Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 16
April 16, 2007

SANS Newsletters Home

A Microsoft Zero-Day caused a lot of frenetic activity this week, but the big "oh darn" moment this week was learning that the wireless infrastructure people had deployed in thousands of large organizations has hard coded user names and passwords and default community strings - -- which make their networks remotely exploitable.

Separately, with Rohit Dhamankar's help, we have launched a very cool new "Software Security @RISK" Newsletter that analyzes major current vulnerabilities from @RISK and shows the exact programming errors that caused the vulnerabilities. The newsletter will be distributed to all programmers who register for the secure coding exam (www.sans-ssi.org), as a continuous learning tool for them. In the mean time, we'll send the current issues to any programmer or tester or auditor who knows enough about secure coding in Java or C to review the current test blueprint in one of those languages and help us rate the secure coding rules in the blueprint on importance and frequency of use. Email spa@sans.org and tell us which language (Java or C) you are capable of reviewing.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 8 (#1, #4, #6)
    • Microsoft Office
    • 1
    • Other Microsoft Products
    • 2 (#3, #5)
    • Third Party Windows Apps
    • 12
    • Mac Os
    • 2
    • Linux
    • 12
    • HP-UX
    • 2
    • Solaris
    • 1
    • Unix
    • 2
    • Cross Platform
    • 13 (#8)
    • Web Application-X-Site Scripting
    • 7
    • Web Application-SQL Injection
    • 6 (#7)
    • Web Application
    • 45 (#9)
    • Network Device
    • 2 (#2)

******************** Sponsored By SANS Voucher Program **************

SANS Voucher Credits Maximize your Training Budget Save 15-30% on SANS training & certification Visit http://www.sans.org/info/5751 or Email Vouchers@sans.org *********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
HP-UX
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** Sponsored Links: ***********************

1) CALLING ALL SANS ALUMNI!!! Please visit http://www.sans.org/info/ 5756 to get a 15% discount off any SANS OnDemand course, offer ends April 18th. If you have any questions please email ondemand@sans.org

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Microsoft Content Management Server Multiple Vulnerabilities (MS07-018)
  • Affected:
    • Microsoft Content Management Server 2001/2002

  • Description: Microsoft Content Management Server (MSCMS), used to create and maintain web sites, contains multiple vulnerabilities: (a) A specially-crafted HTTP GET request could trigger memory corruption vulnerability in MSCMS. Successfully exploiting this vulnerability could allow an attacker to execute arbitrary code with the privileges of the MSCMS server process. (b) A cross-site scripting vulnerability exists in the way MSCMS handles HTML redirection requests. An attacker could leverage this vulnerability to execute arbitrary scripts on other users' systems with the same privileges as other scripts downloaded from the Internet. Further technical details for this vulnerability are unavailable.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: Microsoft Agent Memory Corruption (MS07-020)
  • Affected:
    • Microsoft Windows 2000/XP
    • Microsoft Windows Server 2003
    • Note: Users of Internet Explorer 7 are reportedly not vulnerable.

  • Description: Microsoft Agent is a Microsoft technology used to provide animated characters for user interaction. Microsoft Agent contains a memory corruption vulnerability. A specially-crafted URL could trigger this memory corruption vulnerability, and allow an attacker to execute arbitrary code with the privileges of the current user. A malicious web page that embedded such a URL could exploit this vulnerability when the user views the page. Clicking on the link itself is not necessary.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to this issue. They plan to deploy the patches during their next regularly scheduled maintenance window.

  • References:
  • (6) MODERATE: Microsoft Windows Universal Plug and Play Memory Corruption (MS07-019)
  • Affected:
    • Microsoft Windows XP

  • Description: Universal Plug and Play (UPnP) is a collection of open technologies, including HTTP and XML, used to advertise and discover network services and configuration. The implementation in Microsoft Windows XP contains a memory corruption vulnerability. By sending a specially-crafted HTTP request to a vulnerable system, an attacker could trigger this vulnerability. Successfully exploiting this vulnerability could lead to arbitrary code execution with the privileges of "LocalSystem". Note that the vulnerable service is not enabled by default. Under most network configurations, the attacker would need to be in the same sub network as the victim. A working exploit is known to exist, and is available to members of Immunity's partner program.

  • Status: Microsoft confirmed, updates available. Users are advised to block UDP port 1900 and TCP port 2869 at the network perimeter.

  • Council Site Actions: All reporting council sites are responding to this issue. They plan to deploy the patches during their next regularly scheduled maintenance window.

  • References:
  • (7) MODERATE: PunBB Bulletin Board Multiple Vulnerabilities
  • Affected:
    • PunBB versions 1.2.14 and prior

  • Description: PunBB is a popular PHP-based bulletin board system. It contains several vulnerabilities: (a) Failure to properly sanitize the "Zend_Hash_Del_Key_Or_Index" parameter can trigger an SQL injection vulnerability. A specially-crafted request would allow an attacker to execute arbitrary SQL code with the privileges of the web server process. Note that the PHP "register_globals" option must be on for this vulnerability to be possible; "register_globals" is off by default in all recent versions of PHP. (b) Failure to properly sanitize the HTTP "Referrer" header can lead to a cross-site scripting vulnerability in the "misc.php" script. The discoverer of this vulnerability has shown how this can be leveraged to also execute arbitrary PHP code by manipulating the header and uploading a false image containing PHP code. Full technical details for these vulnerabilities, plus a working exploit, are publicly available.

  • Status: PunBB confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (8) MODERATE: AOL AIM and ICQ Directory Traversal
  • Affected:
    • AOL AIM version 5.9 and prior
    • AOL ICQ version 5.1 and prior

  • Description: AOL AIM and ICQ, two popular instant messaging applications, contain a directory traversal vulnerability. These applications fail to properly validate filenames used in file transfers. An attacker who sent a file with a specially-crafted name including path traversal characters (i.e. "../" or "..\") could trigger this vulnerability, and overwrite arbitrary files on the victim's system, or place the file in an arbitrary location. Note that the victim must explicitly accept the file transfer from the attacker, and ICQ will not overwrite existing files without prompting.

  • Status: AOL confirmed, updates available. ICQ patches are available via ICQ's automatic update system. AIM patches are available, and the AIM infrastructure has also been patched to help mitigate the impact of this vulnerability.

  • Council Site Actions: Only one of the responding council sites is using the affected software; however it is not an officially supported application in their environment. They have notified the server team and desktop team to be aware of the problem. They believe their risk low because they block file transfers at their gateway.

  • References:
Other Software
  • (9) CRITICAL: Cosign Multiple Authentication Bypass
  • Affected:
    • Cosign versions 2.0.1 and prior

  • Description: Cosign is a Single Sign On system written by the University of Michigan. It is widely deployed in educational institutions and is used as a central authentication mechanism for multiple websites. It contains two authentication bypass vulnerabilities: (a) A specially-crafted cosign cookie, containing embedded newlines and cosign commands, can trigger an authentication bypass vulnerability in the cosign daemon. By sending such a cookie, an attacker could execute arbitrary cosign commands, including impersonating an arbitrary user without authentication. (b) A specially-crafted POST request to the central cosign server could allow an already-authenticated attacker to impersonate another user without authentication. Full technical details are available for both of these vulnerabilities, and a proof-of-concept is publicly available.

  • Status: University of Michigan confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5423 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.16.1 - CVE: CVE-2007-1748
  • Platform: Windows
  • Title: Microsoft Windows Domain Name Server Service Remote Procedure Call Interface
  • Description: Microsoft Windows Domain Name Server (DNS) service is an Internet directory service that translates domain names into IP addresses. The application is exposed to an unspecified issue in its Remote Procedure Call (RPC) interface which is typically bound to TCP ports between 1024 and 5000. Windows Server 2000 Service Pack 4, and Windows Server 2003 Service Packs 1 and 2 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/555920
  • 07.16.2 - CVE: Not Available
  • Platform: Windows
  • Title: KarjaSoft Sami HTTP Server Request Remote Denial of Service
  • Description: Sami HTTP Server is a server application. It is exposed to a remote denial of service issue because the application fails to handle exceptional conditions. Sami HTTP Server version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23445
  • 07.16.3 - CVE: CVE-2007-1209
  • Platform: Windows
  • Title: Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation
  • Description: Microsoft Windows CSRSS (client/server run-time subsystem) is the user mode portion of the Win32 subsystem. CSRSS is a required service for Windows and is always running. CSRSS is exposed to a local privilege escalation issue because it fails to adequately marshal system resources when handling connections during process startups and stops. Microsoft Windows Vista is affected.
  • Ref: http://www.kb.cert.org/vuls/id/219848
  • 07.16.4 - CVE: CVE-2007-1206
  • Platform: Windows
  • Title: Microsoft Windows IVT Kernel Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue because the Windows kernel allows incorrect permissions to be used when mapping memory segments. Please refer to the advisory for further details.
  • Ref: http://www.kb.cert.org/vuls/id/337953
  • 07.16.5 - CVE: CVE-2007-1204
  • Platform: Windows
  • Title: Microsoft Windows UPnP Remote Code Execution
  • Description: UPnP is a set of network protocols to extend plug-and-play functionality to intelligent network devices in homes and businesses. This allows intelligent network devices to automatically connect to each other without requiring user configuration. Microsoft Windows is exposed to a remote code execution vulnerability because it fails to handle certain HTTP requests. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509
  • 07.16.6 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Help File Unspecified Heap Overflow
  • Description: The "winhlp32.exe" executable is the Microsoft Windows Help File viewer. The application is exposed to a heap overflow issue because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers.
  • Ref: http://www.securityfocus.com/bid/23382
  • 07.16.7 - CVE: CVE-2007-1687
  • Platform: Windows
  • Title: IPIX Image Well ActiveX Controls Multiple Buffer Overflow Vulnerabilities
  • Description: Internet Pictures Corporation (IPIX) Image Well ActiveX control is part of a software suite available to view 360 degree field-of-view images. The application is exposed to multiple buffer overflow issues because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.kb.cert.org/vuls/id/958609
  • 07.16.8 - CVE: Not Available
  • Platform: Windows
  • Title: SignKorea SKCrypAX ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: SignKorea SKCrypAX ActiveX control is a web-based component for the SignKorea SKCrypAX application. The application is exposed to multiple remote buffer overflow issues because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. SignKorea SKCrypAX ActiveX control version 5.4.1.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.16.9 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow
  • Description: Microsoft Word is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.securityfocus.com/bid/23380
  • 07.16.10 - CVE: CVE-2007-1205
  • Platform: Other Microsoft Products
  • Title: Microsoft Agent URI Processing Remote Code Execution
  • Description: Microsoft Agent is a set of software services for developers to enhance the user interface of web-based applications. The application is exposed to a remote code execution issue when the Microsoft Agent component processes URIs.
  • Ref: http://www.kb.cert.org/vuls/id/728057
  • 07.16.11 - CVE: CVE-2007-0938
  • Platform: Other Microsoft Products
  • Title: Microsoft Content Management Server Remote Code Execution
  • Description: Microsoft Content Management Server (MCMS) is an application that allows users to create, publish and manage web content remotely. It operates in conjunction with Internet Information Server and SQL Server. The application is exposed to an arbitrary code execution issue because the software fails to properly validate user-supplied input.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-018.mspx
  • 07.16.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Acubix PicoZip Archive Directory Traversal
  • Description: PicoZip is a file compression utility. The application is exposed to a directory traversal issue because the software fails to properly sanitize user-supplied input. PicoZip 4.02 is affected.
  • Ref: http://www.securityfocus.com/bid/23471
  • 07.16.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MarkAny MaPrintModule ActiveX Control Remote Buffer Overflow
  • Description: MarkAny MaPrintModule is an ActiveX control provided by various MarkAny products. It is a DRM module used in watermarking software. The application is exposed to a buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/q240797/
  • 07.16.14 - CVE: CVE-2007-1559
  • Platform: Third Party Windows Apps
  • Title: Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow
  • Description: Roxio CinePlayer is a media player available for the Microsoft Windows operating system. The application is exposed to a stack buffer overflow issue because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer. Roxio CinePlayer version 3.2 is affected.
  • Ref: http://secunia.com/advisories/22251/
  • 07.16.15 - CVE: CVE-2006-6696
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows CSRSS MSGBox Remote Code Execution
  • Description: Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is the user mode portion of the Win32 subsystem. CSRSS is a required service for Windows and is always running. MsgBox is exposed to a remote code execution issue because it fails to adequately handle certain error messages.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx
  • 07.16.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystem Ichitaro Unspecified Remote Code Execution
  • Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to an unspecified code execution issue. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23386
  • 07.16.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArchiveXpert Multiple Directory Traversal Vulnerabilities
  • Description: ArchiveXpert is an application for managing archives. The application is exposed to multiple directory traversal issues because the software fails to properly sanitize user-supplied input. ArchiveXpert version 2.02 build 80 is affected.
  • Ref: http://www.securityfocus.com/bid/23372
  • 07.16.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Explorer ANI File Denial of Service
  • Description: Windows Explorer is exposed to a denial of service issue. The problem occurs when the application is used to open a folder containing a malicious ANI file. Windows Explorer on Microsoft Windows XP SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/23373
  • 07.16.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CompreXX Multiple Directory Traversal Vulnerabilities
  • Description: CompreXX is an application for managing archives. The application is exposed to multiple directory traversal issues because the software fails to properly sanitize user-supplied input. CompreXX version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23362
  • 07.16.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp IN_Mod.DLL Plug-in Remote Code Execution
  • Description: Winamp is a multimedia player. The Winamp IN_MOD.DLL plug-in is exposed to a remote code execution issue because it fails to adequately handle malformed files. Winamp version 5.33 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464890
  • 07.16.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp LibSNDFile.DLL Component Remote Code Execution
  • Description: Winamp is a multimedia player. Winamp is exposed to a remote code execution issue resulting from an off by zero memory corruption error. Winamp version 5.33 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464889
  • 07.16.22 - CVE: CVE-2007-1112
  • Platform: Third Party Windows Apps
  • Title: Kaspersky AntiVirus Prod60 ActiveX Control Arbitrary File Exfiltration
  • Description: Kaspersky AntiVirus is an antivirus application for desktop and small business computers. The application is exposed to an arbitrary file exfiltration issue because it contains a file upload ActiveX control that can be misused by a malicious site. Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 are affected.
  • Ref: http://www.kaspersky.com/technews?id=203038694
  • 07.16.23 - CVE: CVE-2007-0445
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow
  • Description: The Kaspersky Antivirus Engine is the core antivirus software used in Kaspersky computer security tools for Microsoft Windows. The application is exposed to remote heap overflow issue because the application fails to perform sufficient boundary checks on user-supplied data before copying it into an insufficiently sized buffer. Kaspersky Anti-Virus version 6.0 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-013.html
  • 07.16.24 - CVE: CVE-2007-1279
  • Platform: Mac Os
  • Title: Adobe Bridge Update Installer Local Privilege Escalation
  • Description: Adobe Bridge is a media manager application providing centralized access to Adobe applications, data and system settings. The application is exposed to a local privilege escalation issue because of a flaw in the update installation routine that allows a non-administrative user to gain administrative privileges. Adobe Bridge 1.0.3 update on the Mac OS is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-09.html
  • 07.16.25 - CVE: CVE-2007-0734
  • Platform: Mac Os
  • Title: Apple AirPort Extreme Base Station Firmware Information Disclosure
  • Description: Apple AirPort Extreme Base Station is a wireless networking router for Apple computers and devices. The router features the AirPort Disk Utility which allows files from connected USB hard drives to be shared with other devices and computers on the network. The application is exposed to an information disclosure issue because it's firmware fails to adequately validate users. Firmware versions prior to 7.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=305366
  • 07.16.26 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Fib_Semantics.C Out Of Bounds Access
  • Description: The Linux kernel is exposed to an out of bounds access issue. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds check user-supplied data before accessing an array. The Linux versions prior to 2.6.21-rc6 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6
  • 07.16.27 - CVE: Not Available
  • Platform: Linux
  • Title: Opera Web Browser Running Adobe Flash Player Unspecified
  • Description: Opera Web Browser is exposed to an unspecified vulnerability when running Adobe Flash Player. Opera Web Browser versions prior to 9.20 are affected. Adobe Flash Player versions prior to 9.0.28.0 are affected. Please refer to the advisory for further details.
  • Ref: http://www.opera.com/support/search/view/858/
  • 07.16.28 - CVE: CVE-2006-7179
  • Platform: Linux
  • Title: MADWifi Channel Switch Announcement Information Elements Denial of Service
  • Description: MADWifi (Multiband Atheros Driver for WiFi) is a device driver for Wireless LAN chipsets. The application is exposed to a denial of service issue because it fails to properly handle certain network packets. MADWifi versions prior to 0.9.3 are affected.
  • Ref: http://madwifi.org/ticket/963
  • 07.16.29 - CVE: CVE-2006-7180
  • Platform: Linux
  • Title: MADWifi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
  • Description: MADWiFi (Multiband Atheros Driver for WiFi) is a Linux kernel device driver application for wireless LAN chipsets. The application is exposed to multiple issues because the "ieee80211_output.c" source file sends unencrypted packets prior to successful WPA authentication. MADWifi versions prior to 0.9.3 are affected.
  • Ref: http://madwifi.org/wiki/Releases/0.9.3
  • 07.16.30 - CVE: CVE-2006-7178
  • Platform: Linux
  • Title: MADWifi Auth Frame IBSS Remote Denial of Service
  • Description: MADWifi (Multiband Atheros Driver for WiFi) is a Linux kernel device driver for Wireless LAN chipsets. The application is exposed to a remote denial of service issue because the application fails to properly handle certain AUTH frames from an IBSS node. MADWifi versions prior to 0.9.3 are affected.
  • Ref: http://madwifi.org/ticket/880
  • 07.16.31 - CVE: CVE-2006-7177
  • Platform: Linux
  • Title: MADWifi Ad-Hoc Mode Denial of Service
  • Description: MADWifi (Multiband Atheros Driver for WiFi) is a device driver for Wireless LAN chipsets. The application is exposed to a denial of service issue when running in "Ad-Hoc" mode because the application/service fails to properly handle certain network packets/traffic. MADWifi versions prior to 0.9.3 are affected.
  • Ref: http://madwifi.org/ticket/880
  • 07.16.32 - CVE: Not Available
  • Platform: Linux
  • Title: Quagga BGPD UPDATE Message Remote Denial of Service
  • Description: Quagga is a suite of routing applications written for the FreeBSD, Linux, Solaris and NetBSD operating systems. The application is exposed to a remote denial of service issue because it fails to handle a malformed multi protocol message. Quagga versions 0.99.6, 0.98.6 and prior (0.99 branch and 0.98 branch) are affected.
  • Ref: http://www.securityfocus.com/bid/23417
  • 07.16.33 - CVE: CVE-2007-1874
  • Platform: Linux
  • Title: Adobe Macromedia ColdFusion Insecure File Permissions
  • Description: Adobe Macromedia ColdFusion is an application server and software development framework used for creating dynamic web-based content. The application is exposed to this issue when users install a previous patch referenced in Adobe Security Advisory APSB06-17. Adobe Macromedia ColdFusion version 7.0.2.142559 for Linux is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-08.html
  • 07.16.34 - CVE: CVE-2007-1841
  • Platform: Linux
  • Title: IPSec-Tools Remote Denial of Service
  • Description: IPSec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. The application is exposed to a remote denial of service issue because the application fails to properly handle certain network packets. IPSec-Tools versions prior to 0.6.7 are affected. Ref: http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
  • 07.16.35 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel DCCP Proto.C Buffer Overflow
  • Description: The Linux kernel is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. This issue affects the "do_dccp_getsockopt()" function in the "netdccpproto.c" source file. The Linux kernel versions prior to 2.6.20.5 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5
  • 07.16.36 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue. This issue presents itself when malformed AppleTalk frames are processed. Linux kernel versions prior 2.6.20.5 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5
  • 07.16.37 - CVE: CVE-2006-4250
  • Platform: Linux
  • Title: Man Command -H Flag Local Buffer Overflow
  • Description: The man command is a command on unix and linux based systems which is used to handle man files. The man command is exposed to a local buffer overflow issue because it fails to properly bounds check user-supplied input before using it in a memory copy operation. Debian Linux 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23355
  • 07.16.38 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX ARPA Transport Unspecified Denial of Service
  • Description: ARPA Transport software is used to provide TCP/IP and Socket support as well as TCP/IP administration commands. Instances of HP-UX that are running ARPA Transport software are exposed to an unspecified local denial of service issue. HP-UX B.11.00 is affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23410
  • 07.16.39 - CVE: Not Available
  • Platform: HP-UX
  • Title: Hewlet Packard HP-UX Portable File System Unspecified Privilege Escalation
  • Description: PFS (Portable File System) allows access to multiple CD ROM file systems. HP-UX running PFS is exposed to an unspecified privilege escalation issue. HP-UX versions B.11.23, B.11.11, and B.11.00 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23401
  • 07.16.40 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris IP Implementation Remote Denial of Service
  • Description: Sun Solaris is exposed to a remote denial of service issue because the application fails to handle exceptional conditions. Solaris 8 and Solaris 9 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102866-1&searchclause=
  • 07.16.41 - CVE: Not Available
  • Platform: Unix
  • Title: FreeRADIUS EAP-TTLS Tunnel Memory Leak Remote Denial of Service
  • Description: FreeRADIUS is a network authentication and accounting server application. It is designed for use on UNIX and Linux platforms. The application is exposed to a denial of service issue due to a programming error. FreeRADIUS versions prior to 1.1.6 are affected.
  • Ref: http://www.freeradius.org/security.html
  • 07.16.42 - CVE: Not Available
  • Platform: Unix
  • Title: BFTPD Commands Multiple Remote Denial of Service Vulnerabilities
  • Description: BFTPD is an FTP server for Linux and Unix. The application is exposed to multiple remote denial of service issues because it fails to handle exceptional conditions. These issues occur due to unspecified double free errors when the application processes certain "GET" and "MGET" FTP commands. BFTPD versions prior to 1.8 are affected.
  • Ref: http://www.securityfocus.com/bid/23406
  • 07.16.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aircrack-ng Airodump-ng Authentication Packet Buffer Overflow
  • Description: Aircrack-ng is a client application for cracking 802.11 WEP and WPA-PSK keys. It is a utility included in the Aircrack-ng application suite for capturing raw 802.11 frames. The application is exposed to a remote buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Airodump-ng version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23467
  • 07.16.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Drupal Database Administration Module Multiple HTML Injection Vulnerabilities
  • Description: Drupal Database Administration Module is a component of the Drupal CMS. Drupal is available for a number of platforms, including Microsoft Windows and UNIX/Linux variants. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content. Drupal Database Administration versions prior to 4.7.0-1.2 and all versions of the 4.6.0 branch are affected.
  • Ref: http://www.securityfocus.com/bid/23440
  • 07.16.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Applications 11i Unspecified Encrypted Password Information Disclosure
  • Description: Oracle Applications 11i is exposed to an information disclosure issue because the application fails to protect sensitive information. Oracle Applications 11i 11.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23446
  • 07.16.46 - CVE: CVE-2007-1741
  • Platform: Cross Platform
  • Title: Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
  • Description: Apache suEXEC is a utility to execute CGI and SSI applications under user IDs different from the user ID of the calling web-server. The application is exposed to multiple local privilege escalation weaknesses. Apache suEXEC version 2.2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23438
  • 07.16.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: webMethods Glue Console Directory Traversal
  • Description: webMethods Glue is a web services platform allowing users to combine J2EE, .NET, and other web services. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "resource" parameter of "/console". webMethods version 6.5.1is affected.
  • Ref: http://www.securityfocus.com/archive/1/465332
  • 07.16.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BakBone NetVault: Backup Unspecified Heap Buffer Overflow
  • Description: BakBone NetVault: Backup is a data recovery and protection application available for multiple operating platforms. The application is exposed to an unspecified heap buffer overflow issue. BakBone NetVault versions prior to 7.40 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23414
  • 07.16.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle April Critical Patch Update Advance Notification
  • Description: Oracle has released advance notification of their April Critical Patch Update that will address 37 issues affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne. Oracle will be releasing their April quarterly Critical Patch Update on April 17, 2007. Further details about the specific vulnerabilities will also be released at that time. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
  • 07.16.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AOL AIM and ICQ Clients Directory Traversal
  • Description: AOL AIM and ICQ Clients are instant messaging client applications. AIM is available for multiple operating systems and ICQ is available for Microsoft Windows operating systems. These applications are exposed to a directory traversal issue because they fail to properly sanitize user-supplied input during a file transfer operation.
  • Ref: http://www.securityfocus.com/bid/23391
  • 07.16.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CattaDoc Arbitrary Files Information Disclosure
  • Description: cattaDoc is a web-based document manager application. The application is exposed to a remote information disclosure issue because of a lack of proper sanitization of user-supplied input to the "fn1" parameter of the "download2.php" script before being passed as an argument to a PHP "readfile()" call. cattaDoc 2.2.1 and 3.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23390
  • 07.16.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection
  • Description: PHP has a "filter_var()" function that is designed to sanitize user-supplied input for various purposes. The application is exposed to an email newline injection issue because it fails to properly sanitize user-supplied input. PHP 5.2.1 and PHP 5.2 are affected.
  • Ref: http://www.php-security.org/MOPB/PMOPB-45-2007.html
  • 07.16.53 - CVE: CVE-2007-1001
  • Platform: Cross Platform
  • Title: PHP GD Extension WBMP File Integer Overflow Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP's GD extension is exposed to two integer overflow issues because it fails to ensure that integer values aren't overrun. PHP versions 5.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/464957
  • 07.16.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebug Rep.JS Script Code Injection
  • Description: Firebug is a Firefox extension that is used for debugging, editing and monitoring CSS, JavaScript and HTML. Firebug is exposed to a script code injection issue. The issue exists because the "rep.js" script fails to adequately escape user-supplied data. Firebug versions prior to 1.04 are affected.
  • Ref: http://www.securityfocus.com/archive/1/464875
  • 07.16.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities
  • Description: ImageMagick is an image editing suite that includes a library and command line utilities supporting numerous image formats, including SGI. The application is exposed to multiple integer overflow issues because it fails to adequately handle user-supplied data. ImageMagick versions 6.2.9 through 6.3.3-4 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
  • 07.16.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TuMusika Evolution Index.PHP Cross-Site Scripting
  • Description: TuMusika Evolution is a music playlist organizer application. The application is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input to the "msg" parameter of the "index.php" script. TuMusika Evolution version 1.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465515
  • 07.16.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpwebnews Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpwebnews is a web-based news application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. phpwebnews version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23448
  • 07.16.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Einfacher Passworschutz Index.PHP Cross-Site Scripting
  • Description: Einfacher Passworschutz is a password protection application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "msg" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/23395
  • 07.16.59 - CVE: CVE-2007-0939
  • Platform: Web Application - Cross Site Scripting
  • Title: Microsoft Content Management Server Cross-Site Scripting
  • Description: Microsoft Content Management Server (MCMS) is an application that allows users to create, publish and manage web content remotely. It operates in conjunction with Internet Information Server and SQL Server. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input when processing HTTP requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-018.mspx
  • 07.16.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Youngzsoft CMailServer Signup.ASP Cross-Site Scripting
  • Description: Youngzsoft CMailServer is a mail application for Microsoft Windows platforms. It includes webmail support that is implemented as ASP scripts. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "POP3Mail" parameter of the "signup.asp" script. Youngzsoft CMailServer version 5.3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464966
  • 07.16.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Youngzsoft CMailServer Comment Parameter Cross-Site Scripting
  • Description: Youngzsoft CMailServer is a mail application for Microsoft Windows platforms. It includes webmail support that is implemented as ASP scripts. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Comment" parameter of the "mail/signup.asp" script. Youngzsoft CMailServer version 5.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23363
  • 07.16.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Livor Index.PHP Cross-Site Scripting
  • Description: Livor is a web application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Livor version 2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464888
  • 07.16.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Crea-book Multiple SQL Injection Vulnerabilities
  • Description: Crea-book is a PHP based program for counting calories. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "passe" and "pseudo" parameters in the "admin" directory. Crea-book version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23418
  • 07.16.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DropAFew Multiple SQL Injection Vulnerabilities
  • Description: DropAFew is a calorie counting program. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the scripts search.php, search-pda.php, editlogcal.php and editlogcal.php. DropAFew version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23400
  • 07.16.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Battle.net Clan Script Login.PHP SQL Injection
  • Description: Battle.net Clan Script is a clan management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" and "password" parameters of the "login.php" script before using it in an SQL query. Battle.net Clan Script version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23383
  • 07.16.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UBB.threads UBBThreads.PHP SQL Injection
  • Description: UBB.threads is a web-forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "C" parameter of the "ubbthreads.php" script before using it in an SQL query. UBB.threads versions 6.1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/465076
  • 07.16.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmodCMS Dictionary.PHP SQL Injection
  • Description: SmodCMS is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ssid" parameter of the "php/mod/dictionary.php" script before using it in an SQL query. SmodCMS versions 2.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23364
  • 07.16.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmodBIP Index.PHP SQL Injection
  • Description: SmodBIP is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. SmodBIP versions 1.06 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23356
  • 07.16.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Business Management Unspecified Authentication Bypass
  • Description: Open Business Management is a groupware, messaging and CRM application. The application is exposed to an unspecified authentication bypass issue because it fails to authenticate users before providing access to sensitive information. Open Business Management versions prior to 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23472
  • 07.16.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Chatness Multiple Remote Vulnerabilities
  • Description: Chatness is a chat application. The application is exposed to multiple remote issues because the application permits attackers to overwrite files with an ".html" extension and discloses the username and password in plain text of the administrator in a pre-filled form. Chatness versions 2.5.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/465547
  • 07.16.71 - CVE: CVE-2007-1871
  • Platform: Web Application
  • Title: chCounter Stats/Index.PHP HTML Injection
  • Description: chCounter is a web site use statistics application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. chCounter version 3.1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465486
  • 07.16.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Ice Download Gallery Arbitrary File Upload
  • Description: Ice Download Gallery is a web-based picture gallery application. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied data when uploading images through "index.php". Ice Download Gallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23463
  • 07.16.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Expow Autoindex.PHP Remote File Include
  • Description: Expow is a web-based application to generate directory indexes. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cfg_file" parameter of the "autoindex.php" script. Expow version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/23464
  • 07.16.74 - CVE: CVE-2007-1872
  • Platform: Web Application
  • Title: ToendaCMS HTTP Get and Post Forms HTML Injection
  • Description: ToendaCMS is a content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to HTTP GET and POST forms. ToendaCMS version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23453
  • 07.16.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Openads Adclick.PHP HTTP Response Splitting
  • Description: Openads is an application for hosting classified ads online. The application is exposed to an HTTP response splitting issue in the "Adclick.php" script. Openads versions prior to 2.0.11-pr1 are affected.
  • Ref: http://www.securityfocus.com/bid/23442
  • 07.16.76 - CVE: CVE-2006-6644
  • Platform: Web Application
  • Title: mxBB MX Shotcast Module MX_Root_Path Remote File Include
  • Description: mxBB MX Shotcast is a module for the mxBB bulletin board. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mx_root_path" parameter of the "getinfo1.php" script. mxBB MX Shotcast version 1.0 RC2 is affected.
  • Ref: http://www.securityfocus.com/bid/23444
  • 07.16.77 - CVE: Not Available
  • Platform: Web Application
  • Title: RicarGBooK Header.PHP Local File Include
  • Description: RicarGBooK is a guest book application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" cookie parameter used by the "header.php" script. RicarGBooK version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23450
  • 07.16.78 - CVE: Not Available
  • Platform: Web Application
  • Title: WebKalk2 Engine.Inc.PHP Remote File Include
  • Description: WebKalk2 is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "absolute_path" parameter of the "engine/engine.inc.php" script. WebKalk2 version 1.9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23451
  • 07.16.79 - CVE: Not Available
  • Platform: Web Application
  • Title: FAC Guestbook Database Information Disclosure
  • Description: FAC Guestbook is a guestbook application. The application is exposed to a database information disclosure issue as it does not restrict access to the "db/gdb.mdb" databases. FAC Guestbook versions 2.0 and 3.01 are affected.
  • Ref: http://www.securityfocus.com/bid/23441
  • 07.16.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Calendar Module Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: Mambo Calendar Module is a calendar module for the Mambo content management system (CMS). The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "absolute_path" parameter of "/components/calendar/com_calendar.php" and "/modules/calendar/mod_calendar.php" scripts. Mambo Calendar version 155 is affected.
  • Ref: http://www.securityfocus.com/bid/23435
  • 07.16.81 - CVE: Not Available
  • Platform: Web Application
  • Title: SimpCMS Light Index.PHP Remote File Include
  • Description: SimpCMS Light is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "site" parameter of the "index.php" script. SimpCMS Light version 6.4.2007 is affected.
  • Ref: http://www.securityfocus.com/bid/23439
  • 07.16.82 - CVE: Not Available
  • Platform: Web Application
  • Title: @Mail Atmail.PHP Cross-Site Scripting
  • Description: @Mail is a webmail application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "username" parameter of the "atmail.php" script. @Mail version 5.0 is affected.
  • Ref: http://www.majorsecurity.de/index_2.php?major_rls=major_rls43
  • 07.16.83 - CVE: Not Available
  • Platform: Web Application
  • Title: pL-PHP Admin.PHP Local File Include
  • Description: pL-PHP is a content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "admin.php" script. pL-PHP version beta 0.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465340
  • 07.16.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo/Joomla Com_Mosmedia MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: com_mosmedia is a component module for Mambo and Joomla. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "media.tab.php" and "media.divs.php" scripts.
  • Ref: http://www.securityfocus.com/bid/23432
  • 07.16.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Cosign CGI Register Command Remote Authentication Bypass
  • Description: Cosign is a web-based single sign-on application. The application is exposed to an authentication bypass issue because it fails to adequately sanitize user-supplied input. Cosign versions prior to 1.9.4b and 2.0.2a are affected. Ref: http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt
  • 07.16.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB Multiple Input Validation Vulnerabilities
  • Description: PunBB is a bulletin board application. The application is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/465338
  • 07.16.87 - CVE: Not Available
  • Platform: Web Application
  • Title: pL-PHP Multiple Input Validation Vulnerabilities
  • Description: pL-PHP is a content management application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. pL-PHP beta version 0.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465340
  • 07.16.88 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPFaber TopSites Admin/Index.PHP Directory Traversal
  • Description: TopSites is a script that manages a list of popular web sites. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "modify" parameter of the "admin/index.php" script. TopSites version 3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465339
  • 07.16.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Cosign CGI Check Cookie Command Remote Authentication Bypass
  • Description: Cosign is a web-based single sign-on application. Cosign is exposed to an authentication bypass issue because it fails to adequately sanitize user-supplied input. Cosign versions prior to 1.9.4b and 2.0.2a are affected. Ref: http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt
  • 07.16.90 - CVE: Not Available
  • Platform: Web Application
  • Title: CodeBreak Codebreak.PHP Remote File Include
  • Description: CodeBreak is a web-based PHP application to convert text to Morse code. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_POST[process_method]" parameter of the "codebreak.php" script. CodeBreak version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465382
  • 07.16.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Miniwebsvr Server Directory Traversal
  • Description: Miniwebsvr is a web server available for various operating systems. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests contain directory traversal strings. Miniwebsvr version 0.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23413
  • 07.16.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo com_zoom Module MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: com_zoom is a module available for Mambo. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of "EXIF_Makernote.php" and "EXIF.php". com_zoom version 25beta is affected.
  • Ref: http://www.securityfocus.com/bid/23415
  • 07.16.93 - CVE: Not Available
  • Platform: Web Application
  • Title: TOSMO/Mambo Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: TOSMO/Mambo is a fork of Mambo, a web-based portal application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "absolute_path" parameter of "/components/com_minibb.php" and "/components/minibb/bb_plugins.php". TOSMO/Mambo version 1.4.13a is affected.
  • Ref: http://www.securityfocus.com/bid/23416
  • 07.16.94 - CVE: Not Available
  • Platform: Web Application
  • Title: DotClear Multiple Cross-Site Scripting Vulnerabilities
  • Description: DotClear is a web application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input to the "post_id" parameter of the "dotclear/ecrire/trackback/php" script and the "tool_url" parameter of the "tools/thememng/index.php" script. DotClear versions prior to 1.2.6 are affected.
  • Ref: http://www.securityfocus.com/bid/23411
  • 07.16.95 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Video Share Enterprise Multiple Remote Vulnerabilities
  • Description: AlstraSoft Video Share Enterprise is a video sharing script. The application is prone to multiple remote issues because the application fails to sufficiently sanitize user-supplied data to the "id" parameter of the "msg.php" script before using it in an SQL injection. AlstraSoft Video Share Enterprise versions 4.3 and earlier are affected. Ref: http://pridels.blogspot.com/2007/03/alstrasoft-video-share-enterprise.html
  • 07.16.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Inout Mailing List Manager Multiple Vulnerabilities
  • Description: Inout Mailing List Manager is a mailing list management script. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. Inout Mailing List Manager version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23407
  • 07.16.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo/Joomla Taskhopper MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: Taskhopper is a module for Joomla and Mambo. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter. Taskhopper version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23408
  • 07.16.98 - CVE: Not Available
  • Platform: Web Application
  • Title: MyNews Week_Events.PHP Remote File Include
  • Description: MyNews is a web-based news reader. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "myNewsConf[path][sys][index]" parameter of the "include/blocks/week_events.php" script. MyNews versions 4.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23398
  • 07.16.99 - CVE: Not Available
  • Platform: Web Application
  • Title: phpGalleryScript Init.Gallery.PHP Remote File Include
  • Description: phpGalleryScript is an image gallery. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "include_class" parameter of the "init.gallery.php" script. phpGalleryScript version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23399
  • 07.16.100 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP121 Instant Messenger php121db.PHP Local File Include
  • Description: PHP121 is a web-based instant messenger. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "php121dir" parameter of the "php121db.PHP" script. PHP121 version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23392
  • 07.16.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Pathos Warn.PHP Remote File Include
  • Description: Pathos is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "warn.php" script. Pathos version 0.92-2 is affected.
  • Ref: http://www.securityfocus.com/bid/23393
  • 07.16.102 - CVE: Not Available
  • Platform: Web Application
  • Title: HIOX Free Guest Book Index.PHP HTML Injection
  • Description: HIOX FREE Guest Book is a web application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the email field in the "index.php" script. HIOX FREE Guest Book version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23397
  • 07.16.103 - CVE: Not Available
  • Platform: Web Application
  • Title: DeskPro Login.PHP HTML Injection
  • Description: DeskPRO is a customer relationship management application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "username" input field of the "login.php" script. DeskPRO version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465089
  • 07.16.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Xrousse Beryo Downloadpic.PHP Arbitrary File Download
  • Description: Xrousse Beryois a web-based application. The application is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "chemin" parameter of the "downloadpic.php" script before being passed as an argument to a "readfile()" function. Xrousse Beryois versions 2.4 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23387
  • 07.16.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Requestit Index.PHP Remote File Include
  • Description: Requestit is a web-based song request system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script. Requestit version 1.0b is affected.
  • Ref: http://www.securityfocus.com/archive/1/465081
  • 07.16.106 - CVE: Not Available
  • Platform: Web Application
  • Title: QuizShock Auth.PHP HTML Injection
  • Description: QuizShock is a web-based manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "forward_to" input field of the "auth.php" script. QuizShock versions 1.5.8 through 1.6.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/465075
  • 07.16.107 - CVE: Not Available
  • Platform: Web Application
  • Title: ScarNews Scarnews.Inc.PHP Local File Include
  • Description: ScarNews is a web-based news application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "sn_admin_dir" parameter of the "scarnews.inc.php" script. ScarNews version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23375
  • 07.16.108 - CVE: Not Available
  • Platform: Web Application
  • Title: eCardMAX HotEditor Keyboard.PHP Local File Include
  • Description: eCardMAX HotEditor is web-based rich text editor. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "first" parameter of the "richedit/keyboard.php" script. eCardMAX HotEditor version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465094
  • 07.16.109 - CVE: Not Available
  • Platform: Web Application
  • Title: WitShare Index.PHP Local File Include
  • Description: WitShare is a web-based communications application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "menu" parameter of the "index.php" script. WitShare version 0.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/464969
  • 07.16.110 - CVE: Not Available
  • Platform: Web Application
  • Title: eBoard Member.PHP Local File Include
  • Description: eBoard is a web forum application based on PHP-Nuke. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "GLOBALS[name]" parameter of the "member.php" script. eBoard version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23365
  • 07.16.111 - CVE: Not Available
  • Platform: Web Application
  • Title: SQL-Ledger/LedgerSMB Insecure User Access Restriction
  • Description: SQL-Ledger and Ledger SMB are double entry accounting systems implemented in Perl. The application is exposed to an access restriction issue because it fails to adequately implement ACLs (Acess Control Lists) for SQL database access.
  • Ref: http://www.securityfocus.com/bid/23352
  • 07.16.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Nuke ET User Account Deletion Input Validation
  • Description: Nuke ET is a web application. The application is exposed to an input validation issue because it fails to verify user-supplied data before performing certain actions. Nuke ET versions 3.4 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23354
  • 07.16.113 - CVE: Not Available
  • Platform: Web Application
  • Title: WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
  • Description: WebSPELL is a gaming CMS. The application is exposed to multiple local file include issues. These issues occur because the application fails to adequately sanitize user-supplied input to the "file" and "id" parameters of the "pictures.php" script file. WebSPELL versions 4.01.02 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23348
  • 07.16.114 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Wireless Lan Controller Multiple Remote Vulnerabilities
  • Description: The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). The application is exposed to multiple remote issues. Please refer to the advisory for further details. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml#workarounds
  • 07.16.115 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Wireless Control System Multiple Vulnerabilities
  • Description: Cisco Wireless Control System (WCS) is used with Cisco wireless appliances to provide system configuration, location tracking, security monitoring and wireless LAN management. Cisco Wireless Control System versions prior to 4.0.96.0 are affected. Please refer to the advisory for further details.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

Security 760

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc