Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 24
June 11, 2007

SANS Newsletters Home

This week's top three critical vulnerabilities offer a reminder that the attackers have retargeted their efforts to find flaws in applications. Active-X controls, Symantec's backup products and CA's anti-virus products have been targeted repeatedly since the summer of 2005 when the shift to application targeting became an epidemic. Alan

P.S. We are just completing the new procurement language package that government and commercial application buyers will use to help ensure applications they buy or have built for them are as secure as possible upon delivery. This package will be distributed to all attendees at the Application Security Summit. If you have any interest in application security - as a buyer or vendor or developer - please join us at the Summit in Washington DC in August. Find the complete program at https://www.sans.org/appsummit07/

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2
    • Third Party Windows Apps
    • 17 (#1, #2)
    • Linux
    • 5
    • Solaris
    • 3
    • Unix
    • 2
    • Cross Platform
    • 21 (#3, #6)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 20 (#5)
    • Network Device
    • 2 (#4)

***************************** Sponsored By SANS *************************

Be one of the first to earn the GSSP in C or JAVA. SANS is offering the first administration of the National Secure Coding Examination August 14 in Washington, DC. Check out the test blueprints, try the sample tests there, look at the test specs and sign up for one of only 100 test slots. Register at: http://www.sans.org/info/8551

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: ****************************

1) Upcoming SANS Special Webcast, June 14 at 1:00 pm EDT, SANS Analyst Paper Supporting Webcast, "Using SIM in your PCI compliance program" Register Today, http://www.sans.org/info/8556

2) Upcoming SANS Web Cast June 18 at 1:00 pm EDT, "Correlating SIM information to Detect Insider Threats" Register Today. http://www.sans.org/info/8561

3) Don't miss SANS Internet Storm Center Monthly Webcast June 13, 2007 at 1:00 pm EDT sponsored by CA. Sign up today at http://www.sans.org/info/8566

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Computer Associates Anti-Virus Engine CAB Handling Buffer Overflows
  • Affected:
    • Software using the Computer Associates Anti-Virus Engine. Known products include:
    • Computer Associates Anti-Virus
    • eTrust EZ Antivirus
    • Computer Associates Internet Security Suite 2007?eTrust Internet
    • Security Suite eTrust EZ Armor Computer Associates Threat Manager
    • Computer Associates Protection Suites Computer Associates Secure Content
    • Manager Computer Associates Anti-Virus Gateway Unicenter Network and
    • Systems Management BrightStor ARCserve Backup Computer Associates Common
    • Services

  • Description: The Computer Associates antivirus engine contains two flaws in the handling of CAB ("cabinet") archive files. An overly long stored file name or an invalid CAB file header could trigger a buffer overflow. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the scanning process. Note that, because the antivirus engine is often deployed to mail servers or otherwise automatically configured to scan systems, simply sending an email to a server running the software or sending a CAB file to a vulnerable user could trigger this vulnerability. Some technical details for this vulnerability are publicly available.

  • Status: Computer associates confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (3) HIGH: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass
  • Affected:
    • Symantec Veritas Storage Foundation version 5.0 for Windows

  • Description: Symantec Veritas Storage Foundation, a popular storage management suite, contains a scheduling service. This service is used by clients to schedule actions on the server system. A flaw exists in the validation of requests to the scheduler service: by sending a specially-crafted request could bypass authentication to the scheduler service, allowing arbitrary commands to be scheduled by attackers. Any commands run in this fashion would run with the privileges of scheduler process (possibly SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: Symantec confirmed, updates available. Users are advised to block TCP port 4888 at the network perimeter, if possible.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (4) MODERATE: F5 FirePass Remote Command Execution
  • Affected:
    • F5 FirePass Appliances without the HF-75705-76003-1 hotfix

  • Description: The F5 FirePass SSL VPN appliance allows remote users access to internal applications via a secure VPN connection. The appliance fails to properly validate the username of users logging-in to the system. By sending a specially-crafted username to the appliance, an attacker could execute arbitrary commands in the appliance's underlying operating system (Linux). No authentication is required to exploit this vulnerability. Successfully exploiting this vulnerability would allow an attacker complete control over the affected appliance. Note that some technical details for this vulnerability are publicly available.

  • Status: F5 confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References: S21Sec Advisory
  • (5) MODERATE: WordPress XMLRPC SQL Injection Vulnerability
  • Affected:
    • WordPress version 2.2 and prior

  • Description: WordPress, a popular blogging suite, contains an SQL injection vulnerability. By sending a specially-crafted request to the XMLRPC subsystem of the suite, an attacker could execute arbitrary SQL with the privileges of the WordPress database user. A proof-of-concept is publicly available; additionally, because WordPress is open source, technical details for this vulnerability can be determined via source code analysis.

  • Status: WordPress has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (6) LOW: MPlayer CDDB Response Parsing Multiple Buffer Overflows
  • Affected:
    • MPlayer version 1.0rc1 and prior

  • Description: MPlayer, a popular multiplatform media player, contains a flaw in its parsing of responses from CDDB servers. CDDB, the Compact Disc Database is a protocol used to store Compact Disc disc and track information. (Note that CDDB can also refer to the Gracenote commercial implementation of the CDDB.) If MPlayer queries a malicious CDDB server, the server can trigger a buffer overflow by sending a specially-crafted response. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, because MPlayer is open source, technical details are available via source code analysis. Note that MPlayer is configured by default to query known CDDB servers (mostly from the FreeDB project), however, these (and other) servers accept updates from anonymous users and may therefore be compromised.

  • Status: MPlayer confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5465 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.24.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has announced that they will be releasing six security bulletins on June 12, 2007. The highest severity rating for these issues is "Critical". Please refer to the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
  • 07.24.2 - CVE: CVE-2007-2237
  • Platform: Windows
  • Title: Microsoft Windows GDI+ ICO File Remote Denial of Service
  • Description: Microsoft Windows is exposed to a remote denial of service issue because it fails to properly handle maliciously-crafted ICO files. Please refer to the advisory for further details.
  • Ref: http://www.kb.cert.org/vuls/id/290961
  • 07.24.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Blue Coat Systems K9 Web Protection Remote Buffer Overflow
  • Description: Blue Coat Systems K9 Web Protection is an internet filtering application for the Windows operating system. The application is exposed to a buffer overflow issue because it fails to perform sufficient boundary checks on user-supplied data before copying it into an insufficiently sized buffer. K9 Web Protection version 3.2.36 is affected.
  • Ref: http://www.securityfocus.com/bid/24373
  • 07.24.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
  • Description: Computer Associates ARCserve Backup for Laptops & Desktops is an automated backup solution for Microsoft Windows operating systems. The application is exposed to multiple unspecified remote buffer overflow issues due to a failure of the application to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. ARCserve Backup for Laptops & Desktops version r11.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24348
  • 07.24.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow
  • Description: Yahoo! Messenger Webcam Upload ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Yahoo! Messenger version 8.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.24.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow
  • Description: Yahoo! Messenger Webcam Viewer ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Yahoo! Messenger version 8.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.24.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Ghost Solution Suite UDP Packet Multiple Denial of Service Vulnerabilities
  • Description: Symantec Ghost Solution Suite is an application used for enterprise-wide remote-PC deployment, recovery, cloning, and migration. It enables administrators to deploy or restore an operating system image or application onto a PC and migrate user settings and profiles to customize the PC. The application is exposed to three denial of service issues when handling a certain UDP network packet. Symantec Ghost Solution Suite versions 2.0.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24323
  • 07.24.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
  • Description: Yahoo! Messenger is an instant messenger application that is available for multiple platforms, including Microsoft Windows, Apple Mac, and Linux. The application is exposed to multiple unspecified remote code execution issues. Yahoo! Messenger versions 8.0.1 and 8.1.0.29 are affected.
  • Ref: http://research.eeye.com/html/advisories/upcoming/20070605.html
  • 07.24.9 - CVE: CVE-2007-2919
  • Platform: Third Party Windows Apps
  • Title: E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
  • Description: E-Book Systems FlipViewer ActiveX control is a web-based digital publishing application. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. E-Book Systems FlipViewer versions prior to version 4.0 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.24.10 - CVE: CVE-2007-2514
  • Platform: Third Party Windows Apps
  • Title: Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow
  • Description: Centennial Discovery, Symantec Discovery, and Numara Asset Manager are inventory applications for tracking and auditing hardware and software assets. These products are exposed to a remote buffer overflow issue that allows remote attackers to gain unauthorized access to a vulnerable computer by executing arbitrary code in the SYSTEM context. Centennial Discovery 2006 Feature Pack 1, Symantec Discovery 6.5, and Numara Asset Manager version 8.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/470563
  • 07.24.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: eSellerate SDK eSellerateControl365.DLL ActiveX Control Buffer Overflow
  • Description: eSellerate is a software commerce3 provider. Their SDK allows software makers to embed eSellerate functionality in applications; it includes an ActiveX control. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. eSellerate SDK version 3.6.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24300
  • 07.24.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer Location Object Webpage Spoofing
  • Description: Microsoft Internet Explorer is a web browser for the Windows operating system. The application is exposed to a webpage spoofing issue. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24298
  • 07.24.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure
  • Description: Microsoft Internet Explorer is a web browser for the Windows operating system. The browser is exposed to a cross domain information disclosure issue because it is possible for attackers to run scripts across domains.
  • Ref: http://www.kb.cert.org/vuls/id/471361
  • 07.24.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Agnitum Outpost Firewall Outpost_IPC_HDR Local Denial of Service
  • Description: Outpost Firewall is a Win32 personal firewall suite developed by Agnitum. The application is exposed to a local denial of service issue because the application fails to protect the mutex "outpost_ipc_hdr". Outpost Firewall version 4.0 build 1007.591.145 and version 4.0 build 964.582.059 are affected.
  • Ref: http://www.securityfocus.com/bid/24284
  • 07.24.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Provideo Camimage Class ISSCamControl.DLL ActiveX Control Buffer Overflow
  • Description: Provideo Camimage Class is an ActiveX control that controls security cameras. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Provideo Camimage Class version 1.0.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24279
  • 07.24.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SNMPC Username/Password Remote Denial of Service
  • Description: SNMPc is a network monitoring application available for the Microsoft Windows platform. The application is exposed to a remote denial of service issue due to a failure in the application to properly handle malformed input supplied through the "username" and "password" fields. SNMPc versions prior to 7.0.19 are affected.
  • Ref: http://www.securityfocus.com/bid/24292
  • 07.24.17 - CVE: CVE-2007-2279
  • Platform: Third Party Windows Apps
  • Title: Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass
  • Description: Symantec Storage Foundation is an online storage management application. The application is exposed to an authentication bypass issue that exists in the "VxSchedService.exe" scheduler service server. Symantec Storage Foundation for Windows version 5.0 is affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.01.html
  • 07.24.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker ActiveX Control DebugMsgLog Method Buffer Overflow
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.kb.cert.org/vuls/id/603529
  • 07.24.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DVD X Player PLF File Buffer Overflow
  • Description: DVD X Player is a DVD player and recorder application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. DVD X Player version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24278
  • 07.24.20 - CVE: Not Available
  • Platform: Linux
  • Title: Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness
  • Description: The "sudo" utility is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. Kerberos is a centrally controlled network authentication protocol. The application is exposed to a local authentication bypass weakness when used in conjunction with Kerberos because the software fails to properly handle a missing service key error in the "verify_krb_v5_tgt()" function in the "auth/kerb5.c" source file. The "sudo" version 1.6.8p12 is affected.
  • Ref: http://www.securityfocus.com/bid/24368
  • 07.24.21 - CVE: CVE-2007-2876, CVE-2007-2875, CVE-2007-2453
  • Platform: Linux
  • Title: Linux Kernel Multiple Weaknesses and Vulnerabilities
  • Description: Linux Kernel is exposed to multiple issues like a local denial of service issue which is caused by a NULL-pointer dereference. The kernel is also affected by an information leak in "kernel/cpuset,.c". The file contains an integer underflow in the "cpuset_task_read()" function. The kernel contains PRNG weaknesses that manifest as both seeding difficulties on systems with zero entropy, and errors in entropy extraction. Kernel versions 2.6.21.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24376
  • 07.24.22 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Bluetooth Null Pointer Deference Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue due to a NULL-pointer deference when handling data received from a blue-tooth device. The Linux kernel versions prior to 2.4.33.5 are affected.
  • Ref: http://www.securityfocus.com/bid/24350
  • 07.24.23 - CVE: CVE-2007-2030
  • Platform: Linux
  • Title: LHA Insecure Temporary File Creation
  • Description: LHA is a console-based application to decompress and compress .lha packages. The lharc.c file in the LHA application creates temporary files in an insecure manner. An attacker with local access may be allowed to read or write files by creating a file before a vulnerable LHA application is invoked.
  • Ref: http://www.securityfocus.com/bid/24336
  • 07.24.24 - CVE: CVE-2006-7108
  • Platform: Linux
  • Title: Util-linux Security Bypass
  • Description: Util-linux is a set of utilities for any Linux system. These include addpart, agetty, blockdev, cal, cfdisk. Util-linux is exposed to a security bypass issue because it fails to properly validate user privileges. Util-linux versions prior to 2.12 are affected.
  • Ref: http://www.securityfocus.com/bid/24321
  • 07.24.25 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Management Console Authentication Mechanism Remote Privilege Escalation
  • Description: Sun Solaris Management Console (SMC) is a console for GUI-based management tools. SMC is exposed to a remote privilege escalation issue. Please refer to the advisory for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102902-1&searchclause=
  • 07.24.26 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation
  • Description: Sun Solaris Management Console (SMC) is a console for GUI-based management tools. SMC is exposed to a remote privilege escalation issue due to an unspecified condition in the logging mechanism. Please refer to the advisory for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102903-1&searchclause=
  • 07.24.27 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution
  • Description: Solaris is an operating system developed by sun. Gnome is an open source xwindows manager available for multiple operating platforms. Solaris versions running Gnome sessions with Assistive Technology and xscreensaver are exposed to a local arbitrary command execution issue. Sun Solaris versions 10 and 10_x86 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102834-1&searchclause=
  • 07.24.28 - CVE: Not Available
  • Platform: Unix
  • Title: Todd Miller Sudo Ptrace API Local Privilege Escalation
  • Description: The "sudo" utility is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The "ptrace" function is a system call that enables one process to control the execution of another process. The application is exposed to a local privilege escalation issue because the software allows malicious users to intercept "sudo" commands. GratiSoft Sudo version 1.6.8 p2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/470343
  • 07.24.29 - CVE: Not Available
  • Platform: Unix
  • Title: GDB Process_Coff_Symbol UPX File Buffer Overflow
  • Description: GDB, the GNU Project Debugger, is a debugging application for programs written in C, C++, and other languages. The application is exposed to a buffer overflow issue due to insufficient bounds checking when handling specially crafted executable files with UPX-encoded data.
  • Ref: http://blog.xwings.net/?p=71
  • 07.24.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Basic Authentication Server Domain Spoofing
  • Description: Opera Web Browser is a browser available for multiple operating platforms. The application is exposed to an HTTP basic authentication domain spoofing issue that occurs because the application truncates a server's HTTP "hostname" after 34 characters when displaying the dialog box for HTTP basic authentication prompt. Opera Web Browser version 9.21 is affected.
  • Ref: http://www.securityfocus.com/bid/24352
  • 07.24.31 - CVE: CVE-2007-3023, CVE-2007-3024
  • Platform: Cross Platform
  • Title: Clam AntiVirus Multiple Unspecified Vulnerabilities
  • Description: ClamAV is an antivirus application for Microsoft Windows and UNIX-like operating systems. The application is exposed to multiple unspecified issues. The incorrect calculation of the end of a buffer could lead to buffer overflow conditions. Improper permissions associated with temporary files could lead to symlink-type attacks. Clam AntiVirus versions prior to 0.90.3 are affected.
  • Ref: http://www.securityfocus.com/bid/24358
  • 07.24.32 - CVE: CVE-2007-2297
  • Platform: Cross Platform
  • Title: Asterisk SIP Channel Driver UDP Packets Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to a remote denial of service issue because it fails to properly handle certain UDP packets.
  • Ref: http://www.securityfocus.com/bid/24359
  • 07.24.33 - CVE: CVE-2007-2863
  • Platform: Cross Platform
  • Title: Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow
  • Description: Computer Associates Anti-virus engine is a scanning engine that is implemented in various Computer Associates products. The application is exposed to a stack-based buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
  • 07.24.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: W3M Browser InputAnswer Format String
  • Description: W3M is a console-based browser, available for UNIX/Linux and Windows operating systems. The application is exposed to a format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. W3M versions prior to 0.5.2 are affected.
  • Ref: http://www.securityfocus.com/bid/24332
  • 07.24.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreeVMS Backup Utility Unspecified Buffer Overflow
  • Description: FreeVMS is an OpenVMS-like operating system available for multiple architectures. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. FreeVMS versions prior to 0.3.6 are affected.
  • Ref: http://www.securityfocus.com/bid/24333
  • 07.24.36 - CVE: CVE-2007-2864
  • Platform: Cross Platform
  • Title: Computer Associates Multiple Products Remote Stack-Based Buffer Overflow
  • Description: Multiple Computer Associates products are exposed to a remote stack-based buffer overflow issue because the scan engine fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
  • 07.24.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Reporting Server Authentication Bypass
  • Description: Symantec Reporting Server is an optional web application within the Symantec System Center console that can be used to create reports about Symantec Client Security and Symantec AntiVirus products in an enterprise network. The application is exposed to an authentication bypass issue which occurs because the application permits attackers to disable the authentication mechanism for the SCS Reporting server.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.05.html
  • 07.24.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Beatnik Extension Remote Script Code Execution
  • Description: Mozilla Firefox is a browser that supports tabbed browsing, available for Linux, Apple Mac OS, and Microsoft Windows platforms. The Beatnik plugin is an audio application for Mozilla Firefox. The application is exposed to a remote script code execution issue because the application fails to validate input errors when processing RSS feeds. Beatnik version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24324
  • 07.24.39 - CVE: CVE-2007-2907
  • Platform: Cross Platform
  • Title: SSL-Explorer Multiple Input Validation Vulnerabilities
  • Description: SSL-Explorer is a web-based SSL VPN server. The application is exposed to multiple input validation issues which include HTML injection, cross-site scripting, and directory traversal issues because it fails to sufficiently sanitize user-supplied input. 3sp SSL-Explorer version 0.1.16 is affected.
  • Ref: http://www.securityfocus.com/bid/24319
  • 07.24.40 - CVE: CVE-2007-0068
  • Platform: Cross Platform
  • Title: IBM Lotus Domino Agent Signature Verification Local Privilege Escalation
  • Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging, and data-driven applications. The application is exposed to a privilege escalation issue because of a design error. IBM Lotus Domino versions prior to 7.0.2 Fix Pack 2 (FP2) are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21258784
  • 07.24.41 - CVE: CVE-2007-0067
  • Platform: Cross Platform
  • Title: IBM Lotus Domino Web Server Unspecified Remote Denial of Service
  • Description: The webserver included with IBM Lotus Domino is exposed to a remote denial of service issue because the software fails to properly handle certain HTTP requests. This issue is a regression issue introduced in version 6.0 of Lotus Domino.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21257251
  • 07.24.42 - CVE: CVE-2007-2650
  • Platform: Cross Platform
  • Title: Clam AntiVirus ClamAV OLE2 Parser Remote Denial of Service
  • Description: ClamAV is an antivirus application for Microsoft Windows and UNIX-like operating systems. The application is exposed to a remote denial of service issue while handling malicious OLE2 files. ClamAV versions prior to 0.90.3 are affected.
  • Ref: http://www.securityfocus.com/bid/24316
  • 07.24.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Resource Variant Directory Traversal
  • Description: Mozilla Firefox is a web browser available for multiple operating platforms. The application is exposed to a directory traversal issue because it fails to adequately sanitize user-supplied data in "nsResProtocolHandler::ResolveURI". Mozilla Firefox version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24303
  • 07.24.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi XP/W Unspecified Remote Denial of Service
  • Description: Hitachi XP/W is device management software. The software is exposed to a remote denial of service issue while handling unexpected input to an unspecified port. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24262
  • 07.24.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Action Prompt Delay Security Mechanism Bypass
  • Description: Mozilla Firefox is a web browser available for multiple operating platforms. The application is exposed to a security mechanism bypass issue because it fails to adequately prevent action prompt options from being selected before a delay timer has finished counting down. Mozilla Firefox versions 2.0.0.4 and earlier are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=376473
  • 07.24.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla FireFox About:Blank IFrame Cross Domain Information Disclosure
  • Description: Mozilla Firefox is a web browsing application available for multiple operating systems. The application is exposed to a cross domain information disclosure issue that occurs because it is possible for attackers to run scripts across domains. Mozilla Firefox versions 2.0.0.4 and earlier are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=343168
  • 07.24.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Clam AntiVirus ClamAV RAR Handling Remote Denial of Service
  • Description: ClamAV is an antivirus application for Microsoft Windows and Unix-like operating systems. The application is exposed to a remote denial of service issue while handling malicious RAR archives that can cause heap-based memory corruption.
  • Ref: http://kolab.org/security/kolab-vendor-notice-15.txt
  • 07.24.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP EXT/Session HTTP Response Header Injection
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to an HTTP response header injection issue that occurs in the "session_start()" function. PHP versions 5.2.3 and earlier and PHP versions 4.4.7 and earlier are affected.
  • Ref: http://www.php-security.org/MOPB/PMOPB-46-2007.html
  • 07.24.49 - CVE: CVE-2007-1593
  • Platform: Cross Platform
  • Title: Symantec Veritas Volume Replicator Administrative Service Denial of Service
  • Description: Symantec Vertias Volume Replicator is an application that allows users to recover critical applications at a remote recovery site. The application is exposed to a denial of service issue that occurs because the application fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.01a.html
  • 07.24.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Image Parsing Buffer Overflow
  • Description: Sun Java Runtime Environment is an enterprise development platform. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
  • 07.24.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WmsCMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: WmsCMS is a content management application. The application is exposed to multiple cross-site scripting issues because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. WmsCMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24365
  • 07.24.52 - CVE: CVE-2006-3974
  • Platform: Web Application - Cross Site Scripting
  • Title: 3Com OfficeConnect Secure Router Tk Parameter Cross-Site Scripting
  • Description: OfficeConnect Secure Router is a high-speed Internet access device for home and small branch office environments. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input to the "tk" parameter on the web-based management interface. OfficeConnect Secure Router firmware version 1.04-168 is affected.
  • Ref: http://secunia.com/secunia_research/2006-60/advisory/
  • 07.24.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ADPLAN SEO Unspecified Cross-Site Scripting
  • Description: ADPLAN SEO is a web-based application. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. ADPLAN SEO version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/24356
  • 07.24.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: All In One Control Panel CP_Dpage.PHP Cross-Site Scripting
  • Description: All In One Control Panel is a content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "aiocp_dp" parameter of the "/code/cp_dpage.php" script. Tecnick All In One Control Panel versions prior to 1.3.017 are affected.
  • Ref: http://www.securityfocus.com/bid/24357
  • 07.24.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebSVN Filedetails.PHP Cross-Site Scripting
  • Description: WebSVN is a web-based SVN repository application. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "path" parameter of the "filedetails.php" script. WebSVN version 2.0rc4 is affected.
  • Ref: http://www.securityfocus.com/bid/24310
  • 07.24.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebStudio CMS Index.PHP Cross-Site Scripting
  • Description: WebStudio CMS is a content management system. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "pageid" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/470451/30/0/threaded
  • 07.24.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Linker Search.PHP Cross-Site Scripting
  • Description: Codelib Linker is a category search engine. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "kword" parameter of the "search.php" script. Codelib Linker version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24296
  • 07.24.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Okyanusmedya Index.PHP Cross-Site Scripting
  • Description: Okyanusmedya is a web-based application. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "pages" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/24285
  • 07.24.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Evenzia Content Management Systems (CMS) Cross-Site Scripting
  • Description: Evenzia CMS is a content management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "includes/send.inc.php" script.
  • Ref: http://www.securityfocus.com/bid/24270
  • 07.24.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPLive Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPLive! is a PHP-based statistics tracker for Half Life gamers. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. PHPLive version 3.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24276
  • 07.24.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Linker Index.PHP Cross-Site Scripting
  • Description: Linker is a category search engine. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "cat" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/24277
  • 07.24.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Buttercup WFM Title Parameter Cross-Site Scripting
  • Description: Buttercup WFM (Web File Manager) is a file management application. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "title" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/24269
  • 07.24.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W1L3D4 WEBmarket Urunbak.ASP SQL Injection
  • Description: W1L3D4 WEBmarket is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "urunbak.asp" script before using it in an SQL query. W1L3D4 WEBmarket version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24364
  • 07.24.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ismail Kartli Alisveris Sistemi News.ASP SQL Injection
  • Description: Ismail Kartli Alisveris Sistemi is a paypal shopping cart system implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "news_id" parameter of the "shop/news.asp" script before using it in an SQL query. Ismail Kartli Alisveris Sistemi version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24362
  • 07.24.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wordpress XMLRPC.PHP SQL Injection Vulnerability
  • Description: WordPress is a PHP-based personal publishing application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "wp_suggestCategories" function of the "xmlrpc.php" script before using it in an SQL query. Wordpress version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24344
  • 07.24.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ComicSense Index.PHP SQL Injection
  • Description: ComicSense is a web-based application to host an online comic or other images. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "epi" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/24329
  • 07.24.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EQdkp Listmembers.PHP SQL Injection
  • Description: EQdkp is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rank" parameter of the "listmembers.php" script before using it in an SQL query. EQdkp version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24294
  • 07.24.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PostNuke PNPHPBB2 Module Index.PHP SQL Injection
  • Description: The PostNuke PNPHPBB2 module is a PHPBB forum module for the Postnuke content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "index.php" script before using it in an SQL query. The PostNuke PNPHPBB2 module versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24295
  • 07.24.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Particle Gallery ViewImage.PHP SQL Injection
  • Description: Particle Gallery is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "editicomment" parameter of the "viewimage.php" script before using it in an SQL query. Particle Soft Particle Gallery versions 1.0 and 1.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24273
  • 07.24.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RevokeBB Class_Users.PHP SQL Injection
  • Description: RevokeBB is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "incclass_users.php" script before using it in an SQL query. RevokeBB version 1.0 RC4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24272
  • 07.24.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Atom PhotoBlog AtomPhotoBlog.PHP Multiple Input Validation Vulnerabilities
  • Description: Atom PhotoBlog is a blogging application. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. Atom PhotoBlog versions prior to 1.0.9.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24363
  • 07.24.72 - CVE: Not Available
  • Platform: Web Application
  • Title: MiniWeb HTTP POST Headers Remote Denial of Service
  • Description: MiniWeb HTTP Server is a HTTP server; it is written in C. The application is exposed to a denial of service issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. MiniWeb Http Server versions 0.8.1 and 0.8.19 are affected.
  • Ref: http://www.securityfocus.com/bid/24375
  • 07.24.73 - CVE: Not Available
  • Platform: Web Application
  • Title: NewsSync Nuke_Include.PHP Remote File Include
  • Description: NewsSync is news reader module for phpBB. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "newssync_NUKEPATH" parameter of the "inc/nuke_include.php" script. NewsSync version 1.5.0r6 is affected.
  • Ref: http://www.securityfocus.com/bid/24361
  • 07.24.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Kravchuk K-Letter Multiple Remote File Include Vulnerabilities
  • Description: Kravchuk K-letter is a web application. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "scdir" parameter of the "action.php", "subs.php" and "unsubs.php" scripts. Kravchuk K-letter version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24334
  • 07.24.75 - CVE: Not Available
  • Platform: Web Application
  • Title: PBLang Login.PHP Local File Include
  • Description: PBLang is a web-based forum. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "cmd" parameter when used by the "login.php" script. PBLang version 4.67.16.a is affected.
  • Ref: http://www.securityfocus.com/bid/24340
  • 07.24.76 - CVE: Not Available
  • Platform: Web Application
  • Title: JD-Wiki For Joomla Multiple Remote File Include Vulnerabilities
  • Description: JD-Wiki is a component for the Joomla content management system. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "dwpage.php" and "wantedpages.php" scripts. JD-Wiki versions 1.0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24342
  • 07.24.77 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Folder Gallery Download_Script.ASP Arbitrary File Download
  • Description: ASP Folder Gallery is a web-based gallery. The application is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "download_script.asp" script.
  • Ref: http://www.securityfocus.com/bid/24345
  • 07.24.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Kevin Johnson BASE Base_Main.PHP Authentication Bypass
  • Description: BASE provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. The application is exposed to an authentication bypass issue due to a design error. BASE versions 1.3.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24315
  • 07.24.79 - CVE: CVE-2007-3021
  • Platform: Web Application
  • Title: Symantec System Center Reporting Server Remote Privilege Escalation
  • Description: Reporting Server is an optional web application that is part of the Symantec System Center console. It is used to create reports about client security and antivirus products. The application is exposed to a remote privilege escalation issue because it fails to adequately initialize an unspecified variable. Reporting Server versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.05a.html
  • 07.24.80 - CVE: CVE-2007-3022
  • Platform: Web Application
  • Title: Symantec Reporting Server Password Information Disclosure
  • Description: Symantec Reporting Server is an optional web application within the Symantec System Center console that can be used to create reports about Symantec Client Security and Symantec AntiVirus products in an enterprise network. The application is exposed to an information disclosure issue because the application displays the hash of an administrator's password when a failed login attempt occurs.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.05.html
  • 07.24.81 - CVE: Not Available
  • Platform: Web Application
  • Title: SendCard SendCard.PHP Local File Include
  • Description: Sendcard is a web-based application for creating and sending ecards. It supports many different databases. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "sc_language" parameter when used by the "sendcard.php" script. Sendcard version 3.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24308
  • 07.24.82 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Predictable Cookie Generation Information Disclosure
  • Description: WordPress is a blogging application. The application is exposed to an information disclosure issue because it generates author cookies in a predictable manner. It affects the "comment_author_", "comment_author_email_", and "comment_author_url_" cookie parameters. WordPress versions 2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24309
  • 07.24.83 - CVE: Not Available
  • Platform: Web Application
  • Title: My DataBook Diary.PHP Multiple Input Validation Vulnerabilities
  • Description: My DataBook is a web-based personal organizer application. The application is exposed to input validation issues because it fails to sufficiently sanitize user-supplied data in the "delete" parameter of the "diary.php" script.
  • Ref: http://www.securityfocus.com/bid/24311
  • 07.24.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Quick.Cart General.PHP Local File Include
  • Description: Quick.Cart is a shopping cart application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "sLanguage" cookie parameter when used by the "config/general.php" script. Quick.Cart version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24299
  • 07.24.85 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS iContent module Spaw_Control.Class.PHP Remote File Include
  • Description: XOOPS iContent module is a web-based module for the XOOPS content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "spaw_root" parameter of the "spaw_control.class.php" script.
  • Ref: http://www.securityfocus.com/bid/24302
  • 07.24.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Movable Type Multiple Input Validation Vulnerabilities and User Enumeration Weakness
  • Description: Movable Type is a web log application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. It is also exposed to a username enumeration weakness. Movable Type version 3.16 is affected.
  • Ref: http://www.securityfocus.com/bid/24304
  • 07.24.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Solution QuickCart Index.PHP Local File Include
  • Description: QuickCart is a web-based shopping administration tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "$_COOKIE["sLanguage"] parameter of the "index.php" script. QuickCart versions 2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24281
  • 07.24.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Omegasoft Insel Multiple Input Validation Vulnerabilities
  • Description: Omegasoft Insel is a web-based application. The application is exposed to multiple HTML injection and SQL injection issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/24275
  • 07.24.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Aigaion Multiple HTML Injection Vulnerabilities
  • Description: Aigaion is a bibliography management system. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content. Aigaion versions prior to version 1.3.3 are affected.
  • Ref: http://www.securityfocus.com/bid/24264
  • 07.24.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Prototype of an PHP Application Multiple Remote File Include Vulnerabilities
  • Description: Prototype of an PHP application is a database management application written in PHP. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "path_inc" parameter. PHP application version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24266
  • 07.24.91 - CVE: CVE-2007-2512
  • Platform: Network Device
  • Title: Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass
  • Description: Alcatel Lucent OmniPCX Enterpise VOIP Telephone Systems are exposed to a security bypass issue due to a configuration error. Alcatel Lucent OmniPCX Enterpise version 7 is affected.
  • Ref: http://www.securityfocus.com/bid/24360
  • 07.24.92 - CVE: Not Available
  • Platform: Network Device
  • Title: F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection
  • Description: FirePass 4100 SSL VPN is a secure Virtual Private Network device that uses SSL (versus the standard IPSec VPN). The device is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data.
  • Ref: http://www.securityfocus.com/archive/1/470444

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I learned more here in six days than I could in a year in terms of breadth of knowledge.
-Stephen Yuhas, TESSCO Technologies

AMEX gift card with Mentor class

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP