Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 12
March 19, 2007

SANS Newsletters Home

Apple revealed a big, bad set of vulnerabilities in Mac OS X - some leading to remote root compromise. Some of them already are being targeted in published exploits. CA's backup product, BrightStor, is back on the list of software with critical flaws. McAfee's bugs are a little less critical, but still require rapid action. These latter two are a reminder of the retargeting that criminals have done over the past 18 months - focusing much more of their research, and huge numbers of attacks, on applications ranging from back-up to security to office applications to media players. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 8 (#3)
    • Mac OS
    • 1 (#1)
    • Linux
    • 6
    • BSD
    • 1 (#4)
    • Unix
    • 2
    • Cross Platform
    • 29 (#2, #5)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 13
    • Web Application
    • 26

************************* Sponsored By Symantec *************************

Take a 5 minute compliance test. How well do your security policies and practices hold up under regulatory mandates? Take a five minute test to get an overall "compliance score". Then learn how Symantec solutions can help you monitor and report on compliance through a single compliance architecture that enables you to manage multiple regulations.

http://www.sans.org/info/4726 *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
BSD
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

************************* Sponsored Links: ****************************

1) Join professionals to learn about Log Management tools at the Log Management Summit April 23-25. http://www.sans.org/info/4731

2) Upcoming SANS Ask the Expert Webcast, "The State of Malware Today", March 21 at 1pm EDT. http://www.sans.org/info/4736

3) Don't miss SANS Ask the Expert Webcast: Sustainable Compliance through Host Access Management and Data Security Reviews on Thursday, March 22nd at 1:00 PM EDT (1800 UTC/GMT)Sign up now! http://www.sans.org/info/4741 *************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: CA BrightStor ARCServe Backup Tape Engine and Portmapper Vulnerabilities
  • Affected:
    • BrightStor Products:
    • BrightStor ARCserve Backup r11.5, r11.1, r11, r10.5, v9.01
    • CA Protection Suites r2:
    • CA Server and Business Protection Suites r2
    • CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
    • CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

  • Description: Computer Associates BrightStor ARCserve Backup products provide backup services for Windows, NetWare, Linux and UNIX. The Tape Engine feature allows the backup products to use tape drives as a storage media. The Tape Engine process, which listens on port 6502/tcp, contains multiple vulnerabilities in the handling of RPC requests that can be exploited to either shut down the Tape Engine service or possibly execute arbitrary code with "SYSTEM" privileges. In addition, the portmapper service also contains a vulnerability that can be exploited to crash the service. The technical details have not yet been publicly posted.

  • Status: CA has released patches for the affected products. A workaround is to block access to the port 6502/tcp and 111/udp at the network perimeter to prevent attacks originating from the Internet. Special Note: CA BrightStor products have been widely exploited during the past year. Hence, this patch should be applied on a priority basis.

  • References:
  • (3) HIGH: McAfee ePolicy Orchestrator and ProtectionPilot Multiple Vulnerabilities
  • Affected:
    • McAfee ePolicy Orchestrator versions 3.5p6 and 3.6.1 and prior
    • McAfee ProtectionPilot versions 1.1.1p3 and 1.5.0 and prior

  • Description: McAfee ePolicy Orchestrator and ProtectionPilot contain multiple vulnerabilities in the "SiteManager" ActiveX component. A malicious web page that instantiates this component could exploit these vulnerabilities and execute arbitrary code with the privileges of the current user. Note that this component is generally only installed on the Orchestrator or ProtectionPilot server, or a system with the management console for one of these applications installed. Technical details for these vulnerabilities is publicly available, and reusable exploit code for ActiveX components could be easily adapted to target this component.

  • Status: McAfee confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "4124FDF6-B540-44C5-96B4-A380CEE9826A".

  • Council Site Actions: Two of the reporting council sites are using the affected software. One site plans to deploy the patch during their next regularly scheduled maintenance cycle. The other site is still investigating their course of action. They may accept the risk due to the fact that their systems are in the process of being integrated into their parent company.

  • References:
  • (5) LOW: Apache Tomcat Directory Traversal
  • Affected:
    • Apache Tomcat versions prior to 5.5.23 and 6.0.10

  • Description: Apache Tomcat, a popular Java servlet container and application server, contains a directory traversal vulnerability. A specially-crafted request could allow an attacker to read arbitrary files below the configured document root of the Tomcat server. Note that the files must be readable by the Tomcat server process. A simple proof-of-concept is available.

  • Status: Apache confirmed, updates available.

  • Council Site Actions: Three of the reporting council sites are using the affect software and plan to respond on some level. The first site only has a few small installations of Tomcat and they have advised the developers to upgrade those systems manually. The second site has advised their user base to update. The third site is still investigating the best course of action - they have multiple Tomcat installations and a number of one-off solutions. They plan to research all Tomcat server locations.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5402 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.12.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting
  • Description: Microsoft Internet Explorer is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. This issue arises when rendering the local "Navigation Canceled" resource page "res://ieframe.ddl/navcancel.htm". When page navigation is canceled, the intended URI path is appended to the local resource path following a "#" character. Microsoft Internet Explorer version 7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22966
  • 07.12.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avant Browser Content Type Stack-Based Buffer Overflow
  • Description: Avant Browser is a web browser. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. Avant Browser version 9.02 build 17 is affected.
  • Ref: http://www.securityfocus.com/bid/23002
  • 07.12.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Personal Firewall 2006 SymTDI Driver Local Denial of Service
  • Description: Norton Personal Firewall 2006 is prone to a local denial of service issue. This issue occurs when attackers send malformed data to the "SymTDI" driver. Symantec Norton Personal Firewall 2006 versions 9.1.0.33 and 9.1.1.7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/462926
  • 07.12.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Personal Firewall 2006 SymEvent Driver Local Denial of Service
  • Description: Norton Personal Firewall 2006 is prone to a local denial of service issue. This issue occurs when attackers send malformed data to the "SymEvent" driver. Symantec Norton Personal Firewall 2006 version 9.1.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/22961
  • 07.12.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Orchestrator SiteManager.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
  • Description: McAfee EPolicy Orchestrator is a suite of applications that provide anti-virus, anti-spyware, system firewalls, host IPS, content filtering and patch management. The application is exposed to multiple buffer overflow issues as software fails to perform sufficient bounds checking of user-supplied input before copying it to insufficiently sized memory buffers. McAfee ProtectionPilot versions 1.5 and earlier are affected. Ref: https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&sliceId=SAL_Public&externalId=612496
  • 07.12.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NewsBin Pro Long File Name Buffer Overflow
  • Description: NewsBin Pro is a news collector application. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. NewsBin Pro version 4.32 is affected.
  • Ref: http://www.securityfocus.com/bid/22940
  • 07.12.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WarFTP Unspecified Stack-Based Buffer Overflow
  • Description: WarFTP is a File Transfer Protocol server application for the Microsoft Windows operating system. The application is exposed to a stack-based buffer overflow issue because WarFTP fails to properly check boundaries on unspecified user-supplied data before copying it to an insufficiently sized buffer. The issue occurs prior to authentication. WarFTP version 1.65 is affected.
  • Ref: http://www.securityfocus.com/bid/22944
  • 07.12.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NewsReactor Long File Name Buffer Overflow
  • Description: NewsReactor is a news collector application. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. NewsReactor version 20070220 is affected.
  • Ref: http://www.securityfocus.com/bid/22936
  • 07.12.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: D-Link TFTP Transporting Mode Remote Buffer Overflow
  • Description: D-Link TFTP is a freely available TFTP (Trivial FTP) server. The application is prone to a buffer overflow issue because it fails to properly bounds check user-supplied data before storing it in a finite sized memory buffer. D-Link TFTP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22923/info
  • 07.12.10 - CVE: CVE-2007-0719, CVE-2007-0720, CVE-2007-0721,CVE-2007-0722, CVE-2007-0723, CVE-2007-0724, CVE-2007-0726,CVE-2007-0728, CVE-2007-0730, CVE-2007-0731, CVE-2007-0733
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Applications Multiple Vulnerabilities
  • Description: Mac OS X is exposed to multiple issues. Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are affected. Please refer to the advisory for further details.
  • Ref: http://www.kb.cert.org/vuls/id/557064
  • 07.12.11 - CVE: CVE-2007-0998
  • Platform: Linux
  • Title: Xen QEMU VNC Server Arbitrary Information Disclosure
  • Description: Xen is an application for monitoring virtual machines. QEMU is a processor emulator that supports full system virtualization. The application is exposed to an unspecified issue that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU. RedHat Enterprise Linux Virtualization v.5 server and earlier versions are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0114.html
  • 07.12.12 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
  • Description: The Linux kernel is exposed to multiple NULL pointer dereference issues due to NULL pointer dereference problems in "nfnetlink_log". Linux kernel 2.6.20 and all earlier versions are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3
  • 07.12.13 - CVE: Not Available
  • Platform: Linux
  • Title: KTorrent Multiple Remote Vulnerabilities
  • Description: KTorrent is a BitTorrent application for KDE. The application is exposed to multiple remote vulnerabilities, which occurs while processing the paths of filenames within torrents or when processing messages with invalid chunk indexes. KTorrent versions prior to 2.1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/22930
  • 07.12.14 - CVE: CVE-2007-1000
  • Platform: Linux
  • Title: Linux Kernel Ipv6_Getsockopt_Sticky Memory Leak Information Disclosure
  • Description: Linux Kernel is exposed to an information disclosure issue because it fails to handle unexpected user-supplied input. The vulnerability exists in the "ipv6_getsockopt_sticky()" function of the net/ipv6/ipv6_sockglue.c source file. Kernel versions 2.6.0 to 2.6.20.1 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/920689
  • 07.12.15 - CVE: CVE-2007-0958
  • Platform: Linux
  • Title: Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure
  • Description: The Linux Kernel is exposed to an issue that occurs in the Linux ELF binary loader. This issue can allow local attackers to gain access to privileged information which resides in the "load_elf_binary" function of the "binfmt_elf.c" file. Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0099.html
  • 07.12.16 - CVE: Not Available
  • Platform: Linux
  • Title: Plash Shell Command Injection
  • Description: Plash is an application designed to place executables into a sandbox to minimize the privileges granted to unknown or untrusted applications. Plash is exposed to a shell command injection issue because it fails to properly isolate executing binaries from using the TIOCSTI ioctl on "/dev/tty". Plash version 1.17 is affected.
  • Ref: http://lists.gnu.org/archive/html/plash/2007-03/msg00000.html
  • 07.12.17 - CVE: CVE-2007-1365
  • Platform: BSD
  • Title: OpenBSD ICMP6 Packet MBuf Remote Denial of Service
  • Description: OpenBSD is exposed to a remote denial of service issue when handling specially crafted ICMP6 packets. Specifically, this issue occurs in the "m_dup1()" function when copying the content from one "mbuf" structure to another "mbuf" structure. OpenBSD versions 3.9 and 4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/22901
  • 07.12.18 - CVE: Not Available
  • Platform: Unix
  • Title: minigzip Controls File_Compress Buffer Overflow
  • Description: minigzip is a minimal implementation of the gzip compression tool. It is available for Unix-like operating systems. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying "file_compress()" data into an "outfile" buffer.
  • Ref: http://www.securityfocus.com/bid/22964
  • 07.12.19 - CVE: Not Available
  • Platform: Unix
  • Title: AstroCam Remote Denial of Service
  • Description: AstroCam is a UNIX daemon that is used to control remote cameras. The server can be controlled with a Web interface. The application is exposed to a remote denial of service issue. Please refer to the advisory for further details. AstroCam versions prior to 2.6.6 are affected.
  • Ref: http://www.securityfocus.com/bid/22924/info
  • 07.12.20 - CVE: CVE-2007-1447, CVE-2007-1448
  • Platform: Cross Platform
  • Title: Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for various clients. The application is exposed to a memory corruption issue that arises when the application handles an RPC request containing specially crafted procedure arguments. A denial of service issue affecting the Tape Engine service presents itself due to an unspecified RPC function. See the reference below for a list of affected versions.
  • Ref: http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
  • 07.12.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server Unspecified Unauthorized Access
  • Description: Sun Java System Web Server is an application for serving and managing web applications. The application is exposed to an unspecified issue that lets attackers gain unauthorized access to data stored on the web server. Please check the attached advisory for details.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1
  • 07.12.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: qftp Set_Umask Function Stack-Based Buffer Overflow
  • Description: The "ftplib" package is a library of FTP (File Transfer Protocol) functions. The "qftp" application uses and is included with the "ftplib" source code distribution. The "qftp" application is exposed to multiple stack-based buffer overflow issues because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. qftp version 3.1-1 of the "ftplib" library is affected.
  • Ref: http://www.securityfocus.com/bid/22986
  • 07.12.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LIBftp Multiple Remote Buffer Overflow Vulnerabilities
  • Description: LIBftp is a library that implements FTP (File Transfer Protocol) functions. The appplication is exposed to multiple remote buffer overflow issues because the application fails to bounds check "FtpArchie()", "FtpDebugDebug()", "FtpOpenDir()", and "FtpSize()" functions when copying user-supplied data from their parameters into "FtpString". LIBftp version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22987
  • 07.12.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Array_User_KIey_Compare Function Memory Corruption
  • Description: PHP is prone to a memory corruption issue because it fails to sufficiently sanitize user-supplied data and facilitate arbitrary code execution. PHP versions 4.x prior to 4.4.6 and versions 5.x prior to 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-24-2007.html
  • 07.12.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Source Code Disclosure
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. The application is exposed to a sourcecode disclosure issue due to an input validation flaw when handling malformed HTTP requests containing certain characters in the URI. IBM Websphere Application Server 6.1.3 and all earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22991
  • 07.12.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities
  • Description: The PHP Interbase extension is a database module for PHP. The application is exposed to multiple remote buffer overflow issues because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP versions 4.4.6 and earlier on Microsoft Windows are affected.
  • Ref: http://www.securityfocus.com/archive/1/462931
  • 07.12.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Session Identifier Rejection Double Free Memory Corruption
  • Description: PHP is exposed to a double free memory corruption issue. When a session identifier is rejected, a flag is set which causes the application to free a pointer to the previous session identifier and create a new identifier. The issue arises as this operation is not atomic and can be interrupted by exceptional conditions. PHP versions 5.2.0 and 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-23-2007.html
  • 07.12.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server Certificate Revocation Access Control Bypass
  • Description: Sun Java System Web Server is an application for serving and managing web applications. The application is exposed to an access bypass issue because it fails to properly enforce certificate revocations. Affected versions include Sun Java System Web Server 6.1 prior to SP7 (all types including AIX and HP-UX). Also affected are all versions prior to the following patch levels per operating system: Linux patch 118202-11, Solaris x86 patch 116649-19, and SPARC patch 116648-19.
  • Ref: http://www.securityfocus.com/bid/22973
  • 07.12.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro Scan Engine UPX File Parsing Remote Denial of Service
  • Description: The Trend Micro Scan Engine is available on various products shipped by the vendor. The application is exposed to a denial of service issue because it fails to properly handle compressed UPX files. Various products using the Trend Micro Antivirus Scan Engine versions 8 and above are affected. Ref: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587
  • 07.12.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Session_Regenerate_ID Function Double Free Memory Corruption
  • Description: PHP is exposed to a double free memory corruption issue which resides in the "session_regenerate_id()" function used to regenerate a new session identifier. The affected function fails to clear a previously freed pointer from the previous session before calling the session identifier generator. PHP versions 5 to 5.2.1 are affected. PHP version 4 is vulnerable only if successful remote exploits are proven.
  • Ref: http://www.php-security.org/MOPB/MOPB-22-2007.html
  • 07.12.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP versions 5.2.1 and prior are vulnerable to these issues. Please refer to the advisory for further details.
  • Ref: http://www.php-security.org/MOPB/MOPB-21-2007.html
  • 07.12.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHProjekt Arbitrary File Upload
  • Description: PHProjekt is a freely available, open-source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. The application is exposed to an arbitrary file upload issue. PHProjekt versions prior to 5.2.1 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/22956
  • 07.12.33 - CVE: CVE-2007-1278
  • Platform: Cross Platform
  • Title: Adobe JRun Unspecified Denial of Service
  • Description: Adobe JRun is a J2EE application server. The application is exposed to a denial of service issue while taking specific actions after requesting a file located in the JRun application server's root folder. Microsoft IIS 6 installations running JRun 4 Updater 6 and earlier versions are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-07.html
  • 07.12.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache HTTP Server Tomcat Directory Traversal
  • Description: Apache Tomcat is the servlet container used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Apache Tomcat versions in the 5.0 series prior to 5.5.22 and versions in the 6.0 series prior to 6.0.10 are affected.
  • Ref: http://www.securityfocus.com/bid/22960
  • 07.12.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL Commander Remote File Include
  • Description: MySQL Commander is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "home" parameter of the "ressourcen/dbopen.php" script. MySQL Commander versions 2.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22941
  • 07.12.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: unrarlib URarLib_Get Function Buffer Overflow
  • Description: unrarlib is a library for opening and reading RAR files. The library is exposed to a buffer overflow issue because it fails to perform proper bounds checking of user-supplied input before copying it to an insufficiently sized memory buffer. The problem occurs in the "urarlib_get()" function of "unrarlib.c". unrarlib version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/22942
  • 07.12.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Netperf Insecure Temporary File Creation
  • Description: Netperf is a benchmark tool to measure various aspects of networking performance. The "netperf.debug" file creates temporary files in an insecure manner. Netperf version 2.4.3 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413658
  • 07.12.38 - CVE: CVE-2007-1387
  • Platform: Cross Platform
  • Title: Xine DirectShow Loader Remote Buffer Overflow
  • Description: Xine is an open source multimedia player for audio and video. Xine is exposed to a remote buffer overflow issue because the application fails to perform boundary checks prior to copying user-supplied input into finite sized buffers. xine-lib version 1.1.2 and all earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22933
  • 07.12.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Open Educational System Multiple Remote File Include Vulnerabilities
  • Description: Open Educational System is an open source learning application. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call. Open Educational System version 0.1 beta is affected.
  • Ref: http://advisories.echo.or.id/adv/adv69-K-159-2007.txt
  • 07.12.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PennMUSH Multiple Command Denial of Service Vulnerabilities
  • Description: PennMUSH is an application server for "mud" (multi-user dungeon), a textual game. The application is exposed to multiple remote denial of service issues due to an unspecified error when a user sends a specially crafted "speak()" command or a "buy()" command with "@buy" and "@pricelist" attributes. PennMUSH versions prior to 1.8.2p3 are affected.
  • Ref: http://www.pennmush.org/archives/pennmush-announce/2007/000137.html
  • 07.12.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP EXT/Filter Function Remote Buffer Overflow
  • Description: The PHP ext/filter is an optional extension for PHP 5. It is designed to filter out malicious content from user-supplied input. The application is exposed to a remote buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP version 5.2.0 is affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-19-2007.html
  • 07.12.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP EXT/Filter HTML Stripping Bypass
  • Description: The PHP ext/filter is an optional extension for PHP 5. It is designed to filter out malicious content from user-supplied input. The filter is prone to a filter bypass issue when the "FILTER_SANITIZE_STRING" filter is used with the "FILTER_FLAG_STRIP_LOW" flag. PHP ext/filter version 5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22914
  • 07.12.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Database Server DACL Multiple Insecure Permissions Vulnerabilities
  • Description: Oracle Database Server is exposed to multiple insecure permissions issues due to a failure in the application to properly secure the individual processes of the application. Oracle Database Server version 10gR2 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/22905
  • 07.12.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP EXT/Filter FDF Post Filter Bypass
  • Description: The PHP ext/filter is an optional extension for PHP 5. It is designed to filter out malicious content from user-supplied input. The filter is prone to a filter bypass issue because it can be bypassed when ext/fdf is installed. PHP version 5.1.6 and earlier versions are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-17-2007.html
  • 07.12.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun JMX RMI-IIOP Local Unauthorized Access
  • Description: Sun Java Management Extensions (JMX) Remote API provides remote access to JMX MBeans servers. Sun JMX is exposed to a local unauthorized access issue that occurs in the Remote Method Invocation over Internet Inter ORB Protocol (RMI-IIOP) when processing a local RMI-IIOP server application. JMX RMI-IIOP API which is part of the Java Dynamic Management Kit product is affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102835-1&searchclause=
  • 07.12.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP CPDF_Open Local Information Disclosure
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The PHP "cpdf_open()" function is exposed to a local information disclosure issue because the application fails to properly verify that the file specified is an existing PDF file. PHP version 4.4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/22897
  • 07.12.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL Single Row SubSelect Remote Denial of Service
  • Description: MySQL is an open source SQL database management system available for multiple operating systems. The application is exposed to a remote denial of service issue because it fails to handle certain SELECT statements to database metadata. MySQL versions prior to 5.0.37 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/462339
  • 07.12.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP SNMPGet Function Local Buffer Overflow
  • Description: PHP is prone to a local buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP for Microsoft Windows versions 4.4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/22893
  • 07.12.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DirectAdmin CMD_USER_STATS Cross-Site Scripting
  • Description: DirectAdmin is a web site administration panel. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "RESULT" parameter of the "CMD_USER_STATS" script. JBMC Software DirectAdmin version 1.292 is affected.
  • Ref: http://www.securityfocus.com/archive/1/463003
  • 07.12.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Oracle Portal P_OldURL Parameter Cross-Site Scripting
  • Description: Oracle Portal is a portal application integrated into Oracle's application server software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "p_oldurl" parameter of the "portal/PORTAL.wwv_main.render_warning_screen" script. Oracle Portal version 10g is affected.
  • Ref: http://www.securityfocus.com/bid/22999
  • 07.12.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Rational ClearQuest Defect Logging Attachment Cross-Site Scripting
  • Description: IBM Rational ClearQuest is a software development management application. It is exposed to a cross-site scripting issue due to a lack of proper sanitization of user-supplied input. IBM Rational ClearQuest version 7.0.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462919
  • 07.12.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Cisco Products Online Help Cross-Site Scripting
  • Description: Multiple Cisco products are exposed to a cross-site scripting issue because they fail to properly sanitize user-supplied input. The search script contained in the "PreSearch.html" or "PreSearch.class" partially sanitizes user-supplied input. Cisco VPN Client for Windows version 4.8.1 and earlier, for Solaris versions 4.0.2 C and earlier, for Mac OS X 4.0.2 C and earlier, for Linux versions 3.6.1 and earlier are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml
  • 07.12.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Framework Login.php Cross-Site Scripting
  • Description: Horde Framework is a web log application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to a "new_lang" parameter of the "login.php" script. Horde Framework versions earlier than 3.1.4 are affected.
  • Ref: http://lists.horde.org/archives/announce/2007/000315.html
  • 07.12.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHProjekt Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHProjekt is a modular web-based application to share information and documents. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. PHProjekt versions 5.2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22957
  • 07.12.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MindTouch DekiWiki PopUp-NoTopic.php Cross-Site Scripting
  • Description: MindTouch DekiWiki is a file server and intranet tool. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "message" parameter of the "/skins/ace/popup-notopic.php" script. MindTouch DekiWiki versions prior to "gooseberry++" are affected.
  • Ref: http://www.securityfocus.com/bid/22891
  • 07.12.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhpStats Multiple SQL Injection Vulnerabilities
  • Description: PhpStats is a web site statistics analysis application. It is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query using the "PC-REMOTE-ADDR" parameter and "ip" parameter of the "php-stats.recphp.php" script. PhpStats version 0.1.9.1b is affected.
  • Ref: http://www.securityfocus.com/bid/23003
  • 07.12.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Creative Files kommentare.php SQL Injection
  • Description: Creative Files is a web-based download manager. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "dlid" parameter of the "kommentare.php" script before using it in an SQL query. Creative Files version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23000
  • 07.12.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Absolute Image Gallery gallery.asp SQL Injection
  • Description: Absolute Image Gallery is a web based photo album application implemented in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "categoryid" parameter of the "gallery.asp" script. Absolute Image Gallery version XE 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22988
  • 07.12.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Woltlab Burning Board usergroups.php SQL Injection
  • Description: Woltlab Burning Board is a free web-based bulletin board package based on PHP and MySQL. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "action" parameter of the "usergroup.php" script. Woltlab Burning Board version 2.7 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22970
  • 07.12.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WSN Guest Comment.PHP SQL injection
  • Description: WSN Guest is a guestbook application. The application is exposed to an SQL injection issue because it fails to properly sanitize user supplied input to the "id" parameter of the "comment.php" script before using it in an SQL query. WSN Guest version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22969
  • 07.12.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHProjekt Multiple SQL Injection Vulnerabilities
  • Description: PHProjekt is a freely available, open-source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query. The vulnerabilities can be triggered through the "calendar" module, the "search" module and through an unspecified cookie value. PHProjekt versions 5.2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/462789
  • 07.12.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JGBBS search.asp SQL Injection
  • Description: JGBBS is a tree style forum application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "Author" parameter of the "search.asp" script before using it in an SQL query. JGBBS version 3.0 beta 1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462699
  • 07.12.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-Ice News System devami.asp SQL Injection
  • Description: X-Ice News System is a content management system (CMS). The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "devami.asp" script before using it in an SQL query. X-Ice News System version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22939
  • 07.12.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Labs JobSitePro search.php SQL injection
  • Description: PHP Labs JobSitePro is a web-based application. It allows users to create and manage a job recruitment site. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "search.php" script before using it in an SQL query. JobSitePro version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22916
  • 07.12.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Triexa SonicMailer Pro index.php SQL injection
  • Description: Triexa SonicMailer Pro is a mailing list manager. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "list" parameter of the "index.php" script before using it in an SQL query. SonicMailer Pro 3.2.3 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/22920
  • 07.12.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Duyuru Scripti goster.asp SQL Injection
  • Description: Duyuru Scripti is a web-based application. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "goster.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/462448
  • 07.12.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Lang Parameter Local File Include and SQL Injection Vulnerabilities
  • Description: PHP Nuke is a content manager and portal system. The application is prone to a local file include issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied input through the "lang" cookie data parameter. PHP Nuke version 8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462443
  • 07.12.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HC Design NEWSSYSTEM index.php SQL Injection
  • Description: NEWSSYSTEM is a web-based news script application. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ID" parameter of the "index.php" script before using it in an SQL query. NEWSSYSTEM versions 1.0 and 1.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/462347
  • 07.12.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Cyber-Inside WebLog Local File Include
  • Description: Cyber Inside WebLog is a web-based application. It is ecposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/22995
  • 07.12.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Holtstraeter Rot 13 enkrypt.php Directory Traversal
  • Description: Rot 13 is a simplified implementation of the Caeser cipher algorithm to encrypt sensitive information. The appplication is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory traversal string are sent to the "datei" parameter of the "enkrypt.php" script.
  • Ref: http://www.securityfocus.com/archive/1/463011
  • 07.12.71 - CVE: Not Available
  • Platform: Web Application
  • Title: WBBlog index.php Multiple Input Validation Vulnerabilities
  • Description: WBBlog is a single-user blogging application. It is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data affecting the "e_id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/22998
  • 07.12.72 - CVE: Not Available
  • Platform: Web Application
  • Title: McGallery download.php Information Disclosure
  • Description: McGallery is a web-based application. It is exposed to an information disclosure issue because the application fails to properly sanitize user supplied input to the "filename" parameter of the "download.php" script. McGallery version 0.5b is affected.
  • Ref: http://www.securityfocus.com/bid/22989
  • 07.12.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion
  • Description: Horde Framework is an application framework used with other Horde Project products. IMP is a webmail application for accessing IMAP and POP3 mailboxes. It is implemented on the Horde Framework. The application is exposed to a file deletion issue as filepath output strings from the "find(1)" function are passed as the Y value to a "for X in Y; do" statement. Since the Y value is space delimited, the for loop processes filepaths with spaces as separate files. Horde IMP versions 3.2.6 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/462933
  • 07.12.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Viper Web Portal index.php Remote File Include
  • Description: Viper Web Portal is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "modpath" parameter of the "index.php" script. ViperWeb Portal alpha version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22979
  • 07.12.75 - CVE: Not Available
  • Platform: Web Application
  • Title: CCMail Update.PHP Remote File Include
  • Description: CcMail is a webmail application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "functions_dir" parameter of the "functions/update.php" script. CcMail version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22983
  • 07.12.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Dayfox Blog postpost.php Remote PHP Code Execution
  • Description: Dayfox Blog is a PHP-based application for creating blogs sites. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input to the "cat" parameter of the "postpost.php" script. Dayfox Blog version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/22972
  • 07.12.77 - CVE: Not Available
  • Platform: Web Application
  • Title: GrafX Company Website Builder Pro comanda.php Remote File Include
  • Description: Company Website Builder Pro is a content management system (CMS). The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "INCLUDE_PATH" parameter of the "comanda.php" script. Company Website Builder Pro version 1.9.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462917
  • 07.12.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde IMP Webmail Client Multiple Input Validation Vulnerabilities
  • Description: Horde IMP Webmail Client provides webmail access to IMAP and POP3 accounts. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Horde IMP versions 4.0.4 and earlier are affected.
  • Ref: http://lists.horde.org/archives/announce/2007/000316.html
  • 07.12.79 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCreator Multiple Remote File Include Vulnerabilities
  • Description: WebCreator is an application to create web sites. The application is prone to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call. WebCreator versions 0.2.6-rc3 and earlier are affected.
  • Ref: http://advisories.echo.or.id/adv/adv74-theday-2007.txt
  • 07.12.80 - CVE: Not Available
  • Platform: Web Application
  • Title: CARE2X Multiple Remote File Include Vulnerabilities
  • Description: CARE2X is an application that is used to integrate data, functions and workflows in a healthcare environment. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call. CARE2X version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462808
  • 07.12.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Weekly Drawing Contest check_vote.php Local File Include
  • Description: Weekly Drawing Contest is a forum application. The application is prone to a local file include issue because it fails to properly sanitize user-supplied input to the "order" parameter of the "check_vote.php" script. Weekly Drawing Contest version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22937
  • 07.12.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Weekly Drawing Contest Contest.PHP Remote Authentication Bypass
  • Description: Weekly Drawing Contest is a contest CMS. The application is exposed to an issue that allows remote attackers to bypass authentication and simply navigate to the "admin/contest.php" script. Weekly Drawing Contest version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462702
  • 07.12.83 - CVE: Not Available
  • Platform: Web Application
  • Title: ClipShare ADODB-Connection.Inc.php Remote File Include
  • Description: ClipShare is a web-based application for sharing photos and videos. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cmd" parameter of the "adodb-connection.inc.php" script. ClipShare version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/22928
  • 07.12.84 - CVE: Not Available
  • Platform: Web Application
  • Title: PostNuke Phgstats Module Remote File Include
  • Description: PostNuke Phgstats Module is a game server status/query script. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phgdir" parameter of the "phgstats.inc.php" script. PostNuke Phgstats Module version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/22918
  • 07.12.85 - CVE: Not Available
  • Platform: Web Application
  • Title: AssetMan PDF_File Parameter Directory Traversal
  • Description: AssetMan is a web-based application to track company assets. The application is prone to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory traversal string are sent to the "pdf_file" parameter. AssetMan versions 2.4a and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/462577
  • 07.12.86 - CVE: Not Available
  • Platform: Web Application
  • Title: cPanel Multiple Local File Include Vulnerabilities
  • Description: Cpanel is a web hosting control panel. The application is prone to multiple local file include issues because it fails to properly sanitize user-supplied input to the "userlanguage" parameter of the "load_language.php" script and "fantasticopath" parameter of the "mysqlconfig.php" script. Cpanel versions 10.9.x and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22915
  • 07.12.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Grayscale Blog Multiple Input Validation Vulnerabilities
  • Description: Grayscale Blog is a web based blogging application. The application is prone to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Grayscale Blog version 0.8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462441
  • 07.12.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Premod SubDog 2 Multiple Remote File Include Vulnerabilities
  • Description: Premod SubDog 2 is a module for phpBB. The application is prone to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call.
  • Ref: http://www.securityfocus.com/archive/1/462444
  • 07.12.89 - CVE: Not Available
  • Platform: Web Application
  • Title: SoftNews Media Group DataLife Engine Multiple Remote File Include Vulnerabilities
  • Description: DataLife Engine is web-based content management system. The application is prone to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call, which affects the "root_dir" parameter of "init.php" and "- Ajax/editnews.php" scripts. DataLife Engine version 5.5 and 4.1 are affected.
  • Ref: http://www.securityfocus.com/bid/22913
  • 07.12.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Work System ECommerce include_top.php Remote File Include
  • Description: Work System Ecommerce is a content manager. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g_include" parameter of the "include/include_top.php" script. Work system Ecommerce versions 3.0.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22908
  • 07.12.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery Multiple Remote File Include Vulnerabilities
  • Description: Coppermine Photo Gallery is a web-based image gallery. The application is exposed to multiple remote file-include issues because it fails to properly sanitize user-supplied input in various script files.
  • Ref: http://www.securityfocus.com/archive/1/462322
  • 07.12.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordpress WP_Title Function HTML Injection
  • Description: Wordpress is a web-log application. The application is prone to an HTML injection issue because it fails to properly sanitize user-supplied input to the "year" field of the "wp_title" function. WordPress versions 2.1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/462374
  • 07.12.93 - CVE: Not Available
  • Platform: Web Application
  • Title: JCCorp URLShrink Free CreateURL.PHP Remote File Include
  • Description: JCCorp URLShrink Free is a URL shrinking tool. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "formurl" parameter of the "createurl.php" script. JCcorp URLShrink Free version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462310
  • 07.12.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PMB Multiple Remote File Include Vulnerabilities
  • Description: PMB is an application to aid in the management of a library. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in an "include()" function call. PMB version 3.0.13 is affected.
  • Ref: http://www.securityfocus.com/archive/1/462452

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This was by far the best course I have ever taken.
-Peter Lombars, Intrucom Inc.

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd