Last Day to Save $200 on SANS Cyber Defense San Diego 2014

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 18
April 30, 2007

CA BrightStor ARCserve is in the penalty box again this week. The number of critical vulnerabilities in CA's back-up products is deeply troubling because many organizations using CA software do not patch their back-up products and many more do not even know about the vulnerabilities in CA backup products. Yet organizations put their most sensitive data on their back-ups.

Project In Which You Might Contribute: Career models for information security. If you know of someone who has accomplished a lot in security by exploiting deep technical skills, and moved up in their organizations, please write is a little note about them to apaller@sans.org. We have been asked by five different publications for articles or interviews on how to make a successful career in information security. A couple of the editors have heard that security folks with soft skills are no longer in demand and they want to hear about models of success for people with more technical backgrounds. No names or companies will be disclosed without written permission.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 13
    • Linux
    • 2
    • Solaris
    • 1
    • Unix
    • 3 (#3, #4)
    • Mac OS X (#7)
    • Cross Platform
    • 15 (#1, #2, #5)
    • Web Application - Cross Site Scripting
    • 3
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 46
    • Network Device
    • 6 (#6)

****************** Cool Stuff At SANSFIRE 2007 ********************

The 40 handlers of the Internet Storm Center (isc.sans.org) are better informed about how the sophisticated new attacks work than any group other than the criminals carrying them out. If your job is protecting systems against the new wave of more sophisticated attacks, consider coming to SANSFIRE 2007 in Washington in the last week in July. There the Internet Storm Center handlers will be giving numerous free evening briefings, exclusively for the SANSFIRE attendees, on what they have uncovered about how newest hacker techniques work. Course list for SANSFIRE: http://www.sans.org/sansfire07/

*********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Computer Associates BrightStor ARCserve Multiple Buffer Overflows
  • Affected:
    • Computer Associates BrightStor ARCserve Backup versions 9.01, r11, r11.1, r11.5, r11.5 SP2
    • Computer Associates Enterprise Backup version r10.5
    • Computer Associates Server Protection Suite r2
    • Computer Associates Business Protection Suite r2
  • Description: Computer Associates BrightStor ARCserve Backup contains multiple buffer overflows in its handling of Sun RPC requests. Sun RPC is an Internet-standard remote procedure call (RPC) mechanism. By sending an RPC request to the affected system containing specially-crafted strings, an attacker can trigger any of these buffer overflows. Successfully exploiting these buffer overflows will allow an attacker to execute arbitrary code with the privileges of the vulnerable process. The affected process runs on an arbitrary TCP port; this port can be discovered via the Sun RPC "portmap" mechanism.

  • Status: Computer Associates confirmed, updates available. Council Site Actions:

  • References:
  • (2) HIGH: QuickTime Java Remote Code Execution Vulnerability
  • Affected:
    • QuickTime on Mac and Windows systems
  • Description: QuickTime player, a very widely used multimedia player, installs its own Java libraries. The Java library installed by QuickTime contains a vulnerability that can be exploited to execute arbitrary code on a Windows or Mac system. The exploitation can occur when a user visits a malicious webpage with a Java-enabled web browser. Note that QuickTime must be installed to use an Apple iPod; therefore the install base of QuickTime is in the millions of users. Most web browsers are Java-enabled by default. Hence, this flaw can be exploited to compromise millions of computer systems. The vulnerability was demonstrated to conduct a successful 0-day attack against a fully patched Mac OS X system at the CanSecWest security conference. The technical details of the vulnerability are not publicly available. Blog and other postings indicate that researchers are working towards uncovering the flaw.

  • Status: Apple has been provided with the vulnerability details. A workaround is to disable the Java support for web browsers. Council Site Actions:

  • References:
  • (4) MODERATE: Courier IMAP Server Remote Command Execution
  • Affected:
    • Courier IMAP Server versions prior to 4.0.6-r2
  • Description: The Courier IMAP server, a popular open source mail server, contains a remote command execution vulnerability. Several scripts used by the IMAP server fail to properly sanitize the "XMAILDIR" variable. By sending a specially-crafted request, it is suspected that an attacker could execute arbitrary shell commands with root privileges. However, it has not been confirmed that this vulnerability is exploitable without authenticated access.

  • Status: The latest version of Courier IMAP is confirmed to not be vulnerable. However, there is not been an official confirmation of this vulnerability in the Courier IMAP change log. Council Site Actions:

  • References:
Other Software
  • (5) HIGH: 3proxy Buffer Overflow
  • Affected:
    • 3proxy versions prior to 0.5.3h
  • Status: 3proxy is a popular cross-platform web proxy, supporting multiple platforms and operating systems. 3proxy fails to properly handle certain overly-long requests. A specially-crafted request to the proxy could trigger a buffer overflow, and allow arbitrary code execution with the privileges of the 3proxy process. Note that, because 3proxy is open source, technical details for this vulnerability are available via source code analysis. Status: 3proxy confirmed, updates available. Council Site Actions:

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5436 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 07.18.1 - CVE: CVE-2007-1683
  • Platform: Third Party Windows Apps
  • Title: IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow
  • Description: IncrediMail is an email application for the Microsoft Windows operating system. The application is exposed to a stack-based buffer overflow issue because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.kb.cert.org/vuls/id/906777

  • 07.18.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Plesk Login.PHP3 Directory Traversal
  • Description: Plesk is a server management application targeted at hosting providers. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "locale_id" parameter of "login.php3". Plesk for Windows 8.1.1, 8.1 and 7.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23639

  • 07.18.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ABC-View Manager PSP File Buffer Overflow
  • Description: ABC-View Manager is an image viewing and management application for Microsoft Windows platforms. It supports various image file formats, including PSP (Paint Shop Pro) files. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. ABC-View Manager version 1.42 is affected.
  • Ref: http://www.securityfocus.com/bid/23653

  • 07.18.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Fresh View PSP File Buffer Overflow
  • Description: Fresh View is a multimedia file viewing and management application for Microsoft Windows platforms. It supports various multimedia file formats, including PSP (Paint Shop Pro) files. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Fresh View version 7.15 is affected.
  • Ref: http://www.securityfocus.com/bid/23660

  • 07.18.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: InterVideo HomeTheater ActiveX Control Remote Buffer Overflow
  • Description: InterVideo HomeTheater is a media player. The application is exposed to a buffer overflow issue which stems from a boundary condition in the "GetDiscType()" method in the "WinDVDX" ActiveX control. InterVideo HomeTheater versions 2.1.13.0 and 2.5.13.58, incorporating WinDVDX.ocx 1.0.0.1 are affected.
  • Ref: http://support.microsoft.com/kb/240797

  • 07.18.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nero MediaHome NMMediaServer.EXE Remote Denial of Service
  • Description: Nero MediaHome is an application that allows users to stream videos, TV and music. The application is exposed to a denial of service issue because it fails to handle exceptional conditions in the "NMMediaServer.exe" when handling specially crafted packets. Nero MediaHome version 2.5.5.0 and Nero MediaHome CE 1.3.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/23640

  • 07.18.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp PLS File Remote Denial of Service
  • Description: Winamp is a freely available media player from Nullsoft. The application is exposed to a denial of service issue when processing malformed files. Winamp version 5.33 is affected.
  • Ref: http://www.securityfocus.com/bid/23627

  • 07.18.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cdelia Software ImageProcessing Malformed BMP File Denial of Service
  • Description: Cdelia Software ImageProcessing is an application that allows users to view and edit images. The application is exposed to a denial of service issue because it fails to handle specially crafted BMP files.
  • Ref: http://www.securityfocus.com/bid/23629

  • 07.18.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Adobe Photoshop Multiple File Format Buffer Overflow
  • Description: Adobe Photoshop is an application that allows users to view and edit various graphic formats. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Adobe Photoshop versions CS2 and CS3 are affected.
  • Ref: http://www.securityfocus.com/bid/23621

  • 07.18.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Corel Paint Shop Pro Photo Malformed CLP File Buffer Overflow
  • Description: Corel Paint Shop Pro Photo is an application that allows users to view and edit various graphic formats. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Corel Paint Shop Pro Photo version 11.20 is affected.
  • Ref: http://www.securityfocus.com/bid/23604

  • 07.18.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WSFTP Null Pointer Dereference Remote Denial of Service
  • Description: WSFTP is a file transfer protocol application available for multiple Microsoft Windows platforms. The application is exposed to a remote denial of service issue because the application fails to handle exceptional conditions. Ipswitch WS_FTP Home 2007 and Server Professional 2007 are affected.
  • Ref: http://www.securityfocus.com/archive/1/466576

  • 07.18.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Foxit Reader Malformed PDF File Denial of Service
  • Description: Foxit Reader is a PDF document reader available for Microsoft Windows. The application is exposed to a denial of service issue because it fails to handle specially crafted PDF files. Foxit Reader 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23576

  • 07.18.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities
  • Description: ZoneAlarm is a firewall and application security package designed for the Microsoft Windows operating systems. It is distributed and maintained by Check Point. The application is exposed to multiple local privilege escalation issues which exist in the IOCTL handling code of the "srescan.sys" device driver that contains the spyware removal engine. Check Point Zone Alarm versions using ZoneAlarm Spyware Removal Engine (SRE) versions prior to 5.0.156.0 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517

  • 07.18.14 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue when a NETLINK message is misrouted. The NETLINK protocol is used for communications between user-space and kernel-space. Versions of the Linux kernel prior to 2.6.20.8 are affected.
  • Ref: http://www.securityfocus.com/bid/23677

  • 07.18.15 - CVE: CVE-2007-1353
  • Platform: Linux
  • Title: Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure
  • Description: The Linux Kernel is exposed to an information disclosure issue because it fails to handle unexpected user-supplied input. The Linux kernel versions 2.4.34.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23594

  • 07.18.16 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Cluster Software Unspecified Denial of Service
  • Description: Sun Cluster Software is a multi-system disaster recovery solution that manages the availability of applications, services and data. The application is exposed to a remote denial of service issue due to an unspecified error in the Sun Cluster Software application. Sun Cluster Software versions 3.1 for Solaris 8, 9 and 10 and Sun Cluster 3.2 for Solaris 9 and 10 for SPARC and x86 platforms are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102874-1&searchclause=

  • 07.18.17 - CVE: Not Available
  • Platform: Unix
  • Title: Courier-IMAP XMAILDIR Shell Command Injection
  • Description: Courier-IMAP is an IMAP daemon for Linux and UNIX systems. The application is exposed to a shell command injection issue because it fails to properly sanitize user-supplied input to the "XMAILDIR" variable. Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=168196

  • 07.18.18 - CVE: Not Available
  • Platform: Unix
  • Title: FreePBX SIP Packet Multiple HTML Injection Vulnerabilities
  • Description: FreePBX is a web-based configuration tool for the open source Asterisk PBX. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input from Asterisk's log files before using it in dynamically generated content. The FreePBX 2.2 series is affected.
  • Ref: http://www.securityfocus.com/bid/23575

  • 07.18.19 - CVE: Not Available
  • Platform: Unix
  • Title: eXtremail Buffer Overflow And DNS Spoofing Vulnerabilities
  • Description: eXtremail is a mail server application. The application is exposed to a buffer overflow issue. It is also exposed to unspecified DNS spoofing issues when an attacker sends malicious DNS data to trigger them. eXtremail versions 2.1 and 2.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23577

  • 07.18.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Web Browsers Digest Authentication HTTP Response Splitting
  • Description: Multiple web browsers are prone to an HTTP response splitting vulnerability. This issue is caused by a failure to properly sanitize user-supplied input before using it to create dynamic content. Microsoft Internet Explorer version 7.0.5730.11 and Mozilla Firefox version 2.0.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/23668

  • 07.18.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OPIE Accessfile.C Remote Denial of Service
  • Description: OPIE is a package and set of utilities to allow one time passwords for multiple ssh applications. The application is exposed to a remote denial of service issue due to an off-by-one error in a bounds checking operation. OpenSSH using OPIE 2.32 and 2.4 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414015

  • 07.18.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime MP4 FlipFileTypeAtom_BtoN Integer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to an integer overflow issue because it fails to properly verify user-supplied input in the "FlipFileTypeAtom_BtoN()" function when the application processes malicious MP4 files. Apple QuickTime Player versions 7.1.5 and earlier are affected.
  • Ref: http://security-protocols.com/sp-x46-advisory.php

  • 07.18.23 - CVE: CVE-2007-2029
  • Platform: Cross Platform
  • Title: Clam AntiVirus ClamAV PDF Handling Remote Denial of Service
  • Description: ClamAV is an antivirus application for Microsoft Windows and UNIX like operating systems. The application is exposed to a remote denial of service issue because of a file descriptor leakage when handling malicious PDF files.
  • Ref: http://www.securityfocus.com/bid/23656

  • 07.18.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco NetFlow Collection Engine Remote Default Account
  • Description: Cisco NetFlow Collection Engine (NFC) is a network monitoring and management application. The application is exposed to a default account issue due to a design flaw that results in an insecure account being available to remote users. Versions of Cisco NFC prior to version 6.0 are affected. Refer to Cisco Bug ID CSCsh75038.
  • Ref: http://www.kb.cert.org/vuls/id/127545

  • 07.18.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap overflow issue because it fails to properly bounds check user-supplied input. Apple QuickTime Player versions 7.1.5 and earlier are affected.
  • Ref: http://security-protocols.com/sp-x45-advisory.php

  • 07.18.26 - CVE: CVE-2007-2139
  • Platform: Cross Platform
  • Title: Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection. The application is exposed to multiple remote buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-022.html http://www.kb.cert.org/vuls/id/979825

  • 07.18.27 - CVE: CVE-2007-2138
  • Platform: Cross Platform
  • Title: PostgreSQL SECURITY DEFINER Function Local Privilege Escalation
  • Description: PostgreSQL is an open source database for Windows, Unix and Linux. The application is exposed to a local privilege escalation issue which resides in the PostgreSQL "search_path" settings, and allows unprivileged users to use temporary objects to gain escalated privileges in the context of the "security-definer" function. PostgreSQL versions 8.2, 8.1, 8.0, 7.4 and 7.3 are vulnerable.
  • Ref: http://www.postgresql.org/support/security

  • 07.18.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ACDSee XPMHeaders Buffer Overflow
  • Description: ACDSee is a photo viewer available for multiple platforms. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied input before copying it into an insufficiently sized buffer. ACDSee version 9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23620

  • 07.18.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XnView XPMHeaders Buffer Overflow
  • Description: XnView is a photo viewer application available for multiple platforms. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied input before copying it into an insufficiently sized buffer. XnView version 1.90.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23625

  • 07.18.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSSH S/Key Remote Information Disclosure
  • Description: OpenSSH is an open-source implementation of the Secure Shell protocol. The application is exposed to an information disclosure issue due to a failure of the application to properly obscure the existence of valid usernames in authentication attempts.
  • Ref: http://www.securityfocus.com/bid/23601

  • 07.18.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sendmail Unspecified Denial of Service
  • Description: Sendmail is a widely used MTA for UNIX and Microsoft Windows systems. The application is exposed to a denial of service issue because the application fails to handle exceptional conditions.
  • Ref: http://www.kb.cert.org/vuls/id/349305

  • 07.18.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Photofiltre Studio Malformed TIF File Buffer Overflow
  • Description: Photofiltre Studio is an application that allows users to view and edit various graphic formats. The application is exposed to a buffer overflow issue because the application fails to bounds check user supplied data before copying it into an insufficiently sized buffer. Photofiltre Studio version 8.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23582

  • 07.18.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: aMsn Malformed Message Denial of Service
  • Description: aMsn is an instant messaging application available for various operating systems. The application is exposed to a remote denial of service issue because it fails to handle exceptional conditions. aMsn versions 0.96 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23583

  • 07.18.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yate SIP Protocol Denial of Service
  • Description: Yate is a telephony engine available for various operating systems. The application is exposed to a remote denial of service issue because it fails to handle exceptional conditions in the SIP protocol. Yate versions 1.1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23590

  • 07.18.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Moinmoin Index.PHP Cross-Site Scripting
  • Description: Moinmoin is an open-source wiki written in Python. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "do" parameter of the "index.php" script when using an "AttachFile" argument to the "action" parameter. Moinmoin version 1.5.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23676

  • 07.18.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpMyAdmin is a web-based SQL database application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "fieldkey" parameter of the "browse_foreigners.php" script and unspecified input to the "PMA_sanitize()" function. phpMyAdmin versions prior to 2.10.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23624

  • 07.18.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TJSChat You.PHP Cross-Site Scripting
  • Description: TJSChat is a web-based chat application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "user" parameter of the "you.php" script. TJSChat version 0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/23593

  • 07.18.38 - CVE: CVE-2007-2230
  • Platform: Web Application - SQL Injection
  • Title: Computer Associates CleverPath Portal Local SQL Injection
  • Description: Computer Associates CleverPath Portal is a web-based portal application available for a variety of operating systems. The application is exposed to a local SQL injection issue because it fails to sufficiently sanitize user-supplied data via the Lite Search field before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/23671

  • 07.18.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Burak Yilmaz Blog BRY.ASP SQL Injection
  • Description: Burak Yilmaz Blog is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "bry.asp" script before using it in an SQL query. Burak Yilmaz version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23678

  • 07.18.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBulletinBoard Calendar.PHP SQL Injection
  • Description: MyBulletinBoard is a bulletin board program. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user input to the "day" parameter in the "calendar.php" script before using it in an SQL query. MyBulletinBoard versions 1.2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23612

  • 07.18.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EsForum Forum.PHP SQL Injection
  • Description: EsForum is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idsalon" parameter of the "forum.php" script before using it in an SQL query. EsForum version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23605

  • 07.18.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: uPHP Free Ring Index.PHP SQL Injection
  • Description: uPHP Free Ring is a web-based relational directory and ring building tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ring" parameter of the "index.php" script before using it in an SQL query. uPHP Free Ring 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/23586

  • 07.18.43 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBandManager Index.PHP Remote File Include
  • Description: phpBandManager is a web-based tool for managing a music band. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_GET[pg]" parameter of the "suite/index.php" script. phpBandManager version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/23673

  • 07.18.44 - CVE: Not Available
  • Platform: Web Application
  • Title: Doruk100Net Info.PHP Remote File Include
  • Description: Doruk100Net is a web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "info.php" script.
  • Ref: http://www.securityfocus.com/bid/23675

  • 07.18.45 - CVE: Not Available
  • Platform: Web Application
  • Title: phpOracleView Include_All.Inc.PHP Remote File Include
  • Description: phpOracleView is a web-based application to assist in Oracle administration remotely. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "page_dir" parameter of the "inc/include_all.inc.php" script.
  • Ref: http://www.securityfocus.com/bid/23672

  • 07.18.46 - CVE: Not Available
  • Platform: Web Application
  • Title: HYIP Manager Pro Multiple Remote File Include Vulnerabilities
  • Description: HYIP Manager Pro is a package for investment site. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "plugin_file" of the "Smarty_Compiler.class.php;" script.
  • Ref: http://www.securityfocus.com/bid/23663

  • 07.18.47 - CVE: Not Available
  • Platform: Web Application
  • Title: Comus Accept.PHP Remote File Include
  • Description: Comus is a photo gallery application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the "accept.php" script. Comus version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23661

  • 07.18.48 - CVE: Not Available
  • Platform: Web Application
  • Title: Lunascape RSS Feed HTML Injection
  • Description: Lunascape is a RSS feed reader application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Lunascape versions prior to 4.2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23665

  • 07.18.49 - CVE: Not Available
  • Platform: Web Application
  • Title: DynaTracker Base_Path Parameter Multiple Remote File Include Vulnerabilities
  • Description: DynaTracker is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "base_path" parameter of the "action.php" and "includes_handler.php" scripts. DynaTracker version 1.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23667

  • 07.18.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Active PHP Bookmarks APB.PHP Remote File Include
  • Description: Active PHP Bookmarks is a bookmark management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "APB_SETTINGS['apb_path']" parameter of the "apb.php" script. Active PHP Bookmarks version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23670

  • 07.18.51 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities
  • Description: Sunshop is a web-based shopping-cart system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "abs_path" of the "/include/payment/payflow_pro.php", "global.php" and "libsecure.php" scripts. Sunshop version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/23662

  • 07.18.52 - CVE: Not Available
  • Platform: Web Application
  • Title: Sinato Jmuffin Multiple Remote File Include Vulnerabilities
  • Description: Sinato Jmuffin is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "relPath" and "folder" parameters of the "detail.php" script.
  • Ref: http://www.securityfocus.com/bid/23655

  • 07.18.53 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyTGP AddVIP.PHP Remote File Include
  • Description: PHPMyTGP is a photo gallery application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "msetstr["PROGSDIR"]" parameter of the "addvip.php" script. PHPMyTGP version 1.4b is affected.
  • Ref: http://www.securityfocus.com/bid/23657

  • 07.18.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Ahhp Portal Page.PHP Multiple Remote File Include Vulnerabilities
  • Description: Ahhp Portal is a web-based portal application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "fp" and "sc" parameters of the "page.php" script.
  • Ref: http://www.securityfocus.com/bid/23658

  • 07.18.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Cafelog B2 Multiple Remote File Include Vulnerabilities
  • Description: B2 is a weblog and news publishing tool. It is currently known as WordPress. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "b2inc" parameter of the "b2archives.php", "b2categories.php" and "b2mail.php" scripts. B2 version 0.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23659

  • 07.18.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Built2Go PHP Link Portal Remote File Include
  • Description: Built2Go PHP Link Portal is a PHP application designed to quickly create a link portal web site. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "full_path_to_db" parameter of the "config.php" script. Built2Go PHP Link Portal version 1.79 is affected.
  • Ref: http://www.securityfocus.com/bid/23651

  • 07.18.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Ext Feed-Proxy.PHP Directory Traversal
  • Description: Ext is a library for Javascript, Ajax and UI components. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. Ext version 1.0 Alpha1 is affected.
  • Ref: http://www.securityfocus.com/bid/23643

  • 07.18.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Google Talk DXImageTransform HTML Injection
  • Description: Google Talk is a web-based communication application available for multiple operating systems. The application is exposed to an HTML injection issue because the "src" attribute of the "DXImageTransform()" function is not adequately sanitized prior to being used to display a file-type icon to a transfer recipient in the transfer notification box. Google Talk version 1.0.0.104 is affected.
  • Ref: http://www.securityfocus.com/bid/23645

  • 07.18.59 - CVE: Not Available
  • Platform: Web Application
  • Title: MyNewsGroups Include.PHP Remote File Include
  • Description: MyNewsGroups is a PHP application that acts as a Web interface to Usenet. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "myng_root" parameter of the "include.php" script. MyNewsGroups version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23646

  • 07.18.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Progress Webspeed _CPYFile.P Unauthorized Access
  • Description: Progress WebSpeed is an application for serving, creating and managing web applications. The application is exposed to an unspecified issue that lets attackers gain unauthorized access to the application's administrative scripts. WebSpeed versions 3.1a, 3.1d, and 3.1e are affected.
  • Ref: http://www.securityfocus.com/archive/1/466771

  • 07.18.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Wavewoo Loading.PHP Remote File Include
  • Description: Wavewoo is a PHP application to manage scoring and archiving of sports competitions. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path_include" parameter of the "loading.php" script. Wavewoo version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23636

  • 07.18.62 - CVE: Not Available
  • Platform: Web Application
  • Title: SilverString CMS Search Functionality Unspecified
  • Description: SilverString CMS is a content management system. The application is exposed to an unspecified issue in the search functionality. SilverString CMS version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23641

  • 07.18.63 - CVE: Not Available
  • Platform: Web Application
  • Title: JulmaCMS File.PHP Directory Traversal
  • Description: JulmaCMS is a web page management application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "file.php" script. JulmaCMS version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23642

  • 07.18.64 - CVE: Not Available
  • Platform: Web Application
  • Title: DMCMS Upload_File.PHP Arbitrary File Upload
  • Description: DMCMS is a web-based content management application. The application is exposed to an arbitrary file upload issue because the "upload_file.php" script fails to properly verify the contents of uploaded files. DMCMS version 0.6.3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/23628

  • 07.18.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Xaraya Roles Module Form Handler Security Bypass
  • Description: Xaraya is a content manager system. The application is exposed to an issue that lets attackers gain administrative access because the application fails to check privileges within certain form handlers in the Role Module. Xaraya versions prior to 1.1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/23631

  • 07.18.66 - CVE: Not Available
  • Platform: Web Application
  • Title: USP FOSS Distribution Download.PHP Directory Traversal
  • Description: USP FOSS Distribution is a file distribution application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "dnld" parameter of the "download.php" script. USP FOSS Distribution version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/23632

  • 07.18.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Advanced Webhost Billing System Cart2.PHP Remote File Include
  • Description: Advanced Webhost Billing System (AWBS) is an application for web hosting and domain registration. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "workdir" parameter of the "cart2.php" script. Advanced Webhost Billing System version 2.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23633

  • 07.18.68 - CVE: Not Available
  • Platform: Web Application
  • Title: YA Book City Field HTML Injection
  • Description: YA Book is a guest book application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the "city" input field of the "index.php" script before displaying it in dynamically generated content. YA Book version 0.98-alpha is affected.
  • Ref: http://www.securityfocus.com/archive/1/466743

  • 07.18.69 - CVE: Not Available
  • Platform: Web Application
  • Title: GPB Bulletin Board Multiple Remote File Include Vulnerabilities
  • Description: GPB is a forum application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. GPB version 2001.11.14-1 is affected.
  • Ref: http://www.securityfocus.com/bid/23622

  • 07.18.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Pagode Navigator_ok.PHP Directory Traversal
  • Description: Pagode is a Samba management system. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input when specially crafted HTTP GET requests containing a directory traversal string ("../") are sent to the "asolute" parameter of the "navigator_ok.php" script. Pagode version 0.5.8 is affected.
  • Ref: http://www.securityfocus.com/bid/23617

  • 07.18.71 - CVE: Not Available
  • Platform: Web Application
  • Title: LMS RTMessageAdd.PHP Remote File Include
  • Description: LMS (LAN Management System) is network management software designed for Internet Service Providers (ISPs). The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_LIB_DIR" parameter of the "/modules/rtmessageadd.php" script. LMS versions 1.5.3 and 1.5.4 are affected.
  • Ref: http://www.securityfocus.com/bid/23611

  • 07.18.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! PCLTar.PHP Remote File Include
  • Description: Joomla! is a web-based content management system (CMS). The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g_pcltar_lib_dir" parameter of the "pcltar.php" script. Joomla! version 1.5.0 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/466687

  • 07.18.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Maran PHP Forum Forum_write.PHP Arbitrary File Upload
  • Description: Maran PHP Forum is a web-based forum application. The application is exposed to an arbitrary file upload issue because the "forum_write.php" script fails to properly verify the contents of uploaded files. Maran PHP Forum version 09.04.2006 is affected.
  • Ref: http://www.securityfocus.com/bid/23614

  • 07.18.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Multiple Input Validation Vulnerabilities
  • Description: Phorum is a web-based forum application. The application is exposed to multiple input validation issues because the application fails to sufficiently sanitize user-supplied input. Phorum version 5.1.20 is affected.
  • Ref: http://www.securityfocus.com/archive/1/466286

  • 07.18.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Claroline RootSys Remote File Include
  • Description: Claroline is a collaborative learning application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rootSys" parameter of the "/claroline/inc/lib/index.php" script. Claroline versions prior to 1.8 rc1 are affected. Ref: http://www.claroline.net/wiki/index.php/Talk:Manual_security_hack_in_1.6_and_1.7

  • 07.18.76 - CVE: Not Available
  • Platform: Web Application
  • Title: acvsws_php5 Transport.PHP Remote File Include
  • Description: acvsws_php5 is a web portal application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "CheminInclude" parameter of the "Transport.php" script.
  • Ref: http://www.securityfocus.com/bid/23603

  • 07.18.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Post Revolution Dir Multiple Remote File Include Vulnerabilities
  • Description: Post Revolution is a content management application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the scripts "common.php" and "themes/default/preview_post_completo.php". Post Revolution versions 7.0 RC2 and 6.6 are affected.
  • Ref: http://www.securityfocus.com/bid/23607

  • 07.18.78 - CVE: Not Available
  • Platform: Web Application
  • Title: File117 Multiple Remote File Include Vulnerabilities
  • Description: File117 is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "relPath" and "folder" parameters of the "detail.php" script.
  • Ref: http://www.securityfocus.com/bid/23600

  • 07.18.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Big Blue Guestbook Comment HTML Injection
  • Description: Big Blue Guestbook is a guestbook application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
  • Ref: http://www.securityfocus.com/bid/23591

  • 07.18.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Ripe Website Manager Multiple Input Validation Vulnerabilities
  • Description: Ripe Website Manager is a content management system. The application is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data in the "ripeformpost" parameter of the "contact/index.php" script. Ripe Website Manager version 0.8.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/466673

  • 07.18.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Allfaclassifieds Level2.PHP Remote File Include
  • Description: Allfaclassifieds is a classified advertising system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the "level2.php" script. Allfaclassifieds version 6.04 is affected.
  • Ref: http://www.securityfocus.com/bid/23598

  • 07.18.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyBibli Init.Inc.PHP Remote File Include
  • Description: PHPMyBibli is a library management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "base_path" parameter of the "/includes/init.inc.php" script. PHPMyBibli version 1.32 is affected.
  • Ref: http://www.securityfocus.com/bid/23599

  • 07.18.83 - CVE: Not Available
  • Platform: Web Application
  • Title: WEBinsta FM Manager Admin Cookies Remote File Include
  • Description: WEBinsta FM Manager is a web-based file manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "absolute_path" parameter of the "admin/login.php" script only when the administrative "login" and "password" cookies contain data. WEBinsta FM Manager version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23592/info

  • 07.18.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Supasite Multiple Remote File Include Vulnerabilities
  • Description: Supasite is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "supa[db_path]" parameter. Supasite versions 1.23b and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23581

  • 07.18.85 - CVE: Not Available
  • Platform: Web Application
  • Title: JCHit Counter Imgsrv.PHP Directory Traversal
  • Description: JCHit Counter is a hit counter script. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory-traversal string ("../") are sent to the "acc" parameter of the "imgsrv.php" script. JCHit Counter version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23585

  • 07.18.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Turbulence Turbulence.PHP Remote File Include
  • Description: PHP Turbulence is a suite of PHP scripts that work together in unison. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS['tdb']" parameter of the "turbolence.php" script. PHP Turbulence version 0.0.1 alpha is affected.
  • Ref: http://www.securityfocus.com/archive/1/466564

  • 07.18.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Exponent CMS Multiple Input Validation Vulnerabilities
  • Description: Exponent CMS is a content manager application. The application is exposed to the following input validation issues because it fails to sufficiently sanitize user-supplied input. Exponent CMS version 0.96.6 Alpha and Exponent CMS version 0.96.5 RC1 are affected.
  • Ref: http://www.securityfocus.com/bid/23574

  • 07.18.88 - CVE: Not Available
  • Platform: Web Application
  • Title: NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure
  • Description: NeatUpload allows ASP.NET developers to stream uploaded files to storage. The application is exposed to an information disclosure issue because of a race condition in the affected application. NeatUpload versions 1.2.11-1.2.16, 1.1.18-1.1.23 and trunk.379-trunk.445 are affected.
  • Ref: http://www.securityfocus.com/archive/1/466404

  • 07.18.89 - CVE: Not Available
  • Platform: Network Device
  • Title: Asterisk SIP T.38 SDP Parsing Remote Stack Buffer Overflow Vulnerabilities
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD and Mac OS X platforms. The application is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Asterisk versions prior to Asterisk Open Source version 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit version 0.4.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/466883

  • 07.18.90 - CVE: Not Available
  • Platform: Network Device
  • Title: Asterisk ManagerInterface Manager.Conf Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD and Mac OS X platforms. The application is exposed to a remote denial of service issue because it fails to handle exceptional conditions. Asterisk versions prior to Business Edition B.1.3.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/466911

  • 07.18.91 - CVE: Not Available
  • Platform: Network Device
  • Title: HP StorageWorks Command View Unspecified Local Unauthorized Access
  • Description: HP StorageWorks Command View XP is software designed to manage various enterprise level storage array products from HP. The application is exposed to a local unauthorized access issue during new user registration or addition.
  • Ref: http://www.securityfocus.com/archive/1/466768

  • 07.18.92 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys SPA941 7 Character Denial of Service
  • Description: Linksys SPA941 phones are VOIP enabled telephony products. Linksys SPA941 phones are exposed to a remote denial of service issue when handling SIP messages containing the character "7". Linksys SPA941 with firmware version 5.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23619

  • 07.18.93 - CVE: Not Available
  • Platform: Network Device
  • Title: IPv6 Protocol Type 0 Route Header Denial of Service
  • Description: IPv6 protocol implementations are prone to a denial of service issue due to a design error. The issue exists in the IPv6 type 0 route headers of vulnerable protocol implementations. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.