Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 25
June 18, 2007

SANS Newsletters Home

Microsoft Windows rises to the top of this week's list of vulnerable software with critical vulnerabilities in Secure Sockets, in Internet Explorer, and in Outlook Express. Also this week the total number of new vulnerabilities once again reached the century (100) mark in a single week. The vast majority of these vulnerabilities are in application software, not in systems software. If you need information on how to improve application security, see the new Software Security Institute site at www.sans-ssi.org, and try to attend the Application Security Summit in DC in August where lots of users will share the lessons they learned in building application security initiatives. http://www.sans.org/appsummit07/ Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ---------------------- -------------------------------------
    • Windows
    • 18 (#1, #2, #3, #4)
    • Microsoft Office
    • 1 (#5)
    • Other Microsoft Products
    • 10
    • Third Party Windows Apps
    • 15 (#6)
    • Mac Os
    • 1
    • Linux
    • 4
    • Solaris
    • 2 (#8)
    • Novell
    • 1
    • Cross Platform
    • 12 (#7, #9)
    • Web Application - Cross Site Scripting
    • 14
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 17
    • Network Device
    • 3 (#10)

*************************** Sponsored By SPI Dynamics ***********************

ALERT: "How a Hacker Launches a SQL Injection Attack!"- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! http://www.sans.org/info/9101

*****************************************************************************

SANS TRAINING UPDATE: In the next 120 days SANS training will be available in more than 30 cities in five countries with the biggest program in Washington DC at the end of July and Las Vegas the end of September. Complete schedule at: http://www.sans.org/training/bylocation/index_all.php Two other ways to take SANS courses: (1) from your home or office you can learn from top SANS faculty teaching live on line and you asking questions in real time - very cool - called SANS@HOME http://www.sans.org/athome/ Or have SANS faculty come to your site and shape the course to your specific needs: http://www.sans.org/onsite/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: ********************************

1) *Free Whitepaper: Addressing Mobile Threats* Learn how to implement an intelligent incident response system that responds to threats in seconds. http://www.sans.org/info/9106

2) Listen today to a recent SANS Webcast from May 30th, "Maximizing the Value of Your Log Management Solution" http://www.sans.org/info/9111

3) Upcoming SANS Ask the Expert webcast on June 20th at 1pm EDT titled "Reputation-Based Network Security". Register today. http://www.sans.org/info/9116

*****************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows Schannel Remote Code Execution (MS07-031)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: The Microsoft Windows Secure Channel (Schannel) subsystem is the Microsoft Windows implementation of the Internet-standard Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. These protocols are used for cryptographically secure communications across the Internet. This subsystem contains a flaw in the handling of cryptographic signatures. A specially-crafted signature sent by a server could trigger a remote code execution vulnerability. Any application utilizing the SSL or TLS protocols via the Schannel subsystem is potentially vulnerable; this includes Internet Explorer. This vulnerability could be exploited by a malicious web site. Full technical details for this vulnerability are publicly available.

  • Status: Microsoft confirmed, updates available. Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly schedule system maintenance cycle.

  • References:
  • (3) CRITICAL: Microsoft Outlook Express and Windows Mail Multiple Vulnerabilities (MS07-034)
  • Affected:
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista

  • Description: Microsoft Outlook Express and Microsoft Windows Mail contain multiple vulnerabilities. Failure to properly validate local Universal Naming Convention (UNC) paths in email messages could allow a specially crafted email to execute arbitrary commands if the user clicks on a link in that email. Additionally, a web page containing a specially crafted MIME HTML (MHTML) link could trigger a cross-site scripting vulnerability. Note that this flaw can be exploited from a web browser. Two additional information disclosure vulnerability applications were patched as part of this security bulletin. Some technical details are publicly available for these vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly schedule system maintenance cycle.

  • References:
  • (4) HIGH: Microsoft Win32 API Remote Code Execution (MS07-035)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: Microsoft Windows's "Win32" application programming interface (API) contains a flaw in validating certain parameters passed to functions. The exact functions are not known, but Microsoft has confirmed that Internet Explorer calls the vulnerable functions in such a way as to be vulnerable to this attack. Any other application that uses these functions would likely be vulnerable as well. A specially-crafted web page could trigger the flaw in Internet Explorer; other vectors are possible through other applications. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code in the context of the vulnerable application.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly schedule system maintenance cycle.

  • References:
  • (5) HIGH: Microsoft Visio Multiple Vulnerabilities (MS07-030)
  • Affected:
    • Microsoft Visio 2002
    • Microsoft Office 2003

  • Description: Microsoft Visio, Microsoft's diagramming suite, contains multiple vulnerabilities. A specially-crafted Visio file containing an invalid version number or malformed packed object could trigger memory corruption vulnerabilities. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, Visio files may be opened without prompting.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly schedule system maintenance cycle.

  • References:
  • (6) HIGH: Multiple ActiveX Controls Multiple Vulnerabilities
  • Affected:
    • Zoomify Viewer ActiveX Control
    • Corel ActiveCGM ActiveX Control

  • Description: The above ActiveX controls have been reported to contain vulnerabilities that could lead to remote code or command execution. A specially crafted web page that instantiates one of these controls could exploit these vulnerabilities to execute arbitrary code with the privileges of the current user. Note that reusable exploit code that targets arbitrary ActiveX controls is widely available and easily modified to attack these controls.

  • Status: Users are advised to check with vendors to determine the status of these vulnerabilities. Users can mitigate the impact of these vulnerabilities by disabling these controls via Microsoft's "kill bit" mechanism.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (7) HIGH: Firebird Database "connect" Buffer Overflow
  • Affected:
    • Firebird SQL Server versions 2.x
    • BakBone NetVault versions 6.x

  • Description: The Firebird SQL database server contains a flaw in its handling of "connect" requests. An attacker who issues a specially crafted connect request could trigger a memory overwrite condition. Successfully exploiting this condition would allow an attacker to execute arbitrary code with the privileges of the current user. No authentication is necessary to exploit this vulnerability. Note that full technical details are available for this vulnerability.

  • Status: Firebird confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 3050, if possible.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (8) MODERATE: Sun Java System Directory Server Authentication Bypass
  • Affected:
    • Sun Java System Directory Server version 5.2

  • Description: The Sun Java System Directory Server is Sun's Lightweight Directory Access Protocol (LDAP) server. A flaw in handling authentication requests could allow an attacker to access the LDAP directory and modify its contents without proper authentication. No further technical details are available for this vulnerability.

  • Status: Sun confirmed, updates available. Users may be able to mitigate the impact of this vulnerability by blocking access to port 389 (TCP and UDP) at the network perimeter, if possible.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (9) MODERATE: HP System Management Home Page Privilege Escalation
  • Affected:
    • HP System Management Home Page versions prior to 2.1.9

  • Description: The HP System Management Home Page, used to administer HP systems running Microsoft Windows or Linux, contains a privilege escalation vulnerability. An authenticated user who is a member of a Novell e-directory is treated as a superuser by the HP System Management Home Page. Any user who is authenticated via the e-directory mechanism is capable of exploiting this vulnerability; unauthenticated users are not able to exploit this vulnerability. Note that some technical details are available for this vulnerability.

  • Status: HP confirmed, updates available.

  • References:
Other Software
  • (10) MODERATE: Arris Cadant C3 CMTS Denial of Service
  • Affected:
    • Arris Cadan C3 CMTS

  • Description: The Arris Cadant C3 Cable Modem Termination System (CMTS) contains a remote denial-of-service vulnerability. An attacker who sends a specially-crafted IP packet containing invalid IP or unknown IP options to the CMTS would be able to trigger this vulnerability and terminate service to all devices managed by that system.

  • Status: Arris confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5465 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.25.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE POP3 Remote Denial of Service
  • Description: Microsoft Windows CE is exposed to a remote denial of service issue which only affects Windows CE running on Texas Instruments TI 925T CPU (ARMV4). The issue occurs when the device attempts to synchronize to a POP3 server containing 2000 messages. Windows CE version 4.2 is affected.
  • Ref: http://support.microsoft.com/kb/829492
  • 07.25.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
  • Description: Microsoft Windows CE is a compact version of Windows for embedded systems. The .NET Compact Framework is a version of the .NET Framework designed for Windows CE. Memory corruption may occur on Windows CE devices that have the native security model enabled. Microsoft Windows CE version 5.0 is affected. Please refer to the advisory for further details.
  • Ref: http://support.microsoft.com/kb/837392/
  • 07.25.3 - CVE: Not Available
  • Platform: Windows
  • Title: Windows CE Abstract Syntax Notation One Library Integer Overflow
  • Description: Windows CE ASN.1 is exposed to an integer overflow issue because it fails to prevent an arithmetic operation from wrapping around an integer value. This condition will cause the affected library to later allocate an insufficiently sized memory buffer, resulting in a heap buffer overflow. Microsoft Windows CE version 4.2 is affected.
  • Ref: http://support.microsoft.com/kb/837052
  • 07.25.4 - CVE: Not Available
  • Platform: Windows
  • Title: Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
  • Description: Apple Safari for Microsoft Windows is exposed to multiple unspecified issues. These issues reside in the SVG parsing engines. Safari 3 public beta for windows is affected. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24446
  • 07.25.5 - CVE: CVE-2007-2219
  • Platform: Windows
  • Title: Microsoft Win32 API Parameter Validation Remote Code Execution
  • Description: The Microsoft Win32 API is an application programmer's interface library designed for use on the Microsoft Windows operating system. The library is exposed to a remote code-execution issue that occurs when the Win32 API component parses unspecified parameters that are passed to it from other applications such as Internet Explorer.
  • Ref: http://www.kb.cert.org/vuls/id/457281
  • 07.25.6 - CVE: CVE-2007-2218
  • Platform: Windows
  • Title: Microsoft Windows SChannel Security Remote Code Execution
  • Description: The Microsoft Windows Schannel security package is used to provide 128-bit strong encryption in Internet Explorer. The application is exposed to a remote code-execution issue during the processing and validation of server-sent digital signatures by the client application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-031.mspx
  • 07.25.7 - CVE: CVE-2007-2229
  • Platform: Windows
  • Title: Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure
  • Description: Microsoft Windows Vista is exposed to a local information disclosure issue that occurs because the application permits non-privileged users to access local user information stores contained within the registry and local file system.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx
  • 07.25.8 - CVE: Not Available
  • Platform: Windows
  • Title: Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
  • Description: Apple Safari for Windows is exposed to a multiple issues including two remote code execution and four denial of service issues. Safari 3 public beta for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/24433
  • 07.25.9 - CVE: Not Available
  • Platform: Windows
  • Title: Apple Safari for Windows Protocol Handler Command Injection
  • Description: Apple Safari is a web browser for multiple operating platforms. It is produced by Apple and is currently in Beta for the Windows platform. Apple Safari for Windows is exposed to a protocol handler command injection issue that allows remote attackers to pass arbitrary command line arguments to any application that can be called through a protocol handler. Apple Safari for Windows 3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/24434
  • 07.25.10 - CVE: Not Available
  • Platform: Windows
  • Title: Apple Safari for Windows Unspecified Denial of Service
  • Description: Apple Safari for Windows is exposed to a denial of service issue because it fails to properly handle user-supplied input. Safari 3 public beta for windows is affected.
  • Ref: http://www.securityfocus.com/bid/24431
  • 07.25.11 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE Pocket Internet Explorer PNG Denial of Service
  • Description: Windows CE is an embedded version of the Windows operating system which runs on portable devices. The application is exposed to a denial of service issue which arises because an exception can occur when the browser loads PNG graphics files. Windows CE version 4.2 is affected.
  • Ref: http://support.microsoft.com/kb/875504
  • 07.25.12 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE TCP/IP Requests Denial of Service
  • Description: Windows CE is an embedded version of the Windows operating system which runs on portable devices. The application is exposed to a denial of service issue. Windows CE version 4.2 is affected.
  • Ref: http://support.microsoft.com/kb/837392/
  • 07.25.13 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE ASP Parser Buffer Overflow
  • Description: Windows CE is an embedded version of the Windows operating system which runs on portable devices. The application is exposed to a buffer overflow issue because the application fails to bound check user-supplied data before copying it into an insufficiently sized buffer. Microsoft Windows CE version 5.0 and 6.0 are affected.
  • Ref: http://support.microsoft.com/kb/833270
  • 07.25.14 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE MSXML Multiple Vulnerabilities
  • Description: Windows CE is an embedded version of the Windows operating system which runs on portable devices. The application is exposed to multiple issues including denial of service and cross site scripting issues. Microsoft Windows CE version 5.0 is affected.
  • Ref: http://support.microsoft.com/kb/916644/
  • 07.25.15 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE Malformed RNDIS Packet Remote Denial of Service
  • Description: Microsoft Windows CE is exposed to a remote denial of service issue. Microsoft Windows CE 5.0 is affected.
  • Ref: http://support.microsoft.com/kb/837392/
  • 07.25.16 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE Internet Explorer Content-Type Denial of Service
  • Description: Microsoft Internet Explorer for Windows CE is exposed to a denial of service issue because the application fails to handle exceptional conditions. Internet Explorer for Windows CE 6 is affected.
  • Ref: http://support.microsoft.com/kb/933679
  • 07.25.17 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE Internet Explorer SSL Unspecified Denial of Service
  • Description: Microsoft Windows CE is an embedded version of the Windows operating systems for embedded-based devices. The application is exposed to a denial of service issue. Please refer to the advisory for further details.
  • Ref: http://support.microsoft.com/kb/837392/
  • 07.25.18 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE Internet Explorer Remote Denial of Service
  • Description: Microsoft Windows CE Internet Explorer is exposed to a remote denial of service issue because it fails to properly handle maliciously crafted web server responses. Windows CE 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24395
  • 07.25.19 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow
  • Description: Microsoft Office Microsoft Office MSODataSourceControl ActiveX Control is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when an excessive amount of data is passed to the "HelpPopup" method of the "DeleteRecordSourceIfUnused()" method of the MSODataSourceControl ActiveX control.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.20 - CVE: CVE-2007-3027
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Language Pack Installation Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to remote code-execution issue because of a race-condition in its language pack installation support.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
  • 07.25.21 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing
  • Description: Microsoft Internet Explorer is exposed to a webpage spoofing issue which presents itself in the Navigation canceled page.
  • Ref: http://www.securityfocus.com/bid/24448
  • 07.25.22 - CVE: CVE-2007-2222
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Speech API 4 COM Object Instantiation Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a memory corruption issue when instantiating certain COM objects. The issue exists in the speech control of the Speech API 4.
  • Ref: http://www.kb.cert.org/vuls/id/507433
  • 07.25.23 - CVE: CVE-2007-0218
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to remote code-execution issue that occurs because of a flaw when the application tries to instantiate COM objects that are not designed to be instantiated via the browser. This issue is due to the flawed manner in which the objects return values. These COM objects are located in the "urlmon.dll" library.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.24 - CVE: CVE-2007-2227
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook Express Content Disposition Parsing Information Disclosure
  • Description: The MHTML protocol handler is part of Outlook Express and permits encoded documents to be rendered in applications. The application is exposed to a cross-domain information disclosure issue where the MHTML protocol handler fails to correctly handle "Content-Disposition" notifications to Internet Explorer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
  • 07.25.25 - CVE: CVE-2007-1751
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Unspecified Uninitialized Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a memory corruption issue when accessing objects that are improperly instantiated or deleted. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24418
  • 07.25.26 - CVE: CVE-2007-1750
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer CSS Tag Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to remote code-execution issue because it fails to properly handle certain CSS data. This issue stems from a memory corruption flaw when the application attempts to process certain CSS (Cascading Style Sheets) tags while rendering HTML documents.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
  • 07.25.27 - CVE: CVE-2007-0934
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Version Number Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. The application is exposed to a remote code execution issue because it fails to adequately validate user-supplied data.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms07-030.mspx
  • 07.25.28 - CVE: CVE-2007-0936
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Packed Objects Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. The application is exposed to a remote code execution issue because it fails to adequately handle user-supplied data.
  • Ref: http://www.securityfocus.com/bid/24384
  • 07.25.29 - CVE: CVE-2007-2225
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook Express MHTML URL Redirect Information Disclosure
  • Description: Outlook Express is exposed to a cross domain information disclosure issue where the browser (typically Internet Explorer) fails to correctly handle redirections with the "mhtml:" URI handler. The MHTML protocol handler is part of Outlook Express and permits encoded documents to be rendered in applications.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
  • 07.25.30 - CVE: CVE-2007-3164
  • Platform: Third Party Windows Apps
  • Title: Microsoft Internet Explorer 7 HTTP Authentication International Domain Name Spoofing Weakness
  • Description: Microsoft Internet Explorer 7 is a browser for the Windows operating system. The application is exposed to a HTTP authentication hostname spoofing weakness. Internet Explorer 7 is affected.
  • Ref: http://www.securityfocus.com/bid/24483
  • 07.25.31 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Content and URLBar Spoofing
  • Description: Apple Safari is a web browser, produced by Apple and is currently in Beta for the Windows platform. Apple Safari 3.0.1 Beta for Windows is exposed to a window title and urlbar spoofing issue. Safari version 3.0.1 (522.12.12) on Windows 2003 SE SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/24484
  • 07.25.32 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari Feed URI Denial of Service
  • Description: Apple Safari is a web browser available for multiple operating platforms. The browser is exposed to a denial of service issue because it fails to adequately sanitize user-supplied input. Apple Safari for Windows version 3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/24460
  • 07.25.33 - CVE: CVE-2007-2921
  • Platform: Third Party Windows Apps
  • Title: Corel ActiveCGM Browser ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Corel ActiveCGM Browser ActiveX controls allows users to view Computer Graphic Metafiles (CGMs) in a web browser. The application is exposed to multiple buffer overflow issues that occur because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Corel ActiveCGM Browser version 7.1.4.19 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/983249
  • 07.25.34 - CVE: CVE-2007-3180
  • Platform: Third Party Windows Apps
  • Title: HP Help and Support Center Unspecified Buffer Overflow
  • Description: HP Help and Support Center is a help and assistance tool for HP systems. The application is exposed to an unspecified buffer overflow issue which occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. HP Help and Support Center versions prior to 4.4 C are affected.
  • Ref: http://www.securityfocus.com/bid/24459
  • 07.25.35 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Safari Window.setTimeout Content Spoofing
  • Description: Apple Safari is a web browser for multiple operating platforms. It is produced by Apple and is currently in Beta for the Windows platform. Apple Safari Beta 3 for Windows contains a content spoofing issue in its javascript "window.setTimeout()" function that relies on a timer-trigger which is processed after a change to the property of "window.location". Safari version 3.0 (522.11.3) on MS Windows 2003 SE SP2 and Windows XP SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/24457
  • 07.25.36 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite
  • Description: TBarCode ActiveX control is a barcode toolkit designed for use on Microsoft Windows. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files. The attacker can use the "SaveImage" method to overwrite an attacker specified file with arbitrary data.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.37 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 602Pro Lan Suite 2003 Remote Email Message Buffer Overflow
  • Description: 602Pro Lan Suite 2003 is a combination of email, antivirus, antispam, and firewall system. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data.
  • Ref: http://www.securityfocus.com/bid/24437/info
  • 07.25.38 - CVE: CVE-2007-2920
  • Platform: Third Party Windows Apps
  • Title: Zoomify Viewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Zoomify Viewer ActiveX control adds the functionality of zoomable images on websites. The application is exposed to multiple stack-based buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.kb.cert.org/vuls/id/174177
  • 07.25.39 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Internet Download Accelerator ActiveX Control Buffer Overflow
  • Description: Internet Download Accelerator ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Internet Download Accelerator version 5.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.40 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow
  • Description: Ace-FTP is an FTP (File Transfer Protocol) application designed for use on the Microsoft Windows platform. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check server-supplied input before copying it to an insufficiently sized memory buffer. Ace-FTP version 1.24a is affected.
  • Ref: http://www.securityfocus.com/bid/24403
  • 07.25.41 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SafeNET High Assurance Remote and SoftRemote IPSecDrv.SYS Remote Denial of Service
  • Description: SafeNET High Assurance Remote and SoftRemote are security carrier-grade VPN applications that include FIPS technology, device authentication, and the Advanced Encryption Standard (AES) algorithm. The application is exposed to a remote denial of service issue because they fail to properly handle certain network packets. SafeNET High Assurance Remote version 1.4.0 and SoftRemote 1.4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24385
  • 07.25.42 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The application is exposed to an issue that may permit an attacker to execute an arbitrary file on the victim's computer because the application fails to properly sanitize user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.43 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The application is exposed to multiple issues that attackers can exploit to delete arbitrary files because the software fails to properly sanitize user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.44 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker ActiveX Control Arbitrary File Deletion/Overwrite
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The application is exposed to an issue that could permit an attacker to delete or overwrite arbitrary files.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.25.45 - CVE: Not Available
  • Platform: Mac Os
  • Title: Cisco Trust Agent for Mac OS X Local Privilege Escalation
  • Description: Cisco Trust Agent (CTA) is a host-policy validation application designed to operate in conjunction with Cisco's Network Admission Control program. The application is exposed to a local privilege escalation issue due to the method in which the application presents notifications to users. Cisco Trust Agent versions prior to 2.1.104.0 are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20070611-cta.shtml
  • 07.25.46 - CVE: CVE-2007-3099, CVE-2007-3100
  • Platform: Linux
  • Title: Open ISCSI Multiple Local Denial of Service Vulnerabilities
  • Description: Open-iSCSI is a server daemon for the iSCSI protocol. The application is exposed to multiple local denial of service issues. The first issue occurs when the application attempts to prevent unauthorized access to the management interface (the interface uses an AF_LOCAL socket). The second issue occurs due to a poorly implemented semaphore which protects the daemon's logging mechanism. RedHat Enterprise Linux Desktop v.5 client, and RedHat Enterprise Linux v. 5 server are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0497.html
  • 07.25.47 - CVE: CVE-2007-2873
  • Platform: Linux
  • Title: SpamAssassin Local Symlink Attack And Denial of Service
  • Description: SpamAssassin is a mail filter designed to identify and process spam. It is available for Linux, UNIX, and variants. The application is exposed to a local denial of service issue which arises because the application creates files in an insecure manner. SpamAssassin versions prior to 3.2.1 are affected.
  • Ref: http://spamassassin.apache.org/advisories/cve-2007-2873.txt
  • 07.25.48 - CVE: CVE-2007-2875
  • Platform: Linux
  • Title: Linux Kernel CPUSet Tasks Memory Leak Information Disclosure
  • Description: Linux Kernel is exposed to an information disclosure issue because it fails to handle unexpected user-supplied input. Linux Kernel versions prior to 2.6.21.4 and 2.6.20.13 are affected.
  • Ref: http://www.securityfocus.com/bid/24389
  • 07.25.49 - CVE: CVE-2007-2453
  • Platform: Linux
  • Title: Linux Kernel PRNG Entropy Weakness
  • Description: The Linux kernel is exposed to a weakness that may result in weaker cryptographic security. The kernel contains PRNG weaknesses that occur as both seeding difficulties on systems with zero entropy, and as errors in entropy extraction. Linux kernel versions prior to 2.6.21.4 are affected.
  • Ref: http://www.securityfocus.com/bid/24390
  • 07.25.50 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Remote IPv6 IPSec Packet Denial of Service
  • Description: The Sun Solaris is exposed to a denial of service issue because the operating system fails to handle exceptional conditions. Solaris 10 operating system is affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102919-1&searchclause=
  • 07.25.51 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Server XDR Handling Denial of Service
  • Description: The Sun Solaris is exposed to a denial of service issue because the operating system fails to handle exceptional conditions. Solaris 10 operating system is affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102965-1&searchclause=
  • 07.25.52 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Netware Modular Authentication Service Local Information Disclosure
  • Description: Novell Netware Modular Authentication Service is an authentication component of eDirectory. eDirectory is a server platform for directory services and identity management; it is distributed by Novell. The application is exposed to a local information disclosure issue because the application "NMASINST" dumps the admin account and password into a log file in clear text. If an attacker runs "NMASINT" on the Netware platform, it dumps command line activity to "SYS:/ETC/NMAS/NMASINST.LOG". NMAS version 3.1.2 is affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html
  • 07.25.53 - CVE: CVE-2006-4168
  • Platform: Cross Platform
  • Title: EXIF Library EXIF File Processing Integer Overflow
  • Description: libexif is a library that is designed to provide support for Exchangeable Image File Format (EXIF) images. The application is exposed to an integer overflow issue that presents itself when processing malformed EXIF files in the "exif_data_load_data_entry" function of the affected library. libexif versions 0.6.13 to 0.6.15 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471268
  • 07.25.54 - CVE: CVE-2007-2448
  • Platform: Cross Platform
  • Title: Subversion Remote Revision Property Information Disclosure
  • Description: Subversion is an open source revision control application designed to replace CVS. The application is exposed to a remote information disclosure issue which is due to a failure of the application to properly enforce security restrictions during certain remote SVN operations. Subversion versions prior to 1.4.4 are affected.
  • Ref: http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
  • 07.25.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Directory Server Attributes List Information Disclosure
  • Description: Sun Java System Directory Server is exposed to an information disclosure issue that may allow remote attackers to reveal the existence of an entry's attributes. Sun ONE Directory Server 5.2, Sun Java System Directory Server 5, and Sun Java Directory Server Enterprise Edition (DSEE) 6.0 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102876-1&searchclause=
  • 07.25.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Directory Server Remote Unauthorized Access
  • Description: Sun Java System Directory Server is an LDAP (Lightweight Directory Access Protocol) server distributed with multiple Sun products. The server is exposed to a remote unauthorized access issue. Sun Java System Directory Server 5.2 Patch4, Patch3 and Sun Java Directory Server Enterprise Edition 6.0 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102875-1&searchclause=
  • 07.25.57 - CVE: CVE-2007-3009
  • Platform: Cross Platform
  • Title: Mbedthis AppWeb URL Protocol Format String
  • Description: Mbedthis AppWeb is an embedded HTTP Web server for devices and applications. The application is exposed to a format string issue because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Mbedthis AppWeb version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24454
  • 07.25.58 - CVE: CVE-2007-3008
  • Platform: Cross Platform
  • Title: Mbedthis AppWeb HTTP TRACE Information Disclosure
  • Description: Mbedthis AppWeb is a web server implemented in ASP, PHP and Javascript. The application is exposed to an information disclosure issue that may allow a remote attacker to steal sensitive information such as cookie-based authentication credentials. Mbedthis AppWeb version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24456
  • 07.25.59 - CVE: CVE-2007-0245
  • Platform: Cross Platform
  • Title: OpenOffice RTF File Parser Buffer Overflow
  • Description: OpenOffice is a multi-platform office suite. Rich Text Format (RTF) is developed by Microsoft as a cross-platform document format. The application is exposed to a remote heap-based buffer overflow issue that occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0406.html
  • 07.25.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox URLBar Null Byte File Remote Code Execution
  • Description: Mozilla Firefox is exposed to a remote code execution issue because it fails to adequately sanitize user-supplied input. Please refer to the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/24447
  • 07.25.61 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebird SQL Fbserver Remote Buffer Overflow
  • Description: Firebird SQL is a relational database that runs on Windows, Linux and Unix systems. The application is exposed to a remote buffer overflow issue because the application fails to properly check boundaries on user-supplied data before using it in a finite sized buffer. Firebird SQL version 2.0 is affected.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-11
  • 07.25.62 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHPMailer Remote Shell Command Execution
  • Description: PHPMailer is a utility class used in PHP application to support emails sent through sendmail, PHP mailto() or SMTP. The application is exposed to an issue that allows arbitrary shell commands to run because the software fails to adequately escape user-supplied input. PHPMailer versions 1.73 and earlier are affected. Ref: https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707
  • 07.25.63 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WinPT User ID Key Spoofing
  • Description: WinPT (Windows Privacy Tray) is a front-end GUI for GnuPG that integrates key management and data encryption capabilities. GnuPG (GNU Privacy Guard) is an implementation of the OpenPGP encryption standard. The application is exposed to a key-spoofing issue because it fails to properly display user-supplied key data. WinPT version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471045
  • 07.25.64 - CVE: Not Available
  • Platform: Cross Platform
  • Title: C-Ares DNS Library Remote Cache Poisoning
  • Description: The c-ares library provides asynchronous DNS resolution for applications. It is freely available, and is implemented in C. The application is exposed to a DNS cache poisoning issue due to a failure of the library to utilize secure DNS transaction IDs. The c-ares library versions prior to 1.4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24386
  • 07.25.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: dotProject Unspecified Parameters Cross-Site Scripting
  • Description: dotProject is a web-based project management application. The application is exposed to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to unspecified parameters and scripts. dotProject versions 2.0.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24472
  • 07.25.66 - CVE: CVE-2007-2450
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. Apache Tomcat Manager and Host Manager are exposed to a cross-site scripting issue because they fail to properly sanitize user-supplied input to the "filename" parameter of the "upload" script.
  • Ref: http://www.securityfocus.com/archive/1/471357
  • 07.25.67 - CVE: CVE-2007-2449
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat JSP Example Web Applications Cross-Site Scripting
  • Description: Apache Tomcat is a Servlet container for Java Servlets and Java Server Pages (JSP). The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/24476/info
  • 07.25.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP Cross-Site Scripting
  • Description: Letterman Subscriber is a module for Joomla!. The application is exposed to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input to the "itemid" parameter of the "mod_lettermansubscribe.php" script. Letterman Subscriber version 1.2.4-RC1 is affected.
  • Ref: http://www.securityfocus.com/bid/24479
  • 07.25.69 - CVE: CVE-2007-3101
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross-Site Scripting
  • Description: Apache Tomahawk MyFaces JSF Framework is used to create server side GUI web applications. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "autoscroll" parameter from HTTP POST and GET requests. Apache MyFaces Tomahawk version 1.1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471397
  • 07.25.70 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Live! Request.PHP Cross-Site Scripting
  • Description: PHP Live! is a customer support application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "pagex" parameter of the "request.php" script. PHP Live! versions 3.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24443
  • 07.25.71 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Domain Technologie Control 404.PHP Cross-Site Scripting
  • Description: Domain Technologie Control is a GPL control panel for hosting. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "_SERVER["REQUEST_URI"]" parameter of the "404.php" script. Domain Technologie Control versions prior to 0.25.9 are affected.
  • Ref: http://www.securityfocus.com/bid/24441
  • 07.25.72 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sporum Forum Multiple Remote Cross-Site Scripting Vulnerabilities
  • Description: Sporum Forum is a web-based forum written in PHP. The application is exposed to multiple cross-site scripting issues because the application fails to properly sanitize the "view" and "mode" variables of the "index.cgi" and "comments.cgi" through the "FDefault.pm" script. Sporum Forum version 3.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/24439
  • 07.25.73 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BBpress BB-Login.PHP Cross-Site Scripting
  • Description: BBpress is a web log application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "re" parameter of the "bb-login.php" script. BBPress version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24422
  • 07.25.74 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Maran Blog Comments.PHP Cross-Site Scripting
  • Description: Maran Blog is a web-based blog application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "comments.php" script.
  • Ref: http://www.securityfocus.com/bid/24409
  • 07.25.75 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Beehive Forum Links.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Beehive Forum is web-based forum software implemented in PHP utilizing a MySQL backend. The application is exposed to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the "viewmode", "fid" and "sort_dir" parameters of the "forum/links.php" script. Beehive Forum version 0.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24413
  • 07.25.76 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ERFAN WIKI Index.PHP Cross-Site Scripting
  • Description: ERFAN WIKI is a web-based wiki application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user input. ERFAN WIKI version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/24406
  • 07.25.77 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webmin Pam_Login.CGI Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Webmin is a web-based Unix system administration interface implemented in Perl. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input to multiple unspecified parameters of the "pam_login.cgi" script. Webmin version 1.340 is affected.
  • Ref: http://www.securityfocus.com/bid/24381
  • 07.25.78 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress Request_URI Parameter Cross-Site Scripting
  • Description: WordPress allows users to generate news pages and web logs dynamically. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "$_SERVER["REQUEST_URI"]" variable in the "functions.php" script. Wordpress version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24383
  • 07.25.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VirtueMart Unspecified SQL Injection
  • Description: VirtueMart is a web-based shopping application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to an unspecified parameter and script before using it in SQL queries. VirtueMart versions prior to 1.0.11 are affected.
  • Ref: http://www.securityfocus.com/bid/24485
  • 07.25.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Elxis CMS Banner Module MB_Tracker SQL Injection
  • Description: Elxis CMS is a content management system. The Banner Module for Elxis CMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Elxis CMS versions 2006.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24478
  • 07.25.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fuzzylime Low.PHP SQL Injection
  • Description: Fuzzylime is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic" parameter of the "low.php" script before using it in an SQL query. Fuzzylime version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24451
  • 07.25.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GeometriX Download Portal Down_Indir.ASP SQL Injection
  • Description: GeometriX Download Portal is a web portal implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "down_indir.asp" script before using it in an SQL query. GeometriX Download Portal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24404
  • 07.25.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBSupport Integrated Ticket System vBSupport.PHP SQL Injection
  • Description: vBSupport is a modified version of the vBulletin forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ticketid" parameter of the "vBSupport.php" script before using it in an SQL query. VBulletin vBSupport version 2.0.0 Beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/24397
  • 07.25.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum PHPSessionID Session Fixation
  • Description: Simple Machines Forum is a web forum application implemented in PHP. The application is exposed to a session fixation issue. Simple Machines Forum version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/467748
  • 07.25.85 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS XT-Conteudo Module Spaw_Control.Class.PHP Remote File Include
  • Description: XT-Conteudo is a module for the XOOPS content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "spaw_root" parameter of the "admin/spaw/spaw_control.class.php" script. XT-Conteudo version 1.52 is affected.
  • Ref: http://www.securityfocus.com/bid/24470
  • 07.25.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Sitellite Forge Bug-559668.PHP Remote File Include
  • Description: Sitellite Forge is a content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "FORUM[LIB]" parameter of the "bug-559668.php" script. Sitellite Forge versions 4.2.12 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24474
  • 07.25.87 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP::HTML HTMLClass_Path Remote File Include
  • Description: PHP::HTML is a set of PHP classes for creating complex documents. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "htmlclass_path" parameter of the "phphtml.php" script. PHP::HTML version 0.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24477
  • 07.25.88 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS XFsection Module Dir_Module Parameter Remote File Include
  • Description: XFsection is a module for the XOOPS content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "dir_module" parameter of the "include/wysiwygeditor.php" script. XFsection version 1.07 is affected.
  • Ref: http://www.securityfocus.com/bid/24465
  • 07.25.89 - CVE: Not Available
  • Platform: Web Application
  • Title: YaBB Forum Profile CRLF Injection Remote Privilege Escalation
  • Description: YaBB Forum is a web forum application. The application is exposed to a remote privilege escalation issue due to a failure of the application to properly sanitize user-supplied input prior to writing it to a configuration file. YaBB Forum version 2.1 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538
  • 07.25.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Cellosoft Tokens Removechr() Stack Buffer Overflow
  • Description: Cellosoft Tokens object allows a multimedia designer to separate a single string into a set of sub-strings. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Cellosoft Tokens version 2.0.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/24458
  • 07.25.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Menu Manager Module System Command Remote Command Execution
  • Description: The Menu Manager module is a module for WebAPP portal application. The application is exposed to a command execution issue because it fails to sanitize user-supplied input to the "title" field when adding an item to a user's personal menu. Menu Manager Module 1.5 running on WebAPP prior to version 0.9.9.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471213
  • 07.25.92 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Horoscope Module Footer.PHP Remote File Include
  • Description: Horoscope is a module for the XOOPS content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "xoopsConfig[root_path]" parameter of the "footer.php" script. Horoscope version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24449
  • 07.25.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Profile Updating Access Validation
  • Description: Invision Power Board is a message board application. The application is exposed to an access validation issue due to an error in the profile updating function of the "sources/action_public/xmlout.php" script. Invision Power Board versions 2.2.0 to 2.2.2 are affected.
  • Ref: http://www.securityfocus.com/bid/24442
  • 07.25.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WebWiz Rich Text Editor Topics Page HTML Injection
  • Description: WebWiz Rich Text Editor is a text editor implemented in ASP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. WebWiz version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24419
  • 07.25.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Just For Fun Network Management and Monitoring System Multiple Remote Vulnerabilities
  • Description: Just For Fun Network Management and Monitoring System is an application that monitors IP SNMP / Syslog / Tacacs+ Networks. The application is exposed to multiple remote issues like an SQL injection issue because the application fails to sufficiently sanitize user-supplied input before using it in an SQL query, a cross-site scripting issue in the "user" parameter of the "auth.php" script and multiple information disclosure issues. Just For Fun Network Management and Monitoring System versions prior to 0.8.4-pre3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471039
  • 07.25.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Link Request Contact Form Arbitrary File Upload
  • Description: Link Request Contact Form is a web-based banner submission application. The application is exposed to an arbitrary file upload issue because the "link-request-contact-form.html" script fails to properly verify the contents of uploaded files via HTTP POST submissions. Link Request Contact Form version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24408
  • 07.25.97 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Real Estate Classifieds Header.PHP Remote File Include
  • Description: PHP Real Estate Classifieds is a web-based real estate classified advertisement package. The application is exposed to a remote file include issue, because it fails to sufficiently sanitize user-supplied input to the "?loc=" parameter of the "header.php" script. PHP Real Estate Classifieds Premium Plus Edition is affected.
  • Ref: http://www.securityfocus.com/bid/24399
  • 07.25.98 - CVE: Not Available
  • Platform: Web Application
  • Title: E-Vision CMS Multiple Input Validation Vulnerabilities
  • Description: E-Vision CMS is a content management application. The application is exposed to multiple input validation issues because the application fails to sanitize user-supplied input. E-Vision CMS version 2.02 is affected.
  • Ref: http://www.securityfocus.com/bid/24398
  • 07.25.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla JEvents Component Comutils.PHP Remote File Include
  • Description: JEvents is a component module for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "/component/com_events/includes/comutils.php" script. JEvents version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24387
  • 07.25.100 - CVE: Not Available
  • Platform: Web Application
  • Title: EGroupWare WZ_ToolTips ADODB Multiple Unspecified Vulnerabilities
  • Description: eGroupWare is a web-based groupware application. The application is exposed to multiple unspecified issues that affect the "/wz_tooltip/wz_tooltip.js" and "/inc/adodb/drivers/adodb-postgres7.inc.php" files. eGroupWare version 1.2.106-2 is affected.
  • Ref: http://www.securityfocus.com/bid/24378
  • 07.25.101 - CVE: CVE-2007-0933
  • Platform: Network Device
  • Title: D-Link DWL-G650 TIM Information Element Wireless Driver Beacon Buffer Overflow
  • Description: The D-Link Wireless Device Driver for DWL-G650 devices is exposed to a buffer overflow issue because the driver fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. The D-Link Wireless Device Driver version 6.0.0.18 (Rev. A1) is affected.
  • Ref: http://www.securityfocus.com/bid/24438
  • 07.25.102 - CVE: CVE-2007-2796
  • Platform: Network Device
  • Title: Arris Cadant C3 CTMS IP Packet Denial of Service
  • Description: Arris Cadant C3 CMTS is a cable modem termination system. The application is exposed to a denial of service issue because it fails to adequately handle malformed IP packets.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-036.html
  • 07.25.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Packeteer PacketShaper Web Interface Remote Denial of Service
  • Description: Packeteer PacketShaper is a hardware device for controlling and managing bandwidth. The application is exposed to a remote denial of service issue due to a failure of the application's web interface to properly handle unexpected requests. Packeteer PacketShaper versions 7.3.0g2 and 7.5.0g1 are affected.
  • Ref: http://www.securityfocus.com/bid/24388

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I learned techniques and processes that I can use as soon as I walk back into work.
-Michael Marrion

GIAC GMOB Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd