Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 27
July 2, 2007

SANS Newsletters Home

Two weeks left to register for SANSFIRE 2007 in Washington DC or you can come to Las Vegas at the end of September for 30 award winning, hands-on training course in security. Washington DC: http://www.sans.org/sansfire07/ Las Vegas: http://www.sans.org/ns2007/

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 1
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 14 (#4, #7)
    • Linux
    • 10
    • Solaris
    • 4
    • Cross Platform
    • 20 (#1, #2, #3, #5)
    • Web Application - Cross Site Scripting
    • 19
    • Web Application - SQL Injection
    • 16
    • Web Application
    • 26
    • Network Device
    • 2 (#6)

************************* Sponsored By SANS *****************************

SANS TRAINING UPDATE: Las Vegas will be the site of the largest fall cyber security training program. SANS Network Security 2007 September 22-30. http://www.sans.org/ns2007/ Complete schedule of all training can be found at: http://www.sans.org/training/bylocation/index_all.php Two other ways to take SANS courses: (1) from your home or office you can learn from top SANS faculty teaching live on line and you asking questions in real time - very cool - called SANS@HOME http://www.sans.org/athome/ (2) Or have SANS faculty come to your site and shape the course to your specific needs: http://www.sans.org/onsite/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Real Networks RealPlayer and HelixPlayer SMIL Buffer Overflow
  • Affected:
    • Real Networks RealPlayer version 10.5 and possibly prior
    • Real Networks HelixPlayer version 10.5 and possibly prior

  • Description: Real Networks RealPlayer and its open source version HelixPlayer, contain flaws in their parsing of time values in Synchronized Multimedia Integration Language (SMIL) files. These files are used to synchronize and play multiple media streams simultaneously or at given times, as well as to provide metadata about media streams. A specially crafted time value in a SMIL file could trigger this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the current user. Note that, in general, RealPlayer and HelixPlayer will open SMIL files without prompting. This includes the browser-embedded versions of these products, allowing malicious web pages to act as a vector for exploitation. Full technical details and a proof-of-concept exploit for these vulnerabilities are publicly available.

  • Status: Real Networks confirmed, updates available.

  • References:
  • (3) HIGH: Sun Java Web Start Arbitrary File Overwrite and Command Execution Vulnerability
  • Affected:
    • Sun Java Development Kit version 5.0
    • Sun Java Runtime Environment version 1.4.2
    • Sun Java System Development Kit version 1.4.2

  • Description: The Sun Java Development Kit, System Development Kit, and Runtime Environment provide the Java Web Start mechanism that allows Java applications to be launched from remote web sites and servers. A flaw in the handling of Java Web Start applications can lead to an arbitrary file overwrite condition, allowing a malicious application to overwrite any file accessible by the current user. Note that, since the permissions accorded to Java Web Start applications are controlled by a local file (known as ".policy.java" on most platforms), an attacker could overwrite this file to remove all execution restrictions on Java Web Start applications. No further technical details are available for this vulnerability.

  • Status: Sun confirmed, updates available.

  • References:
  • (5) MODERATE: GD Library Multiple Vulnerabilities
  • Affected:
    • GD library versions prior to 2.0.35
    • Note that many products embed or otherwise use the GD library

  • Description: The GD library, a popular open source image generation and manipulation library, contains multiple vulnerabilities. Any program using the GD library would be potentially affected by these vulnerabilities. A specially crafted PNG, XBM or GIF image file could trigger multiple vulnerabilities, including some that could lead to code execution. If an attacker had programmatic access to the library (for example, by being able to upload PHP code or CGI scripts), an attacker could exploit flaws in various API functions. Because GD is open source, technical information for these flaws is available via source code analysis. At least one proof-of-concept is publicly available.

  • Status: Vendor confirmed updates available.

  • References:
  • (6) LOW: Check Point Cross-Site Request Forgery
  • Affected:
    • Check Point VPN-1 UTM Edge

  • Description: The Check Point VPN-1 UTM Edge appliance, used to provide threat management to enterprises, contains a cross-site request forgery vulnerability in its web-based administration interface. The interface fails to validate the source of HTTP requests; a specially-crafted web page could simulate valid form submissions to the interface and perform arbitrary commands. Note that any malicious web page would need to know the administration interface's IP address and any attack would need to occur during a valid login session to the web interface.

  • Status: Check Point has not confirmed, no updates available.

  • References:
Other Software
  • (7) MODERATE: HP Photo Digital Imaging ActiveX Control Arbitrary File Overwrite
  • Affected:
    • HP Photo Digital Imaging

  • Description: HP Photo Digital Imaging, a popular digital imaging suite, contains an arbitrary file overwrite vulnerability in an included ActiveX control. The "hpqxml.dll" ActiveX control's "saveXMLAsFile" method fails to properly validate the caller or pathname for a given file, allowing a malicious web page that instantiates the control to write arbitrary data to any user-accessible file. Full technical details and a proof-of-concept are available for this vulnerability.

  • Status: HP has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "9C0A0321-B328-466C-8ECA-B9A5522466D3".

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 27, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5465 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.27.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Excel Sheet Name Remote Denial of Service
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office Suite. The application is exposed to a remote denial of service issue when the application processes malicious sheet name data in XLS files. Excel 2000 and 2003 are affected.
  • Ref: http://www.securityfocus.com/bid/24691
  • 07.27.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Document.Domain Cross-Domain Same Origin Overwriting
  • Description: Microsoft Internet Explorer is exposed to an issue that permits an attacker to bypass the same origin policy. Specifically the attacker can control the document.domain property, which may permit it to access properties of the original domain, or spoof the content from an attacker controlled domain.
  • Ref: http://www.securityfocus.com/bid/24704
  • 07.27.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AMX AMXVNC.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: The AMX Netlinx ActiveX Control is a server appliance which connects various devices to the Internet. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. The AMX Corp VNC ActiveX Control (AmxVnc.dll) version 1.0.13.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.27.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Anti-Spam Unauthorized Directory Access Authentication Bypass
  • Description: Kaspersky Anti-Spam is a mail filter designed to identify and process spam. The application is exposed to an authentication bypass issue due to an unspecified error in the affected application. Kaspersky Anti-Spam version 3.0 MP1 is affected.
  • Ref: http://www.securityfocus.com/bid/24692
  • 07.27.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PC SOFT WinDEV WDP File Parsing Stack Buffer Overflow
  • Description: PC SOFT WinDEV is a development platform for Microsoft Windows operating systems. The application is exposed to a stack-based buffer overflow issue when it attempts to process malformed project files because the application fails to perform proper bounds checking on user-supplied data prior to copying it to an insufficiently sized memory buffer. PC SOFT WinDEV version 11 is affected.
  • Ref: http://www.securityfocus.com/bid/24693
  • 07.27.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sony Network Camera SNC-P5 SonySncP5View.OCX ActiveX Control Buffer Overflow
  • Description: Sony Network Camera SNC-P5 ActiveX control is an ActiveX control that allows users to manage Sony Network Camera. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Sony Network Camera ActiveX SNC-P5 v1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24684
  • 07.27.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Conti FTP Server Large String Denial of Service
  • Description: The Conti FTP Server is a file transfer application designed for use on the Microsoft Windows operating system. The application is exposed to a denial of service issue due to a design error. Conti FTP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24672
  • 07.27.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP Photo Digital Imaging HPQXML.DLL Arbitrary File Overwrite
  • Description: The hpqxml.dll ActiveX control is part of HP's Photo Digital Imaging application. The ActiveX control is exposed to an issue that lets attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control, typically Internet Explorer. This issue occurs because the application fails to sanitize user-supplied input to the "saveXMLAsFile" method of the "hpqxml.dll" library. HP Photo Digital Imaging version 2.0.0.133 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.27.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite
  • Description: The Avax Vector ActiveX control is a vector drawing toolkit designed for use on Microsoft Windows. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files. The attacker can use the "WriteMovie" method to overwrite an attacker-specified file with arbitrary data. Avax Vector ActiveX v.1.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.27.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NCTAudioStudio2 ActiveX Control NCTWavChunksEditor.DLL Arbitrary File Overwrite
  • Description: NCTsoft NCTAudioStudio2 ActiveX control is a collection of ActiveX components for building end-user audio data applications. The ActiveX control is exposed to an issue that lets attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control, typically Internet Explorer. This issue occurs because the application fails to sanitize user-supplied input to the "CreateFile" method of the "NCTWavChunksEditor2.dll" library. NCTsoft version 2.6.2.157 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.27.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LiteWEB Web Server Invalid Page Remote Denial of Service
  • Description: LiteWEB Web Server is a web server for the Microsoft Windows platform. The application is exposed to a denial of service issue that occurs because the application fails to handle exceptional conditions and stop responding when handling an excessive amount of requests that point to a non-existent page. LiteWEB Web Server version 2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/24628
  • 07.27.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows IDN URL Bar Spoofing
  • Description: Apple Safari is a browser for multiple operating platforms. The application is exposed to an issue that permits attackers to spoof URL bars. This issue occurs because the application supports Internationalized Domain Names (IDNs) and UTF-8 font glyphs embedded in the web browser. This can be used to create specially crafted URLs that contain whitespaces. Apple Safari for Windows version 3.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24636
  • 07.27.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite
  • Description: NCTAudioEditor ActiveX control is a collection of ActiveX components for building end-user audio data applications. The application is exposed to an arbitrary file overwrite issue that occurs because the application fails to sanitize user-supplied input to the "CreateFile" method of the "NCTWMAFile2.dll" library. NCTAudioEditor ActiveX control version 2.6.2.157 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.27.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Bookmark Title Buffer Overflow
  • Description: Safari is a web browser from Apple available for Mac OS X and Microsoft Windows. The application is exposed to a buffer overflow issue when an attacker entices a victim to bookmark a maliciously crafted site. Apple Safari 3.0.2 Beta for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/24619
  • 07.27.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lhaca File Archiver Unspecified Stack Buffer Overflow
  • Description: Lhaca is a file archiver for Microsoft Windows. The application is exposed to an unspecified stack buffer overflow issue because it fails to properly handle the decompression of malicious LZH archive files. The application experiences a stack-based buffer overflow issue because the software most likely fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Lhaca versions 1.20 and 1.40 are affected.
  • Ref: http://www.securityfocus.com/bid/24604
  • 07.27.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RKD Software Bar Code ActiveX Control BarCodeAx.DLL Buffer Overflow
  • Description: RKD Software Bar Code ActiveX control is an ActiveX control that allows users to develop professional Bar Codes. The application is exposed to a buffer overflow issue because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when an excessive amount of data is passed to the "BeginPrint" method of the "BarCodeAx.dll" library. RKD Software Bar Code ActiveX control version 4.9 is affected.
  • Ref: http://www.securityfocus.com/bid/24596
  • 07.27.17 - CVE: CVE-2007-2442
  • Platform: Linux
  • Title: MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution
  • Description: Kerberos is a network authentication protocol. kadmind (Kerberos Administration Daemon) is the administration server for Kerberos networks. The application is exposed to a remote code execution issue. kadmind versions prior to krb5-1.6.1 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/356961
  • 07.27.18 - CVE: CVE-2007-2443
  • Platform: Linux
  • Title: MIT Kerberos 5 kadmind Server RPC Type Conversion Stack Buffer Overflow
  • Description: Kerberos is a network authentication protocol. kadmind (Kerberos Administration Daemon) is the administration server for Kerberos networks. The application is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Kerberos 5 kadmind versions 1.6.1 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/365313
  • 07.27.19 - CVE: CVE-2007-1863
  • Platform: Linux
  • Title: Apache HTTP Server Mod_Cache Denial of Service
  • Description: The Apache mod_cache module is exposed to a denial of service issue. If caching is enabled, a remote attacker may be able to send a malicious request that could cause the child process to crash. This could lead to denial of service conditions if the server is using a multi-threaded Multi-Processing Module (MPM).
  • Ref: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
  • 07.27.20 - CVE: CVE-2007-2798
  • Platform: Linux
  • Title: MIT Kerberos 5 kadmind Server Rename_Principal_2_SVC() Function Stack Buffer Overflow
  • Description: Kerberos is a network authentication protocol. kadmind (Kerberos Administration Daemon) is the administration server for Kerberos networks. The application is exposed to a stack-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. The problem occurs in the "rename_principal_2_svc()" function when concatenating the source and destination principal names in a sprintf() call. Kerberos 5 kadmind 1.6.1, kadmind 1.5.3 and earlier versions are affected.
  • Ref: http://www.kb.cert.org/vuls/id/554257
  • 07.27.21 - CVE: Not Available
  • Platform: Linux
  • Title: SlackRoll GnuPG And HTTP Codes Signature Validation Bypass Vulnerability And Weakness
  • Description: SlackRoll is an upgrade and package manager for Slackware Linux. The application is exposed to a signature validation bypass issue and an HTTP error detection issue because the application fails to adequately interpret certain GnuPG exit codes and HTTP error codes. SlackRoll versions prior to SlackRoll 8 are affected.
  • Ref: http://www.securityfocus.com/bid/24648
  • 07.27.22 - CVE: Not Available
  • Platform: Linux
  • Title: SILC Toolkit Multiple Unspecified Vulnerabilities
  • Description: SILC Toolkit is an application development framwork to implement secure conferencing services using the SILC protocol. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509 and OpenPGP. The application is exposed to multiple unspecified issues. Please refer to the advisory for further details. SILC Toolkit versions prior to 1.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24647
  • 07.27.23 - CVE: CVE-2007-3104
  • Platform: Linux
  • Title: Red Hat Kernel SysFS_ReadDir NULL Pointer Dereference
  • Description: The Red Hat kernel is exposed to a NULL pointer dereference issue due to a flaw in the "sysfs_readdir" function of the "/fs/sysfs/dir.c" source file. Please refer to the advisory for further details.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0488.html
  • 07.27.24 - CVE: Not Available
  • Platform: Linux
  • Title: Hiki Session ID File Deletion
  • Description: Hiki is a Wiki application written in Ruby. The application is exposed to an arbitrary file deletion issue because of an error in the way it deletes files when a user logs out. Hiki versions 0.8.0 to 0.8.6 are affected.
  • Ref: http://hikiwiki.org/en/advisory20070624.html
  • 07.27.25 - CVE: CVE-2007-1663, CVE-2007-1664, CVE-2007-1665
  • Platform: Linux
  • Title: EKG Multiple Remote Denial of Service Vulnerabilities
  • Description: Eksperymentalny Klient Gadu-Gadu (EKG) is a Polish language instant messaging program for multiple operating systems. The application is exposed to multiple remote denial of service issues due to design errors.
  • Ref: http://www.securityfocus.com/archive/1/472103
  • 07.27.26 - CVE: Not Available
  • Platform: Linux
  • Title: Red Hat Cluster Suite CMan Local Buffer Overflow
  • Description: Red Hat Cluster Suite is a set of application/service failover and IP load balancing software. The sutie's "cman" cluster manager is exposed to a local buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Ref: https://bugs.launchpad.net/ubuntu/+source/redhat-cluster-suite/+bug/121780
  • 07.27.27 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris TCP Loopback/Fusion Code Local Denial of Service
  • Description: Sun Solaris is exposed to a local denial of service issue. Solaris 10 SPARC and x86 are affected. Please refer to the advisory for further setails.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102963-1
  • 07.27.28 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris KSSL Memory Buffer Denial of Service
  • Description: Sun Solaris is exposed to a denial of service issue. An unprivileged local or remote attacker may exploit this issue to cause a system panic. This will cause the system to hang resulting in denial of service conditions. Solaris 10 SPARC and x86 are affected. Please refer to the advisory for further details.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102918-1
  • 07.27.29 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Dtsession Local Buffer Overflow
  • Description: Sun Solaris is exposed to a local buffer overflow issue. Solaris Common Desktop Environment (CDE) Session Manager contains a boundary error where it fails to properly bounds check user-supplied input before using it in a memory copy operation. This issue occurs in the "dtsession" CDE session manager. Sun Solaris versions 8, 9 and 10 SPARC and x86 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102954-1
  • 07.27.30 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris LibsLDAP NSCD Local Denial of Service
  • Description: The Solaris "libsldap" library is exposed to a local denial of service issue. This issue only affects hosts that are configured as LDAP clients. Please refer to the advisory for further details. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102926-1&searchclause=
  • 07.27.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Intel CORE 2 Multiple Local Denial of Service Vulnerabilities
  • Description: Intel CORE 2 64-bit microprocessors are the eighth generation of Intel Core micro architecture. These processors are exposed to multiple issues. Please refer to the advisory for further details.
  • Ref: http://download.intel.com/design/processor/specupdt/31327914.pdf
  • 07.27.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Web Start Arbitrary File Overwrite Privilege Escalation
  • Description: Java Web Start is a deployment solution for Java applications. The application is exposed to an issue that can result in privilege escalation. The malicious application could overwrite the .java.policy file to invoke applets or other Java Web Start applications that will be executed with the privileges of the victim. Java Web Start in JDK and JRE 5.0 Update 11 and earlier are affected. Also affected is Java Web Start in SDK and JRE 1.4.2_13 and earlier. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1&searchclause=
  • 07.27.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Document.Domain Cross-Domain Same Origin Overwriting
  • Description: Apple Safari is a web browser developed by Apple Computers. The application is exposed to an issue that permits an attacker to bypass the same origin policy. The attacker can take control of the "document.domain" property, which may permit the attacker to access properties of the original domain or spoof the content from an attacker-controlled domain. Apple Safari version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/24700
  • 07.27.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Progress and Openedge _Mprosrv Buffer Overflow
  • Description: Progress and OpenEdge are development platforms for managing business applications. These applications are exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/24675
  • 07.27.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. The application is exposed to a remote code execution issue. Computer Associates BrightStor ARCServe Backup version 11.5.SP3 is affected.
  • Ref: http://research.eeye.com/html/advisories/upcoming/20070618.html
  • 07.27.36 - CVE: CVE-2007-3377, CVE-2007-3409
  • Platform: Cross Platform
  • Title: Perl Net::DNS Remote Multiple Vulnerabilities
  • Description: The Perl Net::DNS module allows scripts written in Perl to perform DNS queries. The application is exposed to multiple issues. Perl Net::DNS module versions prior to 0.60. are affected.
  • Ref: http://www.securityfocus.com/bid/24669
  • 07.27.37 - CVE: CVE-2007-3389, CVE-2007-3390, CVE-2007-3391,CVE-2007-3392, CVE-2007-3393
  • Platform: Cross Platform
  • Title: Wireshark Multiple Protocol Denial of Service Vulnerabilities
  • Description: Wireshark is an application for analyzing network traffic. It is available for Microsoft Windows and UNIX-like operating systems. Wireshark is the successor to the Ethereal network protocol analyzer. The application is exposed to multiple denial of service issues when handling certain types of packets and protocols in varying conditions. Wireshark versions prior to 0.99.6 are affected.
  • Ref: http://www.securityfocus.com/bid/24662
  • 07.27.38 - CVE: CVE-2007-2951
  • Platform: Cross Platform
  • Title: KVIrc URI Handler Remote Command Execution
  • Description: KVIrc is an IRC client available for various operating systems. The application is exposed to a remote command execution issue because it fails to sufficiently sanitize user-supplied input in the "parseIrcURL()" function of the "src/kvirc/kernel/kvi_ircurl.cpp" file. The application fails to sanitize parts of the URI when building commands for the KVIrc's internal script system. KVIrc version 3.2 and 3.2.5 are affected.
  • Ref: http://secunia.com/secunia_research/2007-56/advisory/
  • 07.27.39 - CVE: CVE-2007-3378
  • Platform: Cross Platform
  • Title: PHP .Htaccess Safe_Mode and Open_Basedir Restriction Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to multiple "safe_mode" and "open_basedir" restriction bypass issues. PHP versions 5.2.3 and 4.4.7 are affected.
  • Ref: http://securityreason.com/achievement_securityalert/45
  • 07.27.40 - CVE: CVE-2007-3410
  • Platform: Cross Platform
  • Title: RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow
  • Description: RealPlayer and HelixPlayer are media players developed by Real Networks. The application is exposed to a buffer overflow issue because the applications fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs in the "parseWallClockValue()" when parsing "HH:mm:ss.f" time format. RealPlayer and HelixPlayer version 10.5-GOLD is affected.
  • Ref: http://www.securityfocus.com/archive/1/472295
  • 07.27.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Warzone Long File Name Buffer Overflow
  • Description: Warzone 2100 Resurrection is a 3D game for multiple operating systems. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Warzone 2100 Resurrection version 2.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/24650
  • 07.27.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GD Graphics Library Multiple Vulnerabilities
  • Description: The GD Graphics Library (gdlib) is an open source graphics library available for multiple platforms, including UNIX variants and Microsoft Windows. It is implemented in ANSI C and is designed for creating and manipulating PNG, JPEG, and GIF image formats. The application is exposed to multiple issues. GD graphics library versions prior to 2.0.35 are affected.
  • Ref: http://www.securityfocus.com/bid/24651
  • 07.27.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Mail Security For SMTP Remote Denial of Service
  • Description: Symantec Mail Security for SMTP is an email scanning security application for multiple operating platforms. The application is exposed to a remote denial of service issue that occurs because it fails to perform adequate boundary checks when parsing executable mail attachments. Symantec Mail Security for SMTP versions in the 5.0 series prior to 5.01 Patch 181 are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.06.26.html
  • 07.27.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. The application is exposed to multiple security issues. Unspecified CGI modules fail to check the size of data in unspecified arguments or fields before copying it into finite-sized internal memory buffers, and additionally fail in an unspecified manner that allows for an authentication bypass. Trend Micro OfficeScan versions prior to edition 8.0 patch build 1042 are affected. Ref: http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt
  • 07.27.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHPVideoPro Unspecified
  • Description: PHPVideoPro is a video management application. The application is exposed to an unspecified issue. Please refer to the advisory for further details. PHPVideoPro versions prior to 0.8.8 are affected.
  • Ref: http://www.securityfocus.com/bid/24644
  • 07.27.46 - CVE: CVE-2007-3372
  • Platform: Cross Platform
  • Title: Avahi Empty TXT Data Denial of Service
  • Description: Avahi is an application to discover services available on the local network. The application is exposed to a local denial of service issue that occurs when the application processes empty TXT data over D-BUS for registration. This causes an error in the application during an "assert()" operation. Avahi versions prior to 0.6.20 are affected.
  • Ref: http://www.securityfocus.com/bid/24614
  • 07.27.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SHTTPD Filename Parse Error Information Disclosure
  • Description: SHTTPD is an HTTP webserver application for multiple operating systems. It is implemented in C/C++. The application is exposed to an information disclosure issue because of an error when parsing specially crafted filename extensions provided by users in the URL. SHTTPD version 1.38 is affected.
  • Ref: http://www.securityfocus.com/bid/24618
  • 07.27.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Closed Connection Information Disclosure
  • Description: IBM WebSphere Application Server is a tool for creating various enterprise web applications. The application is exposed to an information disclosure issue because of prematurely closing an active connection to the server and subsequently making another request. IBM WebSphere Application Server version 6.0 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24015854
  • 07.27.49 - CVE: CVE-2007-2399
  • Platform: Cross Platform
  • Title: Apple Webkit Invalid Type Conversion Remote Code Execution
  • Description: Apple WebKit is a web browser framework used in the safari browser and other applications. The webkit framework is exposed to a remote code execution issue due to a failure of the framework to properly handle a certain invalid type conversion operation when rendering frame sets. This causes memory to become corrupted in a way that allows an attacker to execute arbitrary code in the context of an application using the framework.
  • Ref: http://www.kb.cert.org/vuls/id/389868
  • 07.27.50 - CVE: CVE-2007-2400
  • Platform: Cross Platform
  • Title: Apple Safari Cross-Domain Race Condition Information Disclosure
  • Description: Apple Safari is exposed to an information disclosure issue because it fails to properly enforce cross-domain JavaScript restrictions. Apple Safari versions prior to Safari 3 Beta Update 3.0.2 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/289988
  • 07.27.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: b1gBB Visitenkarte.PHP Cross Site Scripting
  • Description: b1gBB is a web-based bulletin board. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "user" parameter of the "visitenkarte.php" script. b1gBB version 2.24.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24698
  • 07.27.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HTML Purifier ConfigForm.PHP Cross-Site Scripting
  • Description: HTML Purifier is an HTML filtering application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "smoketests/configForm.php" script. HTML Purifier versions prior to 2.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24699
  • 07.27.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting
  • Description: Oracle Application Server is an integrated, standards-based software platform. The software is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the secondary login page produced when a failed login occurs.
  • Ref: http://www.securityfocus.com/bid/24697
  • 07.27.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun JavaDoc Tool Cross-Site Scripting
  • Description: Sun JavaDoc Tool is a documentation application for web applications. The application is exposed to an undisclosed cross-site scripting issue because it fails to properly sanitize user-supplied input. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1&searchclause=
  • 07.27.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Linksys Wireless-G ADSL Gateway WAG54GS Setup.CGI Persistent Cross-Site Scripting Vulnerabilities
  • Description: D-Link DSL-G624T devices are DSL routers with an 802.11g wireless access point. The application is exposed to multiple persistent cross-site scripting issues due to a failure of the application to properly sanitize user-supplied input. Linksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is affected.
  • Ref: http://www.securityfocus.com/bid/24682
  • 07.27.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: sHTTPd Unspecified Cross Site Scripting
  • Description: sHTTPd is a webserver application for the Windows platform. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. sHTTPd versions 20070408 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24683
  • 07.27.57 - CVE: CVE-2007-2801
  • Platform: Web Application - Cross Site Scripting
  • Title: eTicket Open.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: eTicket is an electronic ticket system. The application's administration module is exposed to multiple cross site scripting issues because it fails to properly sanitize user-supplied input to the "err" and "warn" parameters of the "open.php" script. eTicket versions 1.5.5 and 1.5.5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/24681
  • 07.27.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DirectAdmin Domain Parameter Cross-Site Scripting
  • Description: DirectAdmin is web site administration panel. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Domain" parameter of the "CMD_USER_STATS" script.
  • Ref: http://www.securityfocus.com/bid/24688
  • 07.27.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP Internet Communication Framework Multiple Cross-Site Scripting Vulnerabilities
  • Description: SAP Internet Communication Framework enables applications to communicate via HTTP, HTTPS and SMTP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input. This issue affects multiple unspecified parameters of the default login error script. SAP Internet Communication Framework versions prior to 640 SP20 and 700 SP12 are affected.
  • Ref: http://www.securityfocus.com/bid/24674
  • 07.27.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP NetWeaver and Web Dynpro Java Cross-Site Scripting
  • Description: SAP NetWeaver is a business management application, Web Dynpro is the SAP development environment within SAP NetWeaver. The application is exposed to a cross-site scripting issue because the applications fail to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/472341
  • 07.27.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RWAuction Pro Search.ASP Multiple Cross-Site Scripting Vulnerabilities
  • Description: rwAuction Pro is online auction software. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "search", "show", "searchtype", "catid" and "searchtxt" parameters of the "search.asp" script. rwAuction Pro version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24668
  • 07.27.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! Administration Module Multiple Cross-Site Scripting Vulnerabilities
  • Description: Joomla! is a web-based content management system (CMS). The application's administration module is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Joomla! version 1.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/24663
  • 07.27.63 - CVE: CVE-2006-5752
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache HTTP Server Mod_Status Cross-Site Scripting
  • Description: The Apache HTTP Server mod_status module provides information on server activity. The module is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input when the "server-status" page is publicly accessibile and "ExtendedStatus" is enabled.
  • Ref: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
  • 07.27.64 - CVE: CVE-2007-3182
  • Platform: Web Application - Cross Site Scripting
  • Title: Calendarix Multiple Cross-Site Scripting Vulnerabilities
  • Description: Calendarix is a web-based calendar application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-input that affect the "leftfooter" parameter of the "cal_footer.inc.php", the "ycyear" parameter of the "yearcal.php" script, and the "year" and "month" parameters of the "calendar.php" script. Calendarix version 0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/472208
  • 07.27.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Key Focus Web Server Index.WKF Cross-Site Scripting
  • Description: Key Focus Web Server is a free web server application for use on the Microsoft Windows operating system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "opsubmenu" parameter of the "index.wkf" script. Key Focus Web Server version 3.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24623
  • 07.27.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BOSDataGrid Multiple Cross-Site Scripting Vulnerabilities
  • Description: bosDataGrid is a VBScript class used to generate table-based datagrids. The application is exposed to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "GridSearch", "gsearch" and "ParentID" parameters of the application. bosDataGrid versions 2.50 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24617
  • 07.27.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Access2ASP Multiple Cross-Site Scripting Vulnerabilities
  • Description: access2asp is an application that allows users to access their Microsoft Access database online. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. access2asp versions 4.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24610
  • 07.27.68 - CVE: CVE-2007-2401
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple WebCore XMLHTTPRequest Cross-Site Scripting
  • Description: WebCore HTML layout framework developed by Apple. It is a component of the WebKit framework used by the Safari browser. The application is exposed to a cross-site scripting issue because it fails to adequately serialize XMLHttpRequest headers into an HTTP request.
  • Ref: http://www.securityfocus.com/bid/24598
  • 07.27.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel SCGIwrap Path Disclosure and Cross-Site Scripting Vulnerabilities
  • Description: cPanel is a web-hosting control panel. The application is exposed to path disclosure and cross-site scripting issues because it fails to properly sanitize user-supplied input to the "scgiwrap" (Simple CGI Wrapper) script. cPanel version 311.4.19-R14378 in the RELEASE and CURRENT branches and versions prior to cPanel 10.9.1 in the STABLE branch are affected.
  • Ref: http://www.securityfocus.com/bid/24586
  • 07.27.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: B1GBB ID Parameter Multiple SQL Injection Vulnerabilities
  • Description: b1gBB is a web-based bulletin board. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "showthread.php" and "showboard.php" scripts. b1gBB version 2.24.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24696
  • 07.27.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebChat Login.PHP SQL Injection
  • Description: WebChat is a web-based chat application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rid" parameter of the "login.php" script. WebChat version 0.78 is affected.
  • Ref: http://www.securityfocus.com/bid/24701
  • 07.27.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuickTicket Multiple SQL Injection Vulnerabilities
  • Description: QuickTicket is a trouble ticket management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. QuickTicket version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24665
  • 07.27.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ElkaGroup Image Gallery Property.PHP SQL Injection
  • Description: Elkagroup is a web-based photo album application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the "pid" parameter of the "property.php" script. Elkagroup version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24666
  • 07.27.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Quicktalk Guestbook QTG_MSG_View.PHP SQL Injection
  • Description: Quicktalk Guestbook is a web-based guestbook. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "qtg_msg_view.php" script. Quicktalk Guestbook version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24667
  • 07.27.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EDocStore Doc.PHP SQL Injection
  • Description: EDocStore is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "doc_id" parameter of the "doc.php" script. The current version of EDocStore is affected.
  • Ref: http://www.securityfocus.com/bid/24638
  • 07.27.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pagetool Index.PHP SQL Injection
  • Description: Pagetool is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "news_id" parameter of the "index.php" script. Pagetool version 1.07 is affected.
  • Ref: http://www.securityfocus.com/bid/24640
  • 07.27.77 - CVE: CVE-2006-6355
  • Platform: Web Application - SQL Injection
  • Title: DUClassmate ICity Parameter SQL Injection
  • Description: DUclassmate is a free web-based application for listing and searching classmates and friends. The application is exposed to an SQL injection issue because the application fails to properly sanitize user-supplied input to the "iCity" parameter of the "detail.asp" script before using it in an SQL query. DUclassmate versions 1.0, 1.1 and 1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/24637
  • 07.27.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 6ALBlog Member.PHP SQL Injection
  • Description: 6ALBlog is a web log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter of the "member.php" script.
  • Ref: http://www.securityfocus.com/bid/24630
  • 07.27.79 - CVE: CVE-2007-3183
  • Platform: Web Application - SQL Injection
  • Title: Calendarix Multiple SQL Injection Vulnerabilities
  • Description: Calendarix is a web-based calendar. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters before using it in an SQL query: "calendar.php: month, year" and "cal_search.php: search field". Calendarix version 0.7.20070307 is affected.
  • Ref: http://www.securityfocus.com/archive/1/472221
  • 07.27.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyNews AuthACC SQL Injection
  • Description: MyNews is a web-based news-reader application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "authacc" cookie parameter before using it in an SQL query. MyNews version 0.10 is affected.
  • Ref: http://www.netvigilance.com/advisory0025
  • 07.27.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Power Phlogger Login.PHP SQL Injection
  • Description: Power Phlogger is a web-site statistic tool. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "username" parameter of the "login.php" script before using it in an SQL query. Power Phlogger version 2.2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24622
  • 07.27.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Invoices Index.PHP SQL Injection
  • Description: Simple Invoices is a web-based invoicing system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "submit" parameter of the "index.php" script before using it in an SQL query. Simple Invoices version 20070525 is affected.
  • Ref: http://www.securityfocus.com/bid/24601
  • 07.27.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pharmacy System Index.PHP SQL Injection
  • Description: Pharmacy System is a web-based pharmacy application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ID" parameter of the "index.php" script before using it in an SQL query. Pharmacy System version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/24602
  • 07.27.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Papoo SelmenuID Parameter SQL Injection
  • Description: Papoo is a content manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "selmenuid" parameter of an unspecified script. Papoo version 3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/24611
  • 07.27.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPRaider Multiple SQL Injection Vulnerabilities
  • Description: phpRaider is a web-based RAID management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "type" and "id" parameters of the "index.php" script. phpRaider version 1.0.0 RC8 is affected.
  • Ref: http://www.securityfocus.com/bid/24593
  • 07.27.86 - CVE: Not Available
  • Platform: Web Application
  • Title: XEForum Cookie Modification Remote Authentication Bypass
  • Description: XEForum is a web forum application. The application is exposed to an authentication bypass issue because it fails to adequately sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/24694
  • 07.27.87 - CVE: Not Available
  • Platform: Web Application
  • Title: QuickTalk Forum Lang Parameter Multiple Local File Include Vulnerabilities
  • Description: QuickTalk Forum is a web-based forum application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "lang" parameter of the "qtf_checkname.php", "qtf_j_birth.php" and "qtf_j_exists.php" scripts before using it in an include() function call. QuickTalk Forum version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24671
  • 07.27.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Nessus Windows GUI Unspecified Script HTML Injection
  • Description: Nessus is a security scanner application for multiple operating systems. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects unspecified input to the Windows graphical user interface(GUI). Nessus versions prior to 3.0.6 are affected.
  • Ref: http://www.securityfocus.com/bid/24677
  • 07.27.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Eva-Web Index.PHP3 Multiple Remote File Include Vulnerabilities
  • Description: EVA-Web is content management system for school web sites. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "aide" and "perso" parameters of "eva/index.php3". EVA-Web versions 2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24664
  • 07.27.90 - CVE: Not Available
  • Platform: Web Application
  • Title: QuickTicket QTI_CheckName.PHP Local File Include
  • Description: QuickTicket is a trouble-ticket management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "qti_checkname.php" script before using it in an include() function call. QuickTicket version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24670
  • 07.27.91 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpSiteBackup Pcltar.Lib.PHP Remote File Include
  • Description: PhpSiteBackup is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g_pcltar_lib_dir" parameter of the "pcltar.lib.php" script. PhpSiteBackup version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24660
  • 07.27.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Dreamlog Upload.PHP Arbitrary File Upload
  • Description: Dreamlog is a web journaling application. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input in the file upload function of the software. Dreamlog version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24639
  • 07.27.93 - CVE: CVE-2007-3254, CVE-2007-3255, CVE-2007-3256
  • Platform: Web Application
  • Title: Xythos Enterprise Document Manager Multiple Input Validation Vulnerabilities
  • Description: Xythos Enterprise Document Manager is web-based software for managing documents and corporate records. The application is exposed to multiple input validation issues. Xythos Enterprise Document Manager in the 5.0 and 6.0 series, prior to version 5.0.25.8 and 6.0.46.1 are affected. Ref: http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt
  • 07.27.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Custom Field Arbitrary File Upload
  • Description: Webpress is a web-based publishing application. The application is exposed to an arbitrary file upload issue due to an authentication verification error in the affected application by adding the "_wp_attached_file" custom field to a file and uploading the file on the web server using the "wp-app.php" script or the "app.php" script. WordPress version 2.2.1, WordPress MU 1.2.3 and earlier versions are affected.
  • Ref: http://www.buayacorp.com/files/wordpress/wordpress-advisory.html
  • 07.27.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo Plugin.PHP Authentication Bypass
  • Description: Papoo is a content management system. The application is exposed to an authentication bypass issue that occurs because the application fails to check user-privilege when accessing the administration pages. Papoo version 3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/24634
  • 07.27.96 - CVE: Not Available
  • Platform: Web Application
  • Title: EQDKP Login.PHP Arbitrary Variable Overwrite
  • Description: EQdkp is a web application used to track Ever Quest dragon-kill points. The application is exposed to an issue that allows to overwrite arbitrary variables. EQdkp versions 1.3.2d and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24643
  • 07.27.97 - CVE: Not Available
  • Platform: Web Application
  • Title: B1GBB Footer.Inc.PHP Remote File Include
  • Description: b1gBB is a web-based bulletin-board system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "tfooter" parameter of the "footer.inc.php" script. b1gBB version 2.24.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24624
  • 07.27.98 - CVE: Not Available
  • Platform: Web Application
  • Title: BugMall Shopping Cart Insecure Default Password
  • Description: BugMall Shopping Cart is a shopping cart application. The application is exposed to an insecure default password issue where an attacker may log in to the application with a username and password value of "demo" and perform application functions as a valid, trusted user. BugMall Shopping Cart version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24627
  • 07.27.99 - CVE: Not Available
  • Platform: Web Application
  • Title: BugMall Shopping Cart Multiple Input Validation Vulnerabilities
  • Description: BugMall Shopping Cart is an ecommerce application. The application is exposed to these input validation issues such as an SQL injection issue that affects the "search" input field of the "index.php" script, and a cross-site scripting issue that affects the "msgs" parameter of the "index.php" script. BugMall Shopping Cart versions 2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24629
  • 07.27.100 - CVE: Not Available
  • Platform: Web Application
  • Title: 6ALBlog Index.PHP Remote File Include
  • Description: 6ALBlog is a web log application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "pg" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/24632
  • 07.27.101 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteDepth SiteDepth.PHP Local File Include
  • Description: SiteDepth is a content management system (CMS). The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "name" parameter of the "sitedepth.php" script. SiteDepth version 3.44 is affected.
  • Ref: http://www.securityfocus.com/bid/24635
  • 07.27.102 - CVE: Not Available
  • Platform: Web Application
  • Title: phpTrafficA Multiple Input Validation Vulnerabilities
  • Description: phpTrafficA is a web traffic analysis application. The application is exposed to multiple input validation issues which include an SQL injection issue that affects the "pageid" parameter of the "index.php" script, and a cross-site scripting issue that affects the "lang" parameter of the "index.php" script. phpTrafficA version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/24615
  • 07.27.103 - CVE: Not Available
  • Platform: Web Application
  • Title: ClickGallery Server Edit_Image.ASP Multiple Input Validation Vulnerabilities
  • Description: ClickGallery Server is a web application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. ClickGallery Server versions 5.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24616
  • 07.27.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Lebisoft Zdefter Defter_Yaz.ASP Multiple HTML Injection Vulnerabilities
  • Description: Lebisoft zdefter is a message board application implemented in ASP. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Lebisoft zdefter version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24620
  • 07.27.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Dagger Cal.Func.PHP Remote File Include
  • Description: Dagger is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "dir_edge_lang" parameter of the "cal.func.php" script. Dagger version 23jan2007 is affected.
  • Ref: http://www.securityfocus.com/bid/24605
  • 07.27.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Pluxml Images.PHP Remote Code Execution
  • Description: Pluxml is a blog application. The application is exposed to an arbitrary code-execution issue because it fails to properly sanitize user-supplied input to the "msg" parameter of the "images.php" script. Pluxml version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24607
  • 07.27.107 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Signup.PHP Arbitrary File Upload
  • Description: e107 is a content management system. The application is exposed to an arbitrary file upload issue because the application fails to sufficiently sanitize user-supplied input and also fails to sanitize file extensions before uploading file onto the web server. e107 version 0.7.8 is affected.
  • Ref: http://www.securityfocus.com/bid/24609
  • 07.27.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla/Mambo Mod_Forum Component PHPBB_Root.PHP Remote File Include
  • Description: The "mod_forum" component is a PHP-based module for the Joomla and Mambo content managers. The component is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter in the "download.php" script.
  • Ref: http://www.securityfocus.com/bid/24591
  • 07.27.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla/Mambo Com_SiteMap Component MosConfig_Absolute_Path Remote File Include
  • Description: The "com_sitemap" component is a PHP-based module for the Joomla and Mambo content managers. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosconfig_absolute_path" parameter of the "site.xml.php" script.
  • Ref: http://www.securityfocus.com/bid/24592
  • 07.27.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Board Multiple Remote File Include Vulnerabilities
  • Description: Sun Board is a BBS application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "sunPath" parameter of the "include.php" script and the "dir" parameter of the "doctype.php" script. Sun Board version 1.00.00 alpha is affected.
  • Ref: http://www.securityfocus.com/bid/24588
  • 07.27.111 - CVE: Not Available
  • Platform: Web Application
  • Title: POWL Load_Lang.PHP Remote File Include
  • Description: POWL is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_POWL[installPath]" parameter of the "/plugins/widgets/htmledit/htmledit.php" script. POWL version 0.9.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24589
  • 07.27.112 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com IntelliJack Switch NJ220 Loopback Remote Denial of Service
  • Description: 3Com IntelliJack Switch NJ220 is a series of networking switches available from 3Com. The application is exposed to a remote denial of service issue as a remote attacker can cause a denial of service to legitimate users of the affected devices. Specifically, this issue occurs when the vulnerable devices processes a loopback packet with a length field of zero. 3Com IntelliJack Switch NJ220 versions prior to 2.0.23 are affected.
  • Ref: http://www.securityfocus.com/bid/24705
  • 07.27.113 - CVE: Not Available
  • Platform: Network Device
  • Title: Juniper Steal-Belted Radius Certificate Revocation Authentication Bypass
  • Description: Juniper Steal-Belted Radius (SBR) is a device that provides an authentication service for computers on networks. The application is exposed to an authentication bypass issue because the device permits attackers to use revoked certificates when gaining access to the affected network. Juniper SBR version 6.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24679

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course lays the foundation necessary to understand data storage, then jumps into using the latest tools available today to ensure immediate value upon returning to work
-Dave Howard, Emerson

vLive FOR508

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage