@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Mac OS X Safari Remote Code Execution
• (2) HIGH: Winamp M3U Playlist File Handling Overflow
• (3) HIGH: Adobe Macromedia Shockwave Player ActiveX Buffer Overflow

Other Software

• (4) HIGH: Mambo CMS SQL Injection and Local File Include Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 06.8.1 - NJStar Word Processor Remote Buffer Overflow
• 06.8.2 - Safe'n'Sec Path Specification Local Privilege Escalation
• 06.8.3 - Ipswitch WhatsUp Professional 2006 Denial of Service
• 06.8.4 - Nullsoft Winamp M3U File Processing Buffer Overflow
• 06.8.5 - Winace ARJ File Handling Buffer Overflow
• 06.8.6 - The Bat! Remote Buffer Overflow
• 06.8.7 - Winace Remote Directory Traversal
• 06.8.8 - StuffIt and ZipMagic Remote Directory Traversal
• 06.8.9 - ArGoSoft Mail Server Pro POP3 Server Remote Information Disclosure

Mac Os

• 06.8.10 - Mac OS X Archive Metadata Command Execution

Linux

• 06.8.11 - Fedora Directory Server Password Information Disclosure
• 06.8.12 - Linux Kernel SDLA_XFER Kernel Memory Disclosure
• 06.8.13 - ViRobot Linux Server Authentication Bypass
• 06.8.14 - SUSE CASA Pam_Micasa Remote Buffer Overflow
• 06.8.15 - Zoo Misc.c Buffer Overflow

Unix

• 06.8.16 - SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
• 06.8.17 - SCO UnixWare Ptrace Unspecified Local Privilege Escalation

Cross Platform

• 06.8.18 - Melange Chat Session Header Information Disclosure
• 06.8.19 - XPDF Multiple Unspecified Vulnerabilities
• 06.8.20 - Mozilla Firefox HTML Parsing Denial of Service
• 06.8.21 - EmuLinker Malformed Packet Remote Denial Of Service
• 06.8.22 - Micromuse Netcool/NeuSecure NS Account Password Disclosure
• 06.8.23 - BomberClone Error Messages Buffer Overflow
• 06.8.24 - Micromuse Netcool/NeuSecure Clear Text Password
• 06.8.25 - Netcool/NeuSecure Insecure File Permissions
• 06.8.26 - Snort Frag3 Processor Fragmented Packet Detection Evasion
• 06.8.27 - Mozilla Thunderbird Address Book Import Remote Denial of Service
• 06.8.28 - GNU Tar Invalid Headers Buffer Overflow
• 06.8.29 - Mozilla Thunderbird IFRAME JavaScript Execution
• 06.8.30 - VisNetic AntiVirus Local Privilege Escalation
• 06.8.31 - Macromedia Shockwave Player ActiveX Control Buffer Overflow
• 06.8.32 - POPFile Denial Of Service
• 06.8.33 - Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext
• 06.8.34 - PHP Error Message Cross-Site Scripting
• 06.8.35 - PHP PEAR::Archive_Tar Remote Directory Traversal

Web Application - Cross Site Scripting

• 06.8.36 - V-webmail Multiple Cross-Site Scripting Vulnerabilities
• 06.8.37 - MyBB Multiple Cross-Site Scripting Vulnerabilities
• 06.8.38 - ADOdb Multiple Cross-Site Scripting Vulnerabilities
• 06.8.39 - RunCMS Ratefile.PHP Cross-Site Scripting
• 06.8.40 - Noah's Classifieds Index.PHP Multiple Cross-Site Scripting Vulnerabilities
• 06.8.41 - CPG Dragonfly CMS Multiple Cross-Site Scripting Vulnerabilities
• 06.8.42 - JGS-Gallery Module Multiple Cross-Site Scripting Vulnerabilities
• 06.8.43 - WEBInsta Limbo HTML Injection

Web Application - SQL Injection

• 06.8.44 - PHPNuke Index.PHP Search Module SQL Injection
• 06.8.45 - Magic Calendar Lite Index.PHP SQL Injection
• 06.8.46 - ilchClan Multiple SQL Injection Vulnerabilities
• 06.8.47 - MiniNuke CMS Pages.ASP SQL Injection
• 06.8.48 - Webpagecity WPC easy SQL Injection
• 06.8.49 - PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities
• 06.8.50 - Noah's Classifieds Search Page SQL Injection
• 06.8.51 - CPG Dragonfly CMS SQL Injection
• 06.8.52 - Web Calendar Pro Dropbase.PHP SQL Injection
• 06.8.53 - Oi! Email Marketing System Index.PHP SQL Injection
• 06.8.54 - Virtual Communication Services VPMi Enterprise Service_Requests.ASP SQL Injection

Web Application

• 06.8.55 - Guestbox HTML Injection
• 06.8.56 - Admbook Remote PHP Script Code Execution
• 06.8.57 - Barracuda Directory Multiple HTML Injection Vulnerabilities
• 06.8.58 - Xerox WorkCentre Products HTML Injection
• 06.8.59 - TTS Software Time Tracking Software Edituser.PHP Access Validation
• 06.8.60 - Siteframe Beaumont Page.PHP HTML Injection
• 06.8.61 - Wimpy MP3 Player Text File Overwrite Weakness
• 06.8.62 - Macallan Mail Solution IMAP Commands Directory Traversal
• 06.8.63 - PerlBlog Multiple Input Validation and Information Disclosure Vulnerabilities
• 06.8.64 - Teca Scripts Quirex Convert.CGI Information Disclosure
• 06.8.65 - Apache Libapreq2 Quadratic Behavior Denial of Service
• 06.8.66 - Teca Scripts Guestex Multiple Input Validation Vulnerabilities
• 06.8.67 - Leif M. Wright Blog Information Disclosure
• 06.8.68 - E-Blah Routines.PL HTML Injection
• 06.8.69 - Leif M. Wright Blog.CGI Authorization Bypass
• 06.8.70 - Leif M. Wright Blog HTML Injection
• 06.8.71 - Coppermine Multiple File Include Vulnerabilities
• 06.8.72 - e107 Website System Chatbox Plugin HTML Injection
• 06.8.73 - PHPNuke CAPTCHA Bypass Weakness
• 06.8.74 - PostNuke Multiple Input Validation Vulnerabilities
• 06.8.75 - Geeklog Multiple Input Validation Vulnerabilities
• 06.8.76 - CherryPy StaticFilter Directory Traversal
• 06.8.77 - PEAR LiveUser Unauthorized File Access
• 06.8.78 - PHPNuke Your_Account Module Multiple Input Validation Vulnerabilities
• 06.8.79 - Mambo Open Source Unspecified Remote
• 06.8.80 - InfoVista VistaPortal Directory Traversal
• 06.8.81 - Noah's Classifieds Local File Include
• 06.8.82 - CPG Dragonfly CMS Linking.PHP HTML Injection
• 06.8.83 - Noah's Classifieds Index.PHP Remote File Include
• 06.8.84 - Intensive Point iUser Ecommerce Unspecified Vulnerabilities
• 06.8.85 - NOCC Webmail Multiple Input Validation Vulnerabilities
• 06.8.86 - CubeCart Arbitrary File Upload
• 06.8.87 - PHPX XCode Tag HTML Injection
• 06.8.88 - PHPLIB Unspecified Code Execution
• 06.8.89 - DEV Web Management System HTML Injection

Network Device

• 06.8.90 - HCIDump Remote Denial of Service
• 06.8.91 - Xerox WorkCentre Unspecified Denial of Service
• 06.8.92 - Xerox WorkCentre Products Local Authentication Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 8, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4902 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 06.8.1 - CVE: CVE-2006-0807
• Platform: Third Party Windows Apps
• Title: NJStar Word Processor Remote Buffer Overflow
• Description: NJStar is a word processor application. It is vulnerable to a remote buffer overflow issue when specially crafted font names contained in an NJStar document are handled. NJStar Chinese and Japanese versions 5.01.41107 and earlier are vulnerable.
• Ref: http://www.frsirt.com/english/advisories/2006/0670

• 06.8.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Safe'n'Sec Path Specification Local Privilege Escalation
• Description: StarForce Technologies Safe'n'Sec is a commercial security application. The application executes other applications without using properly quoted paths. Safe'n'Sec Personal version 2.0 is vulnerable.
• Ref: http://secdev.zoller.lu/research/safnsec.htm

• 06.8.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Ipswitch WhatsUp Professional 2006 Denial of Service
• Description: Ipswitch WhatsUp Professional 2006 is a network monitoring and management application. It is vulnerable to a remote denial of service issue due to insufficient handling of various HTTP GET requests to the "NmConsole/Login.asp" script. Ipswitch WhatsUp Professional 2006 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425780

• 06.8.4 - CVE: CVE-2006-0720
• Platform: Third Party Windows Apps
• Title: Nullsoft Winamp M3U File Processing Buffer Overflow
• Description: Winamp is a media player. It is prone to a buffer overflow vulnerability when processing malformed M3U playlist files. This issue occurs when an M3U playlist is paused or stopped. Winamp makes an insecure "strncpy()" call to reset the title of the program, which can result in a static buffer being overrun. Winamp versions 5.12 and 5.13 are affected; earlier versions may also be vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425984

• 06.8.5 - CVE: CVE-2006-0813
• Platform: Third Party Windows Apps
• Title: Winace ARJ File Handling Buffer Overflow
• Description: Winace is a file compression and decompression application. It is vulnerable to a buffer overflow when handling malformed ARJ archives. Winace version 2.60 is vulnerable.
• Ref: http://secunia.com/secunia_research/2005-67/advisory/

• 06.8.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: The Bat! Remote Buffer Overflow
• Description: The Bat! is a web mail client for various Microsoft Windows platforms. It is prone to a remote buffer overflow vulnerability. The problem presents itself when the application receives an email where the "Subject" field is 4038 bytes. This results in a buffer overflow and subsequent memory corruption. An attacker can exploit this issue to control program flow and execute arbitrary attacker-supplied code in the context of the victim user running the affected application.
• Ref: http://www.securityfocus.com/archive/1/425936

• 06.8.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Winace Remote Directory Traversal
• Description: Winace is a file compression/decompression application. A vulnerablity in Winace may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. Winace versions 2.6.05 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/425971

• 06.8.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: StuffIt and ZipMagic Remote Directory Traversal
• Description: StuffIt and ZipMagic are file archiving and compression applications. A vulnerablity in these applications may allow an attacker to place and overwrite files in arbitrary locations on a vulnerable computer. This issue presents itself when the application processes malicious ZIP and TAR archives. Visit the reference link for a list of vulnerable versions.
• Ref: http://www.securityfocus.com/archive/1/425972

• 06.8.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ArGoSoft Mail Server Pro POP3 Server Remote Information Disclosure
• Description: ArGoSoft Mail Server Pro is a mail server application. It is affected by a remote information disclosure issue by a issuing "_DUMP" command prior to authenticating to the POP3 service. This will return potentially sensitive configuration information. ArGoSoft Mail Server Pro version 1.8.8.1 is affected.
• Ref: http://www.securityfocus.com/bid/16808

• 06.8.10 - CVE: Not Available
• Platform: Mac Os
• Title: Mac OS X Archive Metadata Command Execution
• Description: Apple Mac OS X is vulnerable to an arbitrary command execution vulnerability when opening ZIP archive files due to an error when processing file association metadata. Mac OS X versions 10.4.5 and earlier are vulnerable.
• Ref: http://secunia.com/mac_os_x_command_execution_vulnerability_test/

• 06.8.11 - CVE: CVE-2005-3630
• Platform: Linux
• Title: Fedora Directory Server Password Information Disclosure
• Description: Fedora Directory Server is vulnerable to an information disclosure issue because the application allows for an unauthorized user to view the administrative password which is stored in the adm.conf file. RedHat Fedora Directory Server version 1.0 is vulnerable.
• Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837

• 06.8.12 - CVE: CVE-2004-2607
• Platform: Linux
• Title: Linux Kernel SDLA_XFER Kernel Memory Disclosure
• Description: The Linux kernel is affected by a local memory disclosure issue which presents itself in the "sdla_xfer" function of the SDLA WAN driver. A flawed integer to short cast causes a memory copy operation to copy zero bytes. Kernel versions 2.4.x up to 2.4.29-rc1 and 2.6.x up to 2.6.5 are affected.
• Ref: http://www.securityfocus.com/bid/16759

• 06.8.13 - CVE: Not Available
• Platform: Linux
• Title: ViRobot Linux Server Authentication Bypass
• Description: ViRobot Linux Server is an application server that provides antivirus protection. It is prone to an authentication bypass vulnerability because the "filescan" component does not properly validate authentication credentials supplied through cookies. ViRobot Linux Server version 2.0 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/16768

• 06.8.14 - CVE: CVE-2006-0736
• Platform: Linux
• Title: SUSE CASA Pam_Micasa Remote Buffer Overflow
• Description: SUSE Common Authentication Service Adapter (CASA) provides a common infrastructure for client authentication. It is vulnerable to a remote buffer overflow issue due to insufficient handling of boundary checks with the "pam_micasa" authentication module. SUSE Open-Enterprise-Server version 9.0 and SUSE Novell Linux Desktop version 9.0 are vulnerable.
• Ref: http://www.novell.com/linux/security/advisories/2006_10_casa.html

• 06.8.15 - CVE: Not Available
• Platform: Linux
• Title: Zoo Misc.c Buffer Overflow
• Description: Zoo is an archiving tool that uses a Lempel-Ziv compression. It is prone to a buffer overflow vulnerability due to insufficient boundry checking on user-supplied data. Zoo version 2.10 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16790

• 06.8.16 - CVE: CVE-2006-0195, CVE-2006-0377, CVE-2006-0188
• Platform: Unix
• Title: SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
• Description: SquirrelMail is a web mail application implemented in PHP4. It is susceptible to multiple cross-site scripting and IMAP injection vulnerabilities due to insufficient sanitization of user-supplied input. All versions prior to SquirrelMail 1.4.6-cvs are vulnerable.
• Ref: http://www.securityfocus.com/bid/16756

• 06.8.17 - CVE: CVE-2005-2934
• Platform: Unix
• Title: SCO UnixWare Ptrace Unspecified Local Privilege Escalation
• Description: SCO UnixWare is prone to a local privilege escalation vulnerability. An attacker can exploit the "ptrace()" system call to gain superuser privileges leading to a complete compromise. SCO UnixWare versions 7.1.3 and 7.1.4 are known to be vulnerable.
• Ref: http://www.securityfocus.com/bid/16765

• 06.8.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Melange Chat Session Header Information Disclosure
• Description: Melange Chat is an IRC like server/client program. It is prone to an information disclosure vulnerability due to a failure in the application to properly secure HTTP request data. The server uses TCP port 6666 to listen for incoming client connections. However, during a connection, the client transmits the session header to all telnet sessions currently connected to the listening port. Melange Chat System version 1.10 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425589

• 06.8.19 - CVE: Not Available
• Platform: Cross Platform
• Title: XPDF Multiple Unspecified Vulnerabilities
• Description: The "xpdf" utility is an open-source implementation of a PDF viewer for the X window system. It is affected by multiple unspecified security issues. All versions are affected.
• Ref: http://www.securityfocus.com/bid/16748

• 06.8.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox HTML Parsing Denial of Service
• Description: Mozilla Firefox is prone to a remote denial of service vulnerability. This issue occurs when the browser parses certain malformed HTML content. The browser may fail due to a null pointer dereference. In some cases, the browser may simply no longer respond. Mozilla Firefox versions prior to 1.5.0.1 are prone to this issue.
• Ref: http://www.securityfocus.com/bid/16741/exploit

• 06.8.21 - CVE: Not Available
• Platform: Cross Platform
• Title: EmuLinker Malformed Packet Remote Denial Of Service
• Description: EmuLinker is a server application for classic emulated games. It is susceptible to a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed network packets from other game players. EmuLinker versions prior to 0.99.17 are affected by this issue.
• Ref: http://www.securityfocus.com/bid/16733

• 06.8.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Micromuse Netcool/NeuSecure NS Account Password Disclosure
• Description: Micromuse Netcool/NeuSecure is a security information management (SIM) platform that stores security data in a MySQL database. It is prone to a password-disclosure vulnerability. This issue occurs because the NS account password is logged in cleartext through the application's logging facility. The log file is viewable by unprivileged users of the system. Netcool/NeuSecure 3.0.236-1 was reported vulnerable. Other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/425304

• 06.8.23 - CVE: CVE-2006-0460
• Platform: Cross Platform
• Title: BomberClone Error Messages Buffer Overflow
• Description: BomberClone is a multiplayer version of the game "BomberMan". It is affected by a buffer overflow issue when it fails to perform boundary checks on user-supplied data before storing it in a finite sized buffer. BomberClone version 0.11.6.2 is affected.
• Ref: http://www.securityfocus.com/bid/16697

• 06.8.24 - CVE: CVE-2006-0838
• Platform: Cross Platform
• Title: Micromuse Netcool/NeuSecure Clear Text Password
• Description: Micromuse Netcool/NeuSecure is a security information management (SIM) platform. It is vulnerable to a cleartext password issue because the application stores the passwords in cleartext in the "/etc/neusecure.conf" configuration file. Micromuse Netcool/NeuSecure version 3.0.236-1 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425304

• 06.8.25 - CVE: CAN-2005-2962
• Platform: Cross Platform
• Title: Netcool/NeuSecure Insecure File Permissions
• Description: Netcool/NeuSecure is a security information management (SIM) platform. It is vulnerable to insecure directory permissions during a default installation. Netcool/NeuSecure Version 3.0.236-1 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425304

• 06.8.26 - CVE: CVE-2006-0839
• Platform: Cross Platform
• Title: Snort Frag3 Processor Fragmented Packet Detection Evasion
• Description: Snort is an intrusion detection system (IDS). Reports indicate that the Frag3 preprocessor, which is used to handle fragmented IP packets, does not analyze [ip_option_length] bytes from the end of the IP options during reassembly. A successful attack can allow attackers to bypass intrusion detection. Snort version 2.4.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/425290

• 06.8.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Thunderbird Address Book Import Remote Denial of Service
• Description: Mozilla Thunderbird is an email client. It is vulnerable to a remote denial of service issue due to insufficient handling of specially crafted address books containing excessive data. Mozilla Thunderbird version 1.5 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425602

• 06.8.28 - CVE: CVE-2006-0300
• Platform: Cross Platform
• Title: GNU Tar Invalid Headers Buffer Overflow
• Description: GNU Tar is a program that allows users to create and manipulate archive files in various formats. It is prone to a buffer overflow vulnerability. This issue occurs when archives containing malformed headers are processed. GNU Tar versions 1.14 and above are vulnerable.
• Ref: http://www.securityfocus.com/bid/16764

• 06.8.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Thunderbird IFRAME JavaScript Execution
• Description: Mozilla Thunderbird is an email client. It is prone to a script execution vulnerability due to insufficient sanitization of user-supplied data. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in the "SRC" attribute of an IFRAME and the user attempts to reply to the mail. Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected.
• Ref: http://www.securityfocus.com/bid/16770/exploit

• 06.8.30 - CVE: CVE-2006-0812
• Platform: Cross Platform
• Title: VisNetic AntiVirus Local Privilege Escalation
• Description: VisNetic AntiVirus is a specially designed plugin module for VisNetic MailServer. It is prone to a local privilege escalation vulnerability. This issue is due to a failure in the application to drop privileges before invoking other applications. VisNetic AntiVirus versions 4.6.1.1 and 4.6.4 are affected.
• Ref: http://www.securityfocus.com/bid/16788

• 06.8.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Macromedia Shockwave Player ActiveX Control Buffer Overflow
• Description: Macromedia Shockwave by Adobe is a multi-platform multimedia playback application. It is affected by a stack-based buffer overflow issue which occurs when the affected ActiveX control is passed overly long parameters specified from a malicious web site. Macromedia Shockwave Player versions 10.1.0.11 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16791

• 06.8.32 - CVE: Not Available
• Platform: Cross Platform
• Title: POPFile Denial Of Service
• Description: POPFile is an email classification tool. A remote denial of service vulnerability has been reported in POPFile. A remote attacker may cause the application to crash when a victim user opens a specially crafted email message containing certain malformed character sets. POPFile version 0.22.3 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16792

• 06.8.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext
• Description: Lincoln D. Stein Crypt::CBC is a Perl module that implements cryptographic cipher block chaining mode (CBC) encryption support. It is vulnerable to a weak ciphertext issue due to a flaw in its creation of Initialization Vectors for ciphers with a blocksize larger than 8. Lincoln D. Stein Crypt::CBC versions 2.16 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425966

• 06.8.34 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP Error Message Cross-Site Scripting
• Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input before using it in generated error messages. PHP versions 5.1.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16803

• 06.8.35 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP PEAR::Archive_Tar Remote Directory Traversal
• Description: PEAR::Archive_Tar has a vulnerablity that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. Reportedly, an attacker can carry out directory traversal type attacks. This issue presents itself when the application processes malicious TAR archives. When the application processes an archive file, it places the files in a location that is specified within the file itself.
• Ref: http://www.securityfocus.com/archive/1/425967

• 06.8.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: V-webmail Multiple Cross-Site Scripting Vulnerabilities
• Description: V-webmail is a webmail application implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "newid" parameter of the "preferences.personal.php" script and the "rframe" parameter of the "frameset.php" script. V-webmail version 1.6.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16706

• 06.8.37 - CVE: CVE-2006-0770
• Platform: Web Application - Cross Site Scripting
• Title: MyBB Multiple Cross-Site Scripting Vulnerabilities
• Description: MyBB is a web-based bulletin-board application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input. MyBB Version 1.0.4 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16708/info

• 06.8.38 - CVE: CVE-2006-0806
• Platform: Web Application - Cross Site Scripting
• Title: ADOdb Multiple Cross-Site Scripting Vulnerabilities
• Description: ADOdb is a database-abstraction library for PHP. It is prone to multiple cross-site scripting vulnerabilities. ADOdb versions 4.71 and prior are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425393

• 06.8.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: RunCMS Ratefile.PHP Cross-Site Scripting
• Description: RunCMS is a web-based content management system. Insufficient sanitization of the "lid" parameter in the "ratefile.php" script exposes the application to a cross-site scripting issue. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/16769

• 06.8.40 - CVE: CVE-2005-2980
• Platform: Web Application - Cross Site Scripting
• Title: Noah's Classifieds Index.PHP Multiple Cross-Site Scripting Vulnerabilities
• Description: Noah's Classifieds is a general purpose web advertising application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user supplied input to the "inf" and "upperTemplate" parameters of the "index.php" script. PhpOutsourcing Noah's Classifieds version 1.3 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425783

• 06.8.41 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CPG Dragonfly CMS Multiple Cross-Site Scripting Vulnerabilities
• Description: Dragonfly is a web-based content management system. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/16784

• 06.8.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JGS-Gallery Module Multiple Cross-Site Scripting Vulnerabilities
• Description: JGS-Gallery is a gallery module for Woltlab Burning Board. JGS-Gallery is vulnerable to multiple cross-site scripting issues due to a lack of proper sanitization of user-supplied input. Multiple parameters are not properly sanitized when submitted to multiple scripts, allowing an attacker to submit malicious HTML and script code through malicious URI. These issues affect the "userid" and "katid" parameters of "jgs_galerie_slideshow.php" and the "userid" parameter of "jgs_galerie_scroll.php"; other scripts and parameters may also be vulnerable. JGS-Gallery version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/16810/exploit

• 06.8.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WEBInsta Limbo HTML Injection
• Description: Limbo is a content management application. It is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the message field on the "contact" page. WEBInsta Limbo CMS version 1.0.4.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16811/info

• 06.8.44 - CVE: CVE-2006-0679
• Platform: Web Application - SQL Injection
• Title: PHPNuke Index.PHP Search Module SQL Injection
• Description: PHPNuke is a web-based content management system (CMS). PHPNuke is prone to an SQL injection vulnerability. PHPNuke versions 7.5.0 up to 7.8.0 are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425508

• 06.8.45 - CVE: CVE-2006-0673
• Platform: Web Application - SQL Injection
• Title: Magic Calendar Lite Index.PHP SQL Injection
• Description: Magic Calendar Lite is a calendar application. Insufficient sanitization of the "Login" field in the "index.php" script exposes the application to an SQL injection issue. Magic Calendar Lite version 1.02 is affected.
• Ref: http://www.securityfocus.com/bid/16734

• 06.8.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ilchClan Multiple SQL Injection Vulnerabilities
• Description: ilchClan is a web application. The application is vulnerable to SQL injection issues because it fails to properly sanitize user-supplied input to the "pid" and "login_name" parameters of the "index.php" and "login.php" scripts. ilchClan versions 1.0.5F and 1.0.5.G are vulnerable.
• Ref: http://www.securityfocus.com/bid/16735/exploit

• 06.8.47 - CVE: CVE-2006-0199
• Platform: Web Application - SQL Injection
• Title: MiniNuke CMS Pages.ASP SQL Injection
• Description: The MiniNuke CMS is used to create web sites. It is vulnerable to an SQL injection issue due to insufficient sanitization of user supplied input to the "id" parameter of the "pages.asp" script. MiniNuke CMS version 1.8.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16730/info

• 06.8.48 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Webpagecity WPC easy SQL Injection
• Description: Webpagecity WPC easy is used to create web sites. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the login script.
• Ref: http://www.securityfocus.com/archive/1/425395

• 06.8.49 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities
• Description: PEAR::Auth is a package that provides methods for creating PHP authentication systems. It is prone to multiple unspecified SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. PEAR::Auth versions prior to 1.2.4 and prior to 1.3.0r4 are vulnerable.
• Ref: http://www.securityfocus.com/bid/16758

• 06.8.50 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Noah's Classifieds Search Page SQL Injection
• Description: Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input. The "Search" input field on the application's search page is not sanitized before being used in SQL query input. Noah's Classifieds version 1.3 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16773/exploit

• 06.8.51 - CVE: CVE-2006-0727
• Platform: Web Application - SQL Injection
• Title: CPG Dragonfly CMS SQL Injection
• Description: Dragonfly is a web-based content management system implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the profile name. Dragonfly CMS version 9.0.6.1 is affected.
• Ref: http://dragonflycms.org/Forums/viewtopic/t=14751.html

• 06.8.52 - CVE: CVE-2006-0835
• Platform: Web Application - SQL Injection
• Title: Web Calendar Pro Dropbase.PHP SQL Injection
• Description: Web Calendar Pro is a web-based content management system implemented in PHP. Web Calendar Pro is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied input to the "tabls" parameter of the "dropbase.php" script.
• Ref: http://www.xorcrew.net/xpa/XPA-WebCalendarPro.txt

• 06.8.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Oi! Email Marketing System Index.PHP SQL Injection
• Description: Oi! Email Marketing System is a web-based email and SMS marketing system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user supplied input to unspecified parameters of the "index.php" script. Oi! Email Marketing System version 3.0 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425924

• 06.8.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Virtual Communication Services VPMi Enterprise Service_Requests.ASP SQL Injection
• Description: VPMi Enterprise is a project management system. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "UpdateID0" parameter in the "Service_Requests.asp" script. Virtual Communication Services VPMi version 3.3 is affected.
• Ref: http://www.securityfocus.com/bid/16798

• 06.8.55 - CVE: Not Available
• Platform: Web Application
• Title: Guestbox HTML Injection
• Description: Guestbox is web guestbook and forum software. It is prone to an HTML injection vulnerability due to improper sanitization of user-supplied input before using it in dynamically generated content. Specifically, input to the "uri" field of "guestbox.php" before storing it in a system log; other fields may also be vulnerable. Guestbox version 0.6 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425495

• 06.8.56 - CVE: CVE-2006-0852
• Platform: Web Application
• Title: Admbook Remote PHP Script Code Execution
• Description: Admbook is a guestbook web application. It is vulnerable to a remote PHP script code execution issue due to insufficient sanitization of the "X-Forwarded-For" HTTP request header in the "write.php" script. Admbook version 1.2.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16753

• 06.8.57 - CVE: CVE-2006-0833
• Platform: Web Application
• Title: Barracuda Directory Multiple HTML Injection Vulnerabilities
• Description: Barracuda Directory is a PHP script that enables niche links directories for Web sites. Barracuda Directory is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of user-supplied input. Barracuda Directory version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/16746/info

• 06.8.58 - CVE: Not Available
• Platform: Web Application
• Title: Xerox WorkCentre Products HTML Injection
• Description: Xerox WorkCentre and WorkCentre Pro are web capable printers and photocopiers. They are prone to an HTML injection vulnerability due to improper sanitization of user-supplied input before using it in dynamically generated content. It has not been specified which parameters and scripts are vulnerable. This issue is reported to affect WorkCentre versions 232, 238, 245, 255, 265, 275, and WorkCentre Pro 232, 238, 245, 255, 265, and 275; other versions may also be vulnerable.
• Ref: http://www.securityfocus.com/bid/16727

• 06.8.59 - CVE: CVE-2006-0689, CVE-2006-0690, CVE-2006-0691
• Platform: Web Application
• Title: TTS Software Time Tracking Software Edituser.PHP Access Validation
• Description: Time Tracking Software is a time management application. The application is prone to an access-validation vulnerability. The application fails to perform proper access validation in the "edituser.php" administration script. This issue is reported to affect Time Tracking Software version 3.0; other versions may also be vulnerable.
• Ref: http://www.securityfocus.com/bid/16731/exploit

• 06.8.60 - CVE: CVE-2006-0783
• Platform: Web Application
• Title: Siteframe Beaumont Page.PHP HTML Injection
• Description: Siteframe Beaumont is a content management system designed for the rapid deployment of community based websites. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "comment_text" field of the "page.php" script. Siteframe Beaumont versions 5.0.2 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/425180

• 06.8.61 - CVE: Not Available
• Platform: Web Application
• Title: Wimpy MP3 Player Text File Overwrite Weakness
• Description: Wimpy MP3 Player is a web script for playing MP3 files. It is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data due to improper authentication. Wimpy MP3 Player version 5 is affected.
• Ref: http://www.securityfocus.com/bid/16696

• 06.8.62 - CVE: Not Available
• Platform: Web Application
• Title: Macallan Mail Solution IMAP Commands Directory Traversal
• Description: Macallan Mail Solution is a free mail server for Microsoft Windows 2000 and XP. It supports the Microsoft Outlook and Outlook Express mail clients. It is prone to a directory traversal vulnerability exposed through IMAP commands. The "CREATE", "SELECT", "DELETE", and "RENAME" commands can allow an authenticated user to view other users' email, create or rename directories, or delete empty directories. Macallan Mail Solution version 4.8.03.025 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16704

• 06.8.63 - CVE: Not Available
• Platform: Web Application
• Title: PerlBlog Multiple Input Validation and Information Disclosure Vulnerabilities
• Description: PerlBlog is a web-blog software. Insufficient sanitization of user-supplied input exposes the application to multiple input validation and information disclosure issues. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/16707

• 06.8.64 - CVE: CVE-2006-0795
• Platform: Web Application
• Title: Teca Scripts Quirex Convert.CGI Information Disclosure
• Description: Quirex is a web-based quiz application. It is vulnerable to a remote information disclosure issue due to insufficient sanitization of user-supplied input to the "quiz_head", "quiz_foot", and "template" parameters of the "convert.cgi" script. Teca Quirex versions 2.0 and 2.0.2 are vulnerable.
• Ref: http://evuln.com/vulns/78/summary.html

• 06.8.65 - CVE: CVE-2006-0042
• Platform: Web Application
• Title: Apache Libapreq2 Quadratic Behavior Denial of Service
• Description: The Libapreq2 is a function library for the Apache webserver. It is vulnerable to a denial of service due to a design error affecting the "apreq_parse_headers()" and "apreq_parse_urlencoded()" functions of the application. The Libapreq2 versions 2.0.6 and earlier are vulnerable.
• Ref: http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES? rev=376998&view=markup

• 06.8.66 - CVE: Not Available
• Platform: Web Application
• Title: Teca Scripts Guestex Multiple Input Validation Vulnerabilities
• Description: Guestex is web-based guestbook software. It is prone to HTML injection and arbitrary shell command-execution issues due to a failure in the application to properly sanitize user-supplied input. Guestex version 1.0 is vulnerable.
• Ref: http://evuln.com/vulns/76/summary.html

• 06.8.67 - CVE: CVE-2006-0843
• Platform: Web Application
• Title: Leif M. Wright Blog Information Disclosure
• Description: Blog is a web log application written in the Perl/CGI programming language. Blog is prone to an information disclosure vulnerability due to improper file permission settings on the configuration files within the application's default installation path. By way of an HTTP GET request, a remote attacker may view the ".txt" configuration file containing passwords for the application. Blog version 3.5 is affected by this issue.
• Ref: http://evuln.com/vulns/82/summary.html

• 06.8.68 - CVE: Not Available
• Platform: Web Application
• Title: E-Blah Routines.PL HTML Injection
• Description: E-Blah is web-based forum and message board software implemented in Perl. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "HTTP_REFERER" field of the "code/routines.pl" script. E-Blah Platinum version 9.7 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16713

• 06.8.69 - CVE: Not Available
• Platform: Web Application
• Title: Leif M. Wright Blog.CGI Authorization Bypass
• Description: Blog is a web log application. It is prone to an authorization bypass vulnerability due to insufficient sanitization of user-supplied input to the password supplied to the "blog.cgi' script. Leif M. Wright Blog version 3.5 is vulnerable; other versions may also be affected.
• Ref: http://evuln.com/vulns/82/summary.html

• 06.8.70 - CVE: Not Available
• Platform: Web Application
• Title: Leif M. Wright Blog HTML Injection
• Description: Blog is a web-log application. It is prone to an HTML injection vulnerability due to improper sanitization of user-supplied input to the "HTTP_REFERER" and "HTTP_USER_AGENT" fields before storing it in a system log. Leif M. Wright Blog version 3.5 is vulnerable.
• Ref: http://evuln.com/vulns/82/summary.html

• 06.8.71 - CVE: Not Available
• Platform: Web Application
• Title: Coppermine Multiple File Include Vulnerabilities
• Description: Coppermine is an image gallery application. It is vulnerable to multiple local and remote file include issues due to insufficient sanitization of user supplied input to the "lang" parameter of the "thumbnails.php" script and the "f" parameter in the "showdoc.php" script. Coppermine versions 1.4.3 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425387

• 06.8.72 - CVE: Not Available
• Platform: Web Application
• Title: e107 Website System Chatbox Plugin HTML Injection
• Description: The e107 Website System is a web-based content management system. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input. e107 website system version 0.7.2 is affected.
• Ref: http://www.securityfocus.com/bid/16719/exploit

• 06.8.73 - CVE: Not Available
• Platform: Web Application
• Title: PHPNuke CAPTCHA Bypass Weakness
• Description: PHPNuke is a web-based content management system. CAPTCHA (completely automated public Turing test to tell computers and humans apart) is a challenge-response test to determine whether the user is a human or an automated script. PHPNuke employs a simple CAPTCHA implementation called "security code" that attempts to resist automated actions. The CAPTCHA implementation may be bypassed due to a design error. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/16722

• 06.8.74 - CVE: CVE-2006-0802, CVE-2006-0801, CVE-2006-0800
• Platform: Web Application
• Title: PostNuke Multiple Input Validation Vulnerabilities
• Description: PostNuke is a content management system. It is vulnerable to multiple input validation issues such as cross-site scripting and SQL injection due to insufficient sanitization of user supplied data. PostNuke version 0.762 resolved the issues.
• Ref: http://news.postnuke.com/index.php?name=News&file=article&sid=275 4

• 06.8.75 - CVE: Not Available
• Platform: Web Application
• Title: Geeklog Multiple Input Validation Vulnerabilities
• Description: Geeklog is a web-based content management system. It is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Geeklog is prone to multiple SQL injection vulnerabilities. These issues affect the "userid" parameter of the "users.php" script and the "sessid" parameter of "lib-sessions.php". It is also prone to an arbitrary local file include vulnerability. This issue is due to various parameters of the "lib-common.php" script not being properly sanitized. Geeklog versions 1.3.11-sr3 and earlier are reported to be vulnerable.
• Ref: http://www.gulftech.org/?node=research&article_id=00102-02192006

• 06.8.76 - CVE: Not Available
• Platform: Web Application
• Title: CherryPy StaticFilter Directory Traversal
• Description: CherryPy is an object oriented web development framework. It is prone to a directory traversal vulnerability due to a failure in the application to properly sanitize user-supplied input. This issue presents itself in the "staticfilter" functionality of the framework. CherryPy versions prior to 2.1.1 are vulnerable.
• Ref: http://www.securityfocus.com/bid/16760

• 06.8.77 - CVE: CVE-2006-0869
• Platform: Web Application
• Title: PEAR LiveUser Unauthorized File Access
• Description: PEAR LiveUser is a set of classes for handling user authentication and permissions. It is vulnerable to an unauthorized file access issue due to insufficient handling of user-supplied input with the "store_id" parameter of the "LiveUser.PHP" script. PEAR LiveUser versions 0.16.8 and earlier are vulnerable.
• Ref: http://www.gulftech.org/?node=research&article_id=00103-02212006

• 06.8.78 - CVE: Not Available
• Platform: Web Application
• Title: PHPNuke Your_Account Module Multiple Input Validation Vulnerabilities
• Description: PHPNuke is a web-based content management system (CMS) implemented in PHP. PHPNuke is prone to multiple input validation vulnerabilities. PHPNuke version 7.8 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/16774

• 06.8.79 - CVE: Not Available
• Platform: Web Application
• Title: Mambo Open Source Unspecified Remote
• Description: Mambo is a content management system. It is prone to an unspecified remote vulnerability. The cause of this issue was not specified. Mambo versions 4.5.3h and earlier are vulnerable.
• Ref: http://mamboxchange.com/forum/forum.php?forum_id=6835

• 06.8.80 - CVE: Not Available
• Platform: Web Application
• Title: InfoVista VistaPortal Directory Traversal
• Description: VistaPortal is a web-based application enabling secure communications to service-center performance information. It is affected by a directory traversal issue when specially crafted URI containing directory traversal strings are improperly sanitized by the application.
• Ref: http://www.securityfocus.com/bid/16776

• 06.8.81 - CVE: Not Available
• Platform: Web Application
• Title: Noah's Classifieds Local File Include
• Description: Noah's Classifieds is a web based classified advertising application. It is prone to a local file include vulnerability due to a lack of sanitization of user-supplied input to the "otherTemplate" parameter of the "index.php" script. Noah's Classifieds version 1.3.0 is vulnerable; other versions may be affected as well.
• Ref: http://www.securityfocus.com/bid/16778/exploit

• 06.8.82 - CVE: CVE-2006-0726
• Platform: Web Application
• Title: CPG Dragonfly CMS Linking.PHP HTML Injection
• Description: Dragonfly is a web-based content management system. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "inking.php" script. Dragonfly CMS version 9.0.6.1 is vulnerable.
• Ref: http://dragonflycms.org/Forums/viewtopic/t=14751.html

• 06.8.83 - CVE: Not Available
• Platform: Web Application
• Title: Noah's Classifieds Index.PHP Remote File Include
• Description: Noah's Classifieds is a web-based classified advertising application. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "lowerTemplate" parameter of the "index.php" script. Noah's Classifieds version 1.3.0 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425783

• 06.8.84 - CVE: Not Available
• Platform: Web Application
• Title: Intensive Point iUser Ecommerce Unspecified Vulnerabilities
• Description: Intensive Point iUser Ecommerce is a shopping cart application. It is vulnerable to unspecified security vulnerabilities. Intensive Point iUser Ecommerce version 2.1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16787

• 06.8.85 - CVE: Not Available
• Platform: Web Application
• Title: NOCC Webmail Multiple Input Validation Vulnerabilities
• Description: NOCC Webmail is a web-based client application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input. NOCC Webmail version 1.0 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425889

• 06.8.86 - CVE: Not Available
• Platform: Web Application
• Title: CubeCart Arbitrary File Upload
• Description: CubeCart is an eCommerce script. It is prone to an arbitrary file upload vulnerability due to a failure in the application to properly authenticate a user before permitting a file upload. Input to the "command" parameter of the "connector.php" script is not properly sanitized, allowing arbitrarily named files to be uploaded to the victim computer. CubeCart versions 3.0.7-pl1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16796/exploit

• 06.8.87 - CVE: Not Available
• Platform: Web Application
• Title: PHPX XCode Tag HTML Injection
• Description: PHPX is content management application. Insufficient sanitization of the messages containing "url" XCode tags exposes the application to a HTML injection issue. PHPX version 3.5.9 is affetced.
• Ref: http://www.securityfocus.com/bid/16799

• 06.8.88 - CVE: Not Available
• Platform: Web Application
• Title: PHPLIB Unspecified Code Execution
• Description: PHPLIB is a content management application. It is vulnerable to an unspecified code execution issue. PHPLIB version 7.4 is reported to be vulnerable.
• Ref: http://www.securityfocus.com/bid/16801/info

• 06.8.89 - CVE: Not Available
• Platform: Web Application
• Title: DEV Web Management System HTML Injection
• Description: DEV Web Management System is a content management application. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "City/Region" field on the account registration page. DEV Web Management System version 1.5 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16812/references

• 06.8.90 - CVE: CVE-2006-0670
• Platform: Network Device
• Title: HCIDump Remote Denial of Service
• Description: The "hcidump" utility reads raw HCI data from a Bluetooth device. It is vulnerable to a remote denial of service issue when the utility parses malformed network data. Hcidump version 1.29 and earlier are vulnerable.
• Ref: http://www.secuobs.com/news/05022006-bluetooth9.shtml#english

• 06.8.91 - CVE: Not Available
• Platform: Network Device
• Title: Xerox WorkCentre Unspecified Denial of Service
• Description: Xerox WorkCentre products are web capable photocopiers and printers. They are prone to an unspecified local denial of service vulnerability. This issue is most likely due to a failure in the software to handle exceptional conditions. WorkCentre 232, 238, 245, 255, 265, and 275 and WorkCentre Pro 232, 238, 245, 255, 265, and 275 are reported to be affected.
• Ref: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf

• 06.8.92 - CVE: Not Available
• Platform: Network Device
• Title: Xerox WorkCentre Products Local Authentication Bypass
• Description: Xerox WorkCentre products are web capable printers and photocopiers. They are susceptible to a local authentication bypass due to a flaw in the authentication process. WorkCentre 232, 238, 245, 255, 265, 275 and WorkCentre Pro 232, 238, 245, 255, 265, and 275 are affected.
• Ref: http://www.securityfocus.com/bid/16726

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.