the "skin" parameter of the "index.php" script. @lex Guestbook version 4.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21373
  • 06.49.77 - CVE: CVE-2006-6175
  • Platform: Web Application
  • Title: Horde Kronolith FBView.PHP Local File Include
  • Description: Kronolith is a web-based calendar system implemented in PHP; it uses the Horde Application Framework. It is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "view" parameter of the "lib/FBView.php" script. Versions 2.0.1 through 2.1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/21341
  • 06.49.78 - CVE: Not Available
  • Platform: Web Application
  • Title: P-News Profile Editory Arbitrary File Upload
  • Description: P-News is a news manager implemented in PHP. It is prone to an arbitrary file upload vulnerability because it fails to sufficiently sanitize user-supplied input. Version 2.0 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21344
  • 06.49.79 - CVE: CVE-2006-4099
  • Platform: Web Application
  • Title: Business Objects Crystal Reports Predictable Session Identifiers Session Hijacking
  • Description: Crystal Reports is a suite of reporting tools that support web integration and server-based applications. The application itself is available for the Microsoft Windows operating system; the reporting component is available for multiple operating systems. It is exposed to a session hijacking vulnerability due to a design error. Crystal Reports Enterprise versions 9 and 10 are affected.
  • Ref: http://www.securityfocus.com/bid/21350
  • 06.49.80 - CVE: CVE-2006-6245
  • Platform: Web Application
  • Title: Photo Organizer Multiple Input Validation Vulnerabilities
  • Description: Photo Organizer is an image gallery application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. Photo Organizer versions 2.32b and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21351
  • 06.49.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Kubix CMS Multiple Input Validation Vulnerabilities
  • Description: Kubix CMS is a content manager. It is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input data. Kubix CMS 0.7 and prior versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21352
  • 06.49.82 - CVE: Not Available
  • Platform: Web Application
  • Title: AlternC Multiple Input Validation Vulnerabilities
  • Description: AlternC is a hosting services application. It is prone to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. AlternC version 0.9.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21355
  • 06.49.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Puntal Installation Scripts GLOBALS Remote File Include
  • Description: Puntal is a PHP-based Content Management System. The application is vulnerable to a remote file include issue due to improper array handling. Puntal versions 1.8.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21357/info
  • 06.49.84 - CVE: Not Available
  • Platform: Web Application
  • Title: TWiki Failed Login Information Disclosure
  • Description: TWiki is a web-based wiki application. It is prone to an information disclosure vulnerability because it fails to authenticate users who force the application to return an error page when logging in as a valid user. TWiki Release 01Sep2004 through TWiki Release 04Sep2004 with SessionPlugin and TWiki versions 4.0.0 through 4.0.5 are affected.
  • Ref: http://www.securityfocus.com/bid/21381
  • 06.49.85 - CVE: Not Available
  • Platform: Web Application
  • Title: cPanel Multiple HTML Injection Vulnerabilities
  • Description: cPanel is a web hosting control panel application. It is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of multiple parameters and scripts. Version 11 Beta is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21387
  • 06.49.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Gallery Index.PHP IMG Parameter SQL Injection
  • Description: Invision Gallery is a gallery system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "img" parameter of the "index.php" script. Version 2.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/21388/info
  • 06.49.87 - CVE: Not Available
  • Platform: Web Application
  • Title: WikyBlog Multiple HTML Injection Vulnerabilities
  • Description: WikyBlog is a wiki blog application. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input before using it in dynamically generated content. WikyBlog version 1.3.2 is affected.
  • Ref: http://www.hackerscenter.com/archive/view.asp?id=26544
  • 06.49.88 - CVE: Not Available
  • Platform: Web Application
  • Title: awrate Toroot Parameter Remote File Include
  • Description: awrate is a web-based message board application. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "toroot" parameter of the "search.php" script.
  • Ref: http://www.securityfocus.com/bid/21407
  • 06.49.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple File Manager Multiple Input Validation Vulnerabilities
  • Description: Simple File Manager is a web-based script for managing files remotely. It is vulnerable to multiple input validation issue due to insufficient sanitization of input to "fm.php". Version 0.24a is affected.
  • Ref: http://onedotoh.sourceforge.net/
  • 06.49.90 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenSolution QuickCart Config Parameter Local File Include
  • Description: QuickCart is a web shop administration tool. It is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "config" parameter of multiple scripts. QuickCart version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21411
  • 06.49.91 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Upload Center Remote File Include
  • Description: PHP Upload Center is a web-based upload application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "language" parameter of the "activate.php" script. PHP Upload Center version 2.0 is affected.
  • Ref: http://skrypty.webpc.pl/
  • 06.49.92 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB Mx_Tinies Module Module_Root_Path Remote File Include Vulnerability
  • Description: MXBB mx_tinies module is a module for the mxBB bulletin board. It is exposed to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "module_root_path" parameter of the "common.php" script. MXBB mx_tinies version 1.3.0 is vulnerable and others may also be affected.
  • Ref: http://www.securityfocus.com/bid/21415
  • 06.49.93 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB2 Multiple Local File Include Vulnerabilities
  • Description: phpBB2 is a web-based bulletin board implemented in PHP. It is prone to multiple local file include vulnerabilities due to poor input sanitization of the "l" and "phpbbmysql_lang" parameters of the "search.php" script. Versions 2.0.13 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21416
  • 06.49.94 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Multiple HTTP Response Splitting Vulnerabilities
  • Description: phpMyAdmin is a shopping cart application. It is prone to multiple HTTP response splitting vulnerabilities due to a lack of input sanitization in the "phpMyAdmin" parameter of several scripts. Version 2.7.0-pl2 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21421
  • 06.49.95 - CVE: Not Available
  • Platform: Web Application
  • Title: JAB Guest Book HTML Injection
  • Description: JAB Guest Book is a web-based application. It is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "author" parameter of the "pbguestbook.php" script before using it in dynamically generated content.
  • Ref: http://www.securityfocus.com/bid/21429
  • 06.49.96 - CVE: Not Available
  • Platform: Web Application
  • Title: SMF Image File HTML Injection
  • Description: Simple Machines Forum (SMF) is an open-source web forum. It is vulnerable to an unspecified HTML injection issue due to insufficient sanitization of user-supplied input. SMF version 1.0 and 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21431
  • 06.49.97 - CVE: Not Available
  • Platform: Web Application
  • Title: H-Sphere Control Panel Insecure Logfile Permissions
  • Description: H-Sphere Control Panel is a commercially available web-based file manager for the H-Sphere web hosting application. The application creates log files within a user's directory with insecure default permissions. Version 2.4.3 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21436
  • 06.49.98 - CVE: Not Available
  • Platform: Web Application
  • Title: JustSystems Multiple Products Unspecified Buffer Overflow Vulnerabilities
  • Description: JustSystems products are productivity tools. They are vulnerable to buffer overflow issues due to insufficient sanitization of user-supplied data. See the advisory for further details.
  • Ref: http://www.justsystems.com/products/index.html
  • 06.49.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Publicera Multiple Input Validation Vulnerabilities
  • Description: Publicera is a PHP5 framework for developing PHP5 applications. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to multiple scripts. Publicera versions 1.0-rc2 and earlier are vulnerable.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=641350
  • 06.49.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Agileco Multiple Applications Denial of Service
  • Description: Agileco is a VOIP software. AgileBill and AgileVoice are vulnerable to a denial of service vulnerability that occurs when handling requests over certain unspecified proxies. AgileBill version 1.4 and AgileVoice 1.4 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21459
  • 06.49.101 - CVE: CVE-2006-4249
  • Platform: Web Application
  • Title: Plone Unspecified Group Spoofing Vulnerability
  • Description: Plone is a web-based content management system. It is vulnerable to an unspecified spoofing vulnerability. Plone version 2.5 and 2.5.1 are vulnerable.
  • Ref: http://plone.org/about/security/advisories/cve-2006-4249/
  • 06.49.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Link CMS Multiple Input Validation Vulnerabilities
  • Description: Link CMS is a content management system (CMS). It is exposed to multiple input-validation issues because it fails to sufficiently sanitize user-supplied data. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/21464
  • 06.49.103 - CVE: Not Available
  • Platform: Web Application
  • Title: osCommerce Multiple Input Validation Vulnerabilities
  • Description: osCommerce is an e-commerce application. It is exposed to multiple input-validation issues because it fails to sufficiently sanitize user-supplied input. Version 3.0a3 is affected.
  • Ref: http://www.securityfocus.com/bid/21477
  • 14.060.17. - CVE: Not Available12.060.17.000, WorkCentre Pro version and WorkCentrewith PostScript option version are vulnerable.
  • Platform: Network Device
  • Title: Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
  • Description: Xerox WorkCentre and WorkCentre Pro are web enabled printers and copiers. They are prone to multiple vulnerabilities. The issues affect the ESS/Network controller firmware and the MicroServer Web Server application on the vulnerable devices. WorkCentre version
  • Ref: http://www.securityfocus.com/bid/21365
  • 06.49.105 - CVE: Not Available
  • Platform: Network Device
  • Title: Intel Network Drivers Local Code Execution
  • Description: Various Intel network protocol drivers for Intel network adapters are vulnerable to a local code execution issue due to an unspecified boundary condition error. All PCI, PCI-X and PCIe Intel network adapter drivers are vulnerable.
  • Ref: http://research.eeye.com/html/advisories/published/AD20061207.html
  • 06.49.106 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys WIP 330 Denial of Service
  • Description: Linksys WIP 330 devices are business class VoIP phones. They are vulnerable to a denial of service issue due to an unspecified error when device is port scanned. Linksys WIP 330 version firmware 1.00.06a is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21475
  • 06.49.107 - CVE: CVE-2006-5855
  • Platform: Hardware
  • Title: IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
  • Description: IBM Tivoli Storage Manager is an enterprise level data backup management product. It is vulnerable to multiple buffer overflow issues when receiving a malicious message with specific fields to a listening Tivoli Storage Manager application on TCP port 1500. Tivoli Storage Manager versions 5.2.9 and 5.3.4 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21440

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I think this course changed my life.
-James Welcher, LBNL

Forensics 526

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee