Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 22
May 28, 2007

SANS Newsletters Home

Apple Mac OS X and the Sun Java Web Proxy (used in enterprises, ISPs and e-commerce environments for caching and filtering web content) both have critical vulnerabilities this week.

Correction: You may invite *both* your own organization's programmers as well as programmers who work for your system integrators and outsourcers, to participate in the inaugural secure coding exams in C and Java, on August 14 in Washington DC. Please select up to six programmers for the exams. Ensuring application programmers know how to find and eliminate the errors that cause security flaws is by far the most cost-effective way to improve the security of the applications you are deploying. Test participants will be eligible to earn secure programming certification, and each will receive a detailed report listing gaps in their secure programming knowledge. Participant names will be entirely confidential. Those who sign up in the next few days will also get an invitation to a webcast that helps them ensure they know what will be covered and where to find study materials. Resources: Exam blueprints and details at: www.sans-ssi.org Test information: http://www.sans.org/gssp07/ Questions: spa@sans.org

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ ------------------------------------
    • Windows
    • 1
    • Microsoft Office
    • 1
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 24 (#5)
    • Mac Os
    • 2 (#1)
    • Linux
    • 6
    • Solaris
    • 1
    • Cross Platform
    • 12 (#2)
    • Web Application - Cross Site Scripting
    • 20
    • Web Application - SQL Injection
    • 10 (#4)
    • Web Application
    • 19
    • Network Device
    • 3 (#3)

********* SANS Europe (Belgium) and SANSFIRE 2007 (Washington DC) *******

The big changes coming in security appear to be creating a surge of demand for security professionals and auditors with stronger technical skills in intrusion detection, forensics, wireless security, penetration testing, secure configuration management, application security, technical security auditing and more. The only programs that provide authoritative training in these topics come from SANS. Here's where you can find training with SANS' top instructors:

Brussels: SANS Secure Europe (6 courses): June 25-30 http://www.sans.org/brussels07/ Washington DC, SANSFIRE 2007 (57 courses): July 25-August 3 http://www.sans.org/sansfire07/ *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** Sponsored Link: **************************

1) SANS WhatWorks web cast May 31st at 12pm EDT, WhatWorks in Event and Log Management: Driving Compliance with Log Management at Tyson Foods http://www.sans.org/info/7706

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • Affected:
    • Apple Mac OS X versions 10.3.9 and prior
    • Apple Mac OS X versions 10.4.9 and prior
    • Apple Mac OS X Server versions 10.3.9 and prior
    • Apple Mac OS X Server versions 10.4.9 and prior

  • Description: Apple Mac OS X contains multiple vulnerabilities: (a) A specially-crafted Portable Document Format (PDF) file could trigger an integer overflow in the CoreGraphics subsystem. Note that PDF documents are opened without prompting. (b) Vulnerabilities in the handling of Universal Plug-and-Play (UPnP) requests lead to buffer overflows in the mDNSResponder server and the iChat instant messaging client. In both cases, a specially-crafted UPnP packet sent to the vulnerable process could exploit these buffer overflows. It is currently believed that only packets sourced from the local network can exploit these vulnerabilities, but this has not been proven. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user or vulnerable process (note that the mDNSResponder component runs with root privileges). Additional denial-of-service, local only, and information disclosure vulnerabilities were also addressed in this update.

  • Status: Apple confirmed, updates available.

  • Council Site Actions: Only one of the reporting council sites is using the affected software and they are already in the process of updating their systems.

  • References:
  • (3) MODERATE: Cisco IOS SSL Packet Processing Denial-of-Service
  • Affected:
    • All Cisco devices running IOS with the Crypto Feature Set

  • Description: Cisco's Internetwork Operating System (IOS) contains a flaw in the handling of Secure Sockets Layer (SSL) packets destined for the device. If the device is configured to process SSL packets, a specially-crafted "ClientHello", "ChangeCipherSpec", or "Finished" message could trigger a denial-of-service condition. Note that these messages are sent in cleartext, and do not require authentication. Cisco devices configuration to process SSL packets as part of a higher-level protocol are also vulnerable; example protocols include HTTPS and Cisco WebVPN. Note that the malicious traffic must be destined specifically for the vulnerable device; traffic simply transiting the device will not lead to exploitation. The vulnerability resides in the "RSA BSAFE" libraries that are used to implement cryptography in applications. Currently only a few vendors have reported if their products using these libraries are vulnerable or not.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: Most of the responding council sites said they are not running the vulnerable configuration on their Cisco router; however, they are double-checking. One site is running the affected configuration and plans to deploy the patch during their next regularly scheduled system maintenance cycle.

  • References:
  • (4) MODERATE: WordPress "cookie" Parameter SQL Injection
  • Affected:
    • WordPress version 2.1.3 and prior

  • Description: WordPress, a popular blogging suite, contains a SQL injection vulnerability. By sending a specially-crafted "cookie" parameter to the "Admin-Ajax.php" component, an attacker could execute arbitrary SQL statements against the database hosting WordPress, with the permissions of the WordPress database user. Full technical details and a proof of concept are available for this vulnerability.

  • Status: WordPress has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Other Software
  • (5) HIGH: Avast! Antivirus CAB File Handling Buffer Overflow
  • Affected:
    • Avast! Antivirus Managed Client versions prior to 4.7.700

  • Description: Avast! Antivirus, a popular antivirus solution, contains a flaw in its handling of CAB (Microsoft Cabinet) files (a common archive file format). A specially-crafted CAB file can trigger a buffer overflow in the application, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that only the managed client is currently confirmed as vulnerable.

  • Status: Avast! confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 22, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5460 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.22.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Information Server Hit Highlighting Authentication Bypass
  • Description: Microsoft Internet Information Server (IIS) is a web server application for Windows. IIS is exposed to an authentication bypass issue due to its implementation of "Hit-highlighting" functionality.
  • Ref: http://www.securityfocus.com/archive/1/469238
  • 07.22.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow
  • Description: Microsoft Office 2000 UA ActiveX Control is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Basic 6.0 Project Description Buffer Overflow
  • Description: Microsoft Visual Basic 6.0 is a development platform for building applications on Microsoft platforms. The application is exposed to a stack-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/24128
  • 07.22.4 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Basic 6.0 Project Company Name Denial of Service
  • Description: Microsoft Visual Basic 6.0 is a development platform for building applications on Microsoft platforms. The application is exposed to a denial of service issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/24129
  • 07.22.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools Raster Dialog File_D Object LTRDF14E.DLL ActiveX Control Buffer Overflow
  • Description: LeadTools Raster Dialog File_D Object Library ActiveX control is an imaging SDK. The ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LeadTools Raster version 14.5.0.44 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-25-leadtools-raster-dialog-filed.html
  • 07.22.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Dart Communications PowerTCP Service DartService.DLL ActiveX Control Buffer Overflow Vulnerabilities
  • Description: Dart Communication PowerTCP Service is a suite of ActiveX controls that allows users to integrate various TCP protocols to their applications. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Dart Communication PowerTCP Service version 3.1.3.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Enterprise Security Manager Misinterpreted Information Denial of Service
  • Description: Symantec Enterprise Security Manager is an application that automates the discovery of issues and deviations in the security policies of business applications and servers across the enterprise from a single location. The application is exposed to a denial of service issue due to a race condition. ESM Agent and Manager Platforms version 6.5.3 for Microsoft Windows is affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.05.24b.html
  • 07.22.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools Raster Dialog File Object LTRDF14E.DLL ActiveX Control Buffer Overflow
  • Description: LeadTools Raster Thumbnail Object Library ActiveX control is an imaging SDK. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LeadTools Thumbnail Browser Control version 14.5.0.44 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avast! Managed Client CAB File Handling Remote Heap Overflow
  • Description: Avast! Managed Client is used with Avast! Distributed Network Manager to deploy and manage Avast! antivirus over the network. The application is exposed to a heap overflow issue in its CAB processing routines. Avast! Managed Client versions earlier than 4.7.700 are affected.
  • Ref: http://www.securityfocus.com/bid/24132
  • 07.22.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Credant Mobile Guardian Shield Information Disclosure
  • Description: Credant Mobile Guardian Shield is a security application for handheld devices running the Microsoft Windows operating system. The application is exposed to an information disclosure issue because it stores sensitive password information in plain text. Credant Mobile Guardian Shield versions 5.2.1.105 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/469486
  • 07.22.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraISO Cue File Stack Buffer Overflow
  • Description: UltraISO is a CD/DVD image-handing application for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. UltraISO version 8.6.2.2011 is affected.
  • Ref: http://www.securityfocus.com/bid/24140
  • 07.22.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial of Service
  • Description: Database Designer is part of Microsoft Visual Database Tools. It's used to create, edit, and delete database objects. Please refer to the advisory for further details.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Citrix Products Session Reliability Server Security Bypass
  • Description: Citrix Presentation Server is an application server used to deliver Windows-based applications over a network. Citrix Access is a security gateway used on networks which employ application servers. Multiple Citrix products are exposed to a security bypass issue because they fail to adequately enforce network security policies.
  • Ref: http://support.citrix.com/article/CTX112964
  • 07.22.14 - CVE: CVE-2007-2687
  • Platform: Third Party Windows Apps
  • Title: eScan Agent Service MWAGENT.EXE Remote Buffer Overflow
  • Description: eScan is a security suite developed by MicroWorld Technologies. It is available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input. eScan version 9.0.715.1 is affected.
  • Ref: http://secunia.com/secunia_research/2007-54/advisory/
  • 07.22.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sky Software Shell MegaPack ActiveX ShComboBox ActiveX Control Buffer Overflow
  • Description: Shell MegaPack ActiveX is a suite of GUI components that mimic the functionality of Windows Explorer. The "ShComboBox" (shcmb80.ocx) ActiveX control supplied with the application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Shell MegaPack ActiveX version 8.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NOD32 Multiple Buffer Overflow Vulnerabilities
  • Description: NOD32 is an anti-virus application available for Microsoft Windows. The application is exposed to multiple stack-based buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. NOD32 versions 2.7 prior to update 2.70.37.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/469300
  • 07.22.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow
  • Description: The Dart ZipLite Compression ActiveX control is a file compression and decompression utility written for the Microsoft Windows operating system. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Dart ZipLite Compression ActiveX control version 1.8.5.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools ISIS Control Ltisi14E.OCX ActiveX Control Buffer Overflow
  • Description: LeadTools ISIS Control is an SDK for imaging applications. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LeadTools ISIS ActiveX control version 14.5.0.44 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-22-leadtools-isis-control.html
  • 07.22.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: H+H Software Virtual CD VC9API.DLL ActiveX Remote Command Execution
  • Description: Virtual CD is a CD emulator application for Windows. The application is exposed to a remote command execution issue that affects the "VCDLaunchAndWait" method. Virtual CD version 9.0.0.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pegasus ImagN ActiveX Control IMW32O40.OCX Buffer Overflow
  • Description: Pegasus ImagN is a plugin to Pegasus applications. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Pegasus ImagN ActiveX control version 4.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: KSign KSignSWAT ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: KSign KSignSWAT is a secure web and transaction application. It is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. KSign KSignSWAT ActiveX control version 2.0.3.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.22.22 - CVE: Not Available14.5.0.44 is affected.Ref:http://moaxb.blogspot.com/2007/05/moaxb-21-leadtools-raster-variant.html
  • Platform: Third Party Windows Apps
  • Title: LeadTools Raster Object Library LTRTM14e.DLL ActiveX WriteDataToFile File Overwrite
  • Description: LeadTools Raster Image is an SDK for imaging applications. The application is exposed to an arbitrary file overwrite issue because the application fails to properly sanitize user-supplied input. Thumbnail Object Library ActiveX control version
  • 07.22.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools Raster Object Library LTRTM14e.DLL ActiveX Control Buffer Overflow
  • Description: LeadTools Raster Image is an SDK for imaging applications. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Thumbnail Object Library ActiveX control version 14.5.0.44 is affected.
  • Ref: http://moaxb.blogspot.com/2007_05_20_archive.html
  • 07.22.24 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Rational Software Hidden Administrator Unspecified Authentication Bypass
  • Description: Hidden Administrator is a remote computer management and spy tool for the Microsoft Windows operating system. The application is exposed to an unspecified authentication bypass issue. Hidden Administrator version 1.7 is affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/468975
  • 07.22.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Jasper JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service
  • Description: JasPer is an implementation of the image codec specified in the JPEG-2000 standard. The application is exposed to a remote denial of service issue because it fails to handle specially crafted JP2 files in the "jpc_qcx_getcomparms" function. JasPer versions 1.900 and 1.900.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24052
  • 07.22.26 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools Thumbnail Browser ActiveX Control LTTMB14E.OCX Buffer Overflow
  • Description: LeadTools is an SDK for imaging applications. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LeadTools Thumbnail Browser ActiveX control version 14.5.0.35 is affected. Ref: http://moaxb.blogspot.com/2007/05/moaxb-19-leadtools-thumbnail-browser.html
  • 07.22.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LeadTools JPEG2000 ActiveX Control Buffer Overflow
  • Description: LeadTools JPEG2000 is an application for compressing image files. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LeadTools JPEG2000 ActiveX control 14.5.0.35 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/440112
  • 07.22.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Citrix MetaFrame Password Manager Information Disclosure
  • Description: Citrix MetaFrame Password Manager is a log-on information manager. Password Manager is exposed to an information disclosure issue that allows attackers to later access applications and services in a manner that is not authorized by administration. Citrix MetaFrame Password Manager versions 2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24041
  • 07.22.29 - CVE: CVE-2007-0753. CVE-2007-0752, CVE-2007-0751,CVE-2007-0750, CVE-2007-0740, CVE-2007-2390
  • Platform: Mac Os
  • Title: Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues which affect Mac OS X and various applications, including Alias Manager, CoreGraphics, crontabs, iChat, mDNSResponder, PPP, and VPN. Apple Mac OS X versions 10.4.9 and earlier are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
  • 07.22.30 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Safari Cross-Domain Browser Location Information Disclosure
  • Description: Apple Safari is exposed to an information disclosure issue because it fails to properly enforce cross-domain JavaScript restrictions. Safari version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24121
  • 07.22.31 - CVE: CVE-2007-2451
  • Platform: Linux
  • Title: Linux Kernel GEODE-AES Unspecified
  • Description: The Linux kernel is exposed to an unspecified issue that resides in the GEODE-AES functionality. The impact of this issue is currently unknown. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24150
  • 07.22.32 - CVE: CVE-2007-2026, CVE-2007-2799
  • Platform: Linux
  • Title: File Multiple Denial of Service Vulnerabilities
  • Description: File is a utility that identifies a file format by scanning binary data for various patterns. File is exposed to multiple denial of service issues because the application fails to handle exceptional conditions. Please refer to the advisory for further details.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml
  • 07.22.33 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel VFat Compat IOCTLS Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. The problem occurs on an x86-64 system with a 32bit compiled kernel when handling ioctl calls in a "MSDos" or "VFAT" directories.
  • Ref: http://www.securityfocus.com/bid/24134
  • 07.22.34 - CVE: Not Available
  • Platform: Linux
  • Title: MadWifi Multiple Denial of Service Vulnerabilities
  • Description: MADWifi (Multiband Atheros Driver for Wi-Fi) is a device driver for Wireless LAN chipsets. The application is exposed to multiple denial of service issues. MadWifi versions prior to 0.9.3.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24114
  • 07.22.35 - CVE: Not Available
  • Platform: Linux
  • Title: Globus Toolkit Nexus Globus-Job-Manager Denial of Service
  • Description: Globus Toolkit is an open source software toolkit designed for grid computing. The application is exposed to a denial of service issue that stems from an unspecified error in nexus-enabled applications such as "MPICH-G2 jobs" or "GRAM Job Manager". Globus Toolkit versions 4.1.1 and earlier are affected. Ref: http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html
  • 07.22.36 - CVE: Not Available
  • Platform: Linux
  • Title: ircd-ratbox Pending Connections Denial of Service
  • Description: ircd-ratbox is an internet-chat-relay daemon for Linux. The application is exposed to a denial of service issue because it fails to handle multiple pending connections. ircd-ratbox versions prior to 2.2.6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/468967
  • 07.22.37 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Client Module ACL(2) Packets Denial of Service
  • Description: The Sun Solaris NFS client module is exposed to a denial of service issue because the application fails to handle specially crafted "acl(2)" packets. Please refer to the advisory for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102911-1&searchclause=
  • 07.22.38 - CVE: CVE-2007-1860
  • Platform: Cross Platform
  • Title: Apache Tomcat JK Connector Double Encoding Security Bypass
  • Description: Apache Tomcat is the servlet container used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The application is exposed to a security bypass issue because it decodes request URLs multiple times. Apache Tomcat JK Connector versions prior to 1.2.23 are affected.
  • Ref: http://tomcat.apache.org/security-jk.html
  • 07.22.39 - CVE: CVE-2007-2519
  • Platform: Cross Platform
  • Title: PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite
  • Description: PHP Extension and Application Repository (PEAR) provides a distribution system for PHP components. The application is exposed to an arbitrary file overwrite issue which arises because the application does not sanitize or verify installation paths. PEAR versions 1.0 to 1.5.3 are affected.
  • Ref: http://pear.php.net/advisory-20070507.txt
  • 07.22.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Crypt Function Authentication Bypass
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The "crypt()" function is a function that returns an encrypted string using Unix DES-based encryption algorithms or other private key encryption algorithms. PHP is exposed to an authentication bypass issue because in multi-threaded environments, the "crypt()" function uses the same internal memory area.
  • Ref: http://www.securityfocus.com/bid/24109
  • 07.22.41 - CVE: CVE-2006-3894
  • Platform: Cross Platform
  • Title: RSA BSAFE Library Remote ASN.1 Denial of Service
  • Description: The RSA BSAFE is a security and encryption library package for C, C++, Java, and embedded applications. The application is exposed to a denial of service issue due to a failure of the library to properly handle malformed ASN.1 (Abstract Syntax Notation One) data.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
  • 07.22.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GD Graphics Library PNG File Processing Denial of Service
  • Description: The GD Graphics Library (gdlib) is an open-source graphics library available for multiple platforms, including UNIX variants and Microsoft Windows. It is implemented in ANSI C and is designed to facilitate creating and manipulating PNG, JPEG, and GIF image formats. The application is exposed to a denial of service issue due to mishandling of PNG files in the "gdPngReadData()" function of "gd_png.c". The GD Graphics Library version 2.0.34 is affected.
  • Ref: http://www.securityfocus.com/bid/24089
  • 07.22.43 - CVE: CVE-2007-2765
  • Platform: Cross Platform
  • Title: BlockHosts Remote Denial of Service
  • Description: BlockHosts is a script to monitor and block suspicious IP addresses. The application is exposed to a remote denial of service issue because it fails to properly ensure the source of authentication failure messages. BlockHosts versions prior to 2.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/24090
  • 07.22.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HT Editor File Handling Remote Buffer Overflow
  • Description: HT Editor is a hex editor for various platforms. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input. HT Editor versions prior to version 2.0.6 are affected.
  • Ref: http://www.securityfocus.com/bid/24091
  • 07.22.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Torrent File Handling Buffer Overflow
  • Description: The Opera Web Browser is a web client available for multiple platforms. The application is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input. Opera versions prior to 9.21 are affected..
  • Ref: http://www.securityfocus.com/archive/1/469354
  • 07.22.46 - CVE: CVE-2007-2754
  • Platform: Cross Platform
  • Title: Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow
  • Description: FreeType is an open-source font-handling library. The application is exposed to an integer overflow issue because it fails to properly validate TTF files. FreeType versions 2.3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24074
  • 07.22.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Eggdrop Server Module Message Handling Remote Buffer Overflow
  • Description: Eggdrop is an Open Source multi-platform IRC (Internet Relay Chat) robot designed for IRC channel administration and maintenance. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Eggdrop version 1.6.18 is affected.
  • Ref: http://www.securityfocus.com/bid/24070
  • 07.22.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OPeNDAP BES Compressed Files Remote Command Execution
  • Description: OPeNDAP is a freely available framework that implements the Network Data Access Protocol. BES is the backend server packaged as part of OPeNDAP. The application is exposed to a remote command execution issue because it fails to properly sanitize user-supplied input. OPeNDAP BES versions prior to 3.5.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/659148
  • 07.22.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OPeNDAP BES File System Information Disclosure
  • Description: OPeNDAP is a freely available framework that implements the Network Data Access Protocol. BES is the backend server packaged as part of OPeNDAP. The application is exposed to an information disclosure issue due to an unspecified error in BES. OPeNDAP versions prior to 3.5.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/671028
  • 07.22.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GNUTurk Mods.PHP Cross Site Scripting
  • Description: Gnuturk is a content management application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input. Gnuturk version 3G is affected.
  • Ref: http://www.securityfocus.com/bid/24152
  • 07.22.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ASP-Nuke News.ASP Cross-Site Scripting
  • Description: ASP-Nuke is a content management application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input. ASP-Nuke version 2.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/24135
  • 07.22.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: 2z Project Rating.PHP Cross-Site Scripting
  • Description: 2z Project is a content management application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input to the "rating" parameter of the "rating.php" script. 2z Project version 0.9.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469351
  • 07.22.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dokeos Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Dokeos is a web-based course management system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Dokeos version 1.8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24125
  • 07.22.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco CallManager Search Form Cross-Site Scripting
  • Description: Cisco CallManager is a software-based call processing component of the Cisco IP telephony solution. The application is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input. Cisco CallManager version 4.1.1 is affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20070523-ccm.shtml
  • 07.22.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpPgAdmin SQLEdit.PHP Cross-Site Scripting
  • Description: phpPgAdmin is a web-based administration utility. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input to the "server" parameter of the "sqledit.php" script. phpPgAdmin version 4.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24115
  • 07.22.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GMTT Music Distro ShowOwn.PHP Cross-Site Scripting
  • Description: GMTT Music Distro is an online music store application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input to the "st" parameter of the "showown.php" script. GMTT Music Distro version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24108
  • 07.22.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HLstats HLStats.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: HLstats is used to gather statistics and rankings for Half-Life. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "authusername" and "authpassword" parameters of the "/hlstatsinc/admin.inc" script. HLstats version 1.35 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469291
  • 07.22.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PsychoStats Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
  • Description: PsychoStats is a videogame statistics tracking application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input. PsychoStats version 3.0.6b is affected.
  • Ref: http://www.securityfocus.com/archive/1/469260
  • 07.22.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jetbox CMS Login Variable Cross-Site Scripting
  • Description: Jetbox CMS is a content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input. Jetbox version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469233
  • 07.22.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cactusoft Parodia Cand_Login.ASP Cross-Site Scripting
  • Description: Parodia is a web-based job board implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "strJobIDs" parameter of the "cand_login.asp" script. Parodia versions 6.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24078
  • 07.22.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GNU GNATS Gnatsweb.PL Cross-Site Scripting
  • Description: GNATS is a bug tracking application. Gnatsweb is a web interface to GNATS implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "database" parameter of the "gnatsweb.pl" script. GNATS version 4.1.99 with Gnatsweb version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24081
  • 07.22.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CandyPress Store ProdList.ASP Multiple Cross-Site Scripting Vulnerabilities
  • Description: CandyPress Store is a virtual storefront application. The application is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input. CandyPress Store version 3.5.2.14 is affected.
  • Ref: http://www.securityfocus.com/bid/24069
  • 07.22.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Advance-Flow Unspecified Cross-Site Scripting
  • Description: Advance-Flow is a web-based application. It is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Advance-Flow versions 4.41 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24071
  • 07.22.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GaliX Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: GaliX is a free gallery web-based application. The application is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input. GaliX version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24066
  • 07.22.65 - CVE: CVE-2007-1355
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
  • Description: Apache Tomcat is a servlet container for Java Servlets and JavaServer Pages. Tomcat's documentation application includes a sample application which is exposed to multiple cross-site scripting issues because it fails to sanitize user-input in the "test" parameter of the "hello.jsp" script as well as other unspecified parameters and scripts.
  • Ref: http://www.securityfocus.com/archive/1/469067
  • 07.22.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Track+ ReportItem.DO Cross-Site Scripting
  • Description: Track+ is a project tracking application implemented in Java. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "projid" parameter of the "reportitem.do" script. Track+ version 3.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24060
  • 07.22.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ClientExec Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: ClientExec is a client support and billing application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input in the "ticketID", "view" and "fuse" parameters of the "index.php" script. ClientExec version 3.0.0 beta2 is affected.
  • Ref: http://www.securityfocus.com/bid/24061
  • 07.22.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HLstats HLStats.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: HLstats is used to gather statistics and rankings for Half-Life. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. HLstats version 1.35 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469088
  • 07.22.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Redoable Index.PHP Cross-Site Scripting
  • Description: Redoable is a theme for the Wordpress blogging application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "s" parameter of the "index.php" script. Redoable version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24037
  • 07.22.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dokeos CourseLog.PHP SQL Injection
  • Description: Dokeos is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "scormcontopen" parameter of the "courseLog.php" script before using it in an SQL query. Dokeos versions 1.6.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24136
  • 07.22.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: cpCommerce Category.PHP SQL Injection
  • Description: cpCommerce is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_category" parameter of the "category.php" script before using it in an SQL query. cpCommerce version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24138
  • 07.22.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CubeCart Cart.Inc.PHP SQL Injection
  • Description: CubeCart is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "options" parameter of the "/include/path/cart.inc.php" script before using it in an SQL query. CubeCart version 3.0.16 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469301
  • 07.22.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BtiTracker Account_Change.PHP SQL Injection
  • Description: BtiTracker is a bit torrent tracking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "style" parameter of the "account_change.php" script before using it in an SQL query. BtiTracker versions 1.4.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24094
  • 07.22.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ol' Bookmark Index.PHP SQL Injection
  • Description: Ol' Bookmarks is a web-based bookmark application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Ol' Bookmarks version 0.7.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24085
  • 07.22.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vizayn Urun Tanytym Sitesi Default.ASP SQL Injection
  • Description: Vizayn Urun Tanytym Sitesi is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "default.asp" script before using it in an SQL query. Vizayn Urun Tanytym Sitesi version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24079
  • 07.22.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TuRuncu GaleRi Admin.ASP SQL Injection
  • Description: TuRuncu GaleRi is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "password" input box of the "admin.asp" script before using it in an SQL query. TuRuncu GaleRi version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24082
  • 07.22.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft E-Friends Pack Parameter SQL Injection
  • Description: E-Friends is a web-based social networking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pack" parameter of the "paypal.php" script before using it in an SQL query. E-Friends versions 4.21 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24067
  • 07.22.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jetbox CMS Multiple SQL Injection Vulnerabilities
  • Description: Jetbox is a content management application. It is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "index.php: view" and "index.php: login" scripts before using it in an SQL query. Jetbox version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/469223
  • 07.22.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zomplog Mp3playlist.PHP SQL Injection
  • Description: Zomplog is a web-based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "speler" parameter of the "mp3playlist.php" script before using it in an SQL query. Zomplog versions 3.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24064
  • 07.22.80 - CVE: Not Available
  • Platform: Web Application
  • Title: FirmWorx Multiple Remote File Include Vulnerabilities
  • Description: FirmWorx is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "includes/config/master.inc.php, fm_data[root]", "includes/functions/master.inc.php, fm_data[root]" and "modules/bank/includes/design/main.inc.php, bank_data[root]". FormWorx version 0.1.2is affected.
  • Ref: http://www.securityfocus.com/bid/24143
  • 07.22.81 - CVE: CVE-2007-0246
  • Platform: Web Application
  • Title: GForge Unspecified Remote Arbitrary Command Execution
  • Description: GForge is a web-based application. One feature allows users to browse CVS repositories via the Web. The application is exposed to a remote command execution issue that arises because the application fails to sanitize user-supplied data passed through unspecified URI parameters of the CVS browsing interface.
  • Ref: http://www.securityfocus.com/bid/24141
  • 07.22.82 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI ViewList Security Bypass
  • Description: WebGUI is a web application framework and content management system (CMS). The application is exposed to a security bypass issue because the application fails to properly validate user privileges. WebGUI versions prior to 7.3.14 are affected.
  • Ref: http://www.securityfocus.com/bid/24130
  • 07.22.83 - CVE: Not Available
  • Platform: Web Application
  • Title: NavBoard Admin_config.PHP Arbitrary Code Execution
  • Description: NavBoard is a PHP-based bulletin board application. The application is exposed to an arbitrary code execution issue because it fails to properly verify data uploaded via HTTP POST operations to the "admin_config.php" script. NavBoard version 1.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24120
  • 07.22.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Scallywag Template.PHP Multiple Remote File Include Vulnerabilities
  • Description: Scallywag is a web-based portal application. The application is exposed to remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the scripts "skin/dark/template.php", "skin/gold/template.php" and "skin/original/template.php".
  • Ref: http://www.securityfocus.com/bid/24124
  • 07.22.85 - CVE: CVE-2007-2747
  • Platform: Web Application
  • Title: rdiffWeb Directory Traversal
  • Description: rdiffWeb is a web-based application to browse and restore rdiff backup repositories. It is implemented in Python. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "browser.py" script. rdiffWeb version 0.3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24092
  • 07.22.86 - CVE: Not Available
  • Platform: Web Application
  • Title: KnowledgeTree Open Source Unspecified Security Bypass
  • Description: KnowledgeTree Open Source is a document management application. It is exposed to a security bypass issue. Please refer to the advisory for further details. KnowledgeTree Open Source versions prior to 3.3.7 are affected.
  • Ref: http://www.securityfocus.com/bid/24110
  • 07.22.87 - CVE: Not Available
  • Platform: Web Application
  • Title: ABC Excel Parser Pro Parser_Path Remote File Include
  • Description: ABC Excel Parser Pro is an Excel parsing library. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "parser_path" parameter of the "sample/xls2mysql/index.php" script. ABC Excel Parser Pro version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24103
  • 07.22.88 - CVE: Not Available
  • Platform: Web Application
  • Title: boastMachine User.PHP Session ID Hijacking
  • Description: boastMachine is a blogging application. The application is exposed to a session ID hijacking issue because it fails to adequately validate user-supplied input. boastMachine version 3.0 platinum is affected.
  • Ref: http://www.securityfocus.com/bid/24096
  • 07.22.89 - CVE: Not Available
  • Platform: Web Application
  • Title: ClonusWiki Index.PHP HTML Injection
  • Description: ClonusWiki is a wiki application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "query" input field of the "index.php" script. ClonusWiki version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24101
  • 07.22.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Ol' Bookmarks Themes Root Parameter Multiple Remote File Include Vulnerabilities
  • Description: Ol' Bookmarks is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root" parameter. Ol' Bookmarks version 0.7.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24083
  • 07.22.91 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Template Seller Pro Multiple Vulnerabilities
  • Description: AlstraSoft Template Seller Pro is a shopping cart web-based application. The application is exposed to multiple issues. AlstraSoft Template Seller Pro versions 3.25 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24068
  • 07.22.92 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Live Support Managesettings.PHP Password Disclosure
  • Description: AlstraSoft Live Support is a web-based customer live help application. The application is exposed to an issue that may permit attackers to access the administrative password simply by navigating to the "admin/managesettings.php" page. AlstraSoft Live Support version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/24073
  • 07.22.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Madirish Webmail AddressBook.PHP Remote File Include
  • Description: Madirish Webmail is a web-based email application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_GLOBALS[basedir]" parameter of the "lib/addressbook.php" script. Madirish Webmail version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24059
  • 07.22.94 - CVE: Not Available
  • Platform: Web Application
  • Title: SunLight CMS Root Parameter Multiple Remote File Include Vulnerabilities
  • Description: SunLight CMS is a content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root" parameter of "connect.php" and "/modules/startup.php" scripts. SunLight CMS version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24062
  • 07.22.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Libstats Template_CSV.PHP Remote File Include
  • Description: Libstats is a web-based application for tracking library statistics. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rInfo["content"]" parameter of the "template_csv.php" script. Libstats version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24047
  • 07.22.96 - CVE: Not Available
  • Platform: Web Application
  • Title: PsychoStats Server.PHP Path Disclosure
  • Description: PsychoStats is a web-based application that provides gaming statistics. The application is exposed to a path disclosure issue when invalid data is submitted. Specifically, when special characters such as a NULL byte are submitted to the "newtheme" variable of the "server.php" script, the full installation path is returned in the error message. PsychoStats versions 3.0.6b and prior are affected.
  • Ref: http://www.securityfocus.com/bid/24039
  • 07.22.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Build It Fast Multiple Remote File Include Vulnerabilities
  • Description: Build it Fast is a PHP application that allows users to develop web-based applications. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input in the "pear_dir" parameter of the "Base/Application.php" script and the "sys_dir" parameter. Build it Fast version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24045
  • 07.22.98 - CVE: Not Available
  • Platform: Web Application
  • Title: MolyX Board Index.PHP Local File Include
  • Description: MolyX Board is a web forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "index.php" script. MolyX Board version 2.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24046
  • 07.22.99 - CVE: Not Available
  • Platform: Network Device
  • Title: Nortel Meridian/CS 1000 Unspecified Remote Denial of Service
  • Description: Nortel Meridian/CS 1000 products are an enterprise IP phone system. The application is exposed to a remote denial of service issue. Please refer to the advisory for further details. Nortel Meridian CS/Communication Server 1000E, 1000M Cabinet/Chassis, 1000M Half Group, 1000M Single Group, 1000M Multi-Group and 1000S are affected.
  • Ref: http://www.securityfocus.com/bid/24131
  • 07.22.100 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS SSL Packets Multiple Denial of Service Vulnerabilities
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. IOS is exposed to multiple denial of service issues because it fails to handle malformed SSL packets. Cisco IOS versions 12.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/469259
  • 07.22.101 - CVE: Not Available
  • Platform: Network Device
  • Title: Packeteer PacketShaper ISN TCP Packet Spoofing
  • Description: Packeteer PacketShaper is a hardware device for controlling and managing bandwidth. The application is exposed to an issue that permits an attacker to spoof TCP packets because the application generates predictable initial sequence numbers (ISN). Packeteer PacketShaper versions 7.3.0g2 and 7.5.0g1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/468972

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Intense, fast paced. Modern day Sherlock Holmes!
-Cody Drake, Allstate Ins. Co.

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc