Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 10
March 5, 2007

SANS Newsletters Home

Management Console all have newly discovered critical vulnerabilities this week. The WordPress vulnerability (a malicious back door inserted in the source code) is illuminating.

Alan

PS The final deadline for savings on SANS 2007 is this Wednesday, March 7. You'll save $150 on SANS largest training program: fifty immersion training courses, a big expo, the most bonus evening networking and tech briefing sessions, and all right on the ocean in San Diego. http://www.sans.org/sans2007/event.php

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Microsoft Office
    • 4
    • Other Microsoft Products
    • 4
    • Third Party Windows Apps
    • 8 (#5, #7)
    • Mac Os
    • 2
    • Linux
    • 3
    • Unix
    • 2
    • Cross Platform
    • 15 (#2, #4, #6)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 37 (#1)
    • Network Device
    • 2 (#3)

*************************** Sponsored By SANS ***************************

The Log Management Summit April 23-25 is a user-to-user, non- commercial conference on what works in log management. It is the only place where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they learned about what to log and what to keep and what to report. http://www.sans.org/info/4236

*************************************************************************

How Good Are SANS Courses?

++ "I have attended courses by several of SANS rivals, and SANS blew them away." - Alton Thompson, US Marines ++SANS has the highest quality instructors and the most relevant, current information of any training I have attended. Melodee McHone, Hallmark ++ "This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately." - Dwight Leo, Defense Logistics Agency, DLA ++ "The SANS classes have been uniformly excellent. To learn as much through traditional classes would have entailed weeks away from work." - - David Ritch, Department of Defense In addition to the big conference in San Diego, programs are scheduled in more than 40 cities in the next few months or you can attend live classes (or on-demand courses) without leaving your home, or you may even study online. Schedule: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apache Tomcat JK Web Server Connector Stack Overflow
  • Affected:
    • Apache Tomcat JK Web Server Connector 1.2.19
    • Apache Tomcat JK Web Server Connector 1.2.20
    • Apache Tomcat 4.1.34
    • Apache Tomcat 5.5.20

  • Description: Apache Tomcat, a popular application server, contains a stack overflow vulnerability. An overlong URL (one greater than 4095 bytes) could exploit this buffer overflow and execute arbitrary code with the privileges of the server process. The flaw stems from an unsafe memory copy in the Apache Tomcat JK Web Server Connector component. Certain versions of Tomcat include vulnerable versions of this component by default. Note that, because Tomcat is open source, technical details for this vulnerability can be determined through source code analysis.

  • Status: Apache confirmed, updates available.

  • References:
  • (2) CRITICAL: WordPress Blogging Software Backdoor
  • Affected:
    • WordPress version 2.1.1 when downloaded between February 25th, 2007 and
    • March 2nd, 2007

  • Description: WordPress, a popular and widely-used blog application, contains a remotely-accessible backdoor. Backdoors are malicious code inserted into an application that allows an attacker to compromise the application by accessing it in a special, attacker-defined way. On February 25th, 2007, the source code for WordPress version 2.1.1 was altered to contain a backdoor. A specially-crafted string passed in an HTTP request in a variable named "ix" or "iz" will lead to remote code execution with the privileges of the web server process. Full technical details are publicly available for this vulnerability and it can be assumed that this vulnerability is being actively exploited in the wild.

  • Status: WordPress confirmed, updates available.

  • References:
  • (3) HIGH: Cisco Catalyst Network Access Module Vulnerability
  • Affected:
    • Cisco Catalyst 6000, 6500 and Cisco 7600 series with Network Analysis
    • Module installed
    • Description:
    • The Network Analysis Modules (NAMs) for Cisco Catalyst switches are
    • designed to analyze real-time traffic statistics for performance
    • monitoring and troubleshooting. The NAMs communicate with the Cisco
    • Catalyst switch via SNMP. By spoofing an SNMP message that appears to
    • come from the IP address of the NAM module, an attacker can take a
    • complete control of the Catalyst switch. Further details about how to
    • craft the spoofed SNMP request are not publicly available.

  • Status: Cisco has released software for the affected products to mitigate the vulnerability. A temporary workaround is to block SNMP messages destined to the Catalyst switch. Proper ingress/egress filtering at the network perimeter will prevent attacks from the Internet.

  • References:
  • (4) HIGH: EMC NetWorker Management Console Authentication Bypass
  • Affected:
    • EMC Legato NetWorker version 7.3.2

  • Description: EMC NetWorker backup solutions are designed to deliver centralized data protection and management across heterogeneous environments. The management console, which connects to the NetWorker backup server, uses a weak authentication mechanism for this connection. Hence, an attacker can impersonate as the NetWorker management console and connect to the backup servers with administrative privileges. Further technical details regarding the vulnerability are not publicly available. Note that a similar issue reported previously resulted from using "AUTH_UNIX" authentication mechanism for RPC calls.

  • Status: The problem has been fixed in the "Jumbo Update 1 Build 386" for NetWorker. A general workaround is to block any access to the management console from the Internet by blocking ports 2638/tcp and 2638/udp at the network perimeter.

  • References:
  • (5) MODERATE: MailEnable APPEND Buffer Overflow
  • Affected:
    • MailEnable Professional versions 2.32 - 2.37 and possibly prior

  • Description: MailEnable, a popular email suite for Microsoft Windows, contains a buffer overflow vulnerability in the processing of the APPEND IMAP command. An authenticated attacker could send a specially-crafted APPEND command to trigger this buffer overflow vulnerability and execute arbitrary code with the privileges of the MailEnable process. A working exploit is publicly available for this vulnerability.

  • Status: MailEnable has not confirmed, no updates available.

  • References:
  • (6) LOW: Symantec Mail Security for SMTP Header Parsing Vulnerability
  • Affected:
    • Symantec Mail Security for SMTP version 5.0 and possibly prior

  • Description: Symantec Mail Security for SMTP is a popular anti-malware email scanner for Windows, Unix, and Linux. An undisclosed vulnerability in the processing of email headers can result in arbitrary code execution with the privileges of the scanning process. No further technical details are publicly available for this vulnerability. It is believed that only the Windows version of the software is vulnerable, and that this vulnerability is not currently being exploited in the wild.

  • Status: Symantec confirmed, updates available.

  • References:
  • (7) LOW: Citrix Presentation Server Client for Windows Undisclosed Vulnerability
  • Affected:
    • Citrix Presentation Server Client for Windows versions prior to 10.0

  • Description: Citrix Presentation Server Client for Windows contains an undisclosed vulnerability when making an ICA connection through a proxy server. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. A specially-crafted web page could exploit this vulnerability. No technical details are publicly available for this vulnerability. It is believed that this vulnerability is not currently being exploited in the wild.

  • Status: Citrix confirmed, updates available.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5392 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 6.0.2900.2 - CVE: Not Available08F04139-8DFC-11D2-80E9-006008B066EE) is prone to an issue that allowsattackers to create user accounts on victim computers. The WindowsShell User Logon ActiveX control version is affected.
  • Platform: Windows
  • Title: Windows Shell User Logon ActiveX Control Unauthorized User Creation
  • Description: The Windows Shell User Logon ActiveX control is used to provide access to a Windows shell. The control (CLSID:
  • Ref: http://www.securityfocus.com/bid/22710
  • 07.10.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office Publisher Remote Denial of Service
  • Description: Microsoft Office Publisher is an application for designing and publishing documents. It is exposed to a remote denial of service issue because it fails to properly handle malformed PUB files. Microsoft Office Publisher 2007 is affected.
  • Ref: http://security-protocols.com/sp-x44-advisory.php
  • 07.10.3 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Excel NULL Pointer Dereference Denial of Service
  • Description: Microsoft Excel is a spreadsheet application. It is exposed to a denial of service issue that occurs when the application handles a specially-crafted spreadsheet file. This issue stems from a NULL-pointer dereference. Microsoft Excel 2003 SP3 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22717
  • 07.10.4 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office 2003 Denial of Service
  • Description: Microsoft Office is prone to a denial of service condition when the malformed WMF file is viewed in the Microsoft Office application. The issue is triggered when the application is used to insert the malicious file into a document. Microsoft Office 2003 is affected. Refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22716
  • 07.10.5 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office Publisher Unspecified Remote Code Execution
  • Description: Microsoft Office Publisher is a document design and publishing application. Publisher is prone to an unspecified remote code execution vulnerability due to an unspecified error when handling malformed files. Refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22702
  • 07.10.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft XBox 360 Privilege Escalation
  • Description: Microsoft XBox 360 is a hardware game device. It is prone to a local privilege escalation vulnerability. An overly-large CPU register value may be used to corrupt the syscall handler offset table, and ultimately transfer control of code execution to arbitrary, unencrypted memory causing the privilege escalation issue.
  • Ref: http://www.securityfocus.com/archive/1/461489
  • 07.10.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Windows Explorer WMF File Handling Denial of Service
  • Description: Microsoft Windows Explorer is prone to a denial of service issue. Microsoft Windows XP Tablet PC Edition SP2 and earlier versions are affected. Please refer to the advisory for further details.
  • Ref: http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html
  • 07.10.8 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer OnUnload Javascript Browser Entrapment
  • Description: Microsoft Internet Explorer is exposed to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions. The issue occurs because of a Javascript "onUnload" handler design error that allows a malicious user to trap an unsuspecting user on a particular page. Microsoft Internet Explorer 6 and 7 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22680
  • 07.10.9 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer OnUnload Null Pointer Dereference
  • Description: Microsoft Internet Explorer is prone to a race condition that causes a denial of service. Microsoft Internet Explorer 6 and 7 are affected. Refer to the advisory for details.
  • Ref: http://www.securityfocus.com/bid/22678
  • 07.10.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Contelligent MoveSortedContentAction Security Bypass
  • Description: Contelligent is component-based content management system. The application is exposed to a security bypass issue because the "MoveSortedContentAction" method fails to check certain security configuration settings and allows users to reorder certain components. Contelligent versions prior to 9.1.5 are affected.
  • Ref: http://www.securityfocus.com/bid/22785
  • 07.10.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Comodo Firewall Pro Local Protection Mechanism Bypass
  • Description: Comodo is a firewall application. The application is exposed to the issue because protection mechanism fails to properly handle multiple simultaneous connections to a named pipe. By accessing this named pipe, attackers may modify keys located in the "HKLMSYSTEMSoftwareComodoPersonal Firewall" registry location. Comodo Personal Firewall version 2.3.6.81, 2.4.18.184, 2.4.17.183, and 2.4.16.174 are affected.
  • Ref: http://www.securityfocus.com/archive/1/461635
  • 07.10.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service
  • Description: DivX Web Player is a freely available ActiveX control for watching DivX encoded video content. The application gets exposed to this issue when the "DivxWP.Resize" method of the vulnerable control is executed with a window size of 10000x10000 pixels. The DivX Web Player version included with DivX Player 1.3.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.10.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Shoutcast Logfile HTML Injection
  • Description: Nullsoft SHOUTcast is a streaming audio server. It is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects version 1.9.7 for Microsoft Windows.
  • Ref: http://www.securityfocus.com/archive/1/461474
  • 07.10.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: XM Easy Personal FTP Server Multiple Remote Vulnerabilities
  • Description: XM Easy Personal FTP Server is an FTP server application. The application is prone to multiple remote issues because the application fails to bounds check user-supplied data before copying it into an insufficiently-sized buffer. XM Easy Personal version 5.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22747
  • 07.10.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetProxy Security Restriction Bypass
  • Description: NetProxy is a proxy server application. It is prone to a security restriction bypass issue due to improper sanitization of user-supplied input. NetProxy version 4.03 is affected.
  • Ref: http://www.securityfocus.com/bid/22741
  • 07.10.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TeeChart Pro ActiveX Control Multiple Insecure Methods Vulnerabilities
  • Description: TeeChart Pro ActiveX control for charting and graphing data. It is exposed to multiple issues caused by insecure methods which affect the "import.loadFromURL()" and "Export.asText.SavdeToFile()" functions of the "TeeChart7.ocx" ActiveX control. TeeChart Pro ActiveX control version 7.0.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/22689
  • 07.10.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow
  • Description: The VeriSign ConfigChk ActiveX control is used by multiple VeriSign products to utilize 1024-bit cryptography via the Microsoft Enhanced Cryptographic Provider. The ConfigChk ActiveX control (CLSID: 08F04139-8DFC-11D2-80E9-006008B066EE) is exposed to a buffer overflow issue because it fails to properly check boundaries of the "VerCompare()" method of the "VSCnfChk.dll" library before copying it to an insufficiently-sized buffer. Version 2.0.0.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.10.18 - CVE: Not Available
  • Platform: Mac Os
  • Title: Quicksilver Del.icio.us Module Username and Password Information Disclosure
  • Description: Quicksilver is an application interface. The Del.icio.us module provides access to bookmarks hosted on the "http://del.icio.us/" site. It is exposed to a local information disclosure issue because it fails to protect sensitive information from nonprivileged users. Quicksilver version 8F is affected.
  • Ref: http://www.securityfocus.com/bid/22752
  • 07.10.19 - CVE: Not Available
  • Platform: Mac Os
  • Title: McAfee VirusScan Virex Insecure File Creation and Scan Bypass Vulnerabilities
  • Description: McAfee VirusScan Virex is an antivirus application. It is exposed to an insecure file creation and a scan bypass issue due to a design error. This issue affects McAfee VirusScan for Mac (Virex) versions 7.7 and earlier.
  • Ref: http://www.securityfocus.com/archive/1/461485
  • 07.10.20 - CVE: Not Available429077_f.SAL_Public.html
  • Platform: Linux
  • Title: Novell Access Management SSLVPN Server Security Bypass
  • Description: Novell Access Management SSLVPN Server is an application to enable secure access to Novell NetWare network services. It affects version 3 IR1 of Novell Access Management Server.
  • Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/648/3
  • 07.10.21 - CVE: CVE-2007-0001
  • Platform: Linux
  • Title: Linux Kernel Audit Subsystems Local Denial of Service
  • Description: The Linux kernel is prone to a denial of service vulnerability. Linux kernel versions 2.6.x are vulnerable. Refer to the advisory for further details.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0085.html
  • 07.10.22 - CVE: Not Available
  • Platform: Linux
  • Title: Novell Zenworks Desktop Management Image Upload Security Bypass
  • Description: Novell Zenworks Desktop Management is a framework for the management of Desktop workstations in enterprise environments. The application is exposed to a security bypass issue that allows attackers to upload image files to normally protected directories. Novell Zenworks Desktop Management version 7 Support Pack 1 - ZDM7 SP1 and ZDM7 SP1 Imaging are vulnerable. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html
  • 07.10.23 - CVE: Not Available
  • Platform: Unix
  • Title: MPlayer DMO File Parsing Buffer Overflow
  • Description: MPlayer is a multimedia audio/video application. The application is exposed to a buffer overflow issue because the application fails to perform proper bounds checking on user-supplied data prior to copying it to an insufficiently sized memory buffer. MPlayer version 1.0rc1 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html
  • 07.10.24 - CVE: Not Available
  • Platform: Unix
  • Title: Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
  • Description: Apache is an open source webserver available for multiple platforms. Debian Linux maintains a slightly modified Apache implementation that is maintained by the Debian Apache Maintainers. The application is exposed to a local privilege escalation issue because the daemon permits the controlling tty to be inherited by a CGI script. Debian Apache version 1.3.34-4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357561
  • 07.10.25 - CVE: CVE-2004-0057
  • Platform: Cross Platform
  • Title: TCPDump IEEE802.11 Printer Remote Buffer Overflow
  • Description: The "tcpdump" utility is a freely available open source network monitoring tool. The utility is exposed to a heap-based buffer overflow issue because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. tcpdump versions 3.9.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22772
  • 07.10.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Mail Security for SMTP Arbitrary Code Execution
  • Description: Symantec Mail Security for SMTP is an integrated email protection application to prevent virus threats, spam, and other unwanted content. The application is exposed to a vulnerability that would allow remote attackers to execute arbitrary code on an affected computer or to cause denial of service conditions. Symantec Mail Security version 5.0 and earlier versions are affected.
  • Ref: http://www.kb.cert.org/vuls/id/875633
  • 07.10.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Blender KMZ/KML Remote Command Execution
  • Description: Blender is an open-source suite for creating 3D content. The application is exposed to a remote command execution issue because it uses the "eval()" function insecurely within the "ImportWithMesh.py" script. Zoo-Blender kmz_ImportWithMesh.py 0.1.9, 0.1.9b, 0.1.9c, 0.1.9f, 0.1.9g and Blender version 2.42a are affected.
  • Ref: http://secunia.com/secunia_research/2007-40/advisory/
  • 07.10.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenBiblio Reports System Unspecified Privilege Escalation
  • Description: OpenBiblio is an automated library application. The application is exposed to an unspecified privilege escalation issue. OpenBiblio versions prior to 0.6.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22773
  • 07.10.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Acrobat/Adobe Reader Information Disclosure
  • Description: Adobe Acrobat and Adobe Reader are applications designed for reading Portable Document Format (PDF) files. The applications are exposed to an information disclosure issue due to improper permissions being granted to JavaScript objects, so that an attacker can disclose the contents of local files using specially-crafted "file://" URIs embedded in JavaScript. Adobe Acrobat Reader version 7.0.9 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22753
  • 07.10.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Presentation Server Client Unspecified Remote Code Execution
  • Description: The Citrix Presentation Server Client is an ICA client application that includes support for making ICA connections through proxy servers. The application is prone to an unspecified remote code execution issue. All versions prior to 10.0 for Microsoft Windows platforms are vulnerable.
  • Ref: http://support.citrix.com/article/CTX112589
  • 07.10.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dropbear Hostkey Mismatch Warning Weakness
  • Description: Dropbear is a small SSH2 server and client. It is prone to a hostkey mismatch warning weakness because the application doesn't properly warn users if a hostkey file has changed. Dropbear versions prior to 0.49 are affected.
  • Ref: http://www.securityfocus.com/bid/22761
  • 07.10.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Plan 9 Local Integer Overflow
  • Description: Plan 9 is an operating system created by Bell Labs. Plan 9 is prone to a local integer overflow issue due to lack of bounds checking input to sensitive memory move operations at the kernel level. Bell Labs Plan 9 Fourth Edition is affected.
  • Ref: http://www.kb.cert.org/vuls/id/274760
  • 07.10.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Fenced UserID Unspecified Authentication Bypass
  • Description: IBM DB2 is prone to an unspecified authentication bypass issue. The application is exposed to this issue because of an unspecified error that fails to effectively restrict directory access to users with fenced userIDs. Versions prior to 8.1 FixPak 14 and 9.1 FixPak 2 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22729
  • 07.10.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Putmail Improper Authentication Weakness
  • Description: Putmail is a mail transfer agent. It is prone to a weakness that may disclose user credentials to remote attackers. This weakness results from a design error. Putmail versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22718
  • 07.10.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox OnUnload Javascript Browser Entrapment
  • Description: Mozilla Firefox is a web browser for multiple operating platforms. Firefox is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions. This issue occurs because of a JavaScript "onUnload" handler design error that allows a malicious user to trap an unsuspecting user on a particular page. Mozilla Firefox version 2.0 is affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=247660
  • 07.10.36 - CVE: CVE-2006-0440
  • Platform: Cross Platform
  • Title: Imagemagick Image Index Array Remote Heap Buffer Overflow
  • Description: ImageMagick is an image editing suite that includes a library and command-line utilities supporting numerous image formats, including SGI. It is prone to a remote heap-based buffer overflow issue because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. RedHat Enterprise Linux WS 4 and earlier versions are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0015.html
  • 07.10.37 - CVE: CVE-2007-1092
  • Platform: Cross Platform
  • Title: Mozilla Firefox OnUnload Memory Corruption
  • Description: Mozilla Firefox is prone to a remote memory corruption vulnerability. Mozilla Firefox version 2.0.0.1, and Ubuntu Linux 6.10 amd64 and earlier are affected. please refer to the advisory for further details.
  • Ref: http://www.kb.cert.org/vuls/id/393921
  • 07.10.38 - CVE: CVE-2006-5877
  • Platform: Cross Platform
  • Title: Enigmail Memory Allocation Denial of Service
  • Description: Enigmail is an extension to the mail client of Mozilla/Netscape and of Mozilla Thunderbird. It is affected by a memory allocation based DoS issue because the application fails to handle excessively large encrypted attachments. Ubuntu Linux 6.06 LTS amd64 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22684
  • 07.10.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Multiple Local Privilege Escalation Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server application. It is prone to multiple local privilege escalation issues which allow an attacker to completely compromise a vulnerable computer. These issues affect DB2 version 9.1 and 8x running on all supported platforms.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21255747
  • 07.10.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Built2Go News Manager Blog Multiple Cross-Site Scripting Vulnerabilities
  • Description: Built2Go News Manager Blog is a blog application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Built2Go News Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461672
  • 07.10.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OrangeHRM Multiple Unspecified Vulnerabilities
  • Description: OrangeHRM is a human resource management application. The application is prone to multiple unspecified vulnerabilities on the login page of the application. OrangeHRM versions prior to 2.1 alpha 5 are afffected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1656000&group_id=156477&atid=799942
  • 07.10.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webmin Chooser.CGI Multiple Cross-Site Scripting Vulnerabilities
  • Description: Webmin is a web-based Unix system administration interface implemented in Perl. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to multiple unspecified parameters of the "chooser.cgi" script. Webmin versions prior to 1.330 are affected.
  • Ref: http://www.securityfocus.com/bid/22748
  • 07.10.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wordpress Post.PHP Cross-Site Scripting
  • Description: Wordpress allows users to generate news pages and web logs dynamically. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "post" parameter of the "wpadmin/post.php" script. Wordpress version 2.1.1 is affected.
  • Ref: http://trac.wordpress.org/ticket/3879
  • 07.10.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wordpress Multiple Cross-Site Scripting Vulnerabilities
  • Description: Webpress is a web-based publishing application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461440
  • 07.10.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Docebo Multiple Cross-Site Scripting Vulnerabilities
  • Description: Docebo is a content management system (CMS) application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input of "index.php" and "/modules/htmlframechat/index.php" parameters. Versions 3.0.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22719
  • 07.10.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PhotoStand Index.PHP Cross-Site Scripting
  • Description: PhotoStand is a photo blog application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "a" parameter of the "index.php" script. PhotoStand version 1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461150
  • 07.10.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PhPWebGallery Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
  • Description: PhpWebGallery is an image gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input. PhpWebGallery version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461160
  • 07.10.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Active Calendar Multiple Cross-Site Scripting Vulnerabilities
  • Description: Active Calendar is a web-based calendar creation application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input. Active Calendar version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461146
  • 07.10.49 - CVE: CVE-2006-5104
  • Platform: Web Application - SQL Injection
  • Title: VBulletin Inlinemod.PHP SQL Injection
  • Description: vBulletin is an application for web site forums. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "postids" parameter of the "inlinemod.php" script file before using it in an SQL query. Version 3.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/22780
  • 07.10.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: S9Y Serendipity Index.PHP SQL injection
  • Description: Serendipity is a web log application. The application is exposed to this issue due to a failure in the application to properly sanitize user-supplied input to the "frontpage" parameter of the "index.php" script before using it in an SQL query. Serendipity version 1.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461635
  • 07.10.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Angel Learning Management Suite default.asp SQL Injection
  • Description: Learning Management Suite is a learning management application implemented in ASP. The application is prone to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "default.asp" script before using it in an SQL query. Learning Management Suite version 7.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461638
  • 07.10.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery thumbNails.php SQL Injection
  • Description: Coppermine Photo Gallery is an image gallery application. The application is prone to an SQL injection issue because the application fails to sufficiently sanitize user-supplied data to the "cpg131_fav" cookie parameter when used by the "thumbnails.php" script before using it in an SQL query. Coppermine Photo Gallery version 2.6.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461158
  • 07.10.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities
  • Description: ZephyrSoft Toolbox Address Book Continued is an address book. The application is prone to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the "id" parameter in the "updateRow()" and "deleteRow()" functions in 'functions.php' before using it in an SQL query. ZephyrSoft Toolbox Address Book Continued versions 1.00 and 1.01 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22685
  • 07.10.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Netrek Vanilla Server EVENTLOG Format String
  • Description: Netrek Vanilla Server is a multiplayer battle simulation game server. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before including it in the format specifier argument of a formatted printing function in the "ntserv/warning.c" and "robots/rmove.c" code. Netrek Vanilla Server version 2.12.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22786
  • 07.10.55 - CVE: Not Available
  • Platform: Web Application
  • Title: aWebNews Multiple Remote File Include Vulnerabilities
  • Description: aWebNews is a web-based news script. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "path_to_news" parameter of the "visview.php" and "listing.php" scripts. aWebNews version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461680
  • 07.10.56 - CVE: Not Available
  • Platform: Web Application
  • Title: SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal
  • Description: SQL-Ledger and LedgerSMB are double entry accounting systems implemented in Perl. They run on Unix, Windows and Mac OS X systems. LedgerSMB is a recent fork from the SQL-Ledger product. The application is prone to a remote directory traversal issue because of a design error in the blacklisting functions in the built in text editor. LedgerSMB versions prior to 1.1.5 and all versions of SQL-Ledger are affected.
  • Ref: http://www.securityfocus.com/bid/22769
  • 07.10.57 - CVE: CVE-2006-1549
  • Platform: Web Application
  • Title: PHP Executor Deep Recursion Remote Denial of Service
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP Executor is exposed to a denial of service issue because the application fails to protect against deep recursion. When the application executes an excessive amount of recursive calls, it may run out of stack memory and crash. All versions of PHP are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-02-2007.html
  • 07.10.58 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP ZVAL Reference Counter Integer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP ZVAL is exposed to an integer overflow issue because it fails to ensure that integer values are not overrun. PHP versions 4.4.4 and below are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-02-2007.html
  • 07.10.59 - CVE: Not Available
  • Platform: Web Application
  • Title: HyperBook Guestbook GBConfiguration.DAT Password Information Disclosure
  • Description: HyperBook Guestbook is a guestbook application. The application is prone to an information disclosure issue because the application discloses sensitive information about the administrators hashed password. HyperBook Guestbook version 1.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22754
  • 07.10.60 - CVE: Not Available
  • Platform: Web Application
  • Title: EmbeddedWB Web Browser ActiveX Control Remote Code Execution
  • Description: EmbeddedWB web browser is a package for Borland Delphi D5 to D2006. The application is exposed to a remote code execution vulnerability. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/22755
  • 07.10.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Wiclear Upload Tool Unspecified
  • Description: Wiclear is an application to create web sites which can be edited online. The application is prone to an unspecified vulnerability in the upload tool. Wiclear versions prior to 0.11.1 are affected.
  • Ref: http://www.securityfocus.com/bid/22763
  • 07.10.62 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP ZendEngine Variable Destruction Remote Denial of Service
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP ZendEngine is exposed to a denial of service issue which affects the ZendEngine and arises because the application allows deeply nested array structures to be created based on user-supplied input. All versions of PHP are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-03-2007.html
  • 07.10.63 - CVE: CVE-2007-1005
  • Platform: Web Application
  • Title: CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service
  • Description: Computer Associates eTrust Intrusion Detection System is a network security application that provides functionality such as intrusion detection, antivirus, centralized monitoring, web filtering, etc. It is prone to a remote denial of service issue because the application fails to perform sufficient boundary checks when handling user-supplied data. eTrust Intrusion Detection System 2.0, 3.0 and 3.0 SP1 are affected.
  • Ref: http://www.securityfocus.com/bid/22743
  • 07.10.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Pagesetter Index.PHP Local File Include
  • Description: Pagesetter is a web content management application for PostNuke. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script. Pagesetter versions 6.3.0 beta 5 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/461339
  • 07.10.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Secunia Software Inspector Security Update Verification Weakness
  • Description: Secunia Software Inspector is a web-based application to verify if applications are up-to-date with security updates. It is prone to a weakness that provides a false sense of security to users.
  • Ref: http://www.securityfocus.com/archive/1/461350
  • 07.10.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Admin Phorum del.php Remote File Include
  • Description: Admin Phorum is a web forum application. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "include_path" parameter of the "/actions/del.php' script. Version 3.3.1.a is affected.
  • Ref: http://www.securityfocus.com/bid/22739
  • 07.10.67 - CVE: Not Available
  • Platform: Web Application
  • Title: SQLiteManager Main.PHP Multiple HTML Injection Vulnerabilities
  • Description: SQLiteManager is a web-based SQL management application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461304
  • 07.10.68 - CVE: Not Available
  • Platform: Web Application
  • Title: STWC-Counter Downloadcounter.PHP Remote File Include
  • Description: STWC-Counter is a web-based activity counter. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "stwc_verzeichniss" parameter of the "downloadcounter.php" script before using it in an "include()" call. STWC-Counter version 3.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22723
  • 07.10.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Audins Audiens Multiple Input Validation Vulnerabilities
  • Description: Audins Audiens is a web site statistics application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Audins Audiens version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/22728
  • 07.10.70 - CVE: Not Available
  • Platform: Web Application
  • Title: WebMplayer Multiple Input Validation Vulnerabilities
  • Description: WebMplayer is a web-based frontend for Mplayer to manage and play music files and audio streams. It is exposed to multiple SQL injection issues and an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input. WebMplayer versions prior to 0.6.1-alpha are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22726
  • 07.10.71 - CVE: Not Available
  • Platform: Web Application
  • Title: SQLiteManager Local File Include
  • Description: SQLiteManager is a web-based SQL manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "SQLiteManager_currentTheme" cookie parameter. SQLiteManager version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461304
  • 07.10.72 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass
  • Description: PHPBB2 is a web forum application. It is prone to an administrative security bypass issue that allow attackers to gain administrative access to the application because it fails to properly validate access. phpBB2 Plus versions 2.0.13 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22730
  • 07.10.73 - CVE: Not Available
  • Platform: Web Application
  • Title: SolarPay Index.PHP Local File Include
  • Description: SolarPay is a payment processing application. The application is prone to an information disclosure issue because the utility fails to properly sanitize user-supplied input to the "read" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/22722
  • 07.10.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMIP Top.PHP Remote File Include
  • Description: PHPMIP is a web-based application. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "laypath" parameter of the "top.php" script. PHPMIP version 0.00.01 is affected.
  • Ref: http://www.securityfocus.com/bid/22714
  • 07.10.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Watchtower Unspecified Authentication Bypass
  • Description: Watchtower is web server application framework. It is exposed to an unspecified authentication bypass vulnerability. Watchtower versions prior to 0.12 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22721
  • 07.10.76 - CVE: Not Available
  • Platform: Web Application
  • Title: NoMoKeTos PHPBB Module PHPBB_Root_Path Remote File Include
  • Description: NoMoKeTos is a module for the phpBB bulletin board system. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/functions_admin.php" script. NoMoKeTos version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22713
  • 07.10.77 - CVE: Not Available
  • Platform: Web Application
  • Title: PhotoStand Multiple HTML Injection Vulnerabilities
  • Description: PhotoStand is a photo-blog application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. PhotoStand version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461150
  • 07.10.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Extreme PHPBB PHPBB_Root_Path Remote File Include
  • Description: Extreme PHPBB is a prepackaged fork of phpBB. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/functions.php" script. Extreme PHPBB version 3.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22708
  • 07.10.79 - CVE: Not Available
  • Platform: Web Application
  • Title: CS-Gallery Index.PHP Remote File Include
  • Description: CS-Gallery is an image gallery application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_POST['album']" parameter of the "index.php" script. Version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22712
  • 07.10.80 - CVE: CVE-2006-5804
  • Platform: Web Application
  • Title: Sinapis Gastebuch Sinagb.PHP Remote File Include
  • Description: Sinapis Gastebuch is a guestbook application. It is prone to a remote file include issue because it fails to properly sanitize user-supplied input to the "fuss" variable of "sinagb.php". Sinapis Gastebuch version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22696
  • 07.10.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Sinapis Forum Sinagb.PHP Remote File Include
  • Description: Sinapis Forum is a web forum implemented in PHP. It is prone to a remote file include issue because it fails to properly sanitize user-supplied input to the "fuss" variable of the "sinapis.php" script. Sinapis Forum version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22699
  • 07.10.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple One-File Gallery Multiple Input Validation Vulnerabilities
  • Description: Simple one-file gallery is a web gallery. The application is exposed to multiple input validation issues in the "f" parameter of the "gallery.php" script.
  • Ref: http://www.securityfocus.com/archive/1/461080
  • 07.10.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple Web Browser UTF-7 Cross-Domain Character Set Inheritance
  • Description: Opera Web Browser and Microsoft Internet Explorer are prone to a cross domain character set inheritance issue. It occurs when pages rendered in an (i)frame that do not specify a character set in the HTTP Content Type header, or an HTML META tag inherits the character set of the parent page. Opera Web Browser version 9 and Microsoft Internet Explorer version 7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/461076
  • 07.10.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Active Calendar ShowCode.PHP Local File Include
  • Description: Active Calendar is a web-based calendar creation application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "showcode.php" script. Active Calendar version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/461146
  • 07.10.85 - CVE: CVE-2007-0775, CVE-2007-0776, CVE-2007-0777,CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0995,CVE-2007-0008, CVE-2007-0009, CVE-2007-0996
  • Platform: Web Application
  • Title: Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released six advisories regarding security vulnerabilities in Firefox, SeaMonkey and Thunderbird. rPath Linux 1 and earlier versions are affected. Please refer to the advisories for further details. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 http://www.kb.cert.org/vuls/id/551436
  • 07.10.86 - CVE: Not Available
  • Platform: Web Application
  • Title: FCRing FCRing.PHP Remote File Include
  • Description: FCRing is a web-ring script. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "s_fuss" parameter of the "fcring.php" script before using it in an "include()" call. FCRing version 1.31is affected.
  • Ref: http://www.securityfocus.com/bid/22693
  • 07.10.87 - CVE: Not Available
  • Platform: Web Application
  • Title: J-Web Pics Navigator Jwpn-Photos.PHP Directory Traversal
  • Description: J-Web Pics Navigator is a web-based application. The application is exposed to a directory traversal issue because it fails to properly sanitize HTTP GET requests containing a directory traversal string which are sent to the "dir" parameter of the "jwpn-photos.php" script. J-Web Pics Navigator versions 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22681
  • 07.10.88 - CVE: Not Available
  • Platform: Web Application
  • Title: eFiction Multiple Remote File Include Vulnerabilities
  • Description: eFiction is a fan fiction archive application. The application is prone to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path_to_smf" parameter of the "bridges/SMF/get_session_vars.php" and "bridges/SMF/logout.php" scripts. eFiction version 3.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22682
  • 07.10.89 - CVE: Not Available
  • Platform: Web Application
  • Title: ZPanel Multiple Remote File Include Vulnerabilities
  • Description: ZPanel is a hosting control application. The application is prone to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "body" parameter of the "templates/ZPanelV2/template.php" script, and the "page" parameter in the "zpanel.php" script. ZPanel version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22683
  • 07.10.90 - CVE: Not Available
  • Platform: Web Application
  • Title: LoveCMS Multiple Input Validation Vulnerabilities
  • Description: LoveCMS is a content manager. Insufficient sanitization of user-supplied input exposes the application to multiple local file include, remote file include and cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/22675
  • 07.10.91 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Multiple Products Network Analysis Module SNMP Communication Spoofing
  • Description: Cisco NAMs (Network Analysis Module) are deployed in Catalyst 6000, 6500 and Cisco 7600 series routers to monitor and analyze network traffic by using Remote Monitoring (RMON), RMON2 and other MIBs. Multiple Cisco routers that have a NAM (Network Analysis Module) installed are prone to an SMTP communication spoofing vulnerability. This issue affects devices running Cisco IOS as well as Cisco CatOS version 7.6(15) through 8.5(1). Cisco Catalyst 6000, 6500 and Cisco 7600 series devices that have a Network Analysis Module installed are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml
  • 07.10.92 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Catalyst MPLS Packet Handling Denial of Service
  • Description: Cisco Catalyst switches and routers are prone to a denial of service issue because the device fails to handle exceptional conditions. Specifically, the device crashes when processing specially crafted MPLS packets received by a route processor (MSFC) Layer 3 interface. These systems are affected: Cisco Catalyst 6500 systems that run Cisco IOS 12.2(18)SXF4 and Cisco Catalyst 6000, 6500; and Cisco 7600 series systems with MSFC2 or MSFC3 that run in Hybrid Mode.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

AMEX gift card with Mentor class

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU