Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 19
May 7, 2007

SANS Newsletters Home

A favor please. We would be most appreciative if you could take a couple of minutes to answer two questions about @RISK and the Top 20?

1. About @RISK: For your own organization, how does @RISK actually help you now and what could we add to or how could we change the format or include or exclude information to make it more valuable?

2. About the annual Top 20 Internet Security Threats first: Do you think an annual or semi-annual or quarterly summary report is necessary or valuable? If you have looked at the Top20, do you think the current categorization is OK or can you think of improvements (If you want to see a copy to shape your answers, just email me at apaller@sans.org). Are there any things we can do to improve the value of the Top20 for you to put it to use?

*********************************************************************

This week, Tivoli Provisioning Manager users a significant threat and should already be blocking ports 8080 and 443 (#2). Also the WinAmp utility that is extremely widely used can be used to gain complete control of users' computers. (#1)

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ ------------------------------------
    • Windows
    • 1
    • Microsoft Office
    • 4
    • Third Party Windows Apps
    • 11 (#1, #9)
    • Linux
    • 7
    • Solaris
    • 1
    • Unix
    • 3
    • Novell
    • 1
    • Cross Platform
    • 14 (#2,#4,#5,#6,#10)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 11
    • Web Application
    • 25 (#8)
    • Network Device
    • 5 (#3, #7)

********************** Sponsored By SANS ****************************

SANS Voucher Credits - Maximize your Training Budget Save 15-30% on SANS training & certification Visit http://www.sans.org/info/6786 or Email Vouchers@sans.org

*************************************************************************

SANSFIRE 07 in Washington DC Features the Internet Storm Center Experts

No one knows the newest attacks better than the Internet Storm Center Incident Handlers, and they are sharing the newest attacks and defenses in evening sessions during SANSFIRE in Washington DC, July 25-August 7, 2007. Anyone who attends a course can also attend Internet Storm Center Threat Updates. For a list of courses http://www.sans.org/sansfire07/

If you cannot come to Washington or can't wait that long, SANS award winning security training is available in more than 70 cities in nine countries just in the next four months. Better still, you can schedule SANS training on-site or even take it live online or on demand. *Complete schedule: http://www.sans.org/training/bylocation/index_all.php *SANS courses on site at your facility: http://www.sans.org/onsite/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Link: **************************

1) Do you like to study on your own schedule? Want to save money on travel costs? Check out SANS OnDemand online training. http://www.sans.org/info/6791

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: NullSoft Winamp MP4 File Parsing Buffer Overflow
  • Affected:
    • NullSoft Winamp versions 5.02 to 5.34

  • Description: NullSoft Winamp, a popular media player for Microsoft Windows, contains a flaw in its parsing of MP4 files. MP4 files (also called MPEG-4 Part 14 files) are used to store digital media streams such as music and video. A specially-crafted MP4 file could trigger a buffer overflow that can be exploited by an attacker to execute arbitrary code with the privileges of the current user. Note that, depending on configuration, MP4 files may be opened automatically by Winamp without prompting. Full technical details and a working exploit are publicly available for this vulnerability.

  • Status: NullSoft confirmed, no updates available. NullSoft has stated that the next version of Winamp will fix this vulnerability.

  • References:
  • (2) HIGH: IBM Tivoli Provisioning Manager Multiple Buffer Overflows
  • Affected:
    • IBM Tivoli Provisioning Manager for OS Deployment version 5.1 and prior

  • Description: IBM Tivoli Provisioning Manager for OS Deployment ("Provisioning Manager") is used to manage installations of operating systems across an enterprise. The Provisioning Manager contains multiple buffer overflows in the way it handles HTTP and HTTPS requests to its web-based administration interface. This interface runs by default on TCP ports 8080 and 443. Several elements of the request are not properly checked for length before being passed to unsafe code; an overlong value in any of these elements will result in a stack-based buffer overflow. The fields known to be vulnerable include the HTTP URI path, and the HTTP "Host" and "Authorization" headers. Full technical details are available for this vulnerability. No authentication is necessary to exploit this vulnerability. Note that TCP port 443 is open to the Internet in many enterprises.

  • Status: IBM confirmed, updates available. Users are advised to block access to TCP ports 8080 and 443 at the network perimeter, if possible.

  • References:
  • (3) MODERATE: Cisco PIX Firewall and Adaptive Security Appliance (ASA) Multiple Vulnerabilities
  • Affected:
    • Cisco PIX and ASA Applicances running software versions 7.2.2 and prior

  • Description: The Cisco PIX firewall is a popular enterprise firewall solution. The Cisco ASA is a popular firewall appliance that also provides routing and intrusion prevention services. Both of these devices may be configured to use the Lightweight Directory Access Protocol (LDAP) for authentication. If these devices are configured to use LDAP authentication and to terminate VPN connections using the L2TP IPsec protocol, and are further configured to authenticate those sessions using CHAP or MS-CHAP, an attacker could bypass the authentication system and gain access to the VPN without providing authentication credentials. Additionally, if the device uses LDAP to authenticate administrative sessions, an attacker could bypass the authentication system to access the device's management interface. Note that both devices limit the IP addresses that can connect to the administrative interface by default. Cisco has also reported that these devices are subject to two denial-of-service attacks, which could prevent them from properly terminating VPN traffic, or to stop transmitting traffic altogether.

  • Status: Cisco confirmed, updates available.

  • References:
  • (4) MODERATE: LiveData Protocol Server Denial of Service
  • Affected:
    • LiveData Protocol Server prior to update 500062

  • Description: LiveData Protocol Server provides real-time data acquisition and process control in SCADA (Supervisory Control and Data Acquisition) environments. The server exports a SOAP remote procedure call interface via an included HTTP server. This SOAP interface does not properly handle requests for WSDL (Web Services Description Language) files: by specifying a negative value, an attacker could trigger a memory access violation. This will cause the server to crash, leading to a denial-of-service condition. There is some speculation that this flaw could lead to remote code execution, but this would depend on other, currently unconfirmed, flaws existing in the system. The vulnerable HTTP server runs on TCP port 8080 by default.

  • Status: LiveData confirmed, updates available.

  • References:
  • (5) MODERATE: Cerulean Studios Trillian and Trillian Pro Multiple Vulnerabilities
  • Affected:
    • Cerulean Studios Trillian Pro version 3.1 build 121 and prior
    • Cerulean Studios Trillian versions prior to 3.1.5.0

  • Description: Trillian is a popular multi-protocol instant messaging (IM) application. Trillian supports the Extensible Messaging and Presence Protocol (XMPP, commonly known as the Rendezvous or Jabber protocols), as well as the Internet Relay Chat (IRC) protocol. Its handling of these protocols leads to multiple vulnerabilities: (a) Trillian contains a flaw in its processing of XMPP messages. By sending a specially-crafted XMPP message to a user running Trillian and using XMPP messaging, an attacker could trigger a memory corruption vulnerability. (b) A specially-crafted IRC message containing an HTML "font" tag with an overlong "face" attribute could trigger a memory corruption vulnerability. (c) A specially-crafted IRC message containing URL which contains an overly-long string of UTF-8 encoded characters could trigger a buffer overflow if this URL is highlighted by the vulnerable user. Successfully exploiting any of these vulnerabilities could lead to arbitrary code execution with the privileges of the current user.

  • Status: Cerulean Studios confirmed, updates available.

  • References:
  • (6) LOW: Internet Systems Consortium BIND Denial of Service
  • Affected:
    • ISC BIND versions 9.40 and 9.5.0a1 - 9.5.0a3

  • Description: ISC BIND, the Berkeley Internet Name Domain (formerly Daemon), is by far the most popular Domain Name System (DNS) server on the Internet. BIND fails to properly handle certain sequences of DNS queries. An attacker sending a specially-crafted sequence of queries could trigger a denial-of-service condition, preventing further DNS queries. Note that BIND is vulnerable in its default configuration, and by nature most BIND (and other DNS) servers are exposed to the public Internet. Note that since BIND is open source, technical details for this vulnerability can be obtained via source code analysis. The default configuration of BIND may be altered by operating system vendors and integrators; it is recommended that users verify their BIND configurations.

  • Status: ISC confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling DNS recursion by adding the line "recursion no" to the "named.conf" file, if recursive querying is not required.

  • References:
Other Software
  • (7) HIGH: Aventail Connect VPN Client Buffer Overflow
  • Affected:
    • Aventail Connect 4.1.2.13 and possibly prior

  • Description: Aventail Connect, the client used to connect to VPN networks using the Aventail VPN appliance, contains a buffer overflow in its handling of Domain Name System (DNS) requests. The VPN client intercepts all regular DNS queries from applications running on the local system. An overly-long hostname in the DNS query could result in a buffer overflow. Successfully exploiting this buffer overflow could lead to arbitrary code execution with the privileges of the current user. An attacker could exploit this vulnerability by causing the victim to perform a DNS query via a specially crafted web page or email. DNS queries are initiated by almost all network applications, therefore an attacker would have many vectors for exploitation. Some technical details and a simple proof-of-concept are available for this vulnerability.

  • Status: Aventail not confirmed, no updates available.

  • References:
  • (8) HIGH: WordTube and wp-Table Plugins for WordPress PHP File Inclusion Vulnerabilities
  • Affected:
    • WordTube Plugin versions 1.43 and prior
    • wp-Table Plugin versions 1.43 and prior

  • Description: WordTube and wp-Table are plugins for the popular WordPress blogging suite. WordTube is used to embed media such as movies into WordPress blog postings. wp-Table is used to create HTML tables in WordPress blog postings. These plugins contain PHP file inclusion vulnerabilities in their handling of the "wpPATH" parameter in HTTP requests. By sending a request with a specially-crafted "wpPATH" parameter, an attacker could include arbitrary PHP code in the application. This code would run with the privileges of the web server process. Note that, to be vulnerable, the PHP "register_globals" parameter must be enabled; it is disabled by default on recent versions of PHP. A working exploit for these vulnerabilities is publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) HIGH: IrfanView IFF File Handling Buffer Overflow
  • Affected:
    • IrfanView versions 4.00 and prior

  • Description: IrfanView, a popular image viewing and conversion application for Microsoft Windows, contains a flaw in its handling of IFF (Interchange File Format) files. A specially-crafted IFF file could trigger a buffer overflow in IrfanView. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending on configuration, IFF files may be opened automatically by IrfanView without prompting. Technical details and a working exploit are available for this vulnerability. Note that it is unclear if all IFF files are capable of triggering this vulnerability: IFF was originally developed for the Commodore Amiga and was designed to carry arbitrary data, including image data. IFF images are generally stored in ILBM (Inter-Leaved Bit Map) format. It is currently believed that only IFF files containing ILBM data will trigger this vulnerablity.

  • Status: IrfanView has not confirmed, no updates available.

  • References:
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5445 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.19.1 - CVE: Not Available
  • Platform: Windows
  • Title: Hitachi Groupmax Mobile Option Unspecified Remote Buffer Overflow
  • Description: Hitachi Groupmax Mobile Option is a scheduling and mail linkage application between Groupmax and mobile phones. The application is exposed to a remote buffer overflow issue due to a failure of the software to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html
  • 07.19.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Office OCX Office Viewer ActiveX Denial of Service Vulnerabilities
  • Description: Office Viewer (Oa.ocx) is used to integrate an Office file in a form or webpage. The application is exposed to multiple denial of services issues. Office Viewer ActiveX Control version 3.2.0.5 is affected. Please refer to the advisory for further details. Ref: http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html
  • 07.19.3 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Office OCX Word Viewer ActiveX Denial of Service Vulnerabilities
  • Description: Word Viewer (WordViewer.ocx) is used to host a Word file on a website. Word Viewer ActiveX control is exposed to multiple denial of service issues. Word Viewer ActiveX Control version 3.2.0.5 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html
  • 07.19.4 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Office OCX Excel Viewer ActiveX Denial of Service Vulnerabilities
  • Description: Excel Viewer (ExcelViewer.ocx) is used to host an Excel file on a website. Excel Viewer ActiveX control is exposed to multiple denial of service issues in the following methods: DoOleCommand, FTPDownloadFile, FTPUploadFile, FTPUploadFile, HttpUploadFile, Save and SaveWebFile. Excel Viewer ActiveX Control version 3.1 is affected.
  • Ref: http://moaxb.blogspot.com/2007_05_02_archive.html
  • 07.19.5 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities
  • Description: PowerPoint Viewer (PowerPointViewer.ocx) is used to host a PowerPoint file on a Web site. PowerPoint Viewer ActiveX control is exposed to multiple denial of service issues. PowerPoint Viewer ActiveX Control version 3.1 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html
  • 07.19.6 - CVE: CVE-2007-2418
  • Platform: Third Party Windows Apps
  • Title: Cerulean Studios Trillian Pro Rendezvous XMPP HTML Decoding Heap Buffer Overflow
  • Description: Cerulean Studios Trillian is an instant messaging client that supports a number of protocols, including IRC, ICQ, MSN and Yahoo!. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Trillian Pro versions 3.1 build 121 and earlier are affected.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-06
  • 07.19.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: InterVations MailCOPA Subject Parameter Remote Buffer Overflow
  • Description: MailCOPA is an email application designed for use on Microsoft Windows computers. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/archive/1/467372
  • 07.19.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Atomix MP3 Malformed MP3 File Buffer Overflow
  • Description: Atomix MP3 is an application that allows users to edit and listen to MP3 file formats. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/23756
  • 07.19.9 - CVE: CVE-2007-0655
  • Platform: Third Party Windows Apps
  • Title: eScan Product Agent Service MWAGENT.EXE Security Bypass
  • Description: eScan is a security suite developed by MicroWorld Technologies. The application is exposed to an issue that permits an attacker to gain elevated privileges on the affected computers. This issue stems from a design error in the affected application. eScan versions 8.0.671.1 and 9.0.714.1 are affected.
  • Ref: http://secunia.com/secunia_research/2007-45/advisory/
  • 07.19.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
  • Description: Cerulean Studios Trillian is an instant messaging client that supports a number of protocols, including IRC, ICQ, MSN and Yahoo!. The application is exposed to multiple issues because it fails to properly bounds check user-supplied data prior to copying it into fixed sized memory buffers. It also fails to properly respond to exceptional conditions. Trillian version 3.1 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522
  • 07.19.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneAlarm VSdatant Driver Denial of Service
  • Description: Zone Alarm is an application level personal firewall. The application is exposed to a local denial of service issue because it fails to validate the input buffer. ZoneAlarm Pro versions 6.5.737.000 and 6.1.744.001 are affected. Ref: http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php
  • 07.19.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp MP4 File Parsing Buffer Overflow
  • Description: Winamp is a multi format media player application. The application is exposed to a buffer overflow issue when processing certain MP4 files because it fails to perform proper boundary checks on user-supplied data. Winamp versions 5.34 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23723
  • 07.19.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RealNetwork RealPlayer RA File Handling Remote Denial of Service
  • Description: RealNetwork RealPlayer is an application that allows users to play various media formats. The application is exposed to a remote denial of service issue because it fails to handle specially crafted ".ra" files. RealNetwork RealPlayer version 10 Gold is affected.
  • Ref: http://www.securityfocus.com/bid/23712
  • 07.19.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MyServer Unspecified Denial of Service
  • Description: MyServer is a web server application. The application is exposed to a denial of service issue because the application fails to properly sanitize user-supplied input. MyServer version 0.8.7 for Windows is affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119
  • 07.19.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IrfanView .IFF Format Handling Remote Buffer Overflow
  • Description: IrfanView is an image viewing and manipulation application that supports multiple image file formats. The application is exposed to a remote buffer overflow issue due to a failure of the software to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer. IrfanView version 4.00 is affected.
  • Ref: http://www.securityfocus.com/bid/23692
  • 07.19.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow
  • Description: Adobe Photoshop and Corel Paint Shop Pro are photo and image editing applications. These applications are exposed to a remote buffer overflow issue when handling specially crafted .PNG files. Adobe Photoshop CS2, CS3 and Elements 5.0 are affected. Corel Paint Shop Pro 11.20 is affected.
  • Ref: http://www.securityfocus.com/bid/23698
  • 07.19.17 - CVE: CVE-2006-7176
  • Platform: Linux
  • Title: Red Hat Sendmail Localhost.Localdomain Email Spoofing
  • Description: Red Hat Sendmail is a widely used MTA. The application is exposed to an issue that permits an attacker to send spoofed emails. This issue occurs because the application does not reject the "localhost.localdomain" domain name from e-mail messages that come from external hosts. RedHat Sendmail version 8.13.1, Enterprise Linux WS 4, ES 4 and AS 4 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0252.html
  • 07.19.18 - CVE: CVE-2007-1799
  • Platform: Linux
  • Title: KTorrent Remote Directory Traversal Variant
  • Description: KTorrent is a BitTorrent application for KDE. The application is exposed to a directory traversal issue when processing torrent filenames. KTorrent versions prior to 2.1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/23745
  • 07.19.19 - CVE: Not Available
  • Platform: Linux
  • Title: X.Org X Window System Xserver Denial of Service
  • Description: The X.Org X Windows System is an open-source X Window System for UNIX, Linux and variants. The Xserver is exposed to a denial of service issue due to a failure of the software to properly handle exceptional conditions. Xserver version 1.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23741
  • 07.19.20 - CVE: CVE-2007-0771
  • Platform: Linux
  • Title: Linux Kernel UTrace Unspecified Local Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue due to a flaw in utrace support. Please refer to the advisory for further details.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0169.html
  • 07.19.21 - CVE: Not Available
  • Platform: Linux
  • Title: VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
  • Description: VIM is a text editor. The application is exposed to multiple issues that would permit an attacker to execute arbitrary code. These issues occur in the "feedkeys()" and "writefile()" functions. Foresight Linux version 1.1 is affected.
  • Ref: https://issues.rpath.com/browse/RPL-1320
  • 07.19.22 - CVE: Not Available
  • Platform: Linux
  • Title: iputils rarpd Remote Denial of Service
  • Description: iputils rarpd is a system administration command to respond to reverse address resolution protocol (RARP) request. The application is affected by a remote denial of service issue because the application fails to properly handle certain network packets.
  • Ref: http://www.securityfocus.com/bid/23706
  • 07.19.23 - CVE: Not Available
  • Platform: Linux
  • Title: Beast Resource Limit Local Denial of Service
  • Description: Beast is an audio sound engine. The application is exposed to a denial of service issue when a local attacker exceeds user resources causing the application to fail in dropping superuser privileges. Beast version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23697
  • 07.19.24 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 9 Auditing BSM Unspecified Local Denial of Service
  • Description: Solaris 9 is exposed to a local denial of service issue due to an unspecified error when Solaris Auditing BSM is enabled. SPARC Solaris 9 without patch 122300-06 and x86 Solaris 9 without patch 122301-06 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1
  • 07.19.25 - CVE: CVE-2007-1859
  • Platform: Unix
  • Title: Xscreensaver Local Denial of Service
  • Description: Xscreensaver is a screen saver application for Linux and Unix operating systems. The software is exposed to a local denial of service issue in "getpwuid()" in "drivers/lock.c" code. This vulnerability occurs when the system is configured with remote authentication (e.g. LDAP). Xscreensaver versions prior to 5.02 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0322.html
  • 07.19.26 - CVE: CVE-2007-2241
  • Platform: Unix
  • Title: ISC BIND Query_AddSOA Denial of Service
  • Description: ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. The application is exposed to a denial of service issue because it fails to handle certain sequences of malicious queries. ISC BIND versions 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/718460
  • 07.19.27 - CVE: CVE-2007-2053
  • Platform: Unix
  • Title: AFFLIB Remote Buffer Overflow
  • Description: AFFLIB is an open source library and set of utilities to manipulate Advanced Forensics Format (AFF) files. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. AFFLIB version 2.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467038
  • 07.19.28 - CVE: CVE-2006-4520
  • Platform: Novell
  • Title: Novell eDirectory NCP Fragment Length Denial of Service
  • Description: Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server that also implements NCP (NetWare Core Protocol). The application is exposed to a remote denial of service issue because it fails to handle malformed request packets. This issue affects the application's NCP functionality. Novell eDirectory 8.8, 8.8.1, 8.7.3.8 and earlier versions are affected. Ref: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3924657&sliceId=SAL_Public
  • 07.19.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gnash DefineSprite Tag Remote Code Execution
  • Description: Gnash is the GNU standalone flash player. The application is exposed to a remote code execution issue because it fails to handle user-supplied input. Gnash version 0.7.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23765
  • 07.19.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenVMS Exception Handling Local Denial of Service
  • Description: OpenVMS is a mainframe like operating system originally developed by Digital. It is maintained and distributed by HP. The application is exposed to a local denial of service issue due to a failure of the operating system to properly handle exceptions. HP OpenVMS 8.3 Integrity and 8.2-1 Integrity are affected.
  • Ref: http://www.securityfocus.com/bid/23744
  • 07.19.31 - CVE: CVE-2007-1693
  • Platform: Cross Platform
  • Title: Yate Remote Denial of Service Vulnerability in SIP Protocol
  • Description: Yate is a production ready next generation telephony engine. The application is exposed to a remote denial of service issue which occurs when the SIP module processes certain SIP messages that do not include the "purpose" parameter in the "Call-Info" header. Yate version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467289
  • 07.19.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Href Denial of Service
  • Description: Firefox is exposed to a remote denial of service issue when processing an excessively large parameter from the "href" HTML tag. This causes the application to consume excessive CPU resources and crash. Firefox version 2.0.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23747
  • 07.19.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Directory Server BER Decoding Denial of Service
  • Description: Sun Java System Directory Server is an LDAP (Lightweight Directory Access Protocol) server distributed with multiple Sun products. The application is exposed to a denial of service issue due to an unspecified "BER decoding" issue in the LDAP SDK (Software Development Kit) for C. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1&searchclause=
  • 2007-1337, - CVE: CVE-
  • Platform: Cross Platform
  • Title: VMware Multiple Denial of Service Vulnerabilities
  • Description: VMWare Workstation is a desktop virtualization application. The application is exposed to multiple denial of service issues. VMWare Workstation version 5.5.3 build 34685 is affected.
  • Ref: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
  • 07.19.35 - CVE: CVE-2007-1320. CVE-2007-1321, CVE-2007-1322,CVE-2007-1323, CVE-2007-1366
  • Platform: Cross Platform
  • Title: QEMU Multiple Local Vulnerabilities
  • Description: QEMU is a processor emulator that is available for various platforms. The application is exposed to multiple buffer overflow and denial of service issues due to insufficient bounds checking when copying user-supplied input to insufficiently sized memory buffers.
  • Ref: http://www.securityfocus.com/bid/23731
  • 07.19.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OPeNDAP Server3 Remote Command Execution
  • Description: OPeNDAP is a freely available framework that implements the Network Data Access Protocol. The application is exposed to a remote command execution issue because the application fails to properly sanitize user-supplied input. OpeNDAP Server3 versions 3.2.10 through 3.7.4 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/857153
  • 07.19.37 - CVE: CVE-2007-1744
  • Platform: Cross Platform
  • Title: VMWare Workstation Shared Folders Directory Traversal
  • Description: VMWare Workstation is a desktop virtualization application. The application is exposed to a directory traversal issue due to a lack of proper input sanitization. VMWare version 5.5.3 build 34685 on Windows XP SP2 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=521
  • 07.19.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Web Start Unauthorized Access
  • Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch either from a desktop or from a web page. The application is exposed to an access validation issue that may allow remote attackers to gain unauthorized access to a vulnerable computer.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
  • 07.19.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Imager 8 Bit BMP Heap Based Buffer Overflow
  • Description: Imager is a Perl extension library used for generating 24 bit images. The application is exposed to a heap based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. Imager versions prior to 0.57 are affected.
  • Ref: http://www.securityfocus.com/bid/23711
  • 07.19.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aventail Connect Hostname Remote Buffer Overflow
  • Description: Aventail Connect is an SSL VPN server. The application is exposed to a buffer overflow issue because it fails to check user-supplied data before copying it into an insufficiently sized buffer. Aventail version 4.1.2.13 is affected.
  • Ref: http://www.securityfocus.com/bid/23717
  • 07.19.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
  • Description: Multiple Symantec products are exposed to a buffer overflow issue and an information disclosure issue. The information disclosure issue is due to a failure of the application to protect authentication credentials to remote shares. These authentication credentials are used for scheduled backups of local disks to network remote shares and are saved in the application directory with read access to other users. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520
  • 07.19.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GIMP RAS File Buffer Overflow
  • Description: GIMP is an image manipulation application. The application is exposed to a buffer overflow issue because it fails to properly check user-supplied input before copying it to an insufficiently sized memory buffer. GIMP version 2.2.14 is affected.
  • Ref: http://www.securityfocus.com/bid/23680
  • 07.19.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: D-Link DSL-G624T Var:RelaodHref Cross-Site Scripting
  • Description: D-Link DSL-G624T devices are DSL routers with an 802.11g wireless access point. The device is exposed to a cross-site scripting issue due to a failure to properly sanitize user-supplied input to the "var:RelaodHref" parameter of the "cgi-bin/webcm" script.
  • Ref: http://www.securityfocus.com/archive/1/467484
  • 07.19.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: All In One Control Panel CP_Config.PHP Cross-Site Scripting
  • Description: All In One Control Panel (AIOCP) is a content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "$_SERVER[]" array parameter of the "shared/config/cp_config.php" script. AIOCP versions prior to 1.3.016 are affected.
  • Ref: http://www.securityfocus.com/bid/23790
  • 07.19.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DVDdb Multiple Cross-Site Scripting Vulnerabilities
  • Description: DVDdb is a web-based DVD database. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "loan.php" script of the "movieid" parameter and the "listmovies.php" script of the "s" parameter. DVDdb versions 0.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23764
  • 07.19.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPChain Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPChain is a web-based password database application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. This issue affects the "catid" parameter of the "settings.php" and "cat.php" scripts. PHPChain versions 1.0 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23761
  • 07.19.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ariadne Index.PHP Cross-Site Scripting
  • Description: Ariadne is a web-based content manager application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "ARLogin" parameter of the "index.php" script. Ariadne version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23735
  • 07.19.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nukedit Search.ASP Cross-Site Scripting
  • Description: Nukedit is a content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "terms" parameter of the "utilities/search.asp" script. Nukedit version 4.9.7b is affected.
  • Ref: http://www.securityfocus.com/bid/23729
  • 07.19.49 - CVE: CVE-2007-2198
  • Platform: Web Application - Cross Site Scripting
  • Title: LMS Druk.PHP Cross-Site Scripting
  • Description: LAN Management System (LMS) is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "OD" parameter of the "contrib/formularz_przelewu_wplaty/druk.php" script. LMS versions prior to 1.6.9 are affected.
  • Ref: http://www.securityfocus.com/bid/23715
  • 07.19.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Red Hat Directory Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Red Hat Directory Server is a directory service application based on LDAP (Lightweight Directory Access Protocol). The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Red Hat Directory Server version 7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23709
  • 07.19.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TCExam $_SERVER[] Cross-Site Scripting
  • Description: TCExam is a web-based assessment application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "$_SERVER[]" array parameter of the "index.php" script. TCExam versions 4.0.011 and earlier are affected.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=690912
  • 07.19.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SineCms result.PHP Cross-Site Scripting
  • Description: SineCms is a content manager application. It is exposed to a cross-site scripting attack because it fails to sufficiently sanitize user-supplied input to the "stringa" parameter of the "result.php" script. SineCms version 2.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23682
  • 07.19.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Shopping Mall Detail.PHP SQL Injection
  • Description: Pre Shopping Mall is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input in the "prodid" parameter of the "details.php" script. Pre Shopping Mall version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23794
  • 07.19.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Classifieds Listings SQL Injection
  • Description: Pre Classifieds Listings is a web-based classified ad management application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input. The issue exists in the "category" parameter of the "search.php" script. Pre Classifieds Listings version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23795
  • 07.19.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Censura Censura.PHP SQL Injection
  • Description: Censura is a web-based application. Censurais is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input. The issue exists in the "vendorid" parameter of the "censura.php" script. Censura version 1.15.04 is affected.
  • Ref: http://www.securityfocus.com/bid/23796
  • 07.19.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SchoolBoard Admin.PHP SQL Injection
  • Description: SchoolBoard is a web-based bulletin board for teachers and students. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input in the "username" and "password" parameters of the "admin.php" script.
  • Ref: http://www.securityfocus.com/bid/23798
  • 07.19.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Coupon Script Index.PHP SQL Injection
  • Description: PHP Coupon Script is a coupon and advertisement script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to it via the "bus" parameter of the "index.php" script. PHP Coupon Script version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23799
  • 07.19.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PostNuke v4bJournal Module PHP SQL Injection
  • Description: v4bJournal is a journal and webblog module for PostNuke. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input in the "id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/23777
  • 07.19.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS Made Simple Stylesheet.PHP SQL Injection
  • Description: CMS Made Simple is a content manager system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data in the "templateid" parameter of the "stylesheet.php" script. CMS Made Simple version 1.05 is affected.
  • Ref: http://www.scanit.be/advisory-2007-05-02.html
  • 07.19.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access
  • Description: Psi-labs Photo Upload Share Script is a web-based application. It is exposed to an SQL injection and an unauthorized access issue due to failure of the application to sufficiently sanitize user-supplied data passed to it via the "Uid" parameter of the "admin/editusers.php" script. Psi-labs versions 1.0 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23739
  • 07.19.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Annu Home.PHP SQL Injection
  • Description: E-Annu is a guest book application. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to it via the "a" parameter of the "home.php" script.
  • Ref: http://www.securityfocus.com/bid/23727
  • 07.19.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: psipuss Editusers.PHP SQL Injection
  • Description: psipuss is a web-based image manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to it via the "uid" parameter of the "admin/editusers.php" script. psipuss version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23718
  • 07.19.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gazi Download Portal Down_Indir.ASP SQL Injection
  • Description: Gazi Download Portal is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "id" parameter of the "down_indir.asp" script.
  • Ref: http://www.securityfocus.com/bid/23714
  • 07.19.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Flip Everything.PHP Remote File Include
  • Description: Flip is a web log application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "inc_path" parameter of the "everything.php" script. Flip version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23805
  • 07.19.65 - CVE: Not Available
  • Platform: Web Application
  • Title: SecurityAdmin Logout.PHP Remote File Include
  • Description: SecurityAdmin is an application that allows administrators to manage user accounts. The application is exposed to a remote file include issue because the applications fails to sufficiently sanitize user-supplied input to the "PSA_PATH" parameter of the "logout.php" script.
  • Ref: http://www.securityfocus.com/bid/23801
  • 07.19.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Translation Engine Header.PHP Remote File Include
  • Description: Open Translation Engine is a language translation and dictionary tool. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "ote_home" parameter of the "skins/header.php" script. Open Translation Engine version 0.7.8 is affected.
  • Ref: http://www.securityfocus.com/bid/23793
  • 07.19.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Open Source Unauthorized Database Access
  • Description: Mambo is an open-source, web-based content management system (CMS). The application is exposed to an unauthorized database access issue which arises due to insufficient access validation checks. Mambo Open Source version 4.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23787
  • 07.19.68 - CVE: Not Available
  • Platform: Web Application
  • Title: CodePress Eval Function Script Execution
  • Description: CodePress is a web-based source code editor implemented in JavaScript. The application is exposed to a script execution issue because it fails to properly sanitize user-supplied input to the "eval" function of the "codepress.html" script. CodePress versions prior to 0.9.4 are affected.
  • Ref: http://www.securityfocus.com/bid/23788
  • 07.19.69 - CVE: Not Available
  • Platform: Web Application
  • Title: ActiveCampaign 1-2-All FCKEditor Module Remote Code Execution
  • Description: 1-2-All is an email marketing application. The application is exposed to a remote code execution issue because it fails to sanitize user-supplied input to the FCKeditor module. ActiveCampaign 1-2-All versions 4.5 through 4.53.13 are affected.
  • Ref: http://www.securityfocus.com/bid/23792
  • 07.19.70 - CVE: Not Available
  • Platform: Web Application
  • Title: 1024 CMS Upload Manager Download.PHP Directory Traversal
  • Description: 1024 CMS is a content management system. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "item" parameter of the "download.php" script. 1024 CMS version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23774
  • 07.19.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Progress WebSpeed Denial of Service
  • Description: WebSpeed is a web server application. The application is exposed to a denial of service issue because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/23778
  • 07.19.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Motobit ASP Upload Manager Download.ASP Directory Traversal
  • Description: Motobit ASP Upload Manager is a file transfer application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory traversal string ("../") are sent to the "File" parameter of the "download.asp" script. ASP Upload Manager versions 1.3 and 1.5 are affected.
  • Ref: http://www.securityfocus.com/bid/23757
  • 07.19.73 - CVE: Not Available
  • Platform: Web Application
  • Title: mxBB MX Faq Module Module_Root_Path Remote File Include
  • Description: The MX Faq module for the mxBB bulletin board adds FAQ functionality to the portal application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "module_root_path" parameter of the "faq.php" script. MX Faq version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23758
  • 07.19.74 - CVE: Not Available
  • Platform: Web Application
  • Title: FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: RunFile is a web-based document flow management system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. RunFile versions 1.0 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/23752
  • 07.19.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordpress myflash Plugin Remote File Include
  • Description: myflash is a Flash Player plugin for Wordpress. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "wpPath" parameter of the "myflash-button.php" script. myflash version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/23749
  • 07.19.76 - CVE: CVE-2007-2348
  • Platform: Web Application
  • Title: LFTP MirrorJob::HandleFile Arbitrary Command Injection
  • Description: LFTP is an ftp/http file transfer application which supports various network protocols. The application is exposed to an arbitrary command injection issue because it fails to adequately sanitize user-supplied data. LFTP versions prior to 3.5.9 are affected.
  • Ref: http://www.securityfocus.com/bid/23736
  • 07.19.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Imageview Fileview.PHP Local File Include
  • Description: Imageview is a web-based gallery script. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "album" parameter used by the "fileview.php" script. Imageview version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23710
  • 07.19.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Pi3Web Overly Long HTTP Request Denial of Service
  • Description: Pi3Web is a web server application. The application is exposed to a denial of service issue because the application fails to properly sanitize user-supplied input. Pi3Web version 2.0.3 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/23713
  • 07.19.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordpress MyGallery Plugin Remote File Include
  • Description: MyGallery is a plugin to manage pictures in a Wordpress application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "myPath" parameter of the "mygallerybrowser.php" script. Wordpress myGallery plugin versions 1.4b4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23702
  • 07.19.80 - CVE: Not Available
  • Platform: Web Application
  • Title: HP Power Manager Remote Agent Local Privilege Escalation
  • Description: HP Power Manager is a web-based application. The application is exposed to a privilege escalation issue that occurs in HP Power Manager Remote Agent. HP Power Manager versions 4.0Build10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23703
  • 07.19.81 - CVE: Not Available
  • Platform: Web Application
  • Title: TCExam SessionUserLang Remote PHP Code Execution
  • Description: TCExam is a web-based assessment application. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input to the "SessionUserLang" cookie value. TCExam versions 4.0.011 and earlier are affected.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=690912
  • 07.19.82 - CVE: Not Available
  • Platform: Web Application
  • Title: N/X WCMS PCLTar.PHP Remote File Include
  • Description: N/X WCMS is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g_pcltar_lib_dir" parameter of the "pcltar.lib.php" script. N/X WCMS version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23708
  • 07.19.83 - CVE: Not Available
  • Platform: Web Application
  • Title: ManageEngine Password Manager Pro Database Remote Unauthorized Access
  • Description: ManageEngine Password Manager Pro is a web-based centralized password management and storage application. It is formerly known as PassTrix. The application is exposed to a remote unauthorized access issue due to a design error.
  • Ref: http://www.securityfocus.com/bid/23693
  • 07.19.84 - CVE: Not Available
  • Platform: Web Application
  • Title: burnCMS Root Parameter Multiple Remote File Include Vulnerabilities
  • Description: burnCMS is a content management system. The application is exposed to remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root" parameter. burnCMS version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23691
  • 07.19.85 - CVE: Not Available
  • Platform: Web Application
  • Title: htmlEditBox Config.PHP Remote File Include
  • Description: htmlEditbox is a PHP based HTML editor. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied data to the "settings[app_dir]" variable in the "_editor.php" script. htmlEditbox version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23664
  • 07.19.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Apache AXIS Non-Existent WSDL Path Information Disclosure
  • Description: Apache AXIS is an implementation of the Simple Object Access Protocol. The application is exposed to a remote path information disclosure issue. This issue may allow remote unauthorized attackers to gain information on web server directory paths. Apache AXIS version 1.0 is affected.
  • Ref: http://osvdb.org/displayvuln.php?osvdb_id=34154
  • 07.19.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Firefly Multiple Remote File Include Vulnerabilities
  • Description: Firefly is a multi-user help desk application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Firefly version 1.1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/23683
  • 07.19.88 - CVE: Not Available
  • Platform: Web Application
  • Title: NetArt Media Blog System Multiple Remote File Include Vulnerabilities
  • Description: Blog System is a web-based blogging application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Blog System version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23679
  • 07.19.89 - CVE: Not Available
  • Platform: Network Device
  • Title: HP ProCurve 9300m Switches Unspecified Denial of Service
  • Description: ProCurve 9300m are a series of networking switches available from HP. HP ProCurve 9300m Switches are exposed to an unspecified remote denial of service issue due to a failure in the device to properly sanitize user-supplied input. HP ProCurve 9300m Switches running software versions 08.0.01c to 08.0.01j are affected.
  • Ref: http://www.securityfocus.com/archive/1/467492
  • 07.19.90 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco PIX and ASA Appliances Multiple Remote Vulnerabilities
  • Description: Cisco PIX and ASA Appliances are network devices which provide firewall, intrusion detection, anti-X, VPN and secure connectivity services. They are vulnerable to multiple remote vulnerabilities. Please refer to the advisory for further details. These issues are monitored by Cisco Bug IDs CSCsi16248 and CSCsh81111.
  • Ref: http://www.kb.cert.org/vuls/id/337508
  • 07.19.91 - CVE: Not Available
  • Platform: Network Device
  • Title: LiveData Protocol Server WSDL Files Remote Heap Overflow
  • Description: LiveData Protocol Server captures, models and delivers data streams across multiple source and destination protocols. The server is exposed to a remote heap overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. LiveData Protocol Server version 5.00.045 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467404
  • 07.19.92 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple LiveData Servers COTP Packets Denial of Service
  • Description: LiveData Servers establish real-time connection and data flow to multiple sources and destinations. Multiple LiveData Servers are exposed to a remote denial of service issue due to a failure in the applications to properly handle user-supplied input. LiveData Servers versions prior to 5.00.062 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/711420
  • 07.19.93 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco PIX/ASA DHCP Relay Remote Denial of Service
  • Description: Cisco PIX and ASA are exposed to a remote denial of service issue because the software fails to properly handle DHCP packets in certain circumstances. Cisco PIX and ASA devices software versions 7.2(1) through 7.2(2.14) are affected. This issue is being tracked by Cisco Bug ID CSCsh50277.
  • Ref: http://www.kb.cert.org/vuls/id/530057

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend

Mentor Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP