Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 20
May 14, 2007

SANS Newsletters Home

In addition to critical vulnerabilities in three Microsoft products this week (Windows, Internet Explorer, and Exchange), a critical vulnerability was also found in a widely used security product (CA eTrust Antivirus Server). The CA tool has also been found to be easily exploitable just through the logon screen.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ ------------------------------------
    • Windows
    • 1 (#1, #2)
    • Microsoft Office
    • 6 (#6, #7, #8)
    • Other Microsoft Products
    • 3 (#3, #5)
    • Third Party Windows Apps
    • 24 (#4, #9, #10)
    • Mac Os
    • 2
    • Linux
    • 3
    • Solaris
    • 2
    • Unix
    • 3
    • Novell
    • 2
    • Cross Platform
    • 9
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 9
    • Web Application
    • 39
    • Network Device
    • 1

*********************** SANS Secure Europe **************************

The first SANS Secure Europe. Biggest SANS event ever in Europe. Register and view details at www.sans.org/brussels07. Seven Immersion Hands-On Classes: Hacker Exploits, Intrusion Detection, Security Auditing, Wireless Security, Security Essentials, Forensics, Wireless, Perimeter Protection. All in Brussels. The faculty for SANS Secure Europe is made up of the leaders in the information security industry. Eric Cole, Chris Brenton and David Hoelzer are all Course Authors and SANS Faculty Fellows. They are the industry's Top Guns when it comes to instruction. Jess Garcia, David Perez, Raul Siles, and James Tarala are all seasoned Instructors that use their real-world experience to show you how to apply what you are learning so you are ready to put the material to work as soon as you return to the office. Big program of additional events through the week - Monday is SANS@Home night; Tuesday is Vendor Day; Wednesday night is SANS Community Night; Thursday is SANS @Home night.

If you're interested in accepting the challenge, then join us in Brussels on 25-30 June. You can visit the SANS website to register at http://www.sans.org/brussels07/.

*********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Link ***************************

SANS OnSite Training Receive bonus seat for SANS OnSite (up to $5100 value) Your Location! Your Schedule! Lower Cost! Enter today! http://www.sans.org/info/7036

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows DNS RPC Interface Buffer Overflow (MS07-029)
  • Affected:
    • Microsoft Windows 2000 Server
    • Microsoft Windows 2003 Server

  • Description: The Microsoft DNS server exports a Remote Procedure Call (RPC) interface for remote administration of the server. Certain function calls do not properly handle malformed DNS zone names. A specially-crafted call to these functions containing a malformed zone name could trigger a buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Note that public exploit code has been posted. This issue was originally disclosed prior to Microsoft's official announcement as a zero-day vulnerability. A previous @RISK entry discussed this vulnerability at the time of its disclosure.

  • Status: Microsoft confirmed, updates available. Users are advised to disable the RPC management interface on the DNS server if it is not needed.

  • Council Site Actions: All of the reporting council sites are responding to this issue. Most plan to distribute the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (3) CRITICAL: Microsoft Exchange Multiple Vulnerabilities (MS07-026)
  • Affected:
    • Microsoft Exchange 2000
    • Microsoft Exchange Server 2003
    • Microsoft Exchange Server 2007

  • Description: Microsoft Exchange contains multiple vulnerabilities: (a) Exchange fails to properly handle certain specially-crafted MIME-encoded data. MIME encoding is often used to attach files to email messages. A specially-crafted email message could trigger this vulnerability and execute arbitrary code with the privileges of the server process. Note that the email need only transit the vulnerable server to trigger this vulnerability. (b) Several denial-of-service conditions exist in Exchange's handling of iCal messages and IMAP commands. An email message containing a specially-crafted iCal file (used to store calendaring and scheduling information) could cause the server to crash and stop processing further messages. Additionally, a flaw in the handling of IMAP commands could allow an attacker to crash the mail service. Note that an attacker need only send an email or connect to the IMAP server to exploit these vulnerabilities. Note that crashing the mail service may cause other Internet services, such as web and FTP servers, to also crash. Some technical details and proofs-of-concept are available for these vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to this issue. Most sites plan to distribute the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (4) CRITICAL: Computer Associates eTrust AntiVirus Server Buffer Overflow
  • Affected:
    • Computer Associates eTrust Antivirus Server version 8

  • Description: Computer Associates eTrust AntiVirus Server, a popular antivirus solution, contains a buffer overflow in its handling of user login credentials. The "inoweb" component, which listens on TCP port 12168 fails to properly handle an overlong username or password. An attacker who sent a long value for either parameter could trigger a buffer overflow and execute arbitrary code with the privileges of the vulnerable process (often SYSTEM).

  • Status: Computer Associates confirmed, updates available. Users are advised to block TCP port 12168 at the network perimeter, if possible.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (5) HIGH: Microsoft CAPICOM ActiveX Control Remote Code Execution Vulnerability (MS07-028)
  • Affected:
    • Microsoft CAPICOM ActiveX Control
    • Microsoft BizTalk Server 2004

  • Description: The Microsoft CAPICOM ActiveX control provides access to the cryptography system included with Microsoft Windows. This control fails to properly handle certain malformed inputs to exported methods. A web page that instantiates this control could call these vulnerable methods. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Two of the reporting council sites are using the affected software and plan to deploy the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (6) HIGH: Microsoft Office Remote Code Execution Vulnerability (MS07-025)
  • Affected:
    • Microsoft Office 2000/XP/2003/2007
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Office contains a flaw in the way it handles drawing objects embedded in Office documents. These objects are used to provide graphics and other imaging data in documents. An Office document containing a specially-crafted drawing object could trigger a memory corruption vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that recent versions of Office do not open documents without prompting.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to this issue. Most plan to distribute the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (7) HIGH: Microsoft Word Multiple Vulnerabilities (MS07-024)
  • Affected:
    • Microsoft Word 2000/2002/2003
    • Microsoft Works Suite 2004/2005/2006
    • Microsoft Word Viewer 2003
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Word contains multiple vulnerabilities in the way it handles Word and Rich Text Format (RTF) documents. A Word document containing a specially-crafted array or document stream element, or an RTF document containing a specially-crafted property could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that at least one of these vulnerabilities is believed to have exploits available in the wild.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to this issue. Most sites plan to distribute the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (9) HIGH: McAfee Security Center ActiveX Control Buffer Overflow
  • Affected:
    • McAfee Security Center version 6 prior to 6.0.0.25
    • McAfee Security Center version 7 prior to 7.2.147

  • Description: McAfee Security Center, used to centrally administer of McAfee security products, contains a buffer overflow in an included ActiveX component. A specially-crafted web page that instantiates this control could exploit this buffer overflow and execute arbitrary code with the privileges of the current user. Note that some technical details and a working exploit for this vulnerability are publicly available.

  • Status: McAfee confirmed, updates available. Note that users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "9BE8D7B2-329C-442A-A4AC-ABA9D7572602".

  • Council Site Actions: Only one of the responding council sites is using the affected software. They plan to deploy the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (10) HIGH: Trend Micro Server Protect Multiple Vulnerabilties
  • Affected:
    • Trend Micro Server Protect version 5.58 and possibly prior

  • Description: Trend Micro Server Protect, a popular enterprise antivirus product, contains multiple vulnerabilities in its handling of Remote Procedure Call (RPC) requests. The server exports two vulnerable interfaces, one running on TCP port 5168 and the other on port 3628. An attacker who sent a specially-crafted RPC request to one of these interfaces could trigger a buffer overflow. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that technical details for these vulnerabilities are publicly available. A working exploit for one of these vulnerabilities is known to be available to members of Immunity's partners program.

  • Status: Trend Micro confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 20, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5452 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.20.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Terminal Services Remote Security Restriction Bypass
  • Description: Microsoft Windows Terminal Services is exposed to a remote security restriction bypass issue due to a failure of the server software to properly enforce encryption requirements. Terminal Services installed on Windows 2003 Server are affected.
  • Ref: http://www.securityfocus.com/bid/23899
  • 07.20.2 - CVE: CVE-2007-0215
  • Platform: Microsoft Office
  • Title: Microsoft Excel BIFF Record Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. This issue occurs when the application handles a specially crafted BIFF file with a malformed Named Graph record.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx
  • 07.20.3 - CVE: CVE-2007-1747
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed Drawing Object Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution issue. The issue occurs when an affected application processes a malicious file containing a malformed Office drawing object. This causes process memory to become corrupted, allowing an attacker to manipulate the application's normal flow of execution to run arbitrary machine code.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx
  • 07.20.4 - CVE: CVE-2007-1202
  • Platform: Microsoft Office
  • Title: Microsoft Word RTF Parsing Remote Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue because the application fails to perform sufficient validation when parsing certain rich-text properties contained within a Word file.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS07-024.mspx
  • 07.20.5 - CVE: CVE-2007-1203
  • Platform: Microsoft Office
  • Title: Microsoft Excel Set Font Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. Please refer to the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx
  • 07.20.6 - CVE: CVE-2007-1214
  • Platform: Microsoft Office
  • Title: Microsoft Excel Filter Records Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. This issue occurs when the application handles an Excel file with a specially-crafted filter record. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=527
  • 07.20.7 - CVE: CVE-2007-0035
  • Platform: Microsoft Office
  • Title: Microsoft Word Array Remote Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue because the application fails to perform sufficient validation when processing the contents of Word files. It fails to handle malformed data within an array. Please refer to the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS07-024.mspx
  • 07.20.8 - CVE: CVE-2007-0039
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange iCal Request Remote Denial of Service
  • Description: Microsoft Exchange is exposed to a remote denial of service issue because it fails to properly handle unexpected iCal message content. iCal (Internet Calendar) is a standard message format used to exchange calendar information via email and other means. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/468047
  • 07.20.9 - CVE: CVE-2007-0213
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange Base64 MIME Message Remote Code Execution
  • Description: Microsoft Exchange is exposed to a remote code execution issue because the application fails to properly decode specially crafted email messages. The issue is triggered when Microsoft Exchange attempts to decode specially crafted base64- and MIME-encoded email message attachments. During the decoding process, attacker-supplied machine code may be executed.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
  • 07.20.10 - CVE: CVE-2007-0221
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange IMAP Command Processing Remote Denial of Service
  • Description: Microsoft Exchange is exposed to a remote denial of service issue. This issue stems from the inability of the software to properly handle a certain invalid IMAP command. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526
  • 07.20.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FullRemoteDisplay Development Kit RControl.DLL ActiveX Control Buffer Overflow
  • Description: FullRemoteDisplay is an ActiveX control that provides remote access to computers. Development Kit is a library ("RControl.dll") that adds support functionality to FullRemoteDisplay. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input data before copying it to an insufficiently sized buffer. FullRemoteDisplay uses CLSID: 2A515FCD-C0E9-4F38-9C77-2949514366F2. FullRemoteDisplay Development Kit 1.2.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23914
  • 07.20.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec pcAnywhere User Credential Local Information Disclosure
  • Description: Symantec pcAnywhere is a remote host control solution available for Microsoft Windows. The application is exposed to a local information disclosure issue because the last remote user's login credentials are stored in clear-text in the process memory of the host server. pcAnywhere versions 11.5.1, 11.5.0 and 12.0 are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.05.09b.html
  • 07.20.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DiVX City Global DiVX Zenith Player AviFixer ActiveX Control Remote Buffer Overflow
  • Description: Global DiVX Zenith Player (GDiVX Player) is a multimedia player used to play DiVX files. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input before copying it to an insufficiently sized memory buffer. All versions of Global DiVX Zenith Player with "fix.dll" version 1.0.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23907
  • 07.20.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: McAfee Viruscan McSubMgr.DLL ActiveX Control Remote Buffer Overflow
  • Description: McAfee VirusScan is an enterprise antivirus application that offers protection against the latest computer virus threats. The "McSubMgr.DLL" ActiveX control shipped with McAfee VirusScan is exposed to a buffer overflow issue. McAfee VirusScan version 10.0.21 uses the vulnerable ActiveX control.
  • Ref: http://www.securityfocus.com/bid/23909
  • 07.20.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Audio CD Ripper AudioCDRipperOCX.OCX ActiveX Control Denial of Service
  • Description: Audio CD Ripper is an ActiveX control that allows users to rip CDA tracks from CDs into various audio formats. The application is exposed to a denial of service issue because it fails to handle exceptional conditions in the "init()" function residing in the "AudtionCDRipperOCX.ocx" ActiveX control. Audio CD Ripper version 1.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.20.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sienzo Digital Music Mentor ActiveX Control SetEvalExpiryDate Method Buffer Overflow
  • Description: Sienzo Digital Music Mentor (DMM) is an application which aids in learning to play music on guitar and bass. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Sienzo Digital Music Mentor version 2.6.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23849
  • 07.20.17 - CVE: CVE-2006-3456
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution
  • Description: Symantec Norton Antivirus ActiveX control is exposed to a remote code execution issue. It has been identified on the Symantec Norton antivirus ActiveX control "navopts.dll".
  • Ref: http://www.securityfocus.com/archive/1/468116
  • 07.20.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: McAfee Security Center McSubMgr.DLL ActiveX Control Remote Buffer Overflow
  • Description: McAfee Security Center is an application to control and monitor McAfee Security products such as AntiVirus, Firewall and AntiSpam products. The "McSubMgr.DLL" ActiveX control shipped with McAfee Security Center is exposed to a buffer overflow issue because the "McSubMgr.McSubMgr" Object with a CLSID of "9BE8D7B2-329C-442A-A4AC-ABA9D7572602" fails to properly sanitize user-supplied input to the "IsOldAppInstalled()" method in the "MCSUBMGR.DLL" ActiveX component. McAfee Subscription Manager versions prior to 6.0.0.25 and prior to 7.2.147 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528
  • 07.20.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow
  • Description: BarCodeWiz is an ActiveX control for creating barcodes. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input before copying it to an insufficiently sized memory buffer. BarCodeWiz version 2.0 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html
  • 07.20.20 - CVE: CVE-2007-2221
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution
  • Description: The Microsoft Windows Media Server ActiveX control is prone to a remote code execution issue that has been identified on the Microsoft Windows Media Server ActiveX "mdsauth.dll" control.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
  • 07.20.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Research In Motion Blackberry ActiveX Control Unspecified Vulnerability
  • Description: The Blackberry ActiveX control is exposed to an unspecified vulnerability. Please refer to the advisory for further details.
  • Ref: http://www.kb.cert.org/vuls/id/869641
  • 07.20.22 - CVE: CVE-2007-0945
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer Property Method Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to remote code execution issue. The problem occurs when viewing a page containing a malformed "property" method call. An attacker can trigger this issue by tricking an unsuspecting user into viewing a malicious page. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23769
  • 07.20.23 - CVE: CVE-2007-0946
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue. An attacker can exploit this issue by enticing a user into visiting a malicious Web page. Microsoft states that this vulnerability is a variant of the issue discussed in BID 23772 (Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability). Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23770
  • 07.20.24 - CVE: CVE-2007-0944
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer Object Handling Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue. An attacker can exploit this issue by enticing a user into visiting a malicious Web page. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/467989
  • 07.20.25 - CVE: CVE-2007-0947
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue. An attacker can exploit this issue by enticing a user into visiting a malicious Web page. Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/23772
  • 07.20.26 - CVE: CVE-2007-0940
  • Platform: Third Party Windows Apps
  • Title: Microsoft CAPICOM ActiveX Control Remote Code Execution
  • Description: The Microsoft CAPICOM ActiveX control allows programmers to incorporate digital signing and encryption functionality into their applications. The application is exposed to a remote code execution issue because it fails to validate an unspecified parameter in the CAPICOM Certificates Class.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.20.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SmartCode VNC Manager ActiveX Control Scvncctrl.DLL Denial of Service
  • Description: The SmartCode VNC Manager ActiveX control is exposed to a denial of service issue which an attacker can exploit by enticing a user into opening a malicious Web page or HTML email that invokes the affected control. SmartCode VNC Manager version 3.6 is affected.
  • Ref: http://moaxb.blogspot.com/2007_05_08_archive.html
  • 07.20.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Taltech Tal Bar TALBarCd.OCX ActiveX Control Remote Buffer Overflow
  • Description: Taltech Tal Bar is an ActiveX control for adding barcodes to Windows applications, including Web pages, database reporting and labeling. The application is exposed to a buffer overflow issue because the software fails to perform sufficient bounds checks of user-supplied input before copying it to an insufficiently sized memory buffer. Taltech Tal Bar version 2.0.0.1 is affected.
  • Ref: http://securityvulns.com/Qdocument945.html
  • 07.20.29 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trend Micro ServerProtect SpntSvc.EXE Remote Stack-Based Buffer Overflow
  • Description: Trend Micro ServerProtect is an antivirus application designed specifically for servers. ServerProtect is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. Trend Micro ServerProtect version 5.58 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-025.html
  • 07.20.30 - CVE: CVE-2007-2508
  • Platform: Third Party Windows Apps
  • Title: Trend Micro ServerProtect EarthAgent.EXE Remote Stack-Based Buffer Overflow
  • Description: Trend Micro ServerProtect is an antivirus application designed specifically for servers. ServerProtect is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. This issue occurs in the "EarthAgent.exe" daemon listening on TCP port 3628. Trend Micro ServerProtect version 5.58 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/515616
  • 07.20.31 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow
  • Description: VersalSoft HTTP File Upload is an ActiveX control used to allow users to upload multiple files to web servers. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input before copying it to an insufficiently sized memory buffer. VersalSoft HTTP File Upload version 6.36 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-07-versalsoft-http-file-uploader.html
  • 07.20.33 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack-Based Buffer Overflow Vulnerabilities
  • Description: Sienzo Digital Music Mentor (DMM) is an application that helps students learn how to play guitar and bass. The application is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Digital Music Mentor version 2.6.0.4 is affected.
  • Ref: http://moaxb.blogspot.com/2007_05_06_archive.html
  • 07.20.34 - CVE: CVE-2007-2239
  • Platform: Third Party Windows Apps
  • Title: Axis Camera Control ActiveX Control Remote Buffer Overflow
  • Description: Axis Camera Control is an ActiveX control used to control Axis network cameras. The application is exposed to a buffer overflow issue that stems from a boundary condition in the "SaveBMP()" method in the "AxisCamControl.ocx" ActiveX control. Axis Camera Control versions prior to 2.40.0.0 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.20.35 - CVE: CVE-2007-0748, CVE-2007-0749
  • Platform: Mac Os
  • Title: Apple Darwin Streaming Server Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Darwin Streaming Server is an application that allows users to send streaming media using the RTP and RTSP protocol. The application is exposed to multiple remote buffer-overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://docs.info.apple.com/article.html?artnum=305495
  • 07.20.36 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Safari Unspecified Local Vulnerability
  • Description: Apple Safari is exposed to an unspecified issue. A local user may be able to use unspecified Mac OSX Components to disclose sensitive password information from Safari's keychain. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23825
  • 07.20.37 - CVE: CVE-2007-0244
  • Platform: Linux
  • Title: PopTop PPTP Server GRE Denial of Service
  • Description: PoPToP is an implementation of a PPTP (point to point tunneling protocol) server. The application is exposed to a denial of service issue because it fails to adequately handle malformed GRE packets. PoPToP version 1.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23886
  • 07.20.38 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel PPPoE Socket Local Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue which results from a memory leak and presents itself when a PPPoE socket is released by making a call to "release()" prior to the execution of a call to the "PPPIOCGCHAN" ioctl. Versions of Linux kernel in the 2.6 series prior to 2.6.21-git8 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log
  • 07.20.39 - CVE: CVE-2007-2027
  • Platform: Linux
  • Title: ELinks Relative Path Arbitrary Code Execution
  • Description: ELinks is a character-mode browser based on lynx. ELinks is exposed to an arbitrary code execution issue. The problem occurs because the application improperly uses a relative directory to include catalogs. ELinks version 0.11.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789
  • 07.20.40 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure
  • Description: The "srsexec" utility is a component from the SRS Proxy Core package distributed with Sun Microsystems Solaris 10. Solaris is exposed to a local information disclosure issue due to a design error. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
  • 07.20.41 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris ACE_SETACL Local Denial of Service
  • Description: Solaris is one of Sun Microsystem's UNIX operating systems. Sun Solaris is exposed to a local denial of service issue due to an integer signedness error which affects the "ACE_SETACL" cmd parameter of the "facl()" system call. Solaris 10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467871
  • 07.20.42 - CVE: Not Available
  • Platform: Unix
  • Title: HP Tru64 DOP Local Privilege Escalation
  • Description: HP Tru64 for the Unix operating system is exposed to a local privilege escalation issue due to an unspecified flaw in the "dop" setuid-superuser command. HP Tru64 UNIX versions 5.1.0 PK6, 5.1.0 B-4 and 5.1.0 B-3 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/467992
  • 07.20.43 - CVE: CVE-2007-0650
  • Platform: Unix
  • Title: teTeX Mkind.C Remote Buffer Overflow
  • Description: teTeX is a TeX distribution for UNIX compatible systems. The application is exposed to a buffer overflow issue because it fails to sufficiently perform boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer. teTeX versions 2.0.2 and 3.0.0 are affected.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491
  • 07.20.44 - CVE: CVE-2007-2488
  • Platform: Unix
  • Title: Asterisk IAX2 Text Frame Information Disclosure
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to an information disclosure issue because it fails to handle an IAX2 text frame.
  • Ref: http://ftp.digium.com/pub/asa/ASA-2007-013.pdf
  • 07.20.45 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Netmail NMDMC Stack-Based Buffer Overflow
  • Description: Novell Netmail is a commercially available email and calendar system. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/23916
  • 07.20.46 - CVE: Not Available
  • Platform: Novell
  • Title: Novell GroupWise Mobile Server Multiple Vulnerabilities
  • Description: Nokia Intellisync Mobile Suite is a set of server applications that provide mobility solutions for corporations. Wireless email, PIM synchronization and device management are some of the services offered by Intellisync. Novell GroupWise Mobile Server uses Intellisync technology to provide similar services. The application is exposed to multiple issues. Novell GroupWise Mobile Server 1.0 and other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/468048
  • 07.20.47 - CVE: CVE-2007-2583
  • Platform: Cross Platform
  • Title: MySQL IF Query Handling Remote Denial of Service
  • Description: MySQL is an open-source SQL database manager available for multiple operating systems. The application is exposed to a remote denial of service issue because it fails to handle certain specially crafted IF queries. MySQL versions prior to 5.0.40 are affected.
  • Ref: http://bugs.mysql.com/bug.php?id=27513
  • 07.20.48 - CVE: CVE-2007-2522, CVE-2007-2523
  • Platform: Cross Platform
  • Title: CA Multiple Products Console Server and InoCore.dll Remote Code Execution Vulnerabilities
  • Description: Multiple products from CA are exposed to vulnerabilities that will allow remote attackers to execute arbitrary code on an affected application. These issues affect CA Anti-Virus for the Enterprise version 8 and CA Threat Manager version 8. Ref: http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp
  • 07.20.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NetWin WebMail Unspecified Vulnerability
  • Description: NetWin SurgeMail is a complete email server application. It ships with a Webmail interface for remote email access. Webmail is also available as a separate package. It can be implemented on Microsoft Windows, Linux, Apple Mac OS, Unix and Solaris platforms. The application is exposed to an unspecified issue. Webmail versions prior to 3.1s-4 are affected.
  • Ref: http://www.securityfocus.com/bid/23908
  • 07.20.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution
  • Description: IBM DB2 Universal Database Server is a database server application designed to run on various platforms including Linux, AIX, Solaris and Microsoft Windows. The application is exposed to an unspecified remote code execution issue which occurs in the DB2 JDBC Applet Server (DB2JDS) service when vulnerable applications process malformed requests. These requests are handled over TCP port 6789.
  • Ref: http://www.securityfocus.com/bid/23890
  • 07.20.51 - CVE: CVE-2007-2052
  • Platform: Cross Platform
  • Title: Python PyLocale_strxfrm Function Remote Information Leak
  • Description: Python is an interpreted dynamic object-oriented programming language that is available for many operating systems. Python applications that use the "PyLocale_strxfrm" function are exposed to an information leak. This function which is located in "Modules/_localemodule.c" uses an insufficient buffer size with the "strxfrm()" function. Python versions 2.4.4-2 and 2.5 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
  • 07.20.52 - CVE: CVE-2006-7191
  • Platform: Cross Platform
  • Title: LDAP Account Manager Modified Path Local Privilege Escalation
  • Description: LDAP Account Manager is a web frontend for managing accounts stored in an LDAP directory. The application is exposed to a local privilege escalation issue in "/lam/lib/lamdaemon.pl". An attacker can control the "path" parameter to specify an alternate "rm" command. LDAP Account Manager versions prior to 1.0.0 are affected. Ref: http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33
  • 07.20.53 - CVE: CVE-2007-1669, CVE-2007-1670, CVE-2007-1671,CVE-2007-1672, CVE-2007-1673
  • Platform: Cross Platform
  • Title: Multiple Vendors Zoo Compression Algorithm Remote Denial of Service
  • Description: Zoo is a compression format developed by Rahul Dhesi based on the LZW compression algorithm. Multiple applications are exposed to a remote denial of service issue that arises when applications implementing the Zoo algorithm process certain malformed archives. Zoo utility version 2.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467646
  • 07.20.54 - CVE: CVE-2007-1864, CVE-2007-2509, CVE-2007-2510
  • Platform: Cross Platform
  • Title: PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to multiple remote buffer overflow issues because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0348.html
  • 07.20.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP FTP_Putcmd Function HTTP Response Splitting
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to an HTTP response splitting issue which occurs in the "ftp_putcmd()" function. PHP 5 versions prior to 5.2.2 and PHP 4 versions prior to 4.4.7 are affected.
  • Ref: http://www.php.net/releases/4_4_7.php
  • 07.20.56 - CVE: CVE-2007-1262
  • Platform: Web Application - Cross Site Scripting
  • Title: SquirrelMail Multiple Cross-Site Scripting Vulnerabilities
  • Description: SquirrelMail is a webmail application. The application is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input from malicious HTML emails to unspecified scripts.
  • Ref: http://www.squirrelmail.org/security/issue/2007-05-09
  • 07.20.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Multi User Randomizer Configure_Plugin.TPL.PHP Cross-Site Scripting
  • Description: PHP Multi User Randomizer is a multi user rating system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "edit_plugin" parameter of the "configure_plugin.tpl.php" script. PHP Multi User Randomizer version 2006.09.13 is affected.
  • Ref: http://www.securityfocus.com/bid/23917
  • 07.20.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenLD Unspecified Cross-Site Scripting
  • Description: OpenLD is a link directory application implemented in JavaScript. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters and scripts. OpenLD versions prior to 1.1-modified3 are affected.
  • Ref: http://www.securityfocus.com/bid/23896
  • 07.20.59 - CVE: CVE-2007-1280
  • Platform: Web Application - Cross Site Scripting
  • Title: RoboHelp Unspecified Cross-Site Scripting
  • Description: RoboHelp is a help system application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters and scripts.
  • Ref: http://www.securityfocus.com/bid/23878
  • 07.20.60 - CVE: CVE-2007-0605
  • Platform: Web Application - Cross Site Scripting
  • Title: Advanced Guestbook Picture.PHP Cross-Site Scripting
  • Description: Advanced Guestbook is a web-based guestbook application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "picture" parameter of the "picture.php" script. Advanced Guestbook version 2.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23873
  • 07.20.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OTRS Index.PL Cross-Site Scripting
  • Description: OTRS is a ticket request system implemented in PERL. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Subaction" parameter of the "index.pl" script. OTRS version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23862
  • 07.20.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kayako eSupport Index.PHP Cross-Site Scripting
  • Description: Kayako eSupport is a web-based customer service application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "_m" parameter of the "index.php" script. Kayako eSupport version 3.00.90 is affected.
  • Ref: http://www.securityfocus.com/bid/23864
  • 07.20.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mini Web Shop Multiple Cross-Site Scripting Vulnerabilities
  • Description: Mini Web Shop is a web-based DVD database. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to unspecified parameters of the "sendmail.php" and "order_form" scripts. Mini Web Shop version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/23847
  • 07.20.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Microsoft SharePoint Server Cross-Site Scripting
  • Description: Microsoft SharePoint Server is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input that will be included in dynamically generated output.
  • Ref: http://www.securityfocus.com/bid/23832
  • 07.20.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Thyme Calendar Event_View.PHP SQL Injection
  • Description: Thyme Calendar is a web-based calendar script. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "eid" parameter of the "event_view.php" script. Thyme Calendar version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23912
  • 07.20.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TaskDriver Multiple SQL Injection Vulnerabilities
  • Description: TaskDriver is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "password" field of the "login.php" script and the "taskid" parameter of the "notes.php" script. TaskDriver versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23919
  • 07.20.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TutorialCMS Search.PHP SQL Injection
  • Description: TutorialCMS is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "search.php" script before using it in an SQL query. TutorialCMS version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/23905
  • 07.20.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple News Print.PHP SQL Injection
  • Description: Simple News is a web-based news reader application implemented in PHP and AJAX. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input in the "news_id" parameter of the "print.php" script. Simple News 1.0.0 FINAL is affected.
  • Ref: http://www.securityfocus.com/bid/23904
  • 07.20.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WF-Quote Xoops Module Index.PHP SQL Injection
  • Description: WF-Quote is a Xoops module. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "index.php" script. WF-Quote version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23845
  • 07.20.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: fipsCMS PID Parameter SQL Injection
  • Description: fipsCMS is a content management system (CMS) implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "index.asp" script file. fipsCMS versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23850
  • 07.20.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Nuked-Klan X-Forwarded-For SQL Injection
  • Description: Nuked-Klan is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Nuked-Klan version 1.7.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467750
  • 07.20.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NPDS Mainfile.PHP Multiple SQL Injection Vulnerabilities
  • Description: NPDS is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. NPDS version 5.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467696
  • 07.20.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Xoops Flashgames Module Game.PHP SQL Injection
  • Description: Flashgames is a module for the XOOPS CMS. The application is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cld" parameter of the "game.php" script. Flashgame version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23820
  • 07.20.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Original Version Config.Inc.PHP Remote File Include
  • Description: Original Version is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "x[1]" parameter of the "inc/config.inc.php" script. Original Version 0.11 is affected.
  • Ref: http://www.securityfocus.com/bid/23913
  • 07.20.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Brujula Toolbar NULL Pointer Dereference Denial of Service
  • Description: Brujula Toolbar is a popup blocker application. The application is exposed to a denial of service issue that occurs in the improper handling of arguments to the "GetPropertyById()" function in the SoftomateLib (ISoftomateObj) library in the "BRUJULA4.NET.DLL" file.
  • Ref: http://www.securityfocus.com/bid/23901
  • 07.20.76 - CVE: Not Available
  • Platform: Web Application
  • Title: aForum Func.PHP Remote File Include
  • Description: aForum is a web-based forum application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "CommonAbsDir" parameter of the "common/func.php" script. aForum version 1.32 is affected.
  • Ref: http://www.securityfocus.com/bid/23902
  • 07.20.77 - CVE: Not Available
  • Platform: Web Application
  • Title: telltargetCMS Multiple Remote File Include Vulnerabilities
  • Description: telltargetCMS is a content management system. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "ordnertiefe" parameter of the "phplib/site_conf.php" script and the "tt_docroot" parameter. telltargetCMS versions 1.3.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23903
  • 07.20.78 - CVE: Not Available
  • Platform: Web Application
  • Title: RSAuction Suspended Account Security Bypass
  • Description: RSAuction is a web-based auction application. It is exposed to a security bypass issue due to a design error. RSAuction version 2.73.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23895
  • 07.20.79 - CVE: CVE-2006-5911
  • Platform: Web Application
  • Title: Campsite G_DocumentRoot Parameter Multiple Remote File Include Vulnerabilities
  • Description: Campsite is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "g_DocumentRoot" parameter. Campsite version 2.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23874
  • 07.20.80 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyPortal Articles.Inc.PHP Remote File Include
  • Description: phpMyPortal is a web-based portal application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[cheminmodules]" parameter of the "inc/articles.inc.php" script. phpMyPortal version 3.0.0 RC3 is affected.
  • Ref: http://www.securityfocus.com/bid/23898
  • 07.20.81 - CVE: Not Available
  • Platform: Web Application
  • Title: WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
  • Description: WikkaWiki is a blog application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "name" parameter of the "UserSettings" pages, An information disclosure issue in the "recentChange" feed may permit an attacker to view private pages through RSS feeds. WikkaWiki versions prior to 1.1.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/23894
  • 07.20.82 - CVE: CVE-2007-0018
  • Platform: Web Application
  • Title: Musiclab BearShare NCTAudioFile2 ActiveX Control Buffer Overflow
  • Description: BearShare is an application used to share and download video and music files. The application is exposed to a buffer overflow issue which stems from a boundary condition in the "SetFormatLikeSample()" method. An attacker can trigger the stack-based buffer overflow by passing a long string with 4124 or more bytes through an unspecified argument of the affected method. BearShare version 6.0.2.26789 is affected.
  • Ref: http://secunia.com/secunia_research/2007-50/advisory/
  • 07.20.83 - CVE: Not Available
  • Platform: Web Application
  • Title: CGX Multiple Remote File Include Vulnerabilities
  • Description: CGX is a content management system (CMS). The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "pathCGX" parameter. CGX version 20050314 is affected.
  • Ref: http://www.securityfocus.com/bid/23880
  • 07.20.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Berylium2 Berylium-Classes.PHP Remote File Include
  • Description: Berylium2 is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "beryliumroot" parameter of the script "/code/berylium-classes.php". Berilium2 version 2003-08-18 is affected.
  • Ref: http://www.securityfocus.com/bid/23882
  • 07.20.85 - CVE: Not Available
  • Platform: Web Application
  • Title: gnuedu Multiple Remote File Include Vulnerabilities
  • Description: gnuedu is an educational resource browser application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. gnuedu version 1.3b2 is affected.
  • Ref: http://www.securityfocus.com/bid/23883
  • 07.20.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Crie Seu PHPLojaFacil Path_Local Parameter Multiple Remote File Include Vulnerabilities
  • Description: PHPLojaFacil is an application that allows users to develop web-based applications. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "friendly_path" parameter. PHPLojaFacil version 0.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/23879
  • 07.20.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Miplex SmartyFU.Class.PHP Remote File Include
  • Description: Miplex is a content management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "system[smarty]" parameter of the "SmartyFU.class.php" script.
  • Ref: http://www.securityfocus.com/bid/23884
  • 07.20.88 - CVE: Not Available
  • Platform: Web Application
  • Title: LaVague PrintBar.PHP Remote File Include
  • Description: LaVague is a web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "views_path" parameter of the "views/print/printbar.php" script. LaVague version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23877
  • 07.20.89 - CVE: CVE-2007-0220
  • Platform: Web Application
  • Title: Microsoft Outlook Web Access Remote Script Injection
  • Description: Microsoft Outlook Web Access is a web-based email client application that is bundled with Microsoft Exchange. The application is exposed to a script injection issue because the application fails to properly handle specially crafted email attachments.
  • Ref: http://www.kb.cert.org/vuls/id/124113
  • 07.20.90 - CVE: CVE-2007-0609
  • Platform: Web Application
  • Title: Advanced Guestbook Lang Cookie Parameter Local File Include
  • Description: Advanced Guestbook is a guestbook application. The application is expsoed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" cookie parameter used by the "index.php" script. Advanced Guestbook 2.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23876
  • 07.20.91 - CVE: CVE-2007-1840
  • Platform: Web Application
  • Title: HoaX Toolbox Index.PHP HTML Injection
  • Description: HoaX Toolbox is an application for stealing user names and passwords. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed to the "user" and "pass" input fields of the "index.php" script. Malicious code may be recorded in log files and executed by the application administrator when log files are viewed. HoaX Toolbox versions 1.1 and 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/23860
  • 07.20.92 - CVE: Not Available
  • Platform: Web Application
  • Title: DynamicPAD HomeDir Parameter Multiple Remote File Include Vulnerabilities
  • Description: DynamicPAD is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "HomeDir" parameter of the "dp_logs.php" and "index.php" scripts. DynamicPAD version 1.02.18 is affected.
  • Ref: http://www.securityfocus.com/bid/23861
  • 07.20.93 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP TopTree BBS TPL_Message.PHP Remote File Include
  • Description: PHP TopTree BBS is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "right_file" parameter of the "tpl_message.php" script. PHP TopTree BBS version 2.01a is affected.
  • Ref: http://www.securityfocus.com/bid/23867
  • 07.20.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPTree CMS2.PHP Remote File Include
  • Description: PHPTree is a web-based application implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "s_dir" parameter of the "cms2.php" script. PHPTree 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23859
  • 07.20.95 - CVE: Not Available
  • Platform: Web Application
  • Title: CubeCart Multiple HTTP Response Splitting Vulnerabilities
  • Description: CubeCart is an e-commerce application. The application is exposed to multiple HTTP response splitting issues that occur in the "ccUser" parameter of the "cart.php" and "index.php" scripts. CubeCart version 3.0.15 is affected.
  • Ref: http://www.securityfocus.com/bid/23852
  • 07.20.96 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyWebTools SunShop Shopping Cart Multiple Input Validation Vulnerabilities
  • Description: TurnkeyWebTools SunShop Shopping Cart is an ecommerce application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. SunShop Shopping Cart v4 is affected.
  • Ref: http://www.securityfocus.com/bid/23856
  • 07.20.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Drake CMS Index.PHP HTTP Response Splitting
  • Description: Drake CMS is a content management application. The application is exposed to an HTTP response splitting issue that occurs in the "index.php" script. Drake CMS version 0.4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467829
  • 07.20.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Nuked-Klan Upload.PHP Arbitrary File Upload
  • Description: Nuked-Klan is a content management application. The application is exposed to an arbitrary file upload issue because the "upload.php" script fails to properly verify the contents of uploaded files. Nuked-Klan version 1.7.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23840
  • 07.20.99 - CVE: Not Available
  • Platform: Web Application
  • Title: WikiVI5 Show.PHP Remote File Include
  • Description: WikiVi5 is a blog application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sous_rep" parameter of the "show.php" script.
  • Ref: http://www.securityfocus.com/bid/23841
  • 07.20.100 - CVE: Not Available
  • Platform: Web Application
  • Title: ACGV Annu ACVG.PHP Local File Include Description: http://acgv.free.fr/acgv/ACGVclick/compte.php?extension=.zip&nom=ACGVannu&class=scripts&fichier=telechargement/scripts/ACGVannuACGV Annu is a calendar application. The
  • Ref: http://www.securityfocus.com/bid/23842
  • 07.20.101 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Content Architect MFA_Theme.PHP Remote File Include
  • Description: PHP Content Architect is a content management system (CMS). The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "tpls[1]" parameter of the "mfa_theme.php" script. PHP Content Architect version 0.9 pre 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23843
  • 07.20.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
  • Description: Archangel Weblog is a web log application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "index" parameter of the "index.php" script. Archangel Weblog version 0.90.02 is affected.
  • Ref: http://www.securityfocus.com/bid/23846
  • 07.20.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Friendly Friendly_Path Parameter Multiple Remote File Include Vulnerabilities
  • Description: Friendly is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "friendly_path" parameter. Friendly version 1.0d1 is affected.
  • Ref: http://www.securityfocus.com/bid/23839
  • 07.20.104 - CVE: Not Available
  • Platform: Web Application
  • Title: ACP3 Multiple Input Validation Vulnerabilities
  • Description: ACP3 is a content management system. The application is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data. ACP3 version 4.0 b3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467746
  • 07.20.105 - CVE: Not Available
  • Platform: Web Application
  • Title: VotreMedia Watermark Module For Gallery Remote File Include
  • Description: The "watermark_mod" component for Gallery is a PHP-based application that adds watermarks to pictures. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GALLERY_BASEDIR" parameter of the "watermark.php" script. watermark_mod version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23837
  • 07.20.106 - CVE: Not Available
  • Platform: Web Application
  • Title: RunCms Debug_Show.php SQL Injection and Information Disclosure Vulnerabilities
  • Description: RunCms is a web-based publishing application. It is exposed to an SQL injection and information disclosure issues because the application fails to properly sanitize user-supplied input. RunCms versions 1.5.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23819
  • 07.20.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Workbench Survival Guide Header.PHP Remote File Include
  • Description: Workbench Survival Guide is an application implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "header.php" script. Workbench Survival Guide version 0.11 is affected.
  • Ref: http://www.securityfocus.com/bid/23821
  • 07.20.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Persism Content Management System Multiple Remote File Include Vulnerabilities
  • Description: Persism Content Management System is a content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "system" parameter. Persism Content Management System version 0.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23828
  • 07.20.109 - CVE: Not Available
  • Platform: Web Application
  • Title: PMECMS Config[PathMod] Multiple Remote File Include Vulnerabilities
  • Description: PMECMS is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "config[pathMod]" parameter. PMECMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23829
  • 07.20.110 - CVE: Not Available
  • Platform: Web Application
  • Title: YaPIG Fileview.PHP Local File Include
  • Description: YaPIG is a web-based gallery. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "phid" parameter used by the "add_comment.php" script. YaPIG version 0.95b is affected.
  • Ref: http://www.securityfocus.com/bid/23814
  • 07.20.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Versado CMS Ajax_Listado.PHP Remote File Include
  • Description: Versado CMS is a web-based content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "urlModulo" parameter of the "includes/ajax_listado.php" script. Versado CMS version 1.07 is affected.
  • Ref: http://www.securityfocus.com/bid/23815
  • 07.20.112 - CVE: Not Available
  • Platform: Web Application
  • Title: E-Gads! Common.PHP Remote File Include
  • Description: E-GADS! is a membership and management application for ground search and rescue teams. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "locale" parameter of the "common.php" script. E-GADS! version 2.2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/23817
  • 07.20.113 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS FTP Server Multiple Vulnerabilities
  • Description: FTP Server is a file transfer protocol feature in Cisco IOS. The application is exposed to a denial of service issue which triggers an IOS reload during unspecified file transfers. It is also exposed to an authentication bypass issue which occurs because of improper authorization checking. This issue is being tracked by Cisco bug ID CSCse29244. Only IOS devices which have the FTP Server feature enabled are affected.
  • Ref: http://www.securityfocus.com/archive/1/468056

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS provides the best education you will ever find.
-Mike Gauthier, Heartland Business Systems

Mentor Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU