Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 29
July 16, 2007

SANS Newsletters Home

One of the biggest weeks of 2007 for newly reported vulnerabilities:

The most critical vulnerabilities announced this week are in Excel and the .NET Framework. Overall, Windows had three, Office had two, and other MS products had one. Microsoft wasn't alone: Sun, Apple, Symantec, Adobe, McAfee, and Cisco also had high-risk vulnerabilities this week. Add to that the vulnerability in Progress Server, used by RSA Security and many other products, and you have a complex week for finding and mitigating vulnerabilities. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 3 (#2, #3, #14)
    • Microsoft Office
    • 3 (#1, #11)
    • Other Microsoft Products
    • 3 (#12)
    • Third Party Windows Apps
    • 22 (#7, #8)
    • Linux
    • 6
    • Unix
    • 1
    • Cross Platform
    • 22 (#4, #5, #9, #10)
    • Web Application - Cross Site Scripting
    • 4
    • Web Application - SQL Injection
    • 12
    • Web Application
    • 14
    • Network Device
    • 3 (#6, #13)

**** Sponsored By SANS Network Security 2007 and the Voucher Program ****

Send your security team to SANS Network Security in 2007 in Las Vegas at the end of September. They'll learn the most up-to-date security techniques from the best teachers in world. Where else can they get such quality training? http://www.sans.org/ns2007/

"This is the fifth time I have attended a SANS conference and while my expectations continue to increase, SANS continues to exceed them." (Ralph Martins, Jr., Booz Allen Hamilton)

And use SANS Voucher Program to allow people maximize your training budget. Capitalize on Year-End Money & Save 15-30%! Visit: http://www.sans.org/info/11141 or Email vouchers@sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** Sponsored Links: ******************************

1) Free Whitepaper: Using Advanced Event Correlation to Improve Enterprise Security, Compliance and Business Posture Know the truth. Advanced event correlation is vital to analyzing enterprise data. Download the whitepaper. http://www.sans.org/info/11146

2) How are your peers addressing Application Security issues? Find out at the Application Security Summit August 15-16 - Washington, DC http://www.sans.org/info/11151

3) SAVE BIG! Get 30% off of any of upcoming courses when you sign up for OnDemand's pre-paid program. Check out our full list of upcoming courses at http://www.sans.org/info/11156. For more information or to request a pre-paid from please contact ondemand@sans.org.

************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS07-036)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office System 2007
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Excel contains multiple flaws in its handling of Excel spreadsheet files. A spreadsheet file containing a specially crafted Excel version code, number of active worksheets, or workspace information could exploit one of these flaws. Successfully exploiting one of these flaws would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Excel, spreadsheet documents are not opened without confirmation. At least one proof-of-concept is publicly available for one of these vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (2) CRITICAL: Microsoft .NET Framework Multiple Vulnerabilities (MS07-040)
  • Affected:
    • Microsoft .NET Framework versions 1.0, 1.1, and 2.0

  • Description: The Microsoft .NET framework contains multiple vulnerabilities in its handling of .NET executables. .NET executables are programs executed by the .NET framework. A specially crafted executable could exploit flaws in the framework's Just In Time compiler (JIT) or in its Portable Executable (PE) loader. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending on configuration, certain .NET executables may run without first prompting the user. An additional information disclosure vulnerability in ASP.NET is also addressed by this bulletin.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (3) HIGH: Microsoft Windows Active Directory LDAP Remote Code Execution Vulnerability (MS07-039)
  • Affected:
    • Microsoft Windows 2000 Server
    • Microsoft Windows Server 2003

  • Description: Microsoft Active Directory contains a flaw in its handling of Lightweight Directory Access Protocol (LDAP) requests. A specially crafted LDAP request containing an inaccurate number of convertible attributes could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Note that on Windows Server 2003, an attacker would first need valid authentication credentials before exploiting this vulnerability; Windows 2000 does not require authentication. An additional denial-of-service vulnerability is also addressed by this security bulletin.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (4) HIGH: Adobe Flash Player Remote Code Execution
  • Affected:
    • Adobe Flash Player versions 9.045 and earlier

  • Description: Adobe Flash Player, a player for the Flash file format used to deliver interactive content in web pages, presentations, and other contexts, contains an input validation error. A specially crafted Flash file could trigger this error, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that Flash content is often played automatically when loading a web page. Adobe Flash Player is installed by default on Microsoft Windows, Apple Mac OS X, and some distributions of Linux. An information disclosure vulnerability was also addressed by this update.

  • Status: Adobe confirmed, updates available.

  • Council Site Actions: Adobe Flash is not supported at most council sites, but they plan to address as needed in their next regularly scheduled maintenance cycle.

  • References:
  • (5) HIGH: Multiple Vendor Progress Server Buffer Overflow
  • Affected:
    • Progress Server version 9.1E
    • Other products using the Progress Server software, including:
    • RSA Authentication Manager versions 6.0 and 6.1
    • RSA ACE/Server version 5.2
    • RSA SecurID Appliance version 2.0

  • Description: Progress Server is an enterprise development platform used in a variety of software, including RSA security and authentication products. A flaw in its handling of input can lead to a buffer overflow condition. An attacker sending an overlong string to the "mprosrv.exe" process could trigger this buffer overflow and execute arbitrary code with the privileges of the vulnerable process. Full technical details for this vulnerability are publicly available.

  • Status: Progress confirmed, updates available. RSA has also confirmed, and made updates available.

  • Council Site Actions: Only one of the reporting council sites is acting on this vulnerability. They are investigating to determine if they have exposure from RSA products on UNIX platforms.

  • References:
  • (6) HIGH: Cisco Unified Communications Manager Multiple Buffer Overflows
  • Affected:
    • Cisco Unified CallManager version 4.1, 4.2, 4.3, and 4.0
    • Cisco Unified Communications Manager versions 4.3 and 5.1

  • Description: Cisco Unified CallManager and Cisco Unified Communications Manager, used to handle Voice-over-IP (VoIP) and other communications, contain multiple buffer overflow vulnerabilities. Specially crafted requests to the software could trigger a buffer overflow in the "CTLProvider.exe" or "RisDC.exe" components. Successfully exploiting these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the vulnerable process and potentially obtain complete control of the affected system. Note that these vulnerabilities could lead to a loss or disruption of telephone service on VoIP networks.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: Only one of the reporting council sites is using the affected software and they plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (7) HIGH: Symantec AntiVirus Engine CAB and RAR Parsing Buffer Overflows
  • Affected:
    • Symantec AntiVirus Engine

  • Description: Products using the Symantec AntiVirus engine are vulnerable to multiple buffer overflows when parsing CAB ("cabinet") and RAR archive files. These archive file formats are widely used to distribute applications, updates, documents, and other software. A specially crafted CAB or RAR archive could trigger a buffer overflow in the antivirus engine, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that these files need not be explicitly downloaded or opened in some cases; when the antivirus engine is used to scan email, for example, simply sending an email that transits a vulnerable server is sufficient for exploitation.

  • Status: Symantec confirmed, updates available.

  • Council Site Actions: Only one of the reporting council sites is using the affected software and they plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (10) HIGH: Sun Java Runtime and Development Kit XSLT Remote Code Execution
  • Affected:
    • Sun Java Development Kit versions 6 Update 1 and prior
    • Sun Java Runtime Environment versions 6 Update 1 and prior
    • Sun Java System Web Server version 7.0
    • Sun Java System Application Server

  • Description: The Sun Java Runtime Environment (JRE) and Java Development Kit (JDK) contain flaws in their handling of Extensible Stylesheet Language Transformations (XSLT) documents. A specially crafted XSLT stylesheet contained inside an XML signature could trigger this vulnerability and allow an attacker to execute arbitrary code with the privileges of the process that opened the XSLT stylesheet. Technical details are available for this vulnerability.

  • Status: Sun confirmed, updates available.

  • Council Site Actions: Some of the reporting council sites are investigating if they have exposure from this vulnerability. No action has been determined at this point in time.

  • References:
  • (11) MODERATE: Microsoft Publisher Invalid Memory Reference (MS07-037)
  • Affected:
    • Microsoft Office System 2007

  • Description: Microsoft Publisher contains a flaw in the way it handles Publisher files. A specially crafted Publisher file could trigger this flaw, causing an invalid memory reference in Publisher. Successfully exploiting this flaw would allow an attacker to execute arbitrary code with the privileges of the current user. Note that the affected version of Publisher does not open files without first prompting the user. Some technical information is available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Only one of the reporting council sites is using the affected software and they plan to distribute the updates during their next regularly scheduled system maintenance cycle.

  • References:
  • (13) MODERATE: 3Com TippingPoint IPS Filter Bypass Vulnerability
  • Affected:
    • 3Com TippingPoint IPS products running TOS versions prior to 2.2.5 and 2.5.2

  • Description: 3Com TippingPoint Intrusion Prevention Systems (IPSs) fail to properly inspect traffic if that traffic has been fragmented in a certain way. By sending specially fragmented traffic, an attacker could bypass inspection by TippingPoint devices, potentially opening systems behind TippingPoint devices open to attack.

  • Status: TippingPoint confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (14) LOW: Microsoft Teredo Firewall Bypass Vulnerability (MS07-038)
  • Affected:
    • Microsoft Windows Vista

  • Description: Microsoft Teredo is a technology designed to ease the migration of Windows systems to networks using IPv6. This technology allows IPv6 traffic to be sent to a host connected to an IPv4 network. By persuading a user to click on a link containing a Teredo address, an attacker could cause the Teredo subsystem on a victim's machine to become active. When in this active state, an attacker could determine the firewall rules in effect on a victim's machine, determine if the victim's machine is present on the network, or potentially bypass certain firewall rules.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5465 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.29.1 - CVE: CVE-2007-3038
  • Platform: Windows
  • Title: Microsoft Windows Vista Teredo Interface Firewall Bypass
  • Description: Windows Firewall for Windows Vista is the firewall solution shipped as part of the Microsoft Vista operating system. It is enabled by default. Teredo is an IPv4-to-IPv6 transition mechanism for IPv6-capable hosts that are located behind an IPv4 NAT. The software is exposed to an issue that may permit a bypass of existing firewall rules because the firewall fails to properly enforce rules when accepting traffic through the Teredo interface.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx
  • 07.29.2 - CVE: CVE-2007-3028
  • Platform: Windows
  • Title: Microsoft Windows Active Directory LDAP Request Validation Remote Denial of Service
  • Description: Lightweight Directory Access Protocol (LDAP) is a protocol that allows authorized users to view or update data in a meta directory. Microsoft Windows is exposed to a remote denial of service issue because Microsoft Active Directory fails to handle specially crafted LDAP requests.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms07-039.mspx
  • 07.29.3 - CVE: CVE-2007-0040
  • Platform: Windows
  • Title: Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution
  • Description: Lightweight Directory Access Protocol (LDAP) is a protocol that allows authorized users to view or update data in a meta directory. Microsoft Windows is exposed to a remote code execution issue because Microsoft Active Directory fails to handle specially crafted LDAP requests.
  • Ref: http://www.kb.cert.org/vuls/id/487905
  • 07.29.4 - CVE: CVE-2007-1756
  • Platform: Microsoft Office
  • Title: Microsoft Excel Version Information Validation Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. The issue stems from an unspecified calculation error related to how the application validates version information parsed from the beginning of the malformed file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
  • 07.29.5 - CVE: CVE-2007-3030
  • Platform: Microsoft Office
  • Title: Microsoft Excel Workspace Designation Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing a malformed Excel file. The issue is due to a validation error of certain file attributes data associated with workspace information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
  • 07.29.7 - CVE: CVE-2007-0043
  • Platform: Other Microsoft Products
  • Title: Microsoft .NET Framework JIT Compiler Remote Buffer Overflow
  • Description: Microsoft .NET Framework is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
  • 07.29.8 - CVE: CVE-2007-0041
  • Platform: Other Microsoft Products
  • Title: Microsoft .NET Framework PE Loader Remote Buffer Overflow
  • Description: Microsoft .NET Framework is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
  • 07.29.9 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection
  • Description: Microsoft Internet Explorer is prone to a protocol handler command injection issue that allows remote attackers to pass and execute arbitrary commands and arguments through the "firefox.exe" process.
  • Ref: http://www.securityfocus.com/bid/24837
  • 07.29.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EldoS SecureBlackbox PGPBBox.dll ActiveX Control Arbitrary File Overwrite
  • Description: SecureBlackbox is a suite of standards-based security components for Microsoft Windows and Linux operating systems. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker SASATL.DLL ActiveX Control DebugMsgLog Method Buffer Overflow
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The Zenturi ProgramChecker "sasatl.dll" ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
  • Description: Symantec AntiVirus is an antivirus scan engine implemented in numerous antivirus products from Symantec, including Norton AntiVirus, Mail Security, Web Security, and others. Symantec AntiVirus supports standard file scanning and realtime file scanning. The application is exposed to multiple remote issues affecting the Symantec Decomposer component.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
  • 07.29.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AVG Anti-Virus Local Privilege Escalation
  • Description: AVG Free and AVG Anti-Virus are antivirus applications available for the Microsoft Windows platform. The application is exposed to a local privilege escalation issue due to a failure of the application to properly limit unprivileged users from functionality that allows them to write arbitrary data to arbitrary kernel memory. AVG Anti-Virus Free Edition version 7.5.446 and AVG Anti-Virus version 7.5.438 are affected.
  • Ref: http://www.securityfocus.com/bid/24870
  • 07.29.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec AntiVirus Corporate Edition Local Privilege Escalation
  • Description: Symantec AntiVirus Corporate Edition is antivirus software for enterprise workstations and network servers. It is available for multiple Microsoft Windows platforms. The application is exposed to a local privilege escalation issue because it fails to properly drop privileges.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.07.11c.html
  • 07.29.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
  • Description: Symantec Client Security is a security application to protect computers from malware and provide vulnerability reporting. The application is exposed to a stack buffer overflow issue that occurs because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.07.11b.html
  • 07.29.16 - CVE: CVE-2006-5271, CVE-2006-5272, CVE-2006-5273,CVE-2006-5274
  • Platform: Third Party Windows Apps
  • Title: McAfee Common Management Agent (CMA) Multiple Memory Corruption Vulnerabilities
  • Description: McAfee Common Management Agent (CMA) is a management-related component included with various other McAfee products. The application is exposed to mutiple memory-corruption issues. It fails to properly bounds check user-supplied data in several instances before copying it into insufficiently sized memory buffers.
  • Ref: https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
  • 07.29.17 - CVE: CVE-2007-3673
  • Platform: Third Party Windows Apps
  • Title: Symantec Device Driver SYMTDI.SYS Local Privilege Escalation
  • Description: SYMTDI.SYS is a device driver used in multiple Symantec products. The applications running the SYMTDI.SYS device driver are exposed to a privilege escalation issue because it fails to adequately sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/473392
  • 07.29.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker ActiveX Control Fill Method Stack Based Buffer Overflow
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Zenturi ProgramChecker version 1.5.0.531 is affected.
  • Ref: http://www.securityfocus.com/bid/24848
  • 07.29.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service
  • Description: Innovasys DockStudioXP is a toolbar and dock application for Microsoft Windows operating systems. The application is exposed to a denial of service issue. Please refer to the link below for further details.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Player Classic .FLV Remote Denial of Service
  • Description: Media Player Classic is a multimedia playback application for the Microsoft Windows operating system. The application is exposed to a remote denial of service issue that occurs when handling maliciously crafted .FLV media files. Media Player Classic version 6.4.9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24830
  • 07.29.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow
  • Description: Symantec Norton Ghost is a backup utility application available for Microsoft Windows. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Symantec Ghost version 12.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/473187
  • 07.29.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates ERwin Process Modeler MERGEOLF.EXE Buffer Overflow
  • Description: Computer Associates ERwin Process Modeler (formerly AllFusion Process Modeler) is an application that allows users to develop workflow models, complex node trees, and various other models. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. ERwin Process Modeler version 7.1 is affected.
  • Ref: http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf
  • 07.29.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities
  • Description: Norton Ghost is a backup utility for Microsoft Windows. The application is exposed to multiple denial of service issues that affect the "UpdateCatalog(String)" function of the 'FileBackup.dll' library.
  • Ref: http://www.securityfocus.com/archive/1/473187
  • 07.29.24 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities
  • Description: Eltima Software Virtual Serial Port is an ActiveX control used for creating custom virtual serial ports. The control is exposed to multiple denial of service issues. Virtual Serial Port version 5.0 is affected.
  • Ref: http://support.microsoft.com/kb/q240797/
  • 07.29.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinPcap NPF.SYS BIOCGSTATS Parameters Local Privilege Escalation
  • Description: WinPcap provides real time link level network access on Windows based operating systems. The application is exposed to a local privilege escalation issue because the software allows malicious users to pass malicious Interrupt Request Packet (IRP) parameters to IOCTL 9031 (otherwise known as BIOCGSTATS) in the "NPF.SYS" file. WinPcap version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/473223
  • 07.29.26 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nonnoi ASP/Barcode COM Component NONNOI_ASPBarcode.DLL Arbitrary File Overwrite
  • Description: Nonnoi ASP/Barcode is a server-side COM component used to add bar codes to applications. The ActiveX control is exposed to an issue that lets attackers overwrite arbitrary files on the victim's computer in the context of the affected application using the ActiveX control (typically Internet Explorer). This issue occurs because the application fails to sanitize user-supplied input to the "filenameA" parameter of the "SaveBarcode()" in the "nonnoi_ASPBarcode.dll" library. Nonnoi ASP/Barcode version 2.20 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Data Dynamics ActiveReports DDRow EXCLEXPT.DLL ActiveX Control Denial of Service
  • Description: Data Dynamics ActiveReports Excel Report is a report designer for Visual Basic developers. The application is exposed to a denial of service issue. Data Dynamics ActiveReports Excel Report version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/473187
  • 07.29.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates AllFusion Process Modeler Buffer Overflow
  • Description: AllFusion Process Modeler is an application that allows users to develop workflow models, complex node trees, and various other models. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. AllFusion Process Modeler version 7.1 is affected.
  • Ref: http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf
  • 07.29.29 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NuMedia NMSDVDX.DLL Multiple Denial of Service Vulnerabilities
  • Description: The NuMedia DVD Burning SDK is a software development platform for CD/DVD burning applications. The application is exposed to multiple denial of service issues because the application fails to properly sanitize user-supplied input. NMSDVDX DVD Burning SDK version 1.008 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.30 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chillkat Zip ChilkatZip2.DLL Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: Chillkat Zip is an ActiveX control that allows users compress and decompress files. The ActiveX control is exposed to multiple issues that lets attackers overwrite arbitrary files on the victim's computer in the context of the affected application using the ActiveX control (typically Internet Explorer). These issues occur because the application fails to sanitize user-supplied input to the "SaveLastError" and "WriteExe" methods of the "ChilkatZip2.dll" library. Chillkat Zip version 12.4.2.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.29.31 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Visual IRC Join Response Buffer Overflow
  • Description: Visual IRC (ViRC) is an Internet relay chat (IRC) client for the Microsoft Windows operating system. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data prior to copying it to an insufficiently sized buffer. Visual IRC (ViRC) version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24798
  • 07.29.32 - CVE: Not Available
  • Platform: Linux
  • Title: policyd W_Read Function Remote Buffer Overflow
  • Description: policyd is a policy daemon for Postfix. The application is exposed to a remote buffer overflow issue because the application fails to properly check boundaries on user-supplied data before using it in a finite-sized buffer. policyd versions prior to 1.81 are affected.
  • Ref: http://www.securityfocus.com/bid/24899
  • 07.29.33 - CVE: Not Available
  • Platform: Linux
  • Title: Netwin SurgeFTP Multiple Remote Vulnerabilities
  • Description: Netwin SurgeFTP is a file-transfer application. SurgeFTP is exposed to multiple remote issues, including a remote denial of service issue that arises when the application handles malformed responses to the "PASV" command, and an HTML injection issue that arises because the application fails to sanitize data supplied through certain status messages. Netwin SurgeFTP version 2.3a1 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt
  • 07.29.34 - CVE: CVE-2005-1924, CVE-2005-4169
  • Platform: Linux
  • Title: SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command Execution Vulnerabilities
  • Description: The G/PGP encryption plugin for SquirrelMail provides encryption, decryption, and digital-signature support within the SquirrelMail webmail system. Three separate shell command injection issues and one local file include issue are present in various versions of the affected plugin. One issue has been addressed in version 2.1, but the others are still unfixed.
  • Ref: http://www.securityfocus.com/bid/24874
  • 07.29.35 - CVE: Not Available
  • Platform: Linux
  • Title: IBM AIX Libodm Unspecified Buffer Overflow
  • Description: IBM AIX libodm is exposed to a local buffer overflow issue because the application fails to perform boundary checks prior to copying user-supplied data into insufficiently sized memory buffers. IBM AIX versions 5.2 and 5.3 are affected.
  • Ref: ftp://aix.software.ibm.com/aix/efixes/security/README
  • 07.29.36 - CVE: CVE-2007-3107
  • Platform: Linux
  • Title: Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service
  • Description: The PowerPC Linux kernel is exposed to a denial of service issue that resides in the "restore_sigcontext()" function call in the "ptrace.c" source code file because of a design issue. Linux kernel on PowerPC architectures are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0595.html
  • 07.29.37 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Decode_Choices Function Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue because it fails to handle certain h323 data and the "decode_choice()" function in the "net/netfilter/nf_conntrack_h323_asn1.c" source file fails to adequately handle out-of-range index data that is still encoded with a fixed length bit-field. The Linux kernel versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are affected.
  • Ref: http://www.securityfocus.com/bid/24818
  • 07.29.38 - CVE: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645
  • Platform: Unix
  • Title: FreeBSD LibArchive Multiple Remote Vulnerabilities
  • Description: The "libarchive" library is FreeBSD's interface library for reading and writing streaming archive files (e.g. "tar" and "cpio"). The application is exposed to multiple issues because the library fails to properly handle malformed TAR and PAX archives. FreeBSD versions 5.3 and later (up until releases made after 12 July 2007) are affected.
  • Ref: http://www.securityfocus.com/bid/24885
  • 07.29.39 - CVE: CVE-2007-3103
  • Platform: Cross Platform
  • Title: X.Org XFS Init Script Insecure Temporary File Creation
  • Description: The X Font Server (XFS) is part of the X Window System. XFS creates temporary files in an insecure manner. The problem occurs in the "init.d" script responsible for starting up the X Window System and XFS. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557
  • 07.29.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle July 2007 Critical Patch Update Advance Notification
  • Description: Oracle has released advance notification of the vendor's July Critical Patch Update that will address 46 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise. Oracle will be releasing its July quarterly Critical Patch Update on July 17, 2007. Further details about the specific vulnerabilities will also be released at that time.
  • Ref: http://www.securityfocus.com/bid/24887
  • 07.29.41 - CVE: CVE-2007-2392, CVE-2007-2393, CVE-2007-2394,CVE-2007-2396, CVE-2007-2397, CVE-2007-2402
  • Platform: Cross Platform
  • Title: Apple Quicktime Information Disclosure and Multiple Code Execution Vulnerabilities
  • Description: Apple QuickTime is exposed to an information disclosure issue and multiple remote code execution issues. The information disclosure issue affects Quicktime for Java. This issue may allow an attacker to capture a user's screen content. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
  • 07.29.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities
  • Description: Cisco Unified Communications Manager and Presence Server are exposed to multiple unauthorized access issues. An attacker with administrative access can activate and terminate CUCM / CUPS system services and access SNMP configuration information
  • Ref: http://www.securityfocus.com/archive/1/473379
  • 07.29.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager Multiple Heap Buffer Overflow Vulnerabilities
  • Description: Cisco Unified Communications Manager (CUCM) is the call processing component of the Cisco IP telephony solution. CUCM is exposed to multiple heap-based buffer overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
  • 07.29.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendors RAR Handling Remote Null Pointer Dereference
  • Description: The "RAR" and "UnRAR" utilities are used to compress and decompress files in the RAR file format. ClamAV is an antivirus application for Microsoft Windows and UNIX-like operating systems. ClamAV uses UnRAR to decompress RAR archives before scanning. Multiple applications using RAR are exposed to a NULL-pointer dereference issue that occurs in the RAR AV filters when processing a malformed RAR file. ClamAV versions prior to 0.91 and "UnRAR" version 3.70 is affected.
  • Ref: http://www.securityfocus.com/archive/1/473371
  • 07.29.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail Remote Format String
  • Description: SurgeMail is a pay-for-service email application for multiple platforms. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before including it in the format specifier argument of a formatted printing function. SurgeMail Linux Version 3.7b8 is affected.
  • Ref: http://www.securityfocus.com/bid/24871
  • 07.29.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: QuarkXPress Word Document Text-Import Font Handling Stack Buffer Overflow
  • Description: QuarkXPress is a page layout application available for Mac OS X and Microsoft Windows operating systems. The application is exposed to a remote stack-based buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. QuarkXpress version 7.2 for Microsoft Windows is affected.
  • Ref: http://vuln.sg/quarkxpress72-en.html
  • 07.29.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager Logging Output Password Disclosure
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. Sun Java System Access Manager may allow local attackers to gain access to user passwords. This issue results from a design error. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1&searchclause=
  • 07.29.48 - CVE: CVE-2007-3509
  • Platform: Cross Platform
  • Title: Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow
  • Description: Symantec Veritas Backup Exec is a network-enabled backup solution from Symantec. It is available for Novell Netware and Microsoft Windows platforms. The application is exposed to a heap-based buffer overflow issue for Windows server because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs in an unspecified RPC interface.
  • Ref: http://www.symantec.com/avcenter/security/Content/2007.07.11a.html
  • 07.29.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
  • Description: CenterICQ is an instant-messaging application that supports ICQ2000, Yahoo!, AIM, IRC, MSN, Gadu-Gadu and Jabber protocols. It is available for Microsoft Windows, Unix, Linux, and other Unix-like operating systems. The application is exposed to multiple buffer overflow issues that occur because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/24854
  • 07.29.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun JSSE SSL/TLS Handshake Processing Denial of Service
  • Description: The Sun JSSE (Java Secure Socket Extension) is a communications server distributed with the Java Runtime Environment. The application is exposed to a denial of service issue. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1&searchclause=
  • 07.29.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Server XSLT Processing Remote Java Method Execution
  • Description: Sun Java System Web Server is an application for serving and managing web applications. The application is exposed to an arbitrary Java method execution issue due to a failure of the application to securely process XSLT stylesheets. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1&searchclause=
  • 07.29.52 - CVE: CVE-2007-3456
  • Platform: Cross Platform
  • Title: Adobe Flash Player SWF File Handling Remote Code Execution
  • Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla and Apple technologies. The application is exposed to a remote code execution issue because it fails to properly sanitize user-supplied input. Adobe Flash Player versions 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-12.html
  • 07.29.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Hardware Management Console Unspecified Vulnerability
  • Description: IMB Hardware Management Consoles enable a system administrator to manage configuration and operation of partitions in a system, as well as to monitor the system for hardware problems. The application is exposed to an unspecified issue. Hardware Management Console version 7R3.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24844
  • 07.29.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass
  • Description: Mozilla Firefox is a browser available for multiple operating systems. The application is exposed to a cache zone bypass issue due to a failure of the application to properly block remote access to special internally generated URIs containing cached data.
  • Ref: http://www.securityfocus.com/bid/24831
  • 07.29.55 - CVE: CVE-2006-4519
  • Platform: Cross Platform
  • Title: GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
  • Description: GNU Image Manipulation Program (The GIMP) is an image editing application available for multiple operating systems. The GIMP is exposed to multiple integer overflow issues because it fails to adequately bounds check user-supplied data. GNU Image Manipulation Program versions prior to 2.2.16 are affected.
  • Ref: http://www.securityfocus.com/archive/1/473226
  • 07.29.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities
  • Description: The G/PGP encryption plugin for SquirrelMail provides encryption, decryption, and digital-signature support within the SquirrelMail webmail system. SquirrelMail G/PGP Encryption Plugin version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24828
  • 07.29.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates ERwin Data Model Validator Multiple Denial of Service Vulnerabilities
  • Description: AllFusion Data Model Validator is a data modeling solution that allows users to create and maintain databases, data warehouses and enterprise data resource models. The application is exposed to multiple denial of service issues because the application fails to handle specially crafted ".EXP" database files.
  • Ref: http://www.eleytt.com/advisories/eleytt_ALLFUSIONDATAMODEL.pdf
  • 07.29.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Multiple Popup Tabs Denial of Service
  • Description: Firefox is exposed to a remote denial of service issue. The issue occurs when processing a popup window with an excessively large amount of tabs in it. The application fails to handle this condition and crashes. Firefox version 2.0.0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/473187
  • 07.29.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi TPBroker Unspecified Denial of Service
  • Description: Hitachi TPBroker is a compliant transaction manager based on the CORBA and the Object Transaction Service (OTS). The application is exposed to a denial of service issue that occurs when the ADM daemon process receives multiple unspecified requests.
  • Ref: http://www.securityfocus.com/bid/24789
  • 07.29.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness
  • Description: JP1/HiCommand is a series of software products used to monitor and manage data storage infrastructures. The application is exposed to a remote protocol negotiation weakness due to a design error. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
  • 07.29.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SiteScape Forum Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: SiteScape is a web-based forum. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input to multiple unspecified scripts. SiteScape forum versions prior to 7.3 are affected.
  • Ref: http://www.securityfocus.com/bid/24893
  • 07.29.62 - CVE: CVE-2007-3014
  • Platform: Web Application - Cross Site Scripting
  • Title: ActiveWeb Contentserver Multiple Cross-Site Scripting Vulnerabilities
  • Description: ActiveWeb Contentserver is content management system written in ASP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "msg" parameter of the "rights.asp" and "transaction.asp" scripts. Contentserver versions prior to 5.6.2964 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php
  • 07.29.63 - CVE: CVE-2007-3693
  • Platform: Web Application - Cross Site Scripting
  • Title: Helma Search Script Cross-Site Scripting
  • Description: Helma is a JavaScript-based web application framework. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the application's search script. Helma version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24880
  • 07.29.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: JP1/HiCommand Series Products Cross-Site Scripting
  • Description: Hitachi JP1/HiCommand is a series of software products used to monitor and manage data storage infrastructures. JP1/HiCommand Series Products are exposed to a cross-site scripting issue because the applications fail to sufficiently sanitize user-supplied data from the HTTP protocol "Expect" header. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-017_e/index-e.html
  • 07.29.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWeb Contentserver Picture_Real_Edit.ASP SQL Injection
  • Description: ActiveWeb Contentserver is content management system written in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "picture_real_edit.asp" script before using it in an SQL query. Contentserver versions prior to 5.6.2964 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php
  • 07.29.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Inmostore Index.PHP SQL Injection
  • Description: Inmostore is an ecommerce application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "user" and "pass" parameters of the "index.php" script before using it in an SQL query. Inmostore version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24884
  • 07.29.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MKPortal Multiple SQL Injection Vulnerabilities
  • Description: MKPortal is a web portal. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. MKPortal version 1.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24886
  • 07.29.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MKPortal Multiple Modules SQL Injection Vulnerability
  • Description: MKPortal is a web portal. The MKPortal Reviews and Gallery modules provide add-on functionality for MKPortal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "iden" parameter of the "index.php' script before using it in an SQL query. MkPortal version 1.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24891
  • 07.29.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webmatic Multiple SQL Injection Vulnerabilities
  • Description: Webmatic is an application that allows users to develop web sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin/admin_album.php" and "admin/admin_downloads.php" scripts before using it in an SQL query. Webmatic versions prior to 2.6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/24878
  • 07.29.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EnViVo!CMS Default.ASP ID Parameter SQL Injection
  • Description: EnViVo!CMS is a Web content management system implemented in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ID" parameter of the "default.asp" script before using it in an SQL query. All versions are affected.
  • Ref: http://www.securityfocus.com/bid/24860
  • 07.29.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eVisit Analyst ID Parameter Multiple SQL Injection Vulnerabilities
  • Description: eVisit Analyst is a web site statistics tool implemented in Perl. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "idsp1.pl", "ip.pl" and "einsite_director.pl" scripts.
  • Ref: http://www.securityfocus.com/bid/24849
  • 07.29.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenLD Index.PHP SQL Injection
  • Description: OpenLD is a content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. OpenLD versions 1.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24838
  • 07.29.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Inferno Technologies VBulletin RPG Inferno Inferno.PHP SQL Injection
  • Description: RPG Inferno is a web-based role playing game application. It is also available as a vBulletin module. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "inferno.php" script before using it in an SQL query. RPG Inferno version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/24839
  • 07.29.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Aigaion Index.PHP SQL Injection
  • Description: Aigaion is a bibliography management application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "topic_id" parameter of the "index.php" script before using it in an SQL query. Aigaion version 1.3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24836
  • 07.29.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GameSiteScript Index.PHP SQL Injection
  • Description: GameSiteScript is an arcade web-site application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. GameSiteScript versions 3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24807
  • 07.29.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlashGameScript Member.PHP SQL Injection
  • Description: FlashGameScript is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "member.php" script before using it in an SQL query. FlashGameScript versions 1.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24809
  • 07.29.77 - CVE: CVE-2007-3018
  • Platform: Web Application
  • Title: ActiveWeb Contentserver CMS Permissions Bypass Weakness
  • Description: ActiveWeb Aontentserver is a content management system written in ASP. The application is exposed to a file permissions bypass weakness due to a design error which allows editors to write files to unauthorized locations, regardless of the permissions established for the account. ActiveWeb Contentserver versions prior to release 5.6.2964 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2007-007.php
  • 07.29.78 - CVE: Not Available
  • Platform: Web Application
  • Title: ActiveWeb Contentserver Mimetype Name HTML Injection
  • Description: ActiveWeb Contentserver is content management system written in ASP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Contentserver versions prior to 5.6.2964 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2007-005.php
  • 07.29.79 - CVE: CVE-2007-3017
  • Platform: Web Application
  • Title: ActiveWeb Contentserver CMS Client Side Filtering Bypass
  • Description: ActiveWeb Contentserver is a content management system written in ASP. The application's editor function is exposed to a client-side input validation bypass issue because it fails to sufficiently sanitize user-supplied data. ActiveWeb Contentserver CMS versions 5.6.2929 and earlier are affected. Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2007-006.php?lang=en
  • 07.29.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Belkin G Plus Router DHCP Client List HTML Injection
  • Description: The Belkin G Plus Router is network router that uses a web-based administration interface. The router is exposed to an HTML-injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Firmware version 4.05.03 is affected.
  • Ref: http://www.securityfocus.com/bid/24881
  • 07.29.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmatic Administration Interface Security Bypass
  • Description: Webmatic is an application that allows users to develop web sites. The application is exposed to a security bypass issue because the application fails to properly validate user privileges. Webmatic versions prior to 2.7 are affected.
  • Ref: http://www.securityfocus.com/bid/24879
  • 07.29.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PSNews Show.PHP Local File Include
  • Description: PSNews is an web-based forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "newspath" parameter of the "show.php" script. PSNews version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24875
  • 07.29.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Multiple Security Bypass Vulnerabilities
  • Description: Drupal is a content manager. The application is exposed to multiple security bypass issues that result from access validation errors. Versions of Forward for Drupal 5.x before 5.x-1.0, and Drupal 4.7.x before 4.7-1.1 are affected. Versions of Print for Drupal 5.x before 5.x-1.2, and Drupal 4.7.x before 4.7-1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/24862
  • 07.29.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Mike's World Mail Machine Mailmachine.CGI Local File Include
  • Description: Mike's World Mail Machine is an email application implemented in the CGI programming language. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "archives" parameter of the "mailmachine.cgi" script.
  • Ref: http://www.securityfocus.com/bid/24852
  • 07.29.85 - CVE: Not Available
  • Platform: Web Application
  • Title: ImgSvr Template Parameter Local File Include
  • Description: ImgSvr is a digital photo database application. The application is exposed to a local file include issue due to a lack of sanitization of user-supplied input to the "template" parameter of the "index.php" script. ImgSrv version 0.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/24853
  • 07.29.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Entertainment CMS AdminLogged Cookie Parameter Authentication Bypass
  • Description: Entertainment CMS is a content management system. The application is exposed to an authentication bypass issue that affects the "adminLogged" cookie parameter when logging into the administrator page.
  • Ref: http://www.securityfocus.com/bid/24847
  • 07.29.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Unobtrusive AJAX Star Rating Bar Multiple Input Validation Vulnerabilities
  • Description: Unobtrusive AJAX Star Rating Bar is a rating bar script. The application is exposed to multiple input validation issues. Unobtrusive AJAX Star Rating Bar versions prior to 1.2.0 are affected.
  • Ref: http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
  • 07.29.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Java Runtime Environment WebStart JNLP File Stack Buffer Overflow
  • Description: Webstart is an application used by Sun Java Runtime Environment for managing and downloading Java applications. The application is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Java Runtime Environment 6 update 1 and Java Runtime Environment 5 update 11 are affected.
  • Ref: http://research.eeye.com/html/advisories/published/AD20070705.html
  • 07.29.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPTrafficA IsLoggedIn Function Authentication Bypass
  • Description: phpTrafficA is a PHP-based application for analyzing web traffic. The application is exposed to an authentication bypass issue that occurs in the "isloggedin()" function of the "Php/login.inc.php" script. phpTrafficA version 1.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/24823
  • 07.29.90 - CVE: Not Available
  • Platform: Web Application
  • Title: AV Tutorial Script ChangePW.PHP Security Bypass
  • Description: AV Tutorial Script is a web-based application that allows users to create tutorials. The application is exposed to an issue that may allow remote attackers to change a user's password due to a design error. AV Tutorial Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24808
  • 07.29.91 - CVE: Not Available
  • Platform: Network Device
  • Title: TippingPoint IPS Fragmented Packets Detection Bypass
  • Description: TippingPoint Intrusion Prevention System (IPS) appliances provide network security by inspecting and filtering traffic. The application is exposed to a detection bypass issue because the appliance fails to properly handle fragmented packets.
  • Ref: http://www.3com.com/securityalert/alerts/3COM-07-002.html
  • 07.29.92 - CVE: Not Available
  • Platform: Network Device
  • Title: IBM Proventia Sensor Appliance Multiple Input Validation Vulnerabilities
  • Description: The IBM Proventia Sensor Appliance is a hardware based intrusion prevention and detection system. The device is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. IBM Proventia Sensor Appliance CX5108 and GX5008 are affected.
  • Ref: http://www.sybsecurity.com/hack-proventia-1.pdf
  • 07.29.93 - CVE: Not Available
  • Platform: Network Device
  • Title: TippingPoint IPS Unicode Character Detection Bypass
  • Description: TippingPoint Intrusion Prevention System (IPS) appliances provide network security by inspecting and filtering traffic. The application is exposed to a detection bypass issue because the appliance fails to properly handle Unicode characters.
  • Ref: http://www.securityfocus.com/archive/1/473311

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Opened my eyes to things that I thought I already knew, and I'm already learning new material on day 1
-Anthony Fischer, Front Porch, Inc.

GIAC GMOB Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP