Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 26
June 25, 2007

SANS Newsletters Home

IBM Websphere has newly reported remotely exploitable vulnerabilities; Mac OS X WebCore and WebKit have vulnerabilities reminiscent of the type for which Internet Explorer has earned unwanted fame; and Computer Associates' Ingress database has critical, newly reported, remotely exploitable vulnerabilities.

If you are interested in companies are getting the security bugs out of software, take a peek at the end of this issue. You'll find the fascinating agenda for the Application Security Summit. http://www.sans.org/appsummit07/ And Wednesday is the final day for savings on SANSFire 2007's 56 courses in Washington: http://www.sans.org/sansfire07/

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 16 (#7)
    • Linux
    • 3
    • Unix
    • 1
    • Apple
    • 2 (#2, #8)
    • Novell
    • 2 (#5, #6)
    • Cross Platform
    • 11 (#1, #3, #4)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 7
    • Web Application
    • 23
    • Network Device
    • 13

************************* Sponsored By SANS *****************************

What application security tools work best? How can we ensure our programmers know common security flaws and consistently eliminate them from code we are deploying? Attend the Application Security Summit August 15-16 and learn the answers to these and other key application security questions. As a bonus, be the first to register for the GIAC Certified Secure Programmer exam. http://www.sans.org/info/9446

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: ****************************

1) SANS Web Cast featuring Dr. Eric Cole, "Correlating SIM information to Detect Insider Threats" Register and Listen Today. http://www.sans.org/info/9451

2) Don't miss SANS Ask The Expert: The Importance of Web Application Security for PCI Compliance on Thursday, June 28th at 1:00 PM EDT sponsored by Watchfire. Click here to register: http://www.sans.org/info/9456

3) Upcoming SANS WhatWorks on Log Management sponsored by LogLogic, June 27th at 1pm EDT. Register Today. http://www.sans.org/info/9461

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Apple WebCore and WebKit Multiple Vulnerabilities
  • Affected:
    • Apple MacOS X versions 10.4.9 and prior
    • Apple MacOS X Server versions 10.4.9 and prior

  • Description: Apple WebCore and WebKit, two core components of Mac OS X used to render web content by numerous applications (including Apple's Mail.app and Safari), contain multiple vulnerabilities. A specially-crafted web page could trigger one of these vulnerabilities to execute arbitrary code with the privileges of the current user or exercise a cross-site scripting vulnerability. Other applications that use these components may also be vulnerable.

  • Status: Apple confirmed, updates available. The necessary updates have been released via Apple's Software Update facility.

  • References:
  • (3) MODERATE: F-Secure LHA and RAR Detection Bypass
  • Affected:
    • Products using the F-Secure Anti-Virus Engine

  • Description: Products using F-Secure security engines may flag certain LHA and RAR archive files as invalid and stop examining them for possible viruses and other malware. These files may be crafted in such a way that the file is still considered valid by end-user applications. Any malware archived in such a file would bypass detection by F-Secure products.

  • Status: F-Secure confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (4) MODERATE: IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
  • Affected:
    • IBM WebSphere versions prior to 6.1.0 Fix Pack 9

  • Description: IBM WebSphere Application Server contains multiple vulnerabilities. The exact details of these vulnerabilities are unknown, but IBM has confirmed that security-bypass and denial-of-service vulnerabilities exist and are remotely exploitable. No further details are publicly available for these vulnerabilities

  • Status: IBM confirmed, updates available.

  • Council Site Actions: Two of the reporting council sites are using the affected software. Both sites are reviewing the update from IBM and investigating the potential impact to their site in order to determine course of action and/or patch schedule.

  • References:
  • (5) MODERATE: Novell exteNd Director ActiveX Control Arbitrary Command Execution
  • Affected:
    • Novell exteNd Director version 4.1 and prior

  • Description: Novell exteNd Director, a popular web application development environment, includes an ActiveX control. This ActiveX control fails to properly validate arguments to certain methods, leading to arbitrary command execution. A specially crafted web page that instantiates this control could leverage this vulnerability to execute arbitrary commands with the privileges of the current user.

  • Status: Novell confirmed. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "2B1AA38D-2D12-11D5-AAD0-00C04FA03D78".

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (6) LOW: Novell XNFS Denial of Service
  • Affected:
    • Novell NetWare version 6.5 Support Pack 6 and prior

  • Description: Novell NetWare supports remote filesystem access via the Network Filesystem (NFS) protocol. A specially crafted mount request for an NFS filesystem to a Novell NetWare server could trigger a denial-of-service vulnerability on the NetWare server. Note that this vulnerability is exploitable even if no NFS filesystems are currently exported from the NetWare server. Note that some technical details for this vulnerability are publicly available.

  • Status: Novell confirmed. Updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Other Software
  • (7) MODERATE: Cerulean Studios Trillian Unicode Parsing Buffer Overflow
  • Affected:
    • Cerulean Studios Trillian versions prior to 3.1.6.0

  • Description: Cerulean Studios Trillian, a popular instant messaging client, contains a flaw in its handling of Unicode strings. Unicode is an Internet-standard format for encoding characters that is designed to handle all the world's written languages. A specially-crafted Unicode string in a message sent to a user could trigger a buffer overflow, and allow an attacker to execute arbitrary code with the privileges of the current user. No user authentication is necessary to exploit this vulnerability. While the MSN instant messaging protocol is currently the only protocol confirmed vulnerable, it is believed that the vulnerability could be exploited via any protocol.

  • Status: Cerulean Studios confirmed, updates available.

  • Council Site Actions: Two of the reporting council sites have a limited user base of this software. The first site has notified their user base and verified the software is configured with the auto update feature. The second site does not support the application, but will notify the limited number of users that may be using this software. They will request that the users update to the latest version/patch.

  • References:
  • (8) LOW: Apple AppleTV UPnP Buffer Overflow
  • Affected:
    • Apple AppleTV

  • Description: Apple's AppleTV, a popular multimedia display device, contains a flaw in its Universal Plug-n-Play (UPnP) implementation. UPnP is an industry standard suite of protocols used for automatic device and network configuration. A specially-crafted Internet Gateway Device Standardized Device Control Protocol (IGD) request could trigger a buffer overflow and allow an attacker to execute arbitrary code on the vulnerable device. This vulnerability is related to a previous vulnerability in Mac OS X discussed in an earlier issue of @RISK.

  • Status: Apple confirmed, updates available. Note that the updates are automatically distributed via the AppleTV's automatic update mechanism.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 26, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5465 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.26.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HTTP Server Request Handling Remote Denial of Service
  • Description: HTTP Server is a webserver for the Microsoft Windows operating platform. The server is exposed to a remote denial of service issue when processing an excessive amount of sequential client requests (40-1000) for nonexistent pages, the application crashes. HTTP Server version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24576
  • 07.26.2 - CVE: CVE-2007-3334
  • Platform: Third Party Windows Apps
  • Title: Ingress Database Server Multiple Remote Vulnerabilities
  • Description: Ingress Database Server is a database server included in CA eTrust Secure Content Manager. The application is exposed to multiple remote issues. Ingres Corporation Ingress Database version 3.0.3, 2.6, 2.5 and Computer Associates eTrust Secure Content Manager version 8.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471950
  • 07.26.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BugHunter HTTP Server Parse Error Information Disclosure
  • Description: BugHunter HTTP Server is an HTTP server available for Microsoft Windows. The application is exposed to an information disclosure issue because of an error when parsing specially crafted filename extensions provided by users in the URL. HTTP Server version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24566
  • 07.26.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download
  • Description: Xunlei Web ThunderThunderServer.WebThunder.1 ActiveX control is exposed to an arbitary file download issue that provides the "SetBrowserWindowData", "SetConfig", "HideBrowserWindow" and "AddTask" methods that may be combined to exploit this issue. Xunlei Web Thunder (ThunderServer.webThunder.1) version 1.8.4.130 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.26.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing
  • Description: Avaya 4602SW SIP Phone and SIP call server are a voice-over-ip solution, used on the Microsoft Windows operating system. The application is exposed to an authentication spoofing issue that allows an attacker to hijack communications by way of a man-in-the-middle attack. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=299&
  • 07.26.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AGEPhone SIP Soft Phone Message Parsing Denial of Service
  • Description: AGEPhone SIP Soft Phone is a SIP client VOIP phone application for Microsoft Windows operating systems. AGEPhone SIP Soft Phone is exposed to a remote denial of service issue because the application fails to properly handle a malformed SIP message. AGEPhone SIP Soft Phone version 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC is affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&
  • 07.26.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service
  • Description: AGEPhone SIP Soft Phone is a SIP client VOIP phone application for Microsoft Windows operating systems. The application is exposed to a remote denial of service issue because the application fails to properly handle a malformed SIP message. AGEPhone SIP Soft Phone version 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC is affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&
  • 07.26.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow
  • Description: Avaya One-X Desktop Edition is a soft-phone application that enables SIP-based (Session Initiation Protocol) endpoints on computers running the Microsoft Windows operating system. One-X Desktop Edition is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Avaya One-X Desktop Edition versions 2.1.0.70 and earlier are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm
  • 07.26.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow
  • Description: Nortel Networks PC Client Soft Phone is a SIP client VOIP phone application for Microsoft Windows operating systems. The application is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Nortel Networks PC Client SIP Soft Phone version 4.1 is affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=297&
  • 07.26.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL Instant Messenger SIP Invite Message Denial of Service
  • Description: AOL Instant Messenger is an instant messaging application available for Microsoft Windows. The application is exposed to a denial of service issue because it fails to handle specially crafted SIP messages. AOL Instant Messenger version 6.1.32.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24533
  • 07.26.11 - CVE: CVE-2007-2924
  • Platform: Third Party Windows Apps
  • Title: RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: The RealNetworks GameHouse dldisplay ActiveX Control is part of the Gamehouse audio application for use on the Microsoft Windows operating system. The application is exposed to multiple buffer overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.26.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service
  • Description: Nortel Networks PC Client Soft Phone is a SIP client VOIP phone application for Microsoft Windows operating systems. The Nortel Networks PC Client Soft Phone is exposed to a remote denial of service issue because the application fails to properly handle a malformed SIP message. Nortel Networks PC Client SIP Soft Phone version 4.1 is affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=298&
  • 07.26.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow
  • Description: Cerulean Studios Trillian is an instant-messaging client that supports a number of protocols (including IRC, ICQ, MSN, Yahoo!). The application is exposed to a heap-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Cerulean Studios Trillian versions 3.1.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471673
  • 07.26.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Document.Location Denial of Service
  • Description: Apple Safari for Windows is exposed to a denial of service issue because it fails to properly handle user-supplied input. The problem occurs with how the browser handles "document.location=';" in a malicious webpage. Safari version 3.0 and 3.0.1 public beta for Windows are affected.
  • Ref: http://www.securityfocus.com/bid/24499
  • 07.26.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Corefoundation.DLL Denial of Service
  • Description: Apple Safari for Windows is exposed to a denial of service issue because it fails to properly handle user-supplied input in the history management functions of "corefoundation.dll". Safari version 3.0.1 public beta for Windows is affected. Ref: http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html
  • 07.26.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
  • Description: Kaspersky Internet Security 6 is a personal security suite for Microsoft Windows operating systems. Among other features, it includes firewall and antivirus components. The application is exposed to multiple local issues. Kaspersky Internet Security version 6.0.2.614 and 6.0.2.621 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471453
  • 07.26.17 - CVE: CVE-2007-3257
  • Platform: Linux
  • Title: Gnome Evolution Data Server Array Index Memory Access
  • Description: Evolution Data Server is an email, addressbook, and calendar application for users of the GNOME desktop. The application is exposed to an input-validation error that may be exploited to execute arbitrary code. Evolution Data Server versions prior to 1.11.4 are affected.
  • Ref: http://www.securityfocus.com/bid/24567
  • 07.26.18 - CVE: CVE-2007-2833
  • Platform: Linux
  • Title: GNU Emacs Image Processing Remote Denial of Service
  • Description: The "emacs" program is a freely available text editor. The application is exposed to a remote denial of service issue because it fails to handle malicious image files.
  • Ref: http://www.securityfocus.com/bid/24570
  • 07.26.19 - CVE: Not Available
  • Platform: Linux
  • Title: Astaro Up2Date Secure Gateway SMTP Proxy Malformed Email Remote Denial of Service
  • Description: Astaro Up2Date is a web-security application available for the Linux operating system. The application is exposed to a remote denial of service issue because it fails to handle specially crafted emails. Astaro Up2Date versions prior to 7.005 are affected.
  • Ref: http://www.securityfocus.com/bid/24492
  • 07.26.20 - CVE: Not Available
  • Platform: Unix
  • Title: BitchX Hook.C Remote Buffer Overflow
  • Description: BitchX is a freely available, open-source IRC client. It is available for UNIX, Linux and other Unix-like operating systems. The application is exposed to a buffer overflow issue that occurs because the application fails to bounds check user-supplied date before copying it into an insufficiently sized buffer. BitchX version 1.1-final is affected.
  • Ref: http://www.securityfocus.com/bid/24579
  • 07.26.21 - CVE: CVE-2007-3207
  • Platform: Novell
  • Title: Novell NetWare XNFS.NLM Remote Denial of Service
  • Description: Novell NetWare is a network operating system. The application is exposed to a remote denial of service issue because of inadequate boundary checks. NetWare version 6.5 SP6 is affected . Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html
  • 07.26.22 - CVE: Not Available
  • Platform: Novell
  • Title: Novell exteNd Director LocalExec.OCX ActiveX Control Remote Command Execution
  • Description: Novell exteNd Director is a set of software development tools and APIs for creating enterprise web applications. The application is exposed to a remote command execution issue because it fails to sanitize user-supplied data passed through an unspecified URI parameter. Novell exteNd Director version 4.1 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/793433
  • 07.26.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MyServer Filename Parse Error Information Disclosure
  • Description: MyServer is a HTTP webserver application for multiple operating systems; it is implemented in C++. The application is exposed to an information disclosure issue because of an error when parsing specially crafted filename extensions provided by users in the URL. MyServer version 0.8.9 is affected.
  • Ref: http://www.securityfocus.com/bid/24571
  • 07.26.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player Multiple Format String Vulnerabilities
  • Description: VideoLAN VLC media player is a multimedia player for audio and video. VLC Media Player is affected by multiple format string issues due to incorrect usage of "printf()"-type functions, allowing format specifiers to be supplied directly to vulnerable functions from external data. VideoLAN VLC media player versions prior to 0.8.6c are affected.
  • Ref: http://www.videolan.org/sa0702.html
  • 07.26.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Altap Servant Salamander PE File Handling Buffer Overflow
  • Description: Servant Salamander is a small and fast two-pane file manager with open plugin architecture. The application is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Altap Salamander version 2.5 with Portable Executable Viewer 2.02 and Servant Salamander 2.0 with Portable Executable Viewer 1.00 are affected.
  • Ref: http://vuln.sg/salamander25-en.html
  • 07.26.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xvid Avi MBCoding.C Remote Code Execution
  • Description: Xvid is an MPEG-4 video codec used to compress video data. The application is exposed to a remote code execution issue due to an array indexing error. Xvid version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24561
  • 07.26.27 - CVE: CVE-2007-1862
  • Platform: Cross Platform
  • Title: Apache Mod_Mem_Cache Information Disclosure
  • Description: Apache is a freely available, open-source web server software package. It is distributed and maintained by the Apache Group. The application is exposed to a path information disclosure issue that affects the "recall_headers" function of "mod_mem_cache". Apache version 2.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24553
  • 07.26.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tidylib for PHP Library Remote Buffer Overflow
  • Description: Tidylib for PHP is a callable C library version of HTML Tidy, for use with the PHP programming language. The library is exposed to a remote buffer overflow issue because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. Tidylib for PHP version 040603 is affected.
  • Ref: http://www.securityfocus.com/bid/24527
  • 07.26.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WIKINDX Localization Module Unspecified Authentication Bypass
  • Description: WIKINDX localization is a plug-in module localization for the WIKINDX application. It is a multi-user capable bibliography application for storing and searching references, notes and citations. The application is exposed to an unspecified authentication bypass issue. WIKINDX Localization Module versions prior to 1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/24508
  • 07.26.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass
  • Description: Multiple F-Secure Anti-Virus products are exposed to an issue that may allow certain compressed archives to bypass the scan engine, due to a failure of the application to properly handle certain compressed archives file header fields.
  • Ref: http://www.f-secure.com/security/fsc-2007-5.shtml
  • 07.26.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Unspecified Vulnerabilities
  • Description: IBM WebSphere Application Server is exposed to multiple unspecified issues. Very little information is known about theses issue though some of these issues may lead to denial of service conditions and allow attackers to bypass certain restrictions. IBM WebSphere Application Server versions prior to 6.1.0 Fix Pack 9 are affected.
  • Ref: http://www.securityfocus.com/bid/24505
  • 07.26.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MailWasher Server LDAP Unauthorized Folder Access
  • Description: MailWasher Server is an application used to filter spam. The application is exposed to an unauthorized folder access issue because it fails to perform user authentication in a proper manner. MailWasher Server versions prior to 2.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24507
  • 07.26.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FCKeditor Alternative Data Stream Arbitrary File Upload
  • Description: FCKeditor is a text editor implemented in HTML and Javascript. The application is exposed to an arbitrary file upload issue because the application fails to sufficiently sanitize user-supplied input. FCKeditor version 2.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24510
  • 07.26.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NetJukeBox Multiple Cross Site Scripting Vulnerabilities
  • Description: netjukebox is a web-based media player. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. netjukebox version 4.01b is affected.
  • Ref: http://www.securityfocus.com/bid/24577
  • 07.26.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyServer Post.MSCGI Cross-Site Scripting
  • Description: MyServer is a HTTP webserver application for multiple operating systems; it is implemented in C++. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "post.mscgi" script. MyServer version 0.8.9 is affected.
  • Ref: http://www.securityfocus.com/bid/24583
  • 07.26.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FuseTalk ComFinish.CFM Multiple Cross Site Scripting Vulnerabilities
  • Description: FuseTalk is a web-based discussion forum implemented in ColdFusion. The applicaton is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "FTVAR_SCRIPTRUN" parameter of the " blog/include/common/comfinish.cfm" and "forum/include/common/comfinish.cfm" scripts. FuseTalk version 2.0, 3.0 and 4.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471846
  • 07.26.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RaidenHTTPD Unspecified Cross Site Scripting
  • Description: RaidenHTTPD is a web server application. RaidenHTTPD is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. RaidenHTTPD version 2.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/24568
  • 07.26.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Interact Online Learning Environment Interact Multiple Cross Site Scripting Vulnerabilities
  • Description: Interact is an open-source learning environment available for various operating systems. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Interact version 2.4 beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/24573
  • 07.26.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Stephen Ostermiller Contact Form Unspecified Cross Site Scripting
  • Description: Contact Form is an application that allows users to send emails through a web interface. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Contact Form version 2.00.02 is affected.
  • Ref: http://www.securityfocus.com/bid/24559
  • 07.26.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Hosting Biller Index.PHP Cross Site Scripting
  • Description: PHP Hosting Biller is a web-based application to manage a web hosting service. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "index.php" script. PHP Hosting Biller version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471642
  • 07.26.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Fuzzylime Low.PHP Cross Site Scripting
  • Description: Fuzzylime is a web-based forum application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "fromaction" parameter of the "low.php" script. Fuzzylime versions 1.01b and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24522
  • 07.26.42 - CVE: CVE-2007-1358
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat Accept-Language Cross Site Scripting
  • Description: Apache Tomcat is a java-based web server application for multiple operating systems. The software is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/24524
  • 07.26.43 - CVE: CVE-2007-3129
  • Platform: Web Application - Cross Site Scripting
  • Title: Utopia News Pro Login.PHP Cross Site Scripting
  • Description: Utopia News Pro is a Web Based newsreader application. The application is exposed to a cross site scripting issue because it fails to sufficiently sanitize user-supplied input to the "password" parameter of the "login.php" script. Utopia News Pro version 1.4.0 is affected.
  • Ref: http://www.netvigilance.com/advisory0034
  • 07.26.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TDizin Arama.ASP Cross-Site Scripting
  • Description: TDizin is a web application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "ara" parameter of the "arama.asp" script.
  • Ref: http://www.securityfocus.com/bid/24515
  • 07.26.45 - CVE: CVE-2007-3239
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress AndyBlue Theme Searchform.PHP Cross-Site Scripting
  • Description: The AndyBlue theme is an addon for the WordPress publishing platform. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "index.php" script, which is then passed to unspecified parameters of the "searchform.php" script. The AndyBlue theme for WordPress version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24490
  • 07.26.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPAccounts Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: PHP Accounts is a web-based accounting application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. PHP Accounts version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24574
  • 07.26.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W1L3D4 WEBmarket Urunbak.ASP SQL Injection
  • Description: WEBmarket is a e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "urunbak.asp" script before using it in an SQL query. WEBmarket version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24550
  • 07.26.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Solar Empire Game_Listing.PHP SQL Injection
  • Description: Solar Empire is a browser-based strategy game. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "$_SERVER[HTTP_USER_AGENT]" parameter of the "game_listing.php" script before using it in an SQL query. Solar Empire version 2.9.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24519
  • 07.26.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FuseTalk AuthError.CFM SQL Injection
  • Description: FuseTalk is a web-based discussion forum implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "errorcode" parameter of the "autherror.cfm" script before using it in an SQL query. FuseTalk version 2.0 and 3.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/471726
  • 07.26.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FuseTalk Index.CFM SQL Injection
  • Description: FuseTalk is a web-based discussion forum implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "FTVAR_SUBCAT" parameter of the "index.cfm" script before using it in an SQL query. FuseTalk version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24498
  • 07.26.51 - CVE: CVE-2007-3128
  • Platform: Web Application - SQL Injection
  • Title: WSPortal Content.PHP SQL Injection
  • Description: WSPortal is a content management application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "content.php" script before using it in an SQL query. WSPortal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24513
  • 07.26.52 - CVE: CVE-2007-3244
  • Platform: Web Application - SQL Injection
  • Title: BBPress BB-Edit.PHP SQL Injection
  • Description: bbPress is a web-based forum application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "post_content" parameter of the "bb-edit.php" script before using it in SQL queries. bbPress version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/24488
  • 07.26.53 - CVE: Not Available
  • Platform: Web Application
  • Title: LMS LAN Management System Language.PHP Remote File Include
  • Description: LMS is a LAN management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_LIB_DIR" parameter of the "lib/language.php" script. LMS version 1.9.6 is affected.
  • Ref: http://www.securityfocus.com/bid/24578
  • 07.26.54 - CVE: Not Available
  • Platform: Web Application
  • Title: SerWeb Load_Lang.PHP Remote File Include
  • Description: SerWeb is a self-provisioning web interface for SER SIP Server. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_SERWEB[serwebdir]" parameter of the "load_lang.php" script. SerWeb version 0.9.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24581
  • 07.26.55 - CVE: Not Available
  • Platform: Web Application
  • Title: LiveCMS Multiple Input Validation Vulnerabilities
  • Description: LiveCMS is a content manager. The application is exposed to multiple issues which include: input validation issue because it fails to sanitize user-supplied input; an SQL injection issue that resides in the "cid" parameter of the "categoria.php" script; an HTML-injection issue that resides in the article names input box; and an arbitrary file upload issue occurs when uploading small image attachments accompanying articles. LiveCMS version 3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24580
  • 07.26.56 - CVE: Not Available
  • Platform: Web Application
  • Title: NetClassifieds Multiple Input Validation Vulnerabilities
  • Description: NetClassifieds is a PHP-based application for managing classified ads. The application is exposed to multiple input validation issues which include: SQL injection that affect the "CatID" and "s_user_id" parameters of the "ViewCat.php" script and cross-site scripting issues that affect various unspecified forms of the "Common.php", "imageresizer.php", and "Mysql_db.php" scripts. NetClassifieds Free, Standard, Professional, and Premium editions are affected.
  • Ref: http://www.securityfocus.com/bid/24584
  • 07.26.57 - CVE: Not Available
  • Platform: Web Application
  • Title: FuseTalk AuthError.CFM Multiple Cross Site Scripting Vulnerabilities
  • Description: FuseTalk is a web-based discussion forum implemented in ColdFusion. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "FTVAR_LINKP" and "FTVAR_URLP" parameters of the "/forum/include/error/autherror.cfm" script. FuseTalk version 2.0, 3.0 and 4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24564
  • 07.26.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Wrapper.PHP for OsCommerce Local File Include
  • Description: Wrapper.php for OsCommerce is a web based image application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter when used by the "wrapper.php" script.
  • Ref: http://www.securityfocus.com/bid/24565
  • 07.26.59 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAccounts Index.PHP Local File Include
  • Description: PHP Accounts is a web-based accounting application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. PHP Accounts version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24572
  • 07.26.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Comersus Cart Multiple Input Validation Vulnerabilities
  • Description: Comersus Cart is a set of ASP scripts creating an online shopping cart. It works on a database of your choosing, defaulting to Microsoft Access. The application is exposed to multiple input validation issues: an SQL injection issue due to the application failing to properly sanitize user-supplied input to the "idProduct" parameter of the "/store/comersus_optReviewReadExec.asp" script; and multiple cross-site scripting issues due to the application failing to properly sanitize user-supplied input to the "redirectURL" parameter of the "/store/comersus_customerAuthenticateForm.asp" and the 'message' parameter of the "store/comersus_message.asp" script. Comersus Cart version 7.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471837
  • 07.26.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Musoo GLOBALS[ini_array] Parameter Remote File Include Vulnerabilities
  • Description: Madirish Webmail is a web-based email application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "GLOBALS["ini_array"]["EXTLIB_PATH"]" parameter of the "/msDb.php", "/modules/MusooTemplateLite.php" and "/modules/SoundImporter.php" scripts. Musoo version 0.21 is affected.
  • Ref: http://www.securityfocus.com/bid/24554
  • 07.26.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Jasmine CMS Multiple Input Validation Vulnerabilities
  • Description: Jasmine CMS is a content management system. The application is exposed to multiple input validation issues which include:- multiple SQL injection issues in the "login_username" parameter of the "login.php" script and the "item" parameter of the "news.php" script; and a local file include issue in the "u" parameter of the "admin/plugin_manager.php" script. Jasmine CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24546
  • 07.26.63 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Automattic Stats Module Referer Field HTML Injection
  • Description: The Automattic Stats module for WordPress is a module for wordpress that tracks webpage statistics. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue resides in the "referer" field. The Automattic Stats module version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471734
  • 07.26.64 - CVE: Not Available
  • Platform: Web Application
  • Title: YABB Multiple Local File Include Vulnerabilities
  • Description: YaBB is a web-based bulletin board application implemented in Perl. The application is exposed to multiple local file include issues because it fails to sufficiently sanitize user-supplied input. YaBB versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/471733
  • 07.26.65 - CVE: Not Available
  • Platform: Web Application
  • Title: DKret Search Widget HTML Injection
  • Description: dKret is a Wordpress theme. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Search" widget of the application. dKret versions prior to 2.6 are affected.
  • Ref: http://www.securityfocus.com/bid/24518
  • 07.26.66 - CVE: Not Available
  • Platform: Web Application
  • Title: WEBIF.CGI OutConfig Parameter Local File Include
  • Description: WEBIF.CGI is a bibliography application implemented in CGI. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "outconfig" parameter when used by the "webif.cgi" script.
  • Ref: http://www.securityfocus.com/bid/24516
  • 07.26.67 - CVE: Not Available
  • Platform: Web Application
  • Title: STPHP EasyNews Pro Unspecified Script HTML Injection
  • Description: STphp EasyNews Pro is a web-based news management application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. STphp EasyNews Pro version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24512
  • 07.26.68 - CVE: Not Available
  • Platform: Web Application
  • Title: MiniBB Language Parameter Local File Include
  • Description: miniBB is a web-based bulletin board. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter when used by the "index.php" script. miniBB version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24503
  • 07.26.69 - CVE: Not Available
  • Platform: Web Application
  • Title: YourFreeScreamer Form.PHP Remote File Include
  • Description: YourFreeScreamer is a web-based Shoutbox/Guestbook application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "serverPath" parameter of the "form.php" script. YourFreeScreamer version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24500
  • 07.26.70 - CVE: Not Available
  • Platform: Web Application
  • Title: WmFrog Insecure Temporary File Creation
  • Description: WmFrog is a graphical weather monitor application designed to show the current weather patterns through a graphical interface in an XFree86 desktop environment. The "wmapps" file in the application creates temporary files in an insecure manner. WmFrog versions prior to 0.2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24504
  • 07.26.71 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPListPro Addsite.PHP HTML Injection
  • Description: phpListPro is a top-list application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "site_address" parameter of the "addform.php" script. phpListPro version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24509
  • 07.26.72 - CVE: Not Available
  • Platform: Web Application
  • Title: HP System Management Homepage Remote Privilege Escalation
  • Description: HP System Management Homepage is a web-based interface used to manage ProLiant and Integrity servers running Windows or Linux. The application is exposed to a privilege escalation issue because the application handles all Novell eDirectory members as users in the superuser group. HP System Management Homepage versions prior to 2.1.9 that are running on Linux with Novell's eDirectory services are affected.
  • Ref: http://www.securityfocus.com/bid/24486
  • 07.26.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo CMS Multiple HTML Injection Vulnerabilities
  • Description: Papoo CMS is a content management system. The application is exposed to multiple HTML-injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Papoo CMS version 3.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/471490
  • 07.26.74 - CVE: Not Available
  • Platform: Web Application
  • Title: phpListPro Topsite Entry Page HTML Injection
  • Description: phpListPro is a top list application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the form used to add new web sites. phpListPro version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24495
  • 07.26.75 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyInventory Global.Inc.PHP Remote File Include
  • Description: phpMyInventory is a web-based inventory tracking application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "strIncludePrefix" parameter of the "includes/global.inc.php" script. phpMyInventory version 2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/24496
  • 07.26.76 - CVE: Not Available
  • Platform: Network Device
  • Title: Juniper Networks IVE OS LDAP Referrals TLS Plaintext Password
  • Description: Juniper IVE (Instant Virtual Extranet) OS is an operating system used by Juniper devices. The application is exposed to a password disclosure issue when used with TLS. This issue arises when a connection to a slave is established using Start TLS enabled. Juniper IVE OS 5.4 and 6.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24575
  • 07.26.77 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link DPH-540/DPH-541 Wi-Fi Phone Security Bypass
  • Description: The D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless Voice over IP (VoIP) home/business phone. The phone is exposed to a security bypass issue because it accepts SIP requests from random source IP addresses. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&
  • 07.26.78 - CVE: Not Available
  • Platform: Network Device
  • Title: Polycom SoundPoint IP 601 SIP Phone CGI Request Remote Denial of Service
  • Description: Polycom SoundPoint IP 601 SIP phones are multi-line SIP-capable phones. The phones are exposed to a denial of service issue due to a failure of the devices to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer. Phones with firmware versions in the 3.0 series are affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=273&
  • 07.26.79 - CVE: Not Available
  • Platform: Network Device
  • Title: BlackBerry 7270 Phone SIP Stack Format String
  • Description: BlackBerry 7270 is a wireless, hand-held communication device. The device is exposed to a remote format-string issue that affects the "From" field of "SIP INVITE" message headers. When a malicious message is processed, the phone will be unable to send or receive further calls until it has been reset. BlackBerry 7270 with BlackBerry Device Software versions 4.0.1.83 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24548
  • 07.26.80 - CVE: Not Available
  • Platform: Network Device
  • Title: SJPhone SIP Phone Invite Transaction Denial of Service
  • Description: The SJPhone SIP Phone is a Voice Over IP (VOIP) client application. The application is exposed to a denial of service issue because the application fails to handle specially crafted SIP messages. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&
  • 07.26.81 - CVE: Not Available
  • Platform: Network Device
  • Title: BlackBerry 7270 SIP Header Denial of Service
  • Description: BlackBerry 7270 is a wireless, hand-held communication device. The device gets exposed to a remote denial of service issue when the device handles a malformed "SIP INVITE" message. BlackBerry 7270 with BlackBerry Device Software Versions 4.0.1.83 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24545
  • 07.26.82 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header Denial of Service
  • Description: D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless Voice over IP (VoIP) home and business phones. This Wi-Fi phone is exposed to a remote denial of service issue when the phone handles a malformed SDP header in a "SIP INVITE" message. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&
  • 07.26.83 - CVE: Not Available
  • Platform: Network Device
  • Title: Avaya One-X Desktop Edition SIP Header Denial of Service
  • Description: Avaya One-X Desktop Edition is a soft-phone application that enables SIP-based (Session Initiation Protocol) endpoints on computers running the Microsoft Windows operating system. The phone gets exposed to a remote denial of service issue when the phone handles a malformed SIP header data. Avaya One-X Desktop Edition versions 2.1.0.70 and earlier are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm
  • 07.26.84 - CVE: Not Available
  • Platform: Network Device
  • Title: Polycom SoundPoint IP 601 SIP Phone INVITE Message Remote Denial of Service
  • Description: Polycom SoundPoint IP 601 SIP phones are multi-line SIP-capable phones. The phones are exposed to a denial of service issue due to a failure of the devices to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer. Phones with firmware versions in the 3.0 series running with the SIP application version 1.6.3.0067 are affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=272&
  • 07.26.85 - CVE: Not Available
  • Platform: Network Device
  • Title: Aastra 9112i SIP Phone SIP Message Denial of Service
  • Description: Aastra 9112i SIP Phone is a Voice Over IP (VOIP) phone. The application is exposed to a denial of service issue because the application fails to handle specially crafted SIP messages. Firmware version 1.4.0.1049, Boot version: 1.1.0.10 are affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=277&
  • 07.26.86 - CVE: Not Available
  • Platform: Network Device
  • Title: Avaya 4602SW SIP Phone Security Bypass
  • Description: The Avaya 4602SW is a SIP-based IP phone used in conjunction with a SIP call server on the Microsoft Windows operating system. The Avaya 4602SW SIP Phone is exposed to a security bypass issue because it accepts SIP "INVITE" requests from random source IP addresses. The Avaya 4602 SW IP Phone (Model 4602D02A) is affected. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&
  • 07.26.87 - CVE: Not Available
  • Platform: Network Device
  • Title: Snom-320 SIP Remote Unauthorized Access
  • Description: The Snom-320 is a remotely manageable SIP VoIP business telephone. The application is exposed to a remote unauthorized access issue that may lead to information disclosure. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&
  • 07.26.88 - CVE: Not Available
  • Platform: Network Device
  • Title: Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access
  • Description: The Snom-320 is a remotely manageable SIP VoIP business telephone. The Snom-320 SIP VoIP phone is exposed to a remote issue that may permit arbitrary dialing of the phone. The problem occurs with how the device handles GET requests to TCP port 1800. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=276&

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Agenda for the Application Security Summit, Aug. 15-16, Washington DC Expert Briefings:

1. Expert Briefing: The Three Programming Errors that Caused More than 90% of all Critical Vulnerabilities Reported in 2006. Surprisingly nearly all critical vulnerabilities reported during 2006 were caused by just three types of programming errors. You'll learn what they are, how they happen and how to fix them in this briefing. Rohit Dhamankar, editor @RISK, and Senior Engineer, TippingPoint

2. Expert Briefing: New Frontiers of Web Hacking: AJAX Vulnerabilities, Deep SQL Injection, Cross Site Reference Forgery, and More An eye-opening briefing on a series of the newest attacks enabling criminals to compromise web-application (leaders from the application security field)

3. Expert Panel: Application Security and PCI Compliance - What It Means The credit card industry has changed its standards requiring every organization that processes credit cards to upgrade application security, In this expert panel you'll learn what PCI requires and how to meet the requirements.

User Panels: Key questions User Are Asking

4. User Panel: Validating Application Security: Choosing the Right Combination of Tools for Your Application Security Tool Box? Can application firewalls replace application scanners? Do application scanners do a better job that source code analyzers. How bad are the false positives? In this panel users of experienced users of the various tools will share their experiences and try to reach consensus on the right tools for an application security toolbox.

5. User Panel: Essential of a comprehensive application security program? Some organizations start their application security initiative without a comprehensive picture of the elements they will be putting in place as part of that program. This panel of very experienced users illuminates the elements you may have missed in your planning and explains why they matter.

6. User Panel: Justifying, planning, launching and organizing an application security program This panel will address questions such as: What are the costs of an application security program and how are the benefits best presented to management? Who should be in charge and what are the first steps to get a program solidly on track?

7. User Panel: Promising Practices in Building the Partnership Between Security Staff and the Developers (building into SDLC, when to use code reviews) In this panel users focus squarely on the ultimate goal - moving beyond application testing by the security group to get the programmers to embrace the tools or at least to get them to fix the problems willingly and quickly. This panel also looks at where application security best fits in the SDLC.

8. User Panel: Training and testing our application developers and testers Are the courses being offered by web security experts actually working? How do you know? In this panel users and experts will discuss the various training alternatives open to application developers and review the new international certification examinations that were launched this summer to measure application security skills in each major programming language.

9. User Panel: Innovative uses of procurement to improve application security Innovative CIOs have discovered that the most powerful weapon in the application security arsenal is the language the use in their procurements. In fact they have discovered that when they don't include explicit application security requirements in their procurement documents and contracts, the cost of better security rises exponentially. This panel will review ways to use procurement language effectively.

10. User Panel: Trust but Verify: Managing application security when applications development projects are outsourced Expanding on the procurement panel topics, this panel explores the unique character of outsourced development and looks at what special programs help ensure outsourced application development meet high security standards.

Vendor panels

11. Vendor Panel: Implementation lessons learned. When uses deploy application security tools, they often make mistakes that lessen the value of the tools. In this panel technical experts from application security tool vendors share the most common mistakes and tell how to avoid them.

12. Vendor Panel: Tools shootout A great chance to pick the application security vendors you'll want on your short list of products to consider.

======================================================================

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals.
-Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County