Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 17
April 23, 2007

SANS Newsletters Home

Apple OS/X, Oracle, IBM Tivoli and Nortel's VPNs all had major security vulnerabilities announced this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 13 (#1, #9, #11)
    • Mac Os
    • 1 (#3)
    • Linux
    • 3
    • Solaris
    • 2 (#8)
    • Unix
    • 4
    • Cross Platform
    • 14 (#4, #5, #6, #7, #10)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 35
    • Network Device
    • 1 (#2)

*********************** Sponsored By SANS ***************************

Interested in retaining the knowledge from your live SANS training? We've got a solution for you, OnDemand's online training Bundles! This is a tactical study tool that uses a combination of learning techniques to reinforce the concepts taught in the course. For more information please email ondemand@sans.org or call (301) 654-7267.

*********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: GraceNote CDDBControl ActiveX Control Buffer Overflow
  • Affected:
    • GraceNote CDDBControl ActiveX Control
    • This control is shipped as part of a large number of other applications such as:
    • Sony SonicStage
    • Sony CONNECT Player
    • Nokia PC Suite
    • AOL Client Software

  • Description: Gracenote provides software that enables consumers to better manage and discover digital media. Gracenote products are being used by a large number of vendors. The GraceNote CDDBControl ActiveX control, used to access the GraceNote database of compact disc information, contains a buffer overflow vulnerability. A malicious web page that instantiates this control can trigger this overflow, and execute arbitrary code with the privileges of the current user. Limited technical details about the overflow are available in the posted advisories.

  • Status: GraceNote confirmed, updates available. Please contact your vendor for vendor-specific updates.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (2) HIGH: Nortel Networks VPN Routers and Switches Multiple Vulnerabilities
  • Affected:
    • Nortel Networks VPN Router series 1010, 1050, 1100, 1700, 1740, 1750, 2700, and 5000
    • Nortel Networks Contivity VPN Switch series 1000, 2000, and 4000

  • Description: Nortel routers and switches offering VPN functionality contain multiple vulnerabilities that can be exploited to either gain access to the private network or compromise the VPN router/switch. (a) The VPN routers contain 2 default user accounts "FIPSecryptedtest1219" and "FIPSunecryptedtest1219" that are stored in the LDAP template. The accounts are used by system diagnostics during the boot-up, and are not visible to the system manager. An attacker can use these accounts to gain an access to the private network. (b) The VPN router web management console contains an authentication bypass vulnerability. An attacker can access certain administrative pages via specially crafted URLs without using any authentication credentials. An attacker can potentially compromise the VPN device and open up the private network for further attacks.

  • Status: Nortel confirmed, updates available. The Nortel advisory has also listed workarounds for these issues.

  • References:
  • (3) HIGH: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-004)
  • Affected:
    • Apple Mac OS X version 10.4.9
    • Apple Mac OS X Server version 10.4.9

  • Description: Apple's latest security update addresses multiple vulnerabilities in Mac OS X. Two vulnerabilities in default and common configurations could allow remote code execution with the privileges of the current user: (a) Mac OS X's implementation of 'fsck', the filesystem check utility, fails to properly handle malformed Unix Filesystem (UFS) filesystems. Mac OS X supports creating disk images using UFS. A specially-crafted UFS disk image could cause fsck to run upon opening the image, and then exploit this vulnerability.Note that disk images are commonly used to transfer applications and other files, and may be opened without prompting. (b) A specially-crafted web page could trigger an invalid memory access in the "libinfo" library (used by the WebKit framework). Safari uses WebKit, and is vulnerable. All users of Mac OS X are advised to upgrade immediately. Additional vulnerabilities patched in this update include authenticated remote code execution in the FTP server subsystem, remote code execution when Internet Connection Sharing is turned on, vulnerabilities in third-party software included in Mac OS X, various information disclosure vulnerabilities, and various local-only privilege escalation vulnerabilities.

  • Status: Apple confirmed, updates available. This security update is automatically distributed via Mac OS X's "Software Update" facility.

  • References:
  • (5) HIGH: Novell Groupwise WebAccess Buffer Overflow
  • Affected:
    • Novell GroupWise WebAccess

  • Description: Novell GroupWise WebAccess, used to provide web access to the GroupWise system, contains a buffer overflow vulnerability. The overflow can be triggered during the HTTP Basic authentication by sending more than 335 base-64 encoded bytes. Successfully exploiting this buffer overflow allows an attacker to execute arbitrary code with the privileges of the server process. Technical details for this vulnerability are publicly available.

  • Status: Novell confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking TCP ports 7205 and 7211 at the network perimeter. Note that this will prevent legitimate access to the affected application.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (6) HIGH: BMC Performance Manager and Patrol Multiple Vulnerabilities
  • Affected:
    • BMC Performance Manager
    • BMC Patrol

  • Description: BMC Performance Manager products are designed to manage the availability and performance of network, and a broad range of applications, databases, and operating systems. Two BMC products, Performance Manager and Patrol, contain vulnerabilities: (a) BMC Performance Manager contains a vulnerability in the way it handles requests to its "PatrolAgent.exe" component, which listens on TCP port 3181. Failure to properly sanitize user input could allow an attacker to arbitrary modify the configuration of the product. If the attacker modifies the Simple Network Management Protocol (SNMP) configuration, the attacker could then execute arbitrary code via SNMP requests with the privileges of the affected process. Some technical details for this vulnerability are publicly available. (b) BMC Patrol contains a vulnerability in the way it handles requests to its "bgs_sdservice" component, which listens on TCP port 10128. By sending a specially-crafted External Data Representation (XDR) string to this component, an attacker could trigger a memory corruption vulnerability. Successfully exploiting this vulnerability would allow the attacker to execute arbitrary code with the privileges of the affected process. Some technical details for this vulnerability are publicly available.

  • Status: BMC confirmed, updates available. BMC has stated that issue #1 is not a vulnerability, in that "properly configured" systems are not vulnerable.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (7) HIGH: IBM Tivoli Monitoring Express Universal Agent Buffer Overflow
  • Affected:
    • IBM Tivoli Monitoring Express versions 6.1 and prior

  • Description: IBM Tivoli Monitoring Express, used to monitor other systems in an enterprise environment, contains a vulnerability in the way it handles requests to several services. By sending an overlong string to the Tivoli Universal Agent Primary Service, Tivoli Enterprise Portal Server, or Tivoli Monitoring Agent for Windows OS, an attacker could trigger a buffer overflow in the "kde.dll" shared library. Successfully exploiting this buffer overflow allows an attacker to execute arbitrary code with the privileges of the affected process. Some technical details are available for this vulnerability.

  • Status: IBM confirmed, updates available. Users are advised to block TCP ports 10110, 6014, and 14206 at the network perimeter, if possible.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (8) HIGH: Sun Java Web Console Format String Vulnerability
  • Affected:
    • Sun Java Web Console versions 2.2.2 - 2.2.5

  • Description: Sun Java Web Console, used to provide a central interface to installed Java-based administration tools, contains a format string vulnerability. By sending a specially-crafted login request to the system, an unauthenticated attacker could trigger this vulnerability. Successfully triggering this vulnerability would allow the attacker to execute arbitrary code with the privileges of the Java Web Console process. Technical details for this vulnerability are publicly available.

  • Status: Sun confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (9) HIGH: Akamai Download Manager ActiveX Multiple Vulnerabilities
  • Affected:
    • Akamai Download Manager versions prior to 2.2.1.0
    • Note that the download manager is distributed as both a Java applet and
    • an ActiveX control. Only the ActiveX version is vulnerable.

  • Description: The Akamai Download Manager, a popular download management application from Akamai, contains multiple vulnerabilities in its ActiveX version. A malicious web page that instantiates this ActiveX control and passes it a specially-crafted URL could trigger these vulnerabilities, and potentially execute arbitrary code with the privileges of the current user. Note that only users of the Akamai Download Manager are vulnerable; users that download content from the Akamai content network are not inherently vulnerable.

  • Status: Akamai confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (10) MODERATE: ClamAV CAB File Processing Buffer Overflow
  • Affected:
    • ClamAV versions 0.90rc3 through 0.90.1
    • Note that these versions are not shipped by default with most major
    • Linux and Unix-like operating system distributions.

  • Description: ClamAV, a popular open source antivirus solution, contains a buffer overflow in its handling of Microsoft Cabinet (CAB) files. A specially-crafted CAB file could trigger this buffer overflow and execute arbitrary code with the privileges of the "clamd" process. Note that the CAB file may be attached to an email transiting a network monitored by ClamAV. Since ClamAV is open source, technical details for this vulnerability may be obtained via source code analysis.

  • Status: ClamAV confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Other Software
  • (11) HIGH: LANDesk Management Suite Buffer Overflow
  • Affected:
    • LANDesk Management Suite version 8.7 and possibly prior

  • Description: LANDesk Management Suite, a popular system management application, contains a buffer overflow vulnerability. By sending a request longer than 268 bytes to the "AOLNSRVR.EXE" process, an attacker can trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with SYSTEM privileges.

  • Status: LANDesk confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking UDP port 65535 at the network perimeter, if possible.

  • Council Site Actions: Only one of the responding council sites is using the affected software and they are currently pushing the patches.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 17, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5431 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.17.1 - CVE: CVE-2007-0443
  • Platform: Third Party Windows Apps
  • Title: GraceNote CDDBControl Multiple Parameters ActiveX Control Buffer Overflow
  • Description: GraceNote CDDBControl is an ActiveX control for CD information lookups. The application is exposed to multiple stack-based buffer overflow issues because the software fails to properly bounds check user-supplied input before copying it into insufficiently sized memory buffers.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-021.html
  • 07.17.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp WMV File Processing Denial of Service
  • Description: Winamp is a freely available media player from Nullsoft. It is available for the Microsoft Windows platform. The application is exposed to a denial of service issue when processing malformed WMV files. Winamp version 5.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/466291
  • 07.17.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RaidenFTPD Multiple Remote Denial of Service Vulnerabilities
  • Description: RaidenFTPD is an FTP server application for Microsoft Windows operating systems. The application is exposed to multiple remote denial of service issues because the application fails to handle user-supplied data. RaidenFTPD version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23570
  • 07.17.4 - CVE: CVE-2007-1690, CVE-2007-1691
  • Platform: Third Party Windows Apps
  • Title: Second Sight Software Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities
  • Description: ActiveGS is an Apple IIGS emulator and ActiveMod is a music player ActiveX control. The Second Sight software application is exposed to multiple buffer overflow issues because the software fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.kb.cert.org/vuls/id/962305
  • 07.17.5 - CVE: CVE-2007-2171
  • Platform: Third Party Windows Apps
  • Title: Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow
  • Description: Novell Groupwise WebAccess is an application that allows users to send and receive mail messages, schedule appointments and tasks. It is available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Novell Groupwise 7.0 and 7.0 SP1 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-015.html
  • 07.17.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell SecureLogin Security Bypass And Privilege Escalation Vulnerabilities
  • Description: SecureLogin is a security and identity authentication solution developed by Novell. The application is exposed to a security bypass issue which stems from an unspecified error in the "ADSCHEMA" utility that grants users excess permissions to their own attributes. The application is also exposed to a privilege escalation issue. Novell Access Management Server 3 IR1 is affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html
  • 07.17.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetSprint Toolbar ActiveX Denial of Service
  • Description: NetSprint Toolbar is a browser toolbar plugin for Microsoft Internet Explorer and Mozilla Firefox on the Microsoft Windows platform. The application is exposed to a denial of service issue. Please refer to the advisory for further details. NetSprint Toolbar ActiveX Control 1.1 is affected.
  • Ref: http://support.microsoft.com/kb/q240797/
  • 07.17.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
  • Description: NetSprint Ask IE Toolbar is a web browser toolbar plugin application for Microsoft Internet Explorer and Mozilla Firefox on the Microsoft Windows platform. The application is exposed to multiple denial of service issues. Please refer to the advisory for further details. NetSprint Ask IE Toolbar version 1.1 is affected.
  • Ref: http://support.microsoft.com/kb/q240797/
  • 07.17.9 - CVE: CVE-2007-1891, CVE-2007-1892
  • Platform: Third Party Windows Apps
  • Title: Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: The Akamai Download Manager ActiveX control is a web-based file download manager application. The application is exposed to multiple remote buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Versions of Akamai Download Manager prior to version 2.2.1.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/120241
  • 07.17.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MiniShare Multiple Request Handling Remote Denial of Service
  • Description: MiniShare is an HTTP server application available for Microsoft Windows. The application is exposed to a remote denial of service issue when the application receives an excessive amount of requests. MiniShare versions 1.5.2, 1.5.3 and 1.5.4 are affected. Please refer to the advisory for further details.
  • Ref: http://minishare.sourceforge.net/
  • 07.17.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FileZilla Multiple Unspecified Format String Vulnerabilities
  • Description: FileZilla is an FTP and SFTP client available for Microsoft Windows. The application is exposed to multiple unspecified format string issues because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. FileZilla versions prior 2.2.32 are affected.
  • Ref: http://www.securityfocus.com/bid/23506
  • 07.17.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneAlarm Vsdatant.SYS Driver Local Denial of Service
  • Description: ZoneAlarm is an application level personal firewall for Microsoft Windows. The application is exposed to a local denial of service issue which occurs when attackers supply specially-crafted values through the "NtCreateKey" and "NtDeleteFile" arguments of the "SSDT" function of the "vsdatant.sys" driver. ZoneAlarm versions ZoneAlarm Pro 6.5.737.000 and ZoneAlarm Pro 6.1.744.001 are affected. Ref: http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
  • 07.17.13 - CVE: CVE-2007-1674
  • Platform: Third Party Windows Apps
  • Title: LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow
  • Description: LANDesk Management Suite is an application that automates systems and security management tasks. It is available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LANDesk Management Suite version 8.7 is affected.
  • Ref: http://www.tippingpoint.com/security/advisories/TSRT-07-04.html
  • 07.17.14 - CVE: CVE-2007-0729, CVE-2007-0725, CVE-2007-0732,CVE-2007-0734, CVE-2007-0735, CVE-2007-0736, CVE-2007-0737,CVE-2007-0738, CVE-2007-0739, CVE-2007-0741, CVE-2007-0742,CVE-2007-0743, CVE-2007-0744, CVE-2007-0746, CVE-2007-074710.4.9 and earlier versions ar
  • Platform: Mac Os
  • Title: Apple Mac OS X 2007-004 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that affect Mac OS X and various other applications. Apple Mac OS X
  • Ref: http://docs.info.apple.com/article.html?artnum=305391
  • 07.17.15 - CVE: Not Available
  • Platform: Linux
  • Title: Dovecot Zlib Plugin Remote Information Disclosure
  • Description: Dovecot is a mail server application for Linux and UNIX-like operating systems. The application is exposed to an information disclosure issue because files outside of the user's mail directory can be opened provided that the zlib plugin is being used.
  • Ref: http://www.securityfocus.com/bid/23552/info
  • 07.17.16 - CVE: CVE-2007-1870, CVE-2007-1869
  • Platform: Linux
  • Title: Lighttpd Multiple Remote Denial of Service Vulnerabilities
  • Description: Lighttpd is an open source webserver application. The application is exposed to multiple remote denial of service issues due to a failure of the application to properly handle unexpected conditions. Lighttpd versions 1.4.12 and 1.4.13 are affected.
  • Ref: http://www.securityfocus.com/bid/23515
  • 07.17.17 - CVE: Not Available
  • Platform: Linux
  • Title: ScramDisk 4 Linux Local Privilege Escalation Vulnerabilities
  • Description: ScramDisk 4 Linux is an open source application that allows users to create and access ScramDisk encrypted container files. The application is exposed to multiple local privilege escalation issues because the application fails to ensure that certain potentially harmful actions cannot be taken by regular users. ScramDisk versions prior to 1.0-1 are affected.
  • Ref: http://www.securityfocus.com/bid/23495
  • 07.17.18 - CVE: CVE-2007-1681
  • Platform: Solaris
  • Title: Sun Java Web Console LibWebconsole_Services.SO Format String Issue
  • Description: Sun Java Web Console provides a common location for users to access web-based Sun system management applications. The application is exposed to a format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. Sun Solaris 10.0 _x86 is affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1&searchclause=
  • 07.17.19 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Fire I/O Activity Remote Denial of Service
  • Description: Sun Fire is exposed to a remote denial of service issue in Sun Fire domains with 32 or more logical CPUs running Solaris 10. Sun Fire 12K/15K/E20K/E25K domains running Solaris 10 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102586-1&searchclause=
  • 07.17.20 - CVE: Not Available
  • Platform: Unix
  • Title: Objective Development Sharity Unspecified Denial of Service
  • Description: Objective Development Sharity is an application that enables Unix machines to connect to Windows, CIFS and Samba servers. Objective Development Sharity versions prior to 3.3 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23572
  • 07.17.21 - CVE: Not Available
  • Platform: Unix
  • Title: ProFTPD AUTH Multiple Authentication Module Security Bypass
  • Description: ProFTPD is an FTP server implementation that is available for Unix and Linux platforms. The application is exposed to a security restriction bypass issue due to an error in the AUTH API. ProFTPD 1.2 and 1.3 branches are affected.
  • Ref: http://bugs.proftpd.org/show_bug.cgi?id=2922
  • 07.17.22 - CVE: Not Available
  • Platform: Unix
  • Title: BlueArc Titan FTP Bounce
  • Description: BlueArc Titan is a storage system device. The application is exposed to an FTP Bounce issue that can allow remote attackers to connect between the FTP server and an arbitrary port on another computer. BlueArc Titan 4.2.944b is affected.
  • Ref: http://www.securityfocus.com/archive/1/466025
  • 07.17.23 - CVE: CVE-2007-1856
  • Platform: Unix
  • Title: Vixie Cron ST_Nlink Check Local Denial of Service
  • Description: Vixie Cron is a process management application for Unix and Unix-Like operating systems. The application is exposed to a local denial of service issue when attackers create hard file links to cron files belonging to both privileged and normal users. Vixie Cron versions prior to version 4.1-r10 are affected.
  • Ref: http://www.securityfocus.com/bid/23520
  • 07.17.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenAFS for Microsoft Windows Local Denial of Service
  • Description: OpenAFS is an open source implementation of the AFS network filesystem protocol. The application is exposed to a local denial of service issue due to a failure of the application to properly handle unexpected conditions. OpenAFS versions prior to 1.5.19 are affected.
  • Ref: http://www.openafs.org/pages/security/OPENAFS-SA-2007-002.txt
  • 07.17.25 - CVE: CVE-2007-1972
  • Platform: Cross Platform
  • Title: BMC Performance Manager PatrolAgent.EXE Memory Corruption
  • Description: BMC Performance Manager is exposed to a memory corruption issue in the "PatrolAgent.exe" process running on TCP port 3181 which allows remote attackers to modify configuration files without authentication.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-020.html
  • 07.17.26 - CVE: CVE-2007-2136
  • Platform: Cross Platform
  • Title: BMC Patrol BGS_SDservice.EXE Memory Corruption
  • Description: BMC Patrol is exposed to a memory corruption issue due to the improper parsing of XDR data sent to the "bgs_sdservice.exe" process. This process is running on TCP port 10128.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-019.html
  • 07.17.27 - CVE: CVE-2007-2137
  • Platform: Cross Platform
  • Title: IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities
  • Description: IBM Tivoli Monitoring Express is an enterprise IT management and monitoring application. This application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized memory buffer. IBM Tivoli Monitoring Express 6.1 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-018.html
  • 07.17.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee E-Business Administration Server Authentication Packet Denial of Service
  • Description: McAfee E-Business Server is an enterprise data encryption and security certificate management suite. The application is exposed to a remote denial of service issue because the application fails to properly handle certain network packets. For Windows and Solaris, E-Business Server 8.5.1 and earlier are vulnerable. For Linux, HP-UX and AIX, E-Business Server 8.1.0 and earlier are vulnerable. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516
  • 07.17.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee VirusScan On-Access Scanner File Name Buffer Overflow
  • Description: McAfee VirusScan On-Access Scanner is an enterprise AntiVirus application that offers protection against the latest computer virus threats. The application is exposed to this issue when the target system has East Asia language files installed and the default codepage is set to a language that contains multi-byte characters, such as Chinese. McAfee VirusScan On-Access Scanner versions 8.0i Enterprise Patch 11 and earlier are affected. Ref: https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612750&command=show&forward=nonthreadedKC
  • 07.17.30 - CVE: CVE-2007-2031
  • Platform: Cross Platform
  • Title: 3proxy HTTP Proxy Request Buffer Overflow
  • Description: 3proxy is a free proxy server for Linux/Unix and Windows. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. 3proxy versions 0.5 to 0.5.3g and 0.6b-devel before 20070413 are affected.
  • Ref: http://www.securityfocus.com/bid/23545
  • 07.17.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle April 2007 Security Update Multiple Vulnerabilities
  • Description: Oracle has released a Critical Patch Update advisory for April 2007 to address multiple issues for supported releases. Please refer to the advisory for further details. Ref: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html
  • 07.17.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Macrovision InstallAnywhere Password Serial Number Authentication Bypass
  • Description: InstallAnywhere is deployment software for multiple platforms. The application is exposed to an authentication bypass issue. Macrovision InstallAnywhere Enterprise 8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/466035
  • 07.17.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SSH Tectia Server IBM z/OS Local Privilege Escalation
  • Description: SSH Tectia Server is a commercial implementation of the SSH protocol. SSH Tectia server for IBM z/OS is exposed to a local privilege escalation issue because the application may be executed under certain conditions as a started task with an empty umask, causing certain "HFS" files to be created with insecure permissions. SSH Tectia Server versions prior to 5.4.0 are affected. Ref: http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt
  • 07.17.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XAMPP Mssql_Connect Remote Buffer Overflow
  • Description: XAMPP is an Apache distribution containing MySQL, PHP, Perl, phpMyAdmin, and an FTP server. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. XAMPP versions prior to 1.6.0a are affected.
  • Ref: http://www.securityfocus.com/bid/23491
  • 07.17.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ettercap-NG Network Packet Denial of Service
  • Description: Ettercap-NG is an application suite for man-in-the-middle LAN attacks. It allows users to sniff live connections, passively dissect various protocols, and perform network and host analysis. The application is exposed to a denial of service issue when the application processes certain malicious network packets. Ettercap-NG 0.7.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23474
  • 07.17.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VCDGear File Format Remote Buffer Overflow
  • Description: VCDGear is an extractor application to convert CD images to MPEG streams. The application is exposed to a buffer overflow issue because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer. VCDGear version 3.5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23475
  • 07.17.37 - CVE: CVE-2007-1745, CVE-2007-1997
  • Platform: Cross Platform
  • Title: Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
  • Description: ClamAV is an antivirus application for Microsoft Windows and UNIX-like operating systems. The application is exposed to file descriptor leakage issue and a buffer overflow issue which affects "libclamav/cab.c" code. ClamAV version 0.90.2 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513
  • 07.17.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Canon Network Camera Server Unspecified Cross Site Scripting
  • Description: Canon Network Camera Server is an application to transmit real time video over the Internet. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Affected versions include Canon Network Camera Server Version VB100 firmware versions V3.0 R69 and earlier, VB101 firmware versions V3.0 R69 and earlier, and VB150 firmware versions V1.1 R39 and earlier.
  • Ref: http://www.securityfocus.com/bid/23560
  • 07.17.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wabbit Gallery Script Showpic.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Wabbit Gallery Script is a web-based gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to "pic" and "gal" parameters of the "index.php" script. Wabbit Gallery Script 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/23526
  • 07.17.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OE2edit OE2edit.CGI Cross-Site Scripting
  • Description: oe2edit is a content management application implemented in the CGI programming language. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "oe2edit.cgi" script.
  • Ref: http://www.securityfocus.com/archive/1/465844
  • 07.17.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BloofoxCMS Img_Popup.PHP Cross-Site Scripting
  • Description: BloofoxCMS is a web-based content management system implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "img_url" parameter of the "/plugins/spaw/img_popup.php" script. BloofoxCMS version 0.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465719
  • 07.17.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FloweRS Cas.PHP Cross-Site Scripting
  • Description: FloweRS is a web-based publishing system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "rok" parameter of the "cas.php" script. FloweRS version 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465730
  • 07.17.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MailBee WebMail Pro Check_login.ASP Cross-Site Scripting
  • Description: MailBee WebMail Pro is a web-based mail client. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "username" parameter of the "check_login.asp" script. MailBee WebMail Pro version 3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465611
  • 07.17.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VWar Multiple Cross-Site Scripting Vulnerabilities
  • Description: VWar is a gaming application for tracking clan members. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. VWar versions 1.5.0 R15 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/465612
  • 07.17.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Creascripts CreaDirectory Error.ASP SQL Injection
  • Description: Creascripts CreaDirectory is a web-based directory building application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "error.asp" script before using it in an SQL query. Creascripts CreaDirectory version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23564
  • 07.17.46 - CVE: CVE-2007-0372
  • Platform: Web Application - SQL Injection
  • Title: NuclearBB Multiple SQL Injection Vulnerabilities
  • Description: NuclearBB is a web-based bulletin board. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. NuclearBB version Alpha 1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/466211
  • 07.17.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities
  • Description: PHP-Nuke is a web-based CMS application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. PHP-Nuke version 8.0.0.3.3b is affected.
  • Ref: http://www.securityfocus.com/archive/1/465979
  • 07.17.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Papoo Kontakt.PHP SQL Injection
  • Description: Papoo is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "menuid" parameter of the "kontakt.php" script before using it in an SQL query. Papoo versions 3.02 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23500
  • 07.17.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Frogss CMS Multiple SQL Injection Vulnerabilities
  • Description: Frogss CMS is a web-based content management system. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. Frogss CMS version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23476
  • 07.17.50 - CVE: Not Available
  • Platform: Web Application
  • Title: AimStats Process.PHP Remote Code Execution
  • Description: AimStats is a PHP application that tracks URL user clicks in an AIM IM window. The application is exposed to a remote code execution issue because it fails to sanitize user-supplied input to the "update" parameter of the "process.php" script. AimStats version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23573
  • 07.17.51 - CVE: Not Available
  • Platform: Web Application
  • Title: mxBB MX Smartor Module PHPBB_Root_Path Remote File Include
  • Description: MX Smartor is a module for the mxBB bulletin board. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "admin_album_otf.php" script. MX Smartor version 2.0 RC1 is affected.
  • Ref: http://www.securityfocus.com/bid/23561
  • 07.17.52 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenSurveyPilot Group.Inc.PHP Remote File Include
  • Description: OpenSurveyPilot is a web-based survey application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cfgPathToProjectAdmin" parameter of the "group.inc.php" script. OpenSurveyPilot version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23563
  • 07.17.53 - CVE: Not Available
  • Platform: Web Application
  • Title: Fully Modded PHPBB2 PHPBB_Root_Path Remote File Include
  • Description: Fully Modded PHPBB2 is a bulletin board application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "subscp.php" script.
  • Ref: http://www.securityfocus.com/archive/1/466177
  • 07.17.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Zomplog File.PHP Directory Traversal
  • Description: Zomplog is a web-based content manager. The application is exposed to a directory traversal issue because it fails to properly sanitize user supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory traversal string ("../") are sent to the "filename" parameter of the "force_download.php" script. Zomplog version 3.8 is affected.
  • Ref: http://www.securityfocus.com/bid/23553
  • 07.17.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Rezervi Root Parameter Multiple Remote File Include Vulnerabilities
  • Description: Rezervi is a PHP based application for hotel bookings. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root" parameter. Rezervi version 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/23550
  • 07.17.56 - CVE: Not Available
  • Platform: Web Application
  • Title: ShoutPro Shoutbox.PHP Remote PHP Code Execution
  • Description: ShoutPro is a messaging application. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input to the "shout" parameter of the "shoutbox.php" script. ShoutPro version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/466037
  • 07.17.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Mozzers SubSystem Add.PHP Remote Code Execution
  • Description: Mozzers SubSystem is a web-based PHP application to host multiple subdomains on a web site. The application is exposed to a remote code execution issue because it fails to sanitize user-supplied input to the "subname" or "suburl" parameter of the "add.php" script. Mozzers SubSystem version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23548
  • 07.17.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla Template Module Index.PHP Remote File Include
  • Description: Template is a module for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosconfig_absolute_path" parameter of the "index.php" script. Template version Be2004-2 is affected.
  • Ref: http://www.securityfocus.com/bid/23549
  • 07.17.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Minigal B13 Index.PHP Remote PHP Code Execution
  • Description: Minigal B13 is an image gallery. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input to the "input" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/23533
  • 07.17.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Cabron Connector InclusionService.PHP Remote File Include
  • Description: Cabron Connector is a communications application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "CabronServiceFolder" parameter of the "inclusionService.php" script. Cabron Connector version 1.1.0-Full is affected.
  • Ref: http://www.securityfocus.com/bid/23531
  • 07.17.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla/Mambo JoomlaPack Module MosConfig_Absolute_Path Remote File Include
  • Description: JoomlaPack is a module for the Joomla and Mambo content managers. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosconfig_absolute_path" parameter of the "CAltInstaller.php" script. JoomlaPack version 1.0.4a2 RE is affected.
  • Ref: http://www.securityfocus.com/bid/23529
  • 07.17.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Script Gallery Index.PHP Remote File Include
  • Description: Simple PHP Script Gallery is a web-based gallery application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "textFile" parameter of the "gallery_top.inc.php" script. Simple PHP Script Gallery version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23534
  • 07.17.63 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog Settings.PHP Authentication Bypass
  • Description: MyBlog is a web-based application. It is exposed to an authentication bypass issue because the "admin/settings.php" script contains a weak authentication mechanism. MyBlog versions 0.9.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23521
  • 07.17.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Wizz RSS Reader Cross-Zone Scripting
  • Description: Wizz RSS Reader is a RSS Reader plugin for Mozilla Firefox. The application is exposed to a cross-zone scripting issue because it fails to execute code in the proper security context. Wizz RSS Reader versions prior to 2.1.9 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/319464
  • 07.17.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Anthologia Index.PHP Remote File Include
  • Description: Anthologia is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "ads_file" parameter of the "index.php" script. Anthologia version 0.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23524
  • 07.17.66 - CVE: Not Available
  • Platform: Web Application
  • Title: AjPortal2Php Multiple Remote File Include Vulnerabilities
  • Description: AjPorta2Php is a web-portal application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "PagePrefix" parameter.
  • Ref: http://www.securityfocus.com/bid/23525
  • 07.17.67 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS TeamSpeak Display Module TSDisplay4xoops_block2.PHP Remote File Include
  • Description: TeamSpeak Display is a multi communication module for XOOPS. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "xoops_url" parameter of the "tsdisplay4xoops_block2.php" script. tsdisplay4xoops versions 0.08 and 0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23518
  • 07.17.68 - CVE: Not Available
  • Platform: Web Application
  • Title: StoreFront for Gallery Gallery_BaseDir Multiple Remote File Include Vulnerabilities
  • Description: StoreFront for Gallery is a PayPal shopping cart system for Gallery, a web-based picture gallery application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "GALLERY_BASEDIR" parameter of the "mods/business_functions.php" and "mods/ui_functions.php" scripts.
  • Ref: http://www.securityfocus.com/bid/23516
  • 07.17.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo/Joomla New Article Component Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: Mambo/Joomla New Article Component is a module for Mambo and Joomla. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "absolute_path" parameter of the "components/com_articles.php" and "classes/html/com_articles.php" scripts. Mambo/Joomla versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23513
  • 07.17.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Limesoft Guestbook Index.PHP Remote PHP Code Execution
  • Description: Limesoft Guestbook is a guestbook application. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/465864
  • 07.17.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Actionpoll Actionpoll.PHP Remote File Include
  • Description: Actionpoll is a web-based polling application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "CONFIG_POLLDB" parameter of the "actionpoll.php" script. Actionpoll version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465871
  • 07.17.72 - CVE: Not Available
  • Platform: Web Application
  • Title: openMairie Soustab.PHP Local File Include
  • Description: openMairie is a web-based PDF creation tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dsn[phptype]" parameter used by the "soustab.php" script. openMairie version 1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/23505
  • 07.17.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Open-Gorotto Multiple Unspecified HTML Injection Vulnerabilities
  • Description: Open-Gorotto is a social networking application. The application is exposed to multiple unspecified HTML injection issues because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content. Open-Gorotto versions 2.0a and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23507
  • 07.17.74 - CVE: Not Available
  • Platform: Web Application
  • Title: CNStats BJ Parameter Multiple Remote File Include Vulnerabilities
  • Description: CNStats is a web site statistics management application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "bj" parameter of the "reports/who_r.php" and "reports/who_s.php" scripts. CNStats version 2.9 is affected.
  • Ref: http://www.securityfocus.com/bid/23501
  • 07.17.75 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities
  • Description: Gallery is a web-based photo gallery application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "abs_path" parameter of the "index.php" and "checkout.php" scripts. Gallery versions 3.5 and 4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23511
  • 07.17.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla/Mambo Autostand Category Module MosConfig_Absolute_Path Remote File Include
  • Description: Autostand Category is a module for the Joomla and Mambo content management systems. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosconfig_absolute_path" parameter of the "mod_as_category.php" script. Autostand Category version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23490
  • 07.17.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Slider Multiple Remote File Include Vulnerabilities
  • Description: Web Slider is a framework application for the creation and publication of slide group. It is implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path" parameter. Web Slider version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23493
  • 07.17.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Arash AudioCMS Multiple Remote File Include Vulnerabilities
  • Description: AudioCMS is a Content Management System for multimedia. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "arashlib_dir" parameter. AudioCMS version 0.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23496/references
  • 07.17.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Service Deluxe News Manager Deluxe Footer.PHP Local File Include
  • Description: News Manager Deluxe is a news and blog management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter used by the "footer.php" script. News Manager Deluxe version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23499
  • 07.17.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Pixaria Gallery Class.Smarty.PHP Remote File Include
  • Description: Pixaria is a web-based picture gallery application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cfg[sys][base_path]" parameter of the "class.Smarty.php" script. Pixaria versions 1.x are affected.
  • Ref: http://www.securityfocus.com/bid/23489
  • 07.17.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Doop Content Management System Multiple Input Validation Vulnerabilities
  • Description: Doop Content Management System is a content manager. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Doop Content Management System versions 1.3, 1.3.5 and 1.3.6 are affected.
  • Ref: http://www.securityfocus.com/bid/23482
  • 07.17.82 - CVE: Not Available
  • Platform: Web Application
  • Title: QDBlog Multiple Scripts Multiple Input Validation Vulnerabilities
  • Description: QDBlog is a web log application. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. QDBlog version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23485
  • 07.17.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Garennes Repertoire_Config Multiple Remote File Include Vulnerabilities
  • Description: Garennes is a web-based application for teachers to track student activity. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "repertoire_config" parameter. Garennes versions prior to 0.6.8 are affected.
  • Ref: http://www.securityfocus.com/bid/23479
  • 07.17.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Openads Max Media Manager CK.PHP HTTP Response Splitting
  • Description: Openads is an application for hosting classified ads online. The application is exposed to an HTTP response splitting issue that occurs in the "maxdest" variable of the "ck.php" script. Openads versions prior to 2.3.31-alpha-pr3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/465610
  • 07.17.85 - CVE: Not Available
  • Platform: Network Device
  • Title: Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities
  • Description: Nortel VPN routers are prone to multiple remote unauthorized access issues due to design errors. All model numbers for Nortel VPN Routers 1000, 2000, 4000 and 5000 are affected.
  • Ref: http://www.securityfocus.com/bid/23562

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I have attended many conferences/training sessions, and SANS by far has been the best. The instructors are the top in the industry, examples are from real life experiences - terrific!
-Chris Bush, Novartis Pharmaceuticals

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee