Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 15
April 9, 2007

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 16 (#1)
    • Third Party Windows Apps
    • 8 (#2, #3, #4, #7, #10)
    • Linux
    • 6
    • Solaris
    • 1
    • Unix
    • 1
    • Cross Platform
    • 28 (#5, #6, #9, #11)
    • Web Application - Cross Site Scripting
    • 5
    • Web Application - SQL Injection
    • 21 (#8)
    • Web Application
    • 20

*************************** Sponsored By SANS **************************

Join other security professionals at the SANS Encryption Summit April 23-25 and benefit from an in-depth program aimed at getting you the information you need to protect your sensitive data. http://www.sans.org/info/5471

************************************************************************* SANSFIRE 07 in Washington DC Features the Internet Storm Center Experts

No one knows the newest attacks better than the Internet Storm Center Incident Handlers, and they are sharing the newest attacks and defenses in evening sessions during SANSFIRE in Washington DC, July 25-August 7, 2007. Anyone who attends a course can also attend Internet Storm Center Threat Updates. For a list of courses http://www.sans.org/sansfire07/

If you cannot come to Washington or cant wait that long, SANS award winning security training is available in more than 70 cities in nine countries just in the next four months. Better still, you can schedule SANS training on-site or even take it live online or on demand. *Complete schedule: http://www.sans.org/training/bylocation/index_all.php *SANS courses on site at your facility: http://www.sans.org/onsite/ *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

************************ Sponsored Links: ******************************

1) Take the 2007 Log Management Survey and be eligible to win a Nintendo Wii system. Click here to take the survey. http://www.sans.org/info/5476

2) CALLING ALL SANS ALUMNI!!! Please visit http://www.sans.org/info/5481 to get a 15% discount off any SANS OnDemand course, offer ends April 18th. If you have any questions please email ondemand@sans.org.

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows Multiple GDI Vulnerabilities (MS07-017)
  • Affected:
    • Microsoft Windows 2000/XP/Vista
    • Microsoft Windows Server 2003

  • Description: Microsoft has issued a security update (MS07-017) earlier than its monthly patching schedule for the 0-day flaw in the Windows' handling of animated cursor files. This flaw is being exploited in the wild. For more details about this 0-day, please refer to the previous issue of the @RISK newsletter. In addition to the ANI issues, the MS07-017 patch also addresses several locally exploitable vulnerabilities and a remote denial of service vulnerability in the Windows GDI graphical subsystem. The remote DoS can be triggered by a specially-crafted Windows Metafile (WMF) image file, and exploited to cause a system hang or reboot.

  • Status: Microsoft confirmed, updates available. Please ensure that the patch is applied to all the affected systems. Problems after installing MS07-017 patch: On Windows XP SP2, some 3rd party applications may not start. Microsoft has provided mitigation steps here: http://support.microsoft.com/kb/925902 and http://support.microsoft.com/kb/935448/

  • Council Site Actions: All of the responding council sites are taking action. One site has already pushed the updates. The other sites are depolying on an expedited basis. One site noted they sent out an organization-wide notice explaining the threat and asking users to verify that the patch installs.

  • References:
  • (2) CRITICAL: Yahoo! Messenger Audio Conferencing ActiveX Control Buffer Overflow
  • Affected:
    • Yahoo Messenger versions released prior to 2007-03-13

  • Description: The Audio Conferencing ActiveX control shipped by default with Yahoo! Messenger contains a buffer overflow vulnerability. A malicious web page that instantiates this control, and specifies large values for its "socksHostname" and "hostname" properties could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. Note that some technical details are publicly available for this vulnerability.

  • Status: Yahoo! confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary. One site commented that the block Yahoo Messenger.

  • References:
  • (5) HIGH: Symantec Enterprise Security Manager Authentication Bypass
  • Affected:
    • Enterprise Security Manager agent all versions prior to 6.5.3

  • Description: Symantec Enterprise Security Manager is designed to automate the discovery of vulnerabilities and deviations in the security policies of e-business applications and servers. The product installs agents on the servers that are being monitored. This agent contains a vulnerability in processing "upgrade" requests. The agent does not verify that the upgrade request has been issued by a trusted source. As a result, an attacker can directly request the agent to perform an upgrade and thereby install any malicious program such as a backdoor on the agent system. Note that the agent runs with SYSTEM/root privileges. Hence, the vulnerability can be exploited to compromise critical servers in an enterprise. In order to exploit the flaw, an attacker would require the knowledge of the protocol between the agent and the ESM manager.

  • Status: Symantec has released version 6.5.3 to fix this issue. The ESM manager needs to be upgraded to version 6.5.3 as well to work with the 6.5.3 agent. A possible workaround is to block the ports 5601/udp and 5601/tcp at the network perimeter.

  • References:
  • (6) HIGH: MIT Kerberos Multiple Vulnerabilities
  • Affected:
    • MIT Kerberos 5 versions 1.6 and prior
    • Potentially any system using the MIT implementation of Kerberos.

  • Description: MIT Kerberos, the reference implementation of the Kerberos authentication protocol, contains multiple vulnerabilities: (a) Telnet servers that use Kerberos for authentication contain an authentication bypass vulnerability. By passing a username beginning with "-e", an attacker could bypass all authentication and login as arbitrary users. (b) The Kerberos Administration Daemon, which runs on the Kerberos master server, contains a buffer overflow vulnerability. A specially-crafted Kerberos request could trigger this buffer overflow and execute arbitrary code with the privileges of the Kerberos Administration Daemon process (often SYSTEM/root). (c) The Kerberos Administration Daemon contains a double free vulnerability. An authenticated attacker could trigger this vulnerability to execute arbitrary code with the privileges of the administrative process (often SYSTEM/root). Note that, since the master server usually contains authentication information for the entire Kerberos domain, compromising this server generally leads to compromise of other systems in the same authentication domain. The technical details are available for these vulnerabilities. MIT Kerberos is used by a wide variety of operating systems, including various UNIX and UNIX-like operating systems. Kerberos authentication may not be enabled by default on affected systems, lessening the impact of attacks.

  • Status: MIT confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (7) HIGH: HP Mercury Quality Center "SPIDERLib" ActiveX Control Buffer Overflow
  • Affected:
    • HP 9.1.0.4353 and possibly prior

  • Description: HP Mercury Quality Center is a web-based application that facilitates software quality testing. Users of this application must install the "SPIDERLib" ActiveX control. This control contains a buffer overflow in its handling of its "ProgColor" property. A malicious web page that instantiates this control could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. Some technical details for this vulnerability are publicly available.

  • Status: HP confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSID "98C53984-8BF8-4D11-9B1C-C324FCA9CADE". However, doing so will prevent legitimate use of the affected application.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (8) MODERATE: WordPress "Post_ID" SQL Injection
  • Affected:
    • WordPress version 2.1.2 and prior

  • Description: WordPress, a popular cross-platform blogging suite, contains an SQL injection vulnerability. An authenticated attacker with access to a WordPress "contributor", "author", or "editor" account could trigger this vulnerability. By successfully exploiting this vulnerability an attacker could execute arbitrary SQL commands against the backend WordPress database and read arbitrary files with the privileges of the database process. This vulnerability is exploitable via WordPress's XML-RPC interface. A working exploit and full technical details are publicly available for this vulnerability. Note that WordPress is often installed by hosting providers as a service to their users; these users will often have the necessary credentials to exploit this vulnerability.

  • Status: WordPress has not confirmed, no updates available.

  • References:
Other Software
  • (10) CRITICAL: SolidWorks "sldimdownload" ActiveX Control Remote Code Execution
  • Affected:
    • SoldWorks "sldimdownload" ActiveX Control versions prior to 16.0.0.6

  • Description: SolidWorks is a popular Computer Aided Design (CAD) package for Microsoft Windows. Its "sldmidownload" ActiveX control contains a remote code execution vulnerability. A malicious web page that instantiates this control can invoke this control's "Run" method to run arbitrary code with the privileges of the current user. Note that some technical details for this vulnerability are publicly available.

  • Status: SolidWorks confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSID "AB6633A8-60A9-4F5D-B66C-ABE268CC3227".

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (11) HIGH: Firebug Mozilla Firefox Extension Remote Code Execution
  • Affected:
    • FireBug versions prior to 1.03

  • Description: FireBug is a popular Mozilla Firefox extension providing in-depth JavaScript debugging support. Failure to properly handle certain JavaScript constructs can lead to arbitrary JavaScript being executed without sandbox restrictions. Since there are no sandbox restrictions, the malicious scripts can execute arbitrary code with the privileges of the current user. Note that FireBug is not installed by default. Working exploit code and full technical details are publicly available for this vulnerability.

  • Status: Vendor acknowledged, updates available.

  • Council Site Actions: Only one of the responding council sites is using the affected software, although it is not officially supported. The users who are running it have automatic updates turned on, including for extensions.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2007

Part II - Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 15, 2007

  • 07.15.1 - CVE: Not Available
  • Platform: Windows
  • Title: Wserve HTTP Server GET Request Buffer Overflow
  • Description: Wserve HTTP Server is a commercially available web server application. It is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Wserve HTTP Server version 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23341
  • 07.15.3 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Explorer BMP Image Denial of Service
  • Description: Windows explorer is exposed to a denial of service issue which occurs when .bmp images are opened in Explorer while the "details" pane is open and also when viewing the file in "Thumbnails" view. Windows XP SP1 is affected.
  • Ref: http://www.securityfocus.com/bid/23321
  • 07.15.4 - CVE: CVE-2007-1532
  • Platform: Windows
  • Title: Microsoft Windows Vista Neighbor Discovery Spoofing
  • Description: Microsoft Windows Vista is exposed to a discovery spoofing issue. The issue exists when the operating system receives unsolicited Neighbor Advertisements (NAs). An attacker can exploit this issue by responding to queries and sending spoofed Neighbor Advertisements or blindly sending Neighbor Advertisements.
  • Ref: http://www.securityfocus.com/bid/23293
  • 07.15.5 - CVE: CVE-2007-1533
  • Platform: Windows
  • Title: Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
  • Description: Windows Vista Teredo is a protocol transition mechanism which accommodates IPv6 tunneling over IPv4 Network Address Translation (NAT) devices. The application is exposed to a nonce spoofing weakness.
  • Ref: http://www.securityfocus.com/bid/23301
  • 07.15.6 - CVE: CVE-2007-1535
  • Platform: Windows
  • Title: Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness
  • Description: Microsoft Windows Vista is expsoed to a weakness due to insecure Teredo protocol connections. Teredo is a protocol transition mechanism which accommodates IPv6 tunneling over IPv4 Network Address Translation (NAT) devices. The documentation states that Teredo protocol is disabled by default and requires user action in order to activate. Microsoft Windows Vista is exposed to a weakness which may result in a false sense of security.
  • Ref: http://www.securityfocus.com/bid/23267
  • 07.15.7 - CVE: CVE-2007-1212
  • Platform: Windows
  • Title: Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation
  • Description: Microsoft Windows graphics device interface (GDI) provides an intermediate layer for applications to communicate to the video interface and printer. GDI interacts with device drivers on behalf of applications. The application is exposed to a local privilege escalation issue when rendering malformed EMF image files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
  • 07.15.8 - CVE: CVE-2007-1528
  • Platform: Windows
  • Title: Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass
  • Description: The Microsoft Vista operating system is exposed to a security restriction bypass issue because it fails to properly sanitize user-supplied packet level data. The LLTD protocol operates over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables device discovery via the data-link layer and determines the topology of a network.
  • Ref: http://www.securityfocus.com/bid/23280
  • 07.15.9 - CVE: CVE-2006-5586
  • Platform: Windows
  • Title: Microsoft Windows GDI Invalid Window Size Local Privilege Escalation
  • Description: The Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on both the video display and the printer. The application is exposed to a local privilege escalation issue because of the way Microsoft Windows renders layered application window sizes.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
  • 07.15.10 - CVE: CVE-2007-1530
  • Platform: Windows
  • Title: Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial of Service
  • Description: The Link Layer Topology Discovery (LLTD) is a protocol, designed by Microsoft for discovering the topology of the local area network. Microsoft Windows Vista is exposed to a remote denial of service issue because the application fails to handle exceptional conditions.
  • Ref: http://www.securityfocus.com/bid/23271
  • 07.15.11 - CVE: CVE-2007-1213
  • Platform: Windows
  • Title: Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation
  • Description: Microsoft Windows GDI Font Rasterizer generates TrueType character bitmaps for monitors and printers. The application is exposed to a local privilege escalation issue when an uninitialized function pointer is called during font rasterization.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
  • 07.15.12 - CVE: CVE-2007-1527
  • Platform: Windows
  • Title: Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass
  • Description: The Microsoft Vista operating system is exposed to a security restriction bypass issue because it fails to properly sanitize user-supplied packet level data. The LLTD protocol operates over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables device discovery via the data-link layer and determines the topology of a network.
  • Ref: http://www.securityfocus.com/bid/23279
  • 07.15.13 - CVE: CVE-2007-1531
  • Platform: Windows
  • Title: Microsoft Windows Vista ARP table Entries Denial of Service
  • Description: Microsoft Windows Vista is exposed to a denial of service issue when the operating system receives certain gratuitous ARP requests. These requests are used to overwrite the ARP table entries and propagating address change.
  • Ref: http://www.securityfocus.com/bid/23266
  • 07.15.14 - CVE: CVE-2007-1215
  • Platform: Windows
  • Title: Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation
  • Description: Microsoft Windows Graphics Device Interface (GDI) provides an intermediate layer for applications to communicate to the video interface and printer. GDI interacts with device drivers on behalf of applications. The application is exposed to a privilege escalation issue due to the mishandling of certain unspecified color related parameters prior to copying them to an unchecked memory buffer in the GDI.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
  • 07.15.15 - CVE: CVE-2007-1211
  • Platform: Windows
  • Title: Microsoft Windows GDI WMF Remote Denial of Service
  • Description: Microsoft Windows is prone to a remote denial of service issue because the application fails to perform proper bounds checking on sensitive message buffers when handling malicious WMF files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
  • 07.15.16 - CVE: CVE-2007-1529
  • Platform: Windows
  • Title: Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing
  • Description: The Link Layer Topology Discovery (LLTD) protocol is a protocol designed by Microsoft for discovering the topology of the local area network. The application is exposed to an issue that permits an attacker to spoof arbitrary hosts through a network based race condition.
  • Ref: http://www.securityfocus.com/bid/23263
  • 07.15.17 - CVE: CVE-2007-1112
  • Platform: Third Party Windows Apps
  • Title: Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration
  • Description: Kaspersky AntiVirus is an antivirus application for desktop and small business computers. The application is exposed to an arbitrary file exfiltration issue because it contains a file upload ActiveX control that can be misused by a malicious site. Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504
  • 07.15.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow
  • Description: Kaspersky Internet Security Suite is an application that provides antivirus, antispyware, firewall, antispam, and Web protection tools for Microsoft Windows. The application is exposed to a local heap overflow issue because it fails to perform sufficient boundary checks on user-supplied data before copying it into an insufficiently sized buffer. Kaspersky Internet Security Suite version 6.0.1.411 for Microsoft Windows is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505
  • 07.15.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
  • Description: ACDSee 9.0 Photo Manager is an application that allows users to view images. The application is exposed to multiple denial of service issues due to a failure of the application to properly handle malformed BMP image files. ACDSee version 9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23317
  • 07.15.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IrfanView Multiple BMP Denial of Service Vulnerabilities
  • Description: IrfanView is an application that allows users to view images. The application is available for Microsoft Windows. It is expsoed to multiple denial of service issues due to a failure of the application to properly handle malformed BMP image files. IrfanView version 3.99 is affected.
  • Ref: http://www.securityfocus.com/bid/23318
  • 07.15.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
  • Description: FastStone Image Viewer is an application that allows users to view images. The application is exposed to multiple denial of service issues due to a failure of the application to properly handle malformed BMP image files. FastStone Image Viewer version 2.9 is affected.
  • Ref: http://www.securityfocus.com/bid/23312
  • 07.15.22 - CVE: CVE-2007-1684
  • Platform: Third Party Windows Apps
  • Title: SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution
  • Description: The sldimdownload.dll ActiveX control is part of the Solidworks 3D CAD application. The application is exposed to an issue that will allow remote attackers to execute arbitrary code on an affected computer.
  • Ref: http://www.securityfocus.com/bid/23290
  • 07.15.23 - CVE: CVE-2006-4974
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WS_FTP Long Site Command Buffer Overflow
  • Description: Ipswitch WS_FTP client is an FTP implementation that is available for Microsoft Windows operating systems. IPswitch WS_FTP is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Ipswitch WS_FTP client version 5.05 is affected.
  • Ref: http://www.securityfocus.com/bid/23260
  • 07.15.24 - CVE: CVE-2006-5820
  • Platform: Third Party Windows Apps
  • Title: AOL SB.SuperBuddy.1 ActiveX Control Remote Code Execution
  • Description: AOL SB.SuperBuddy.1 control is exposed to a remote code execution issue which occurs in the "LinkSBIcons()" function of the ActiveX control with CLSID. The ActiveX control implements the IObjectSafety interface and permits websites to invoke the control under Internet Explorer without any user interaction. AOL Client Software version 9.0 Security is affected.
  • Ref: http://www.securityfocus.com/archive/1/464313
  • 07.15.25 - CVE: CVE-2007-1217
  • Platform: Linux
  • Title: Linux Kernel CapiUtil.c Buffer Overflow
  • Description: The Linux kernel is exposed to a local buffer overflow issue because it fails to properly bounds check user-supplied input before using in an insufficiently sized buffer. Linux kernel versions 2.6.9 to 2.6.20 and isdn4k utilities are affected.
  • Ref: http://www.securityfocus.com/bid/23333
  • 07.15.26 - CVE: CVE-2007-0956
  • Platform: Linux
  • Title: MIT Kerberos 5 Telnet Daemon Authentication Bypass
  • Description: MIT Kerberos 5 is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. The application is exposed to an authentication bypass issue because the application fails to handle specially crafted user names beginning with "-e". Kerberos 5 versions 1.6 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/220816
  • 07.15.27 - CVE: CVE-2007-1216
  • Platform: Linux
  • Title: MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
  • Description: MIT Kerberos 5 is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. The application is exposed to a double free memory corruption issue. If certain error conditions occur, a previously freed buffer by the krb5 GSS-API mechanism may be freed again by an application.
  • Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
  • 07.15.28 - CVE: CVE-2007-0957
  • Platform: Linux
  • Title: Kerberos 5 kadmind Server Stack Based Buffer Overflow
  • Description: Kerberos is a network authentication protocol. kadmind (Kerberos Administration Daemon) is the administration server for Kerberos networks. The application is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Kerberos versions 1.6 and earlier are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0095.html
  • 07.15.29 - CVE: CVE-2007-1351, CVE-2007-1352
  • Platform: Linux
  • Title: X.Org libXfont Multiple Integer Overflow Vulnerabilities
  • Description: libXfont is the X.Org Xfont library. Some parts are based on the FreeType code base. The application is exposed to multiple local integer overflow issues because of a failure to adequately bounds check user-supplied data. libXfont version 1.2.2 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0125.html
  • 07.15.30 - CVE: Not Available
  • Platform: Linux
  • Title: DProxy DNS_Decode_Reverse_Name Buffer Overflow
  • Description: Dproxy is a small, freely available caching DNS server. The application is exposed to a remote buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Dproxy version 1.c is affected.
  • Ref: http://www.securityfocus.com/bid/23243
  • 07.15.31 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris TCP/IP Kernel Memory Corruption Denial of Service
  • Description: Sun Solaris running on computers using CMT (Chip Multi-Threading) processors are exposed to an issue which can result in a kernel panic. The issue presents itself when handling large volumes of TCP/IP traffic consisting of rapidly opened and closed TCP connections. Sun Solaris 10.0 _x86 and Sun Solaris 10.0 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102553-1&searchclause=
  • 07.15.32 - CVE: CVE-2007-1003
  • Platform: Unix
  • Title: X.Org X11 XC-MISC Extension Integer Overflow
  • Description: The X.Org X Windows server is an open-source X Window System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local integer overflow issue because it fails to adequately bounds check user-supplied data.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0125.html
  • 07.15.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution
  • Description: Symantec Enterprise Security Manager (ESM) is an application that automates the discovery of vulnerabilities and deviations in the security policies of mission critical e-business applications and servers across the enterprise from a single location. The application is exposed to a remote code execution issue because it does not verify that upgrades are from trusted sources. Symantec Enterprise Security Manager version 6.5 is affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.04.05d.html
  • 07.15.34 - CVE: CVE-2007-1270
  • Platform: Cross Platform
  • Title: VMWare Unspecified Double Free Memory Corruption
  • Description: VMware is software that emulates operating systems. The application is exposed to a double free memory corruption issue. VMWare ESX Server 3.0.1 and 3.0 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23323
  • 07.15.35 - CVE: CVE-2007-1271
  • Platform: Cross Platform
  • Title: VMware Unspecified Buffer Overflow
  • Description: VMWare is virtualization software that allows multiple virtual machines to run on a single computer. The application is exposed to an unspecified buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/23322
  • 07.15.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FireBug Cross Zone Scripting
  • Description: FireBug is a javascript debugger plug in for Mozilla Firefox. The application is exposed to a cross zone scripting issue because the application fails to execute code in the proper security context. FireBug version 1.01 and 1.02 are affected.
  • Ref: http://www.securityfocus.com/bid/23315
  • 07.15.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP RFC Library Trusted_System_Security Function Information Disclosure
  • Description: SAP RFC Libary provides an interface for SAP Systems. The application is exposed to an information disclosure issue which affects the "trusted_system_security()" function. SAP RFC Library 7.00 and SAP RFC Library 6.40 are affected.
  • Ref: http://www.securityfocus.com/archive/1/464669
  • 07.15.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP RFC Library System_Create_Instance Function Buffer Overflow
  • Description: SAP RFC Library provides an interface for SAP Systems. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied input before copying it to an insufficiently sized buffer. This issue affects the "system_create_instance()" function. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/464683
  • 07.15.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP RFC_Set_Reg_Server_Property RFC Function Denial of Service
  • Description: The SAP RFC Library is a component used to call any RFC Function in an SAP System from an external application. The RFC Library is expsoed to a remote denial of service issue which resides in the "RFC_SET_REG_SERVER_PROPERTY()" function.
  • Ref: http://www.securityfocus.com/archive/1/464685
  • 07.15.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure
  • Description: IBM Tivoli Business Service Manager is a tool suite that helps organize and allocate enterprise IT resources. The application is exposed to a local password disclosure issue that arises because of a design error. IBM Tivoli Business Service Manager 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23298
  • 07.15.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Metamod-P Safevoid_Vsnprintf() Remote Denial of Service
  • Description: Metamod-P is a DLL broker allowing for the dynamic management of HalfLife Mods. The application is exposed to a remote denial of service issue that resides in the "safevoid_vsnprintf()" function. Specifically, this issue occurs when a user sends an overly long string as a meta command to the function. Metamod-P version 1.19p29 is affected.
  • Ref: http://www.securityfocus.com/bid/23299
  • 07.15.42 - CVE: CVE-2007-1667
  • Platform: Cross Platform
  • Title: ImageMagic XInitImage Multiple Integer Overflow Vulnerabilities
  • Description: ImageMagick is an image editing suite that includes a library and command line utilities supporting numerous image formats, including SGI. The application is exposed to multiple integer overflow issues because it fails to properly validate user-supplied data.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0125.html
  • 07.15.43 - CVE: CVE-2007-1655
  • Platform: Cross Platform
  • Title: TinyMUX Fun_Ladd() Buffer Overflow
  • Description: TinyMUX is a text-based game server. The application is exposed to a stack-based buffer overflow issue because the software fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. TinyMUX version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23292
  • 07.15.44 - CVE: CVE-2007-1680
  • Platform: Cross Platform
  • Title: Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow
  • Description: Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo!. The Audio Conferencing ActiveX control, which is contained in the "yacscom.dll" library and shipped with Yahoo! Messenger is exposed to a buffer overflow issue. The software fails to perform sufficient bounds checking of user-supplied input before copying it to an insufficiently sized memory buffer. Yahoo! Messenger versions released prior to March 13, 2007 are affected.
  • Ref: http://www.securityfocus.com/bid/23291
  • 07.15.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IrfanView Cursor And Icon ANI Format Handling Remote Buffer Overflow
  • Description: IrfanView is exposed to a buffer overflow issue due to insufficient format validation, that occurs when handling malformed ANI cursor or icon files. IrfanView version 3.99 is affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23262
  • 07.15.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities
  • Description: IBM Tivoli Provisioning Manager for OS Deployment is a network boot server used to manage networked workstations. Tivoli Provisioning Manager for OS Deployment is exposed to multiple input validation issues because it fails to adequately handle user-supplied input. IBM Tivoli Provisioning Manager version 5.1.0.116 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=498
  • 07.15.47 - CVE: CVE-2007-0242
  • Platform: Cross Platform
  • Title: Trolltech QT UTF-8 Sequences Input Validation
  • Description: Trolltech Qt is an application development framework for the KDE desktop system. It supports windowing, multimedia, and other functionality. The application is exposed to an input validation issue due to a failure in the application to properly sanitize user-supplied input. Qt versions 3.3.8 and 4.2.3 are affected.
  • Ref: http://www.trolltech.com/company/newsroom/announcements/press.200 7-03-30.9172215350
  • 07.15.48 - CVE: CVE-2007-1797
  • Platform: Cross Platform
  • Title: ImageMagic Multiple Integer Overflow Vulnerabilities
  • Description: ImageMagick is an image editing suite that includes a library and command line utilities supporting numerous image formats, including SGI. It is available for a variety of platforms including Microsoft Windows, UNIX, and UNIX-like operating systems. The application is exposed to multiple integer overflow issues because it fails to properly validate user-supplied data. ImageMagick versions 6.3.3-1,2,3 and 9 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
  • 07.15.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP 5 PHP_Stream_Filter_Create() Function Buffer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP versions prior to 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-42-2007.html
  • 07.15.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Memory Manager Sign Comparison Multiple Buffer Overflow Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple buffer overflow issues because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP version 5.2.0 is affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-44-2007.html
  • 07.15.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Mercury Quality Center ActiveX Control Remote Code Execution
  • Description: HP Mercury Quality Center is a web-based system for automated software quality assurance. The application is exposed to a remote code execution issue. HP Mercury Quality Center versions 8.2 SP1 and 9.0 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=497
  • 07.15.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Norton Personal Firewall 2006 SPBBCDrv Driver Local Denial of Service
  • Description: Norton Personal Firewall 2006 is exposed to a local denial of service issue. This issue occurs when attackers supply specially crafted values through the "NtCreateMutant" or "NtOpenEvent" arguments of the "SSDT" function of the "SPBBCDrv.sys" driver. Norton Personal Firewall 2006 versions 9.1.1.7 and 9.1.0.33 are affected.
  • Ref: http://www.securityfocus.com/archive/1/464456
  • 07.15.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PulseAudio Assert() Remote Denial of Service
  • Description: PulseAudio is a sound server for POSIX and Win32 systems. The application is exposed to a remote denial of service issue which occurs when a user is sending an amount of data equal to zero. PulseAudio version 0.9.5 is affected.
  • Ref: http://aluigi.altervista.org/adv/pulsex-adv.txt
  • 07.15.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Msg_Receive() Memory Allocation Integer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an integer overflow issue because it fails to ensure that integer values aren't overrun. PHP versions prior to 4.4.5 and 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-43-2007.html
  • 07.15.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Str_Replace() Integer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an integer overflow issue because it fails to ensure that integer values aren't overrun. PHP versions prior to 4.4.5 and 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-39-2007.html
  • 07.15.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Imap_Mail_Compose() Function Buffer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP versions prior to 4.4.5 and 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-40-2007.html
  • 07.15.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP sqlite_udf_decode_binary() Function Buffer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP versions prior to 4.4.5 and 5.2.1 are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-41-2007.html
  • 07.15.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Printf() Function 64bit Casting Multiple Format String Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to multiple format string issues due to a design error when casting 64 bit variables to 32 bits. PHP versions prior to 4.4.5 and 5.2.1 running on 64 bit computers are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-38-2007.html
  • 07.15.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access
  • Description: Hitachi uCosminexus Application Server is a JTEE compliant environment for running applications. The application server is exposed to an unauthorized access issue. Please refer to the advisory for further details. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-006_e/index-e.html
  • 07.15.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Flyspray Unspecified Security Bypass and Information Disclosure Vulnerabilities
  • Description: FlySpray is a bug tracking system. The application is exposed to an unspecified security bypass issue and an unspecified information disclosure issue. FlySpray version 0.9.9 is affected.
  • Ref: http://www.flyspray.org/fsa:1
  • 07.15.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eXV2 CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: eXV2 CMS is a content management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "set_lang" parameter of the "archive.php", "article.php", "index.php" and "topics.php" scripts. eXV2 CMS version 2.0.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23314
  • 07.15.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HolaCMS Index_CMS.PHP Cross-Site Scripting
  • Description: HolaCMS is a content management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "acuparam" parameter of the "index_cms.php" script. HolaCMS version 1.4.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464572
  • 07.15.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NextPage LivePublish LPEXT.DLL Cross-Site Scripting
  • Description: LivePublish is an application used to package documents into collections which can be accessed and searched via web browsers. A cross-site scripting issue exists because the application fails to properly sanitize user-supplied input to the "f" parameter of the "lpext.dll" file. LivePublish version 2.02 is affected.
  • Ref: http://www.securityfocus.com/bid/23270
  • 07.15.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Atlassian JIRA IssueNavigator.JSPA Cross-Site Scripting
  • Description: Atlassian JIRA is a web portal written in Java/JavaScript. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "RequestId" parameter of the "IssueNavigator.jspa" script. Atlassian JIRA version 3.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23244
  • 07.15.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drake CMS UI.DTA.PHP Cross-Site Scripting
  • Description: Drake CMS is a content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "desc[][title]" parameter of the "ui.dta.php" script. Drake CMS version 0.3.7 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/464272
  • 07.15.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS WF-Link Module Viewcat.PHP SQL Injection
  • Description: WF-Link is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "viewcat.php" script before using it in an SQL query. WF-Link version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/23340
  • 07.15.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Jobs Module Index.PHP SQL Injection
  • Description: Jobs is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query. Jobs Module versions 2.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23344
  • 07.15.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gazi Okul Sitesi Fotokategori.ASP SQL Injection
  • Description: Gazi Okul Sitesi is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to unspecified parameters of the "fotokategori.asp" script before using it in an SQL query. Gazi Okul Sitesi version 2007 is affected.
  • Ref: http://www.securityfocus.com/bid/23316
  • 07.15.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Rha7 Downloads Module Visit.PHP SQL Injection
  • Description: Rha7 Downloads is a module for the XOOPS CMS. The application is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lid" parameter of the "visit.php" script before using it in an SQL query. Rha7 Downloads version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23320
  • 07.15.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Post_ID Parameter SQL Injection
  • Description: WordPress is a freely available application for desktop publishing. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. WordPress version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23294
  • 07.15.71 - CVE: CVE-2007-1810
  • Platform: Web Application - SQL Injection
  • Title: XOOPS KShop Module Product_Details.PHP SQL Injection
  • Description: KShop is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "product_details.php" script before using it in an SQL query. KShop version 1.17 is affected.
  • Ref: http://www.securityfocus.com/bid/23272
  • 07.15.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS PopnupBlog Module Index.PHP SQL Injection
  • Description: PopnupBlog is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "postid" parameter of the "index.php" script before using it in an SQL query. PopnupBlog version 2.52 is affected.
  • Ref: http://www.securityfocus.com/bid/23286
  • 07.15.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XFsection Xoops Module Print.PHP SQL Injection
  • Description: XFsection is a module for XOOPS CMS which simplifies the handling of existing HTML documents. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleid" parameter of the "print.php" script before using it in an SQL query. XFsection versions 1.07 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23261
  • 07.15.74 - CVE: CVE-2007-1779
  • Platform: Web Application - SQL Injection
  • Title: Advanced Website Creator Multiple SQL Injection Vulnerabilities
  • Description: Advanced Website Creator is a web development environment. The application is exposed to SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Advanced Website Creator versions prior to 1.9.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23268
  • 07.15.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Debaser Module Genre.PHP SQL Injection
  • Description: The XOOPS Debaser Module is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "genreid" parameter of the "genre.php" script before using it in an SQL query. The XOOPS Debaser Module version 0.92 is affected.
  • Ref: http://www.securityfocus.com/bid/23253
  • 07.15.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Multiple Modules Index.PHP SQL Injection Vulnerabilities
  • Description: PHP-Fusion modules are components for the PHP-Fusion content management system (CMS). The application is exposed to multiple SQL injection issues because these modules fail to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query. PHP-Fusion Topliste version 1.0 and PHP-Fusion Arcade Module version 1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23256
  • 07.15.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Module Zmagazine Print.PHP SQL Injection
  • Description: Zmagazine is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleid" parameter of the "print.php" script before using it in an SQL query. Zmagazine version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23258
  • 07.15.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS WF-Section Module Print.PHP SQL Injection
  • Description: The XOOPS WF Section Module is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleid" parameter of the "print.php" script before using it in an SQL query. The XOOPS WF Section Module version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/23259
  • 07.15.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS RM+Soft Gallery Module Categos.PHP SQL Injection
  • Description: The XOOPS RM+Soft Gallery Module is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idcat" parameter of the "categos.php" script before using it in an SQL query. The XOOPS RM+Soft Gallery Module version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23250
  • 07.15.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Module Camportail Show.PHP SQL Injection
  • Description: XOOPS Module Camportail is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "camid" parameter of the "show.php" script before using it in an SQL query. XOOPS Module Camportail version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23245
  • 07.15.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlexPHPNews News.PHP SQL Injection
  • Description: FlexPHPNews is a news management application for web sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter of the "news.php" script before using it in an SQL query. FlexPHPNews version 0.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23247
  • 07.15.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Calendar_Panel Module Show_Event.PHP SQL Injection
  • Description: PHP Fusion is a content management system (CMS). The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "m_month" parameter of the "show_event.php" script before using it in an SQL query. The affected script is part of the "Calendar Panel" application module.
  • Ref: http://www.securityfocus.com/bid/23225
  • 07.15.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Multiple Modules ViewCat.PHP SQL Injection Vulnerabilities
  • Description: XOOPS Modules are components for the XOOPS content management system (CMS). The application is exposed to multiple SQL injection issues because these modules fail to sufficiently sanitize user-supplied data to the "cid" parameter of the "viewcat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/23229
  • 07.15.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Module Lykos Reviews Index.PHP SQL Injection
  • Description: XOOPS Module Lykos Reviews is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter of the "index.php" script before using it in an SQL query. XOOPS Module Lykos Reviews version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/23232
  • 07.15.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Module Repository ViewCat.PHP SQL Injection
  • Description: XOOPS Module Repository is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "viewcat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/23221
  • 07.15.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Malaika System MyAds XOOPS Module Index.PHP SQL Injection
  • Description: Malaika System MyAds is a module for XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query. MyAds versions 2.04jp and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23212
  • 07.15.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Sisplet CMS Komentar.PHP Remote File Include
  • Description: Sisplet CMS is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "site_path" parameter of the "komentar.php" script. Sisplet CMS version 05.10 is affected.
  • Ref: http://www.securityfocus.com/bid/23334
  • 07.15.88 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyNewsletter Multiple Scripts Authentication Bypass Vulnerabilities
  • Description: phpMyNewsletter is a newsletter management application. The application is exposed to issues which allow an attacker to bypass authentication. The "index.php" script fails to verify user authentication prior to allowing configuration information to be changed. phpMyNewsletter versions 0.8 beta 5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23342
  • 07.15.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Generics _App_Relative_Path Multiple Remote File Include Vulnerabilities
  • Description: PHP Generics is a web-based application for database development. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "_APP_RELATIVE_PATH" parameter. PHP Generics version 1.0 beta is affected.
  • Ref: http://www.securityfocus.com/bid/23328
  • 07.15.90 - CVE: Not Available
  • Platform: Web Application
  • Title: CodeWand PHPBrowse Include_Stream.Inc.PHP Remote File Include
  • Description: PHPBrowse is a folder browsing script. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "include_path" parameter of the "include_stream.inc.php" script.
  • Ref: http://www.securityfocus.com/bid/23329
  • 07.15.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Lite-CMS Index.PHP Local File Include
  • Description: Lite CMS is a content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script. Lite CMS version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23330
  • 07.15.92 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Mutant Mutant_Functions.PHP Remote File Include
  • Description: Mutant is a portal module for phpBB. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "mutant_includes/mutant_functions.php" script. phpBB version 0.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23319
  • 07.15.93 - CVE: Not Available
  • Platform: Web Application
  • Title: AroundMe Multiple Remote File Include Vulnerabilities
  • Description: AroundMe is a content management system (CMS). The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. AroundMe version 0.7.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23303
  • 07.15.94 - CVE: Not Available
  • Platform: Web Application
  • Title: CyBoards PHP Lite Default_Header.PHP Remote File Include
  • Description: CyBoards PHP Lite is a web-based social networking application. CyBoards PHP Lite is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "script_path" parameter of "default_header.php". CyBoards PHP Lite version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/23306
  • 07.15.95 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog Games.PHP Remote File Include
  • Description: MyBlog is a content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "scoreid" parameter of the "games.php" script. MyBlog versions 1.0 through 1.6 are affected.
  • Ref: http://www.securityfocus.com/bid/23311
  • 07.15.96 - CVE: Not Available
  • Platform: Web Application
  • Title: MySpeach Multiple Local and Remote File Include Vulnerabilities
  • Description: MySpeach is a text-based chat application. The application is exposed to multiple local and remote file include issues. The remote and local file include issues are due to a lack of proper sanitization of user-supplied input to the "$_COOKIE" variable of the "chat.php" script. MySpeach version 3.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23302
  • 07.15.97 - CVE: Not Available
  • Platform: Web Application
  • Title: DirectAdmin Logfile HTML Injection
  • Description: DirectAdmin is a web hosting control panel application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. DirectAdmin version 1.29.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464471
  • 07.15.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Really Simple PHP and Ajax Multiple Remote File Include Vulnerabilities
  • Description: Really Simple PHP and Ajax is an Ajax enabled framework for PHP. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input before processing it in a "require()" function call. Really Simple PHP and Ajax version rspa-2007-03-23 is affected.
  • Ref: http://www.securityfocus.com/bid/23246
  • 07.15.99 - CVE: Not Available
  • Platform: Web Application
  • Title: BT-Sondage Gestion_Sondage.PHP Remote File Include
  • Description: BT-Sondage is a web-based survey application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "repertoire_visiteur" parameter of the "utilitaires/gestion_sondage.php" script. BT-Sondage version 1.12 is affected.
  • Ref: http://www.securityfocus.com/bid/23248
  • 07.15.100 - CVE: Not Available
  • Platform: Web Application
  • Title: MapTools MapLab Params.PHP Remote File Include
  • Description: MapLab is a suite of web-based tools for managing MapServer. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "gszAppPath" parameter of the "/htdocs/gmapfactory/params.php" script. MapLab version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464462
  • 07.15.101 - CVE: Not Available
  • Platform: Web Application
  • Title: CWB Pro Include_Path Multiple Remote File Include Vulnerabilities
  • Description: CWB PRO is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "INCLUDE_PATH" parameter. CWB PRO version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23242
  • 07.15.102 - CVE: Not Available
  • Platform: Web Application
  • Title: JCCorp URLShrink Email Parameter Remote Code Execution
  • Description: JCCorp URLshrink is a web-based application that condenses overly large URLs. The application is exposed to a remote code execution issue because it fails to properly sanitize user-supplied input passed to the "email" parameter. JCCorp URLshrink version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23217
  • 07.15.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Forum Picture and Meta Tags Module PHPBB_ROOT_PATH Remote File Include
  • Description: Forum Picture and Meta Tags module for phpBB is a tool for adding a picture and meta tag to individual forums. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "MOD_forum_fields_parse.php" script. Forum Picture version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23222/references
  • 07.15.104 - CVE: Not Available
  • Platform: Web Application
  • Title: JSBoard Login.PHP Local File Include
  • Description: JSBoard is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "table" parameter of the "login.php" script. JSBoard version 2.0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/23223
  • 07.15.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Drake CMS 404.PHP Local File Include
  • Description: Drake CMS is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "d_private" parameter of the "404.php" script. Drake CMS version 0.3.7 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/23215
  • 07.15.106 - CVE: Not Available
  • Platform: Web Application
  • Title: MailDwarf Multiple Input Validation Vulnerabilities
  • Description: MailDwarf is a web mail application implemented in Perl. The application is exposed to multiple cross-site scripting and input validation issues. MailDwarf version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/23207

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The information presented is priceless!
-Nehal Parmar, North Fork Bank

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU