Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 21
May 21, 2007

SANS Newsletters Home

A tough week for Microsoft's competitors: Samba, distributed with UNIX, Linux and Mac OS X, has a critical buffer overflow flaw; Security vendor Symantec's Norton Internet Security and Personal Firewall both have buffer overflow vulnerabilities; Apple Darwin also has buffer overflow vulnerabilities; and the Java Development Kit has image processing vulnerabilities.

In fact, more than 100 vulnerabilities were discovered this week. Most are in application software, but there's some good news, too. If you hope to improve security of applications you are deploying, you can now invite your programmers to take the pilot test of the new secure coding exams in C or Java, on August 14 in Washington DC. Space is available for a maximum of 100 people, and those who sign up in the next few days will get an invitation to a webcast that helps them ensure they know what will be covered and where to find study materials. Details at: http://www.sans.org/gssp07/

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ ------------------------------------
    • Windows
    • 1
    • Third Party Windows Apps
    • 21 (#2, #6)
    • Mac OS
    • 1 (#3)
    • Linux
    • 10
    • HP-UX
    • 2
    • Solaris
    • 1
    • Unix
    • 1
    • Cross Platform
    • 22 (#1, #4)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 12
    • Web Application
    • 2
    • Network Device
    • 2 (#5)

*********************** Sponsored By SANS ***************************

SANS OnSite Training Receive bonus seat for SANS OnSite (up to $5100 value) Your Location! Your Schedule! Lower Cost! Enter today! http://www.sans.org/info/7241

*********************************************************************

The first SANS Secure Europe. Biggest SANS event ever in Europe. Register and view details at www.sans.org/brussels07. Seven Immersion Hands-On Classes: Hacker Exploits, Intrusion Detection, Security Auditing, Wireless Security, Security Essentials, Forensics, Wireless, Perimeter Protection. All in Brussels on 25-30 June. Visit the SANS website to register at http://www.sans.org/brussels07/

*********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
HP-UX
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** Sponsored Links: **************************

1) Stop the use of unauthorized USBs, iPods, and PDAs across your network with VolumeShield AntiCopy! http://www.sans.org/info/7246

2) Stonesoft launches new firewall/VPN and IPS appliances - from 10 Gig to SSL VPN solutions. Contact moreinfo@stonesoft.com or go to http://www.sans.org/info/7251

3) Be one of the first to pass the Secure Programming Exams in C or Java. http://www.sans.org/info/7256

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Symantec Norton Internet Security and Personal Firewall ActiveX Control Vulnerabilities
  • Affected:
    • Symantec Norton Internet Security 2004
    • Symantec Norton Personal Firewall 2004

  • Description: The Symantec Norton Internet Security and Personal Firewall products are shipped with an ActiveX control. This control is vulnerable to a buffer overflow that can be triggered by specially crafted parameters to its "Get" and "Set" methods. A malicious web page that instantiates this control can successfully exploit the buffer overflow to execute arbitrary code with the privileges of the current user.

  • Status: Symantec confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (3) HIGH: Apple Darwin Streaming Server Multiple Buffer Overflows
  • Affected:
    • Apple Darwin Streaming Server versions prior to 5.5.5
    • Apple QuickTime Streaming Server may also be vulnerable.

  • Description: Apple Darwin Streaming Server, a Real Time Streaming Protocol (RTSP) streaming media server, contains multiple buffer overflow vulnerabilities. By sending a specially-crafted invalid command or a specially-crafted SETUP command, an attacker can trigger one of these buffer overflows. Successfully exploiting one of these buffer overflows will allow an attacker to execute arbitrary code with the privileges of the server process (usually root). Note that, because the Apple Darwin Streaming Server is open source, technical details about the vulnerability can be obtained via source code analysis.

  • Status: Apple confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: Sun Java Development Kit Image Processing Vulnerabilities
  • Affected:
    • Sun Java Development Kit versions prior to 1.6_01-b06
    • Sun Java Development Kit versions prior to 1.5_11-b03
    • It is believed that the Sun Java Runtime Environment may also be affected, but this is unconfirmed.

  • Description: The Sun Java Development Kit, used to develop applications that run on the Sun Java platform, contains multiple vulnerabilities in the way it handles BMP and JPEG images. A JPEG image containing specially-crafted ICC color correction data could trigger a buffer overflow in the Java virtual machine. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Additionally, a specially-crafted BMP image can result in a denial-of-service condition.

  • Status: Sun confirmed, updates available.

  • Council Site Actions: Two of the reporting council sites are responding to this item. The first site plans to deploy the patch during the next maintenance window. The second site is still investigating. They don't believe they have any internal applications using this kit; however, they are waiting on additional information for the various support teams.

  • References:
Other Software
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 21, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5454 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.21.1 - CVE: Not Available
  • Platform: Windows
  • Title: yEnc32 Decoder Overly Long Filename Heap Buffer Overflow
  • Description: yEnc32 Decoder is a compression and decompression utility for the Microsoft Windows operating system. The application is exposed to a heap-based buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer. yEnc32 Decoder version 1.0.7.207 is affected.
  • Ref: http://www.securityfocus.com/bid/23948
  • 07.21.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sienzo Digital Music Mentor LTMM15.DLL ActiveX Control Stack Buffer Overflow
  • Description: Sienzo Digital Music Mentor (DMM) is an application that helps students learn how to play guitar and bass. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Digital Music Mentor version 2.6.0.4 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-17-sienzo-digital-music-mentor.html
  • 07.21.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Magic ISO Maker Cue File Stack Buffer Overflow
  • Description: Magic ISO Maker is a CD/DVD image handling application for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Magic ISO Maker 5.4 (build239) is affected.
  • Ref: http://www.securityfocus.com/bid/24029
  • 07.21.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinImage FAT Image Files Multiple Buffer Overflow Vulnerabilities
  • Description: WinImage is a disk-imaging application to create, read and edit many image formats and fileystems. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. WinImage version 8.0.8000 is affected.
  • Ref: http://www.securityfocus.com/bid/24026
  • 07.21.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Buffer Overflow
  • Description: PrecisionID is an ActiveX control barcode library that integrates with Microsoft Access, Excel, Internet Explorer, Visual Basic, and most other Windows applications. The application is exposed to a buffer overflow issue which occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. PrecisionID Barcode ActiveX control version 1.9 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-16-ie-6-precisionid-barcode.html
  • 07.21.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Arbitrary File Overwrite
  • Description: PrecisionID is an ActiveX control barcode library that integrates with Microsoft Access, Excel, Internet Explorer, Visual Basic, and most other Windows applications. The application is exposed to an arbitrary file overwrite issue which occurs in the "SaveToFile" method of the "PrecisionID_Barcode.dll" library. PrecisionID Barcode ActiveX control version 1.9 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.7 - CVE: CVE-2007-1689
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow
  • Description: Symantec Norton Personal Firewall ActiveX Control is exposed to a buffer overflow issue that occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Symantec Norton Personal Firewall 2004 and Symantec Norton Internet Security 2004 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/983953
  • 07.21.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Player Classic .MPA Div-By-Zero Denial of Service
  • Description: Media Player Classic is a freely available media player from guliverkli. It is available for the Microsoft Windows platform. The application is exposed to a denial of service issue when processing a malformed MPA file. When the software parses an empty MPA-extension media file, a divide by zero condition occurs, causing the affected application to crash. Media Player Classic version 6.4.9.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/468626
  • 07.21.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BitsCast PubDate Element Remote Denial of Service
  • Description: BitsCast is an RSS feed reader and podcast player for the Microsoft Windows operating platform. The application is exposed to a remote denial of service issue because it fails to adequately sanitize user-supplied input contained in RSS feeds. BitsCast version 0.13.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23993
  • 07.21.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DeWizardX ActiveX Control Arbitrary File Overwrite
  • Description: The DeWizardX ActiveX control is a database application deisgned to run on the Microsoft Windows operating system. The application is exposed to an arbitrary file overwrite issue due to lack of proper sanitization of user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Personal Firewall Products Local Protection Mechanism Bypass
  • Description: Multiple personal firewall products are exposed to a protection mechanism bypass issue due to a failure of the applications to properly implement protection mechanisms based on valid process identifiers. Comodo Firewall Pro 2.4.18.184, Comodo Personal Firewall 2.3.6.81, and ZoneAlarm Pro 6.1.744.001 are affected.
  • Ref: http://www.securityfocus.com/archive/1/468643
  • 07.21.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TinyIdentD Remote Buffer Overflow
  • Description: TinyIdentD is an Ident daemon for Win32 environments. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. TinyIdentD version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23981
  • 07.21.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Clever Components Database Comparer ActiveX Control Stack Based Buffer Overflow
  • Description: Database Comparer ActiveX control allows users to compare, synchronize and update database structures. The application is exposed to a stack-based buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer. Database Comparer ActiveX control version 2.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Notepad++ Ruby Source File Processing Buffer Overflow
  • Description: Notepad++ is an open-source sourcecode editor for the Windows platform. The application is exposed to buffer overflow because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Notepad++ version 4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/468529
  • 07.21.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service
  • Description: PrecisionID is an ActiveX control barcode library that integrates with Microsoft Access, Excel, Internet Explorer, Visual Basic and most other Windows applications. The application is exposed to a denial of service issue because it fails to perform adequate checks on user-supplied input data. PrecisionID Barcode ActiveX Control version 1.3 is affected.
  • Ref: http://moaxb.blogspot.com/2007_05_12_archive.html
  • 07.21.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DB Software Laboratory VImpX ActiveX Control Buffer Overflow
  • Description: VImpX is an ActiveX control which imports data into a variety of industry standard databases from flat files, cross tables or ODBC data sources. The "VImpX.ocx" ActiveX control shipped with the VImpX application is exposed to a buffer overflow issue because it fails to properly sanitize user-supplied input to the "Logfile" parameter in the "VImpX.ocx" ActiveX component. VImpX version 4.7.3.0 on Windows XP Service Pack 2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service
  • Description: ID Automation provides an ActiveX control barcode library that integrates with Microsoft Access, Excel, Infopath, Internet Explorer, Visual Basic and C++. The application is exposed to a denial of service issue because it fails to perform adequate checks on user-supplied input data. ID Automation Linear Barcode ActiveX Control 1.6.0.5 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-13-id-automation-linear-barcode.html
  • 07.21.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EFileCabinet FileCabinetNumber Authentication Bypass
  • Description: eFileCabinet software suite is used to house digital images of files. The application is exposed to an authentication bypass issue that occurs because it fails to handle non-existent "filecabinetnumber" numbers. eFileCabinet version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23944
  • 07.21.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Morovia Barcode ActiveX Control Arbitrary File Overwrite
  • Description: The Morovia Barcode ActiveX control is an application which creates barcode images. The application is exposed to an arbitrary file overwrite issue due to an unspecified error in the "Save" method of the affected ActiveX control with CLSID:18B409DA-241A-4BD8-AC69-B5D547D5B141. This allows an attacker to overwrite arbitrary files on an affected computer.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TFTP Server TFTPDWin Unspecified Directory Traversal
  • Description: TFTP Server TFTPDWIN is a File Transfer Protocol application available for Windows. The application is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input. TFTP Server TFTPDWIN version 0.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23937
  • 07.21.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hewlett Packard HPQVWOCX.DLL ActiveX Control Stack-Based Buffer Overflow
  • Description: Hewlett Packard "hpqvwocx.dll" is an ActiveX control library for use with HP Photosmart devices. The library is exposed to a stack-based buffer overflow isssue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer. HP hpqvwocx.dll version 1.0.0.309 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.21.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VooDoo cIRCle Server Multiple Remote Vulnerabilities
  • Description: VooDoo cIRCle is an open source IRC application available for Microsoft Windows. The application is exposed to multiple remote issues. VooDoo cIRCle 1.1beta26 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/23929
  • 07.21.23 - CVE: CVE-2007-2682
  • Platform: Mac Os
  • Title: Adobe Version Cue CS3 Server for Mac Firewall Deactivation Weakness
  • Description: Adobe Version Cue CS3 Server is a server-based workgroup collaboration system. The application is exposed to a weakness that results from a design error. This issue only presents itself on Apple Mac OS X systems with the personal firewall enabled. Adobe Version Cue CS3 Server is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-11.html
  • 07.21.24 - CVE: CVE-2007-2445
  • Platform: Linux
  • Title: Libpng Library Remote Denial of Service
  • Description: Libpng is a PNG reference library. The application is exposed to the denial of service issue which resides in the "png_handle_tRNS" function of "pngrutil.c". Libpng library versions 1.2.16 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/684664
  • 07.21.25 - CVE: CVE-2007-1497
  • Platform: Linux
  • Title: Linux Kernel Netfilter nf_conntrack IPv6 Packet Reassembly Rule Bypass
  • Description: The Linux kernel is exposed to a firewall rule-bypass issue due to a failure of the Linux netfilter code to properly classify network packets. The "nf_conntrack" module in the Linux kernel fails to properly classify IPv6 fragments. During packet reassembly, the "nfctinfo" structure is left initialized as zero. Linux kernel versions in the 2.6 series prior to 2.6.20.3 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0347.html
  • 07.21.26 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel 8250 Serial Driver Local Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue because the software fails to handle exceptional conditions when the "check_modem_status()" function attempts to access the "info" parameter of the "uart_port" structure. Linux kernel versions 2.6 prior to 2.6.20.11 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.11
  • 07.21.27 - CVE: CVE-2007-2444
  • Platform: Linux
  • Title: Samba SID Names Local Privilege Escalation
  • Description: Samba is a file and print server for SMB/CIFS clients which supports interoperability between multiple operating systems. The application is exposed to a local privilege escalation issue due to a logic error in the smbd daemon's internal security stack. Samba versions 3.0.23d through 3.0.25pre2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/468548
  • 07.21.28 - CVE: Not Available
  • Platform: Linux
  • Title: XFSDump XFS_FSR Insecure Temporary File Creation
  • Description: xfs_fsr is a utility supplied in xfsdump that is used to improve the organization of mounted XFS filesystems. The application xfs_fsr creates temporary files in an insecure manner. xfsdump version 2.2.38 is affected. Ref: http://www.nabble.com/Bug-417894:-xfsdump:-xfs_fsr-makes-world-writeable-temporary-directories-t3530854.html
  • 07.21.29 - CVE: Not Available
  • Platform: Linux
  • Title: CommuniGate Pro Web Mail HTML Injection
  • Description: CommuniGate Pro is a communication server application for multiple operating systems. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed to HTML email messages in the web mail portion of the application. CommuniGate Pro versions 5.1.8 and earlier are affected.
  • Ref: http://seclists.org/fulldisclosure/2007/May/0187.html
  • 07.21.30 - CVE: Not Available
  • Platform: Linux
  • Title: Interchange HTTP POST Requests Denial of Service
  • Description: Interchange is an e commerce application implemented in PERL. The application is exposed to a denial of service issue because of an error when processing certain unspecified HTTP POST requests. Interchange version 5.4.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23932
  • 07.21.31 - CVE: Not Available
  • Platform: Linux
  • Title: LibTMCG Missing Range Check Insecure Group Generation
  • Description: LibTMCG is a freely available C++ library designed to facilitate secure and fair online card games. It uses encryption methods to ensure that cards are chosen fairly and to preserve confidentiality of card hands. LibTMCG versions prior to 1.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/23930
  • 07.21.32 - CVE: Not Available
  • Platform: Linux
  • Title: LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow
  • Description: libexif is a library that is used to read and write EXIF data. It is implemented in C, and is freely available. The application is exposed to an integer overflow issue due to a failure of the application to properly ensure that integer math operations do not result in unintended overflows. libexif versions prior to 0.6.14 are affected.
  • Ref: http://www.securityfocus.com/bid/23927
  • 07.21.33 - CVE: Not Available
  • Platform: Linux
  • Title: Free-SA Multiple Buffer Overflow Vulnerabilities
  • Description: Free-SA is a statistic analyzer for daemons' log files. The application is available for UNIX, Linux, and UNIX-like operating systems. It is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying into an insufficiently sized buffer. Free-SA versions 1.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23924
  • 07.21.34 - CVE: Not Available
  • Platform: HP-UX
  • Title: Hewlett Packard Tru64 Valid User Information Disclosure
  • Description: Hewlett Packard Tru64 is exposed to an information disclosure issue that occurs when attackers can gain information about SSH users with valid accounts. HP Tru64 UNIX Versions v5.1B-3 and v5.1B-4 are affected.
  • Ref: http://www.securityfocus.com/bid/24021
  • 07.21.35 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP System Insight System JSessionID Session Fixation
  • Description: HP Systems Insight Manager (SIM) provides hardware-level management for the following: HP ProLiant, Integrity, HP 9000 servers, HP BladeSystems, HP StorageWorks MSA, EVA, and XP storage arrays. HP Systems Insight Manager is exposed to a session fixation issue due to a design error in the application when it uses "JSESSIONID" session cookies for maintaining sessions within an administrators browser. HP Systems Insight Manager version 5.0 SP5, SP6 and 4.2 are affected.
  • Ref: http://www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt
  • 07.21.36 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun JDK JPG/BMP Parser Multiple Vulnerabilities
  • Description: Sun JDK is exposed to multiple integer overflow issues that occur because the affected application fails to properly parse malicious ICC profiles when handling JPG images. It is also exposed to a denial of service issue that occurs when the BMP file parser tries to open and read from "/dev/tty". Sun JDK version 1.5.0_07-b03 is affected.
  • Ref: http://www.securityfocus.com/bid/24004
  • 07.21.37 - CVE: Not Available
  • Platform: Unix
  • Title: Exim SpamAssassin Reply Remote Buffer Overflow
  • Description: Exim is a freely-available mail transfer agent available for multiple Unix and Unix-like platforms. The application is exposed to a remote buffer overflow issue when used in conjunction with remote SpamAssassin servers. This issue is due to a failure of the application to properly bounds check user-supplied input prior to copying it to an insufficiently-sized memory buffer. Exim version 4.66 is affected.
  • Ref: http://www.securityfocus.com/bid/23977
  • 07.21.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Soap Engine Make_HTTP_Soap_Request Weak Nonce HTTP Authentication Weakness
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to an authentication weakness which arise from a design error in the "make_http_soap_request()" function.
  • Ref: http://www.securityfocus.com/bid/24034
  • 07.21.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates BrightStor ARCserve Backup CALoggerD.EXE Denial of Service
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. The application is exposed to a denial of service issue because it mishandles unexpected user-supplied input. Computer Associates BrightStor ARCserve Backup products version 11.5.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24017
  • 07.21.40 - CVE: CVE-2007-2692
  • Platform: Cross Platform
  • Title: MySQL Security Invoker Privilege Escalation
  • Description: MySQL is an open source database application available for multiple operating platforms. The application is exposed to a privilege escalation issue because it fails to adequately restore database access privileges during certain routines. MySQL versions prior to 5.1.18 are affected.
  • Ref: http://www.securityfocus.com/bid/24011
  • 07.21.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates BrightStor ARCserve Backup CatiRPC.DLL/RWXDR.DLL Denial of Service
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. The application is exposed to a denial of service issue because it mishandles malformed user-supplied input. ARCserver Backup version 11.5.2 SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/24015
  • 07.21.42 - CVE: CVE-2007-1375
  • Platform: Cross Platform
  • Title: PHP 5 Substr_Count Integer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The PHP 5 "substr_count()" function is exposed to an integer overflow issue because it fails to ensure that integer values aren't overrun. Due to a lack of proper validation on integer values, attackers may cause the function to return data outside of an allocated buffer. PHP 5 versions 5.2.1 and earlier are affected.
  • Ref: http://www.php-security.org/MOPB/MOPB-14-2007.html
  • 07.21.43 - CVE: CVE-2007-2691
  • Platform: Cross Platform
  • Title: MySQL Rename Table Function Access Validation
  • Description: MySQL is an open source Server Query Language database application available for multiple operating platforms. The application is exposed to an access validation issue because it fails to perform adequate access control. MySQL versions prior to 4.1.23, 5.0.42 and 5.1.18 are affected.
  • Ref: http://www.securityfocus.com/bid/24016
  • 07.21.44 - CVE: CVE-2007-2568
  • Platform: Cross Platform
  • Title: VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities
  • Description: VCDGear is an extractor application to convert CD images to MPEG streams. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on a user-supplied input. VCDGear version 3.55 is affected.
  • Ref: http://secunia.com/secunia_research/2007-51/advisory/
  • 07.21.45 - CVE: CVE-2007-1173
  • Platform: Cross Platform
  • Title: Multiple Vendor XFERWAN.EXE Remote Buffer Overflow
  • Description: Centennial and Symantec Discovery, and Numara Asset Manager are enterprise tracking, inventory, and auditing applications for enterprise hardware and software assets. Multiple Vendor products are exposed to a remote buffer overflow issue because the "XFERWAN.EXE" application fails to perform sufficient boundary checks when copying user-supplied data into sensitive process buffers. The issue arises in the "CentennialIPTransferServer" service when handling strings in TCP packets. Centennial Discovery 2006 Feature Pack 1, Symantec Discovery version 6.5 and Numara Asset Manager version 8.0 are affected.
  • Ref: http://secunia.com/secunia_research/2007-43/advisory/
  • 07.21.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Little CMS ICC Profile Stack-Based Buffer Overflow
  • Description: Little CMS is an open source color management engine that has been ported to a variety of platforms. The application is exposed to a remotely exploitable stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs due to an error in LCMS when parsing ICC profiles. Little CMS versions prior to 1.15 are affected.
  • Ref: http://www.securityfocus.com/bid/24001
  • 07.21.47 - CVE: CVE-2007-2693
  • Platform: Cross Platform
  • Title: MySQL Alter Table Function Information Disclosure
  • Description: MySQL is an open source Server Query Language database application available for multiple operating platforms. The application is exposed to an information disclosure issue because it fails to perform adequate access control. MySQL versions prior to 5.1.18 are affected.
  • Ref: http://www.securityfocus.com/bid/24008
  • 07.21.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP MCrypt_Create_IV Insecure Encryption Weakness
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an insecure encryption weakness due to a design error in the "mcrypt_create_iv()" function. It generates the initialization vector using the "php_rand_r()" function with an uninitialized seed. This results in weaker encryption of sensitive data.
  • Ref: http://www.securityfocus.com/bid/23984
  • 07.21.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Caucho Resin Multiple Information Disclosure Vulnerabilities
  • Description: Caucho Resin is an open source application server available for multiple operating platforms. The application is exposed to multiple information disclosure issues because it fails to adequately sanitize user-supplied data via URIs. Caucho Resin version 3.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23985
  • 07.21.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple BEA WebLogic Applications Multiple Vulnerabilities
  • Description: WebLogic platforms are enterprise application server products distributed by BEA Systems. BEA WebLogic applications are affected by multiple issues. Please refer to the advisory for further details.
  • Ref: http://dev2dev.bea.com/pub/advisory/226
  • 07.21.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco IPS Full/Half Width Unicode Detection Evasion
  • Description: Cisco IPS is an intrusion detection and prevention system. The application is exposed to a Unicode detection evasion that arises due to a design error. The problem occurs when malicious HTTP traffic contains full-width and half-width Unicode characters.
  • Ref: http://www.kb.cert.org/vuls/id/739224
  • 07.21.52 - CVE: CVE-2007-2447
  • Platform: Cross Platform
  • Title: Samba MS-RPC Remote Shell Command Execution
  • Description: Samba is a suite of software that provides file and print services for "SMB/CIFS" clients. It is available for multiple operating platforms. The application is exposed to an issue that allows arbitrary shell commands to run because the software fails to adequately escape user-supplied input through MS-RPC before using it as arguments to "bin/sh". Samba versions 3.0.0 to 3.0.25rc3 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534 http://www.kb.cert.org/vuls/id/268336
  • 07.21.53 - CVE: CVE-2007-2446
  • Platform: Cross Platform
  • Title: Samba NDR MS-RPC Request Heap-Based Buffer Overflow
  • Description: Samba is a suite of software that provides file and print services for "SMB/CIFS" clients. It is available for multiple operating platforms. The application is exposed to multiple remote heap-based buffer overflow issues because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
  • 07.21.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Webdesproxy GET Request Buffer Overflow
  • Description: Webdesproxy is an HTTP proxy application. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Webdesproxy version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23962
  • 07.21.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WordPress Akismet Plugin Unspecified Vulnerability
  • Description: Akismet plugin is a spam filter plugin for Wordpress. The application is exposed to an unspecified issue in the Akismet plugin. WordPress version 2.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/23965
  • 07.21.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TeamSpeak Server WebAdmin Interface Privilege Escalation
  • Description: TeamSpeak is a voice communication application available for Linux and Windows. The WebAdmin interface allows remote administration of a TeamSpeak Server. The application is exposed to a privilege escalation issue due to a design flaw in the WebAdmin interface. TeamSpeak version 2.0.20.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23935
  • 07.21.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Progress OpenEdge Multiple Denial of Service Vulnerabilities
  • Description: OpenEdge is a development platform for managing business applications. The application is exposed to multiple denial of service issues because it fails to properly sanitize user-supplied input. OpenEdge version 10b is affected.
  • Ref: http://www.securityfocus.com/archive/1/468349
  • 07.21.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: H-Sphere SiteStudio Template Parameter Local File Include
  • Description: H-Sphere SiteStudio is an application to build web site pages. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter. H-Sphere SiteStudio versions 3.0 and earlier are affected.
  • Ref: http://www.psoft.net/misc/hsphere_sitestudio_fix_2007-05-10.html
  • 07.21.59 - CVE: CVE-2007-0754
  • Platform: Cross Platform
  • Title: Apple QuickTime MOV File STSD Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer. QuickTime 7 versions prior to 7.1.3 are affected.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-07
  • 07.21.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VP-ASP Shopping Cart ShopContent.ASP Cross-Site Scripting
  • Description: VP-ASP Shopping Cart is an ecommerce application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "type" form field parameter of the "shopcontent.asp" script. VP-ASP Shopping Cart version 6.50 is affected.
  • Ref: http://www.securityfocus.com/bid/24033
  • 07.21.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VDECK WebMail PrintCal.PL Cross-Site Scripting
  • Description: VDECK WebMail is a webmail application implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "type" parameter of the "printcal.pl" script. VDECK WebMail version 4.03 is affected.
  • Ref: http://www.securityfocus.com/bid/24022
  • 07.21.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Xajax Unspecified Cross-Site Scripting
  • Description: Xajax is a PHP class library enabling administrators to Ajax enable their PHP based programs. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters and scripts. Xajax versions prior to 0.2.5 are affected.
  • Ref: http://www.securityfocus.com/bid/24006
  • 07.21.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jetbox CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Jetbox CMS is a content management application. The application is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input. Jetbox CMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23999
  • 07.21.64 - CVE: CVE-2007-1903
  • Platform: Web Application - Cross Site Scripting
  • Title: SonicBB Search.PHP Cross-Site Scripting
  • Description: SonicBB is a web-based bulletin board application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "part" form field of the "search.php" script. SonicBB version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/468537
  • 07.21.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EQDKP Show Variable Cross-Site Scripting
  • Description: EQDKP is a web-based guild application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "show" parameter in the "listmembers.php" script. EQDKP versions 1.3.2c and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23951
  • 07.21.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TeamSpeak Server Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
  • Description: TeamSpeak is an online VoIP application available for Linux and Windows. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "error_text" parameter of the "ok_box.html" script and the "ok_title" parameter of the "error_box.html" script. TeamSpeak Server version 2.0.20.1 is affected.
  • Ref: http://www.securityfocus.com/bid/23933
  • 07.21.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LanguageTool Demultiplex() Method Cross-Site Scripting
  • Description: LanguageTool is a web-based language checker implemented in Java. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "demultiplex()" method before using it in dynamically generated error messages. LanguageTool versions prior to 0.8.9 are affected.
  • Ref: http://www.securityfocus.com/bid/23931
  • 07.21.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SimpNews Print.PHP SQL Injection
  • Description: SimpNews is a web-based news application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsnr" parameter of the "print.php" script before using it in an SQL query. SimpNews version 2.40.01 is affected.
  • Ref: http://www.securityfocus.com/bid/24028
  • 07.21.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo Com_Yanc Add On ListID Parameter SQL Injection
  • Description: The "com_yanc" addon is a component for the Mambo content manager. The addon is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Mambo "com_yanc" version 1.4 beta is affected.
  • Ref: http://www.securityfocus.com/bid/24030
  • 07.21.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FAQEngine Question.PHP SQL Injection
  • Description: FAQEngine is an application that maintains a FAQ database. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "questionref" parameter of the "question.php" script before using it in an SQL query. FAQEngine versions 4.16.03 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24032
  • 07.21.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunawaySoft Haber Portal Devami.asp SQL Injection
  • Description: RunawaySoft Haber Portal is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "devami.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/24018
  • 07.21.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyConference XOOPS Module Index.PHP SQL Injection
  • Description: MyConference is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "index.php" script before using it in an SQL query. MyConference version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23995
  • 07.21.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS ResManager Module Edit_day.PHP SQL Injection
  • Description: ResManager is a reservation manager module for the XOOPS content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_reserv" parameter of the "edit_day.php" script before using it in an SQL query. ResManager version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/23997
  • 07.21.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Module Glossarie Glossaire-P-F.PHP SQL Injection
  • Description: XOOPS Module Glossarie is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "glossaire-p-f.php" script before using it in an SQL query. XOOPS Module Glossarie versions 1.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23998
  • 07.21.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EfesTECH Haber Multiple SQL Injection Vulnerabilities
  • Description: EfesTECH Haber is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of an unspecified script before using it in an SQL query. EfesTECH Haber version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23960
  • 07.21.76 - CVE: CVE-2007-1902
  • Platform: Web Application - SQL Injection
  • Title: SonicBB Multiple SQL Injection Vulnerabilities
  • Description: SonicBB is a bulletin board application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "part" parameter of the "search.php" script and the "productid" parameter of the "viewforum.php" script before using it in an SQL query. SonicBB version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/468536
  • 07.21.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlogMe Archshow.ASP SQL Injection
  • Description: BlogMe is an ASP based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "var" parameter of the "archshow.asp" script before using it in an SQL query. BlogMe version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23956
  • 07.21.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W1L3D4 Philboard W1L3D4_Bolum.ASP SQL Injection
  • Description: W1L3D4 Philboard is a content management system (CMS). The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "forumid" parameter of the "W1L3D4_boulm.asp" script before using it in an SQL query. W1L3D4 Philboard version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/23945
  • 07.21.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iG Shop Page.PHP SQL Injection
  • Description: iG Shop is a shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "type_id" parameter of the "page.php" script before using it in an SQL query. iG Shop version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23949
  • 07.21.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Geeklog ImageImageMagick.PHP Remote File Include
  • Description: Geeklog is a web-based blogging application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "glConf[path_system]" parameter of the "system/ImageImageMagick.php" script. Geeklog version 2.x is affected.
  • Ref: http://www.securityfocus.com/bid/24031
  • 07.21.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPGlossar Format_Menue Parameter Multiple Remote File Include Vulnerabilities
  • Description: PHPGlossar is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "format_menue" parameter of the scripts "/inc/change_action.php" and "/inc/add.php". PHPGlossar version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/24024
  • 07.21.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Glossword Custom_Vars.PHP Remote File Include
  • Description: Glossword is a web-based application to create a multilingual online dictionary. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sys[path_addon]" parameter of the "custom_vars.php" script. Glossword version 1.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24009
  • 07.21.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Achievo ATK.Inc Remote File Include
  • Description: Achievo is a web-log application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "config_atkroot" parameter of the "atk.inc" script. Achievo version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23992
  • 07.21.84 - CVE: CVE-2007-1898
  • Platform: Web Application
  • Title: Jetbox CMS Email FormMail.PHP Input Validation
  • Description: Jetbox CMS is a content management system. The application is exposed to an input validation issue as it fails to adequately sanitize user-supplied data to the "recipient", "_SETTINGS[allowed_email_hosts]" and "subject" parameters of the "formmail.php" script. Jetbox CMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/468644
  • 07.21.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Geeklog Media Gallery Ftpmedia.PHP Remote File Include
  • Description: Geeklog Media Gallery is a media gallery plugin for Geeklog. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_MG_CONF" parameter of the "ftpmedia.php" script. Geeklog Media Gallery versions prior to 1.4.8a are affected.
  • Ref: http://www.gllabs.org/article.php?story=mgsecurity148b
  • 07.21.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Linksnet Newsfeed Remote File Include
  • Description: Linksnet Newsfeed is a newsfeed reader application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "dirpath_linksnet_newsfeed" parameter of the "linksnet_linkslog_rss.php" script. Linksnet Newsfeed version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23982
  • 07.21.87 - CVE: Not Available
  • Platform: Web Application
  • Title: W2Box Arbitrary File Upload
  • Description: W2Box is a PHP-based file upload and download manager. The application is exposed to an arbitrary file upload issue because data uploaded via the "file" input field of the "index.php" script is not properly verified. W2Box version 4.0.0Beta4 is affected.
  • Ref: http://www.securityfocus.com/bid/23975
  • 07.21.88 - CVE: Not Available
  • Platform: Web Application
  • Title: MHSoftware Connect Daily Unspecified Vulnerability
  • Description: Connect Daily is a web-based calendar application. The application is exposed to an unspecified issue. Connect Daily versions prior to 3.3.3 are affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/23968
  • 07.21.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Tools 4 Web News-Script NewsAdmin.PHP Remote File Include
  • Description: Tools 4 Web News-Script is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "action" parameter of the "newsadmin.php" script. Tools 4 Web News-Script version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23970
  • 07.21.90 - CVE: Not Available
  • Platform: Web Application
  • Title: iFdate Administrative Authentication Bypass
  • Description: iFdate is a web-based community site application. The application is exposed to an issue that lets attackers trivially gain administrative access to the application due to insufficient access validation. iFdate versions 2.0 and later are affected.
  • Ref: http://www.securityfocus.com/bid/23971
  • 07.21.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Beacon Splash.lang.PHP Remote File Include
  • Description: Beacon is a wiki publishing system that is part of the GNU project. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "languagePath" parameter of the "splash.lang.php" script. Beacon version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23959
  • 07.21.92 - CVE: Not Available
  • Platform: Web Application
  • Title: NagiosQL Prepend_Adm.PHP Remote File Include
  • Description: NagiosQL is a web-based administration interface for Nagios. Nagios is an open-source application designed to monitor networks and services for service interruptions and to notify administrators when various events occur. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "SETS[path][physical]" parameter of the "functions/prepend_adm.php" script. NagiosQL version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23966
  • 07.21.93 - CVE: Not Available
  • Platform: Web Application
  • Title: phpATM Index.PHP Directory Traversal
  • Description: phpATM is a download and upload management application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "downloadfile" parameter of the "index.php" script. phpATM version 1.30 is affected.
  • Ref: http://www.securityfocus.com/bid/23952
  • 07.21.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Snaps! Gallery Users.PHP Remote Password Change
  • Description: Snaps! Gallery is a web-based application. The application is exposed to an issue that may permit attackers to change the password of arbitrary users. Attackers may exploit this issue by submitting an HTTP POST request containing malicious data to the "user" parameter of the "Admin/users.php" script. Snaps! Gallery version 1.4.4 is affected.
  • Ref: http://www.securityfocus.com/bid/23940
  • 07.21.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PinkCrow Designs Gallery PHPThumb.PHP Local File Include
  • Description: Gallery is a web-based photo gallery application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "src" parameter of the "phpThumb.php" script. Gallery version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/23943
  • 07.21.96 - CVE: Not Available
  • Platform: Web Application
  • Title: R2K Gallery Galeria.PHP Local File Include
  • Description: R2K Gallery is a web-based gallery application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pictures_folder" parameter used by the "galeria.php" script. R2K Gallery version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23938
  • 07.21.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Monalbum Admin_Configuration.PHP Arbitrary Code Execution
  • Description: Monalbum is a web-based photo application. The application is exposed to an arbitrary code execution issue that exists in the "admin/admin_configuration.php" script. Monalbum version 0.8.7 is affected.
  • Ref: http://www.securityfocus.com/bid/23939
  • 07.21.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Group-Office Multiple Security Bypass Vulnerabilities
  • Description: Group-Office is a web-based suite of office applications. The software is exposed to a security bypass issue due to a design error. Group-Office versions 2.16-12 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/23925
  • 07.21.99 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Todo List Manager Regular Expressions Security Bypass
  • Description: PHP Todo List Manager is a multiuser task manager implemented in PHP. The application is exposed to a security bypass issue because it fails to adequately validate user-supplied data. PHP Todo List Manager versions prior to 0.8.1 Beta are affected.
  • Ref: http://www.securityfocus.com/bid/23928
  • 07.21.100 - CVE: Not Available
  • Platform: Network Device
  • Title: Sun Brocade Switches Denial of Service
  • Description: Sun Brocade switches are network devices created via a joint effort between Sun Microsystems and Brocade. Sun Brocade switches are exposed to a denial of service issue due to a Linux kernel problem. The issue occurs when a certain kernel process is spawned by a nonroot user, causing the switches to panic and reboot. This will result in a temporary loss of connectivity to SANS devices. Switches with FOS versions 5.2.0b and earlier, and switches without FOS 5.0.5c are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102752-1&searchclause=
  • 07.21.101 - CVE: Not Available
  • Platform: Network Device
  • Title: T-Com Speedport Router Brute Force Security Bypass Weakness
  • Description: T-Com Speedport is a DSL router and and wireless access point. The Speedport firmware is exposed to a security bypass weakness because it fails to protect against brute force attacks. Speedport version w700v is affected.
  • Ref: http://www.securityfocus.com/bid/23967

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP