Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 3
January 15, 2007

SANS Newsletters Home

To avoid exploits of the critical new Microsoft VML vulnerability (#1), users should be told to read email in plain text mode only. And multiple critical buffer overflow vulnerabilities have been found in CA BrightStor ARCserve (#2). Many people don't focus on vulnerabilities in the backup servers, to their great misfortune. The bad guys are sharply focused on exploiting backup servers; they hold lots of valuable data and they give the bad guys an easy path into other sensitive systems.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 2
    • Microsoft Office
    • 8 (#3, #6, #9)
    • Other Microsoft Products
    • 2 (#1)
    • Third Party Windows Apps
    • 8 (#2)
    • Mac Os
    • 6 (#5)
    • Linux
    • 4
    • HP-UX
    • 1
    • BSD
    • 1
    • Solaris
    • 1
    • Aix
    • 2
    • Unix
    • 2
    • Novell
    • 1
    • Cross Platform
    • 20 (#4, #7, #8, #10, #11)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 11
    • Web Application
    • 24
    • Network Device
    • 7

*************************************************************************

SECURITY TRAINING UPDATE: Several of the hands-on immersion security training courses at SANS 2007 (San Diego, March 29 - April 4) are starting to fill up. If you want a place, register early. You'll also save hundreds of dollars if you do it in the next few weeks. Full Schedule (53 courses): http://www.sans.org/sans2007/event.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
HP-UX
BSD
Solaris
Aix
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Vector Markup Language Integer Overflow (MS07-004)
  • Affected:
    • Microsoft Internet Explorer 5/6/7

  • Description: The Microsoft Vector Markup Language (VML) parser contains an integer overflow vulnerability in the way it parses VML data. VML is used to describe complex vector-based graphics and other documents. The VML parser is used by Internet Explorer, and is believed to also be used by Outlook, Outlook Express, and Microsoft Office. A specially-crafted VML document could exploit this vulnerability to execute arbitrary code with the privileges of the current user. VML documents are automatically rendered in Microsoft Internet Explorer and Microsoft Outlook Express. A working exploit is available to the members of Immunity's partners' program. According to the Microsoft advisory, this flaw is being actively exploited.

  • Status: Microsoft confirmed, updates available. Users are advised to read email in plain text mode only, as this will eliminate the email attack vector. Additionally, users can mitigate the impact of this vulnerability by unregistering the "vgx.dll" system component, using the command '"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"'. Microsoft's security bulletin provides other mitigating strategies.

  • Council Site Actions: All reporting council sites are responding to this issue. They all plan to deploy the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (4) HIGH: Adobe Acrobat Reader Heap Memory Corruption
  • Affected:
    • Adobe Acrobat Reader version 7.0.8 and prior

  • Description: Adobe Acrobat Reader contains a heap memory corruption vulnerability. A specially-crafted PDF file could exploit this vulnerability and overwrite a function pointer, allowing attackers to execute arbitrary code with the privileges of the current user. PDF files are generally configured to open without prompting on most platforms. The technical details for this vulnerability are publicly available.

  • Status: Adobe confirmed, updates available.

  • References:
  • (5) HIGH: Apple Multiple Disk Image Handling Vulnerabilities
  • Affected:
    • Apple Mac OS X 10.4.8 and possibly prior

  • Description: Apple Mac OS X contains two flaws in the handling of Mac OS X Disk Image (DMG) files. These files store an embedded filesystem and are used to transfer data and applications. The first vulnerability stems from the way Finder (the default graphical shell and file management application) handles volume names in DMG files. A specially-crafted volume name in a DMG file could exploit this vulnerability and execute arbitrary code with the privileges of the current user. The second vulnerability stems from an integer overflow in the kernel code used for handling Fast File System (FFS) volumes. A specially-crafted DMG file containing an FFS image could exploit this vulnerability and execute arbitrary code with root privileges. Note that DMG files are automatically opened by default in Apple Safari. The technical details and proofs-of-concept are publicly available for these vulnerabilities.

  • Status: Apple has not confirmed, no updates available. Users can mitigate the impact of these vulnerabilities by disabling the "Open Safe Files" option in Safari's configuration. Council Site Status: Only one of the report council sites is using the affected software. They plan to deploy the patch when one is available. In the meantime, they have advised their Safari users to disable the "open safe files" feature.

  • References:
  • (8) MODERATE: HP OpenView Network Node Manager Remote Code Execution
  • Affected:
    • HP OpenView Network Node Manager versions 6.20, 6.4x, 7.01, and 7.50

  • Description: HP OpenView Network Node Manager (NNM), HP's enterprise management product, contains a remote code execution vulnerability. An attacker could exploit this vulnerability to execute arbitrary code with the privileges of the NNM server process. No technical details are believed to be publicly available for this exploit. NNM on HP-UX, Solaris, Microsoft Windows, and Linux is vulnerable.

  • Status: HP confirmed, updates available.

  • References:
Other Software
  • (9) MODERATE: Microsoft Office 2003 Brazilian Portuguese Grammar Checker Memory Corruption (MS07-001)
  • Affected:
    • Microsoft Office 2003

  • Description: The Microsoft Office 2003 Brazilian Portuguese Grammar Checker contains a memory corruption vulnerability. A specially-crafted document opened in a vulnerable version of Microsoft Office with this component installed could exploit this vulnerability and execute arbitrary code with the privileges of the current user. Note that Microsoft Office 2003 does not automatically open documents without prompting.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5340 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.3.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Explorer WMF File Denial of Service
  • Description: Microsoft Windows Explorer is prone to a denial of service issue. A specially-crafted WMV (Windows Media Video) file will crash the application when the file is processed. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21992
  • 07.3.2 - CVE: CVE-2007-0099
  • Platform: Windows
  • Title: Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue due to a race condition. This issue could result in a NULL pointer dereference, read and write operations to invalid addresses and other memory-corruption issues.
  • Ref: http://www.securityfocus.com/bid/21872
  • 07.3.3 - CVE: CVE-2006-1305
  • Platform: Microsoft Office
  • Title: Microsoft Outlook Malformed Email Header Remote Denial of Service
  • Description: Microsoft Outlook is an email client available for various Microsoft platforms. It is exposed to a remote denial of service vulnerability because the application fails to properly handle malformed email messages. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
  • 07.3.4 - CVE: CVE-2006-5574
  • Platform: Microsoft Office
  • Title: Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution
  • Description: Microsoft Office is prone to a remote code execution vulnerability. This issue occurs when the application processes certain Microsoft Office files. Please see the advisory for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-001.mspx
  • 07.3.5 - CVE: CVE-2007-0034
  • Platform: Microsoft Office
  • Title: Microsoft Outlook Advanced Find Remote Code Execution
  • Description: Microsoft Outlook is prone to a remote code execution vulnerability because the application fails to properly handle malformed Office Saved Searches (OSS) files. Please refer to the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
  • 07.3.6 - CVE: CVE-2007-0029
  • Platform: Microsoft Office
  • Title: Microsoft Excel Malformed String Remote Code Execution
  • Description: Microsoft is prone to a remote code execution vulnerability that occurs when the application parses files that contain malformed strings. Please see the advisory for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
  • 07.3.7 - CVE:CVE-2007-0027,CVE-2007-0028,CVE-2007-0029,CVE-2007-0030,CVE-2007-0031
  • Platform: Microsoft Office
  • Title: Microsoft Excel Malformed Palette Record Remote Code Execution
  • Description: Microsoft Excel is affected by a remote code execution issue. The issue exists in the handling of "PALETTE" records existing in "BIFF8" files, which contain strings that are encoded in UTF-16LE format.
  • Ref: http://www.securityfocus.com/bid/21922
  • 07.3.8 - CVE: CVE-2007-0030
  • Platform: Microsoft Office
  • Title: Microsoft Excel Malformed Column Record Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application. Excel is prone to a remote code execution vulnerability. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/archive/1/456417
  • 07.3.9 - CVE: CVE-2007-0027
  • Platform: Microsoft Office
  • Title: Microsoft Excel IMDATA Record Remote Code Execution
  • Description: Microsoft Excel is prone to a remote code execution vulnerability. This issue occurs when the application parses files that contain malformed IMDATA records. Please refer to the advisory for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
  • 07.3.10 - CVE: CVE-2007-0028
  • Platform: Microsoft Office
  • Title: Microsoft Excel Opcode Handling Unspecified Remote Code Execution
  • Description: Microsoft Excel is reportedly susceptible to an unspecified remote code execution vulnerability. Please refer to the link for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
  • 07.3.11 - CVE: CVE-2007-0024
  • Platform: Other Microsoft Products
  • Title: Microsoft Windows Vector Markup Language Buffer Overrun
  • Description: Microsoft Windows is prone to a buffer overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents in "Vgx.dll". See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
  • 07.3.12 - CVE: CVE-2007-0033
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook VEVENT Record Remote Code Execution
  • Description: Microsoft Outlook is an email client available for various Microsoft platforms. It is exposed to a remote code execution issue because the application fails to properly handle malformed iCal requests. Specifically, malformed "VEVENT" records contained in iCal meeting requests may trigger this issue.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
  • 07.3.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EF Commander ISO File Remote Buffer Overflow
  • Description: EF Commander is a file manager available for multiple Microsoft Windows platforms. It is prone to a remote buffer overflow vulnerability due to insufficient bounds checking in relation to the creation of nested directories. EF Commander version 5.75 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21969
  • 07.3.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sina UC ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities
  • Description: Sina UC is an instant messaging client application. It is vulnerable to multiple remote stack buffer overflow issues. Sina UC versions 2006 and earlier are vulnerable. See the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/456378
  • 07.3.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TIS Firewall Toolkit FTP-GW Remote Buffer Overflow
  • Description: TIS Firewall Toolkit is a freely available firewall package that includes a number of proxy applications. TIS Firewall Toolkit's ftp-gw application is prone to a remote buffer overflow issue because the "cmd_user()" function utilizes "sprintf()" without proper bounds checking while constructing a "syslog()" message. TIS Firewall Toolkit version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21960
  • 07.3.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow
  • Description: PowerArchiver is a file compression/decompression tool for the Microsoft Windows operating system. It is exposed to a remote buffer overflow vulnerability because it fails to properly bounds check user-supplied input before copying it to an insufficiently-sized memory buffer. Versions of PowerArchiver 2006 prior to 9.64.03 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/21867
  • 07.3.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SecureKit Steganography Carrier File Password Security Bypass
  • Description: SecureKit Stenanography is an application that allows users to embed secret messages in arbitrary files. It is prone to a security bypass vulnerability because of a design flaw that allows the unknown password of an encrypted file to be swapped by a known password. Versions 1.8 and 1.71 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21938
  • 07.3.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Rediff Toolbar ActiveX Control Remote Code Execution
  • Description: Rediff Toolbar is an ActiveX control designed to assist searches. The remote code execution issue affects the Rediff Toolbar ActiveX control from the "redifftoolbar.dll" library. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/21924
  • 07.3.19 - CVE: CVE-2007-0164
  • Platform: Third Party Windows Apps
  • Title: Camouflage Security Password Bypass
  • Description: Camouflage is a stenographic application. It is vulnerable to a security bypass issue due to a design error because an attacker may be able to overwrite the password data in a target carrier file with known password data from a different carrier file. Camouflage version 1.2.1 is vulnerable.
  • Ref: http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html
  • 07.3.20 - CVE: CVE-2006-6336
  • Platform: Third Party Windows Apps
  • Title: Eudora WorldMail Mail Manager Server Remote Heap Based Buffer Overflow
  • Description: Eudora WorldMail Mail Manager Server is vulnerable to a remote heap-based buffer overflow issue when an overly large number of successive delimeters are processed. Eudora WorldMail Management Server version 3.1 is vulnerable.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-001.html
  • 07.3.21 - CVE: Not Available
  • Platform: Mac Os
  • Title: Mac OS X DMG UFS FFS_MountFS Integer Overflow
  • Description: Apple Mac OS X is vulnerable to a remote integer overflow issue when the UFS filesystem handler fails to handle specially-crafted DMG images. Mac OS X 10.4.8 and freeBSD 6.1 are vulnerable. Ref: http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html
  • 07.3.22 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X Finder DMG Volume Memory Corruption
  • Description: The Finder application in Mac OS X provides user management of files, disks and network volumes. The application is affected by a memory corruption issue which can be triggered when attackers create a DMG image with a volume name that is greater than 255 bytes in length. Finder version 10.4.6 on Mac OS X 10.4.8 X86 is affected.
  • Ref: http://www.securityfocus.com/bid/21980
  • 07.3.23 - CVE: Not Available
  • Platform: Mac Os
  • Title: Application Enhancer Local Privilege Escalation
  • Description: Application Enhancer is an application that helps to enhance and redefine various behaviors of applications running on the system. It is vulnerable to a local privilege escalation issue when handling various environment variables. Application Enhancer version 2.0.2 is vulnerable.
  • Ref: http://projects.info-pull.com/moab/MOAB-08-01-2007.html#debug
  • 07.3.24 - CVE: Not Available
  • Platform: Mac Os
  • Title: OmniWeb Javascript Alert() Format String
  • Description: OmniWeb is a web client available for Mac OS X. It is prone to a remote format string vulnerability due to insufficient input sanitization of the "alert()" function. OmniWeb version 5.5.1 (v607.5) running on Mac OS X 10.4.8 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21911
  • 07.3.25 - CVE: Not Available10.4.8 are vulnerable.
  • Platform: Mac Os
  • Title: Apple DiskManagement Framework BOM Local Privilege Escalation
  • Description: Apple DiskManagement Framework is the back-end for the diskutil tool. It is prone to a local privilege escalation vulnerability that occurs when handling specially-crafted Bill Of Material (BOM) files, allowing an attacker to declare new permissions for specific filesystem locations. DiskManagement 92.29 and Mac OS X
  • Ref: http://www.securityfocus.com/bid/21899
  • 07.3.26 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple iLife iPhoto PhotoCast XML Remote Format String
  • Description: iLife iPhoto is an image sharing application used for publishing and viewing photographs on the web. The application is prone to a remote format string vulnerability. Please refer to the link below for further details.
  • Ref: http://projects.info-pull.com/moab/MOAB-04-01-2007.html
  • 07.3.27 - CVE: Not Available
  • Platform: Linux
  • Title: Grsecurity Kernel PaX Local Privilege Escalation
  • Description: Grsecurity Kernel PaX is a security application addon to the linux kernel using multi-layered detection, prevention, and a containment model. It is exposed to a local privilege escalation vulnerability. Kernel patch versions 2.1.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22014
  • 07.3.28 - CVE: Not Available
  • Platform: Linux
  • Title: Secure Locate Local Information Disclosure
  • Description: The Secure Locate program "slocate" is available for various UNIX and Linux operating systems. It is exposed to a local information disclosure vulnerability because the utility fails to properly interpret filesystem permissions. Secure Locate 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21989
  • 07.3.29 - CVE: Not Available
  • Platform: Linux
  • Title: X.Org BDE And Render Extensions Multiple Integer Overflow Vulnerabilities
  • Description: The X.Org X Windows server is an open-source X Window System for UNIX, Linux, and variants. It is exposed to multiple integer overflow issues.
  • Ref: http://www.securityfocus.com/bid/21968
  • 07.3.31 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP Multiple Products PML Driver HPZ12 Local Privilege Escalation
  • Description: Multiple HP products are prone to a local privilege escalation issue. The issue occurs due to insecure permissions set in the "SERVICE_CHANGE_CONFIG" of the "PML Driver HPZ12" service. An attacker can exploit this issue by using the "sc" service controller command line tool to redirect the associated service executable to a malicious application, which will run with SYSTEM level privileges.
  • Ref: http://www.securityfocus.com/bid/21935
  • 07.3.32 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities
  • Description: Jail RC.D environments are an extension of chroot that allow administrators to limit the ability for processes to interact with resources located outside of the configured environment. It is affected by multiple local symbolic link issues due to a failure of the jail startup "rc.d" script's handling of symbolic links. FreeBSD versions 5.3 and greater are affected.
  • Ref: http://www.securityfocus.com/bid/22011
  • 07.3.33 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris RPC Request Denial of Service
  • Description: The Solaris operating system is prone to a denial of service issue because it fails to handle specially-crafted RPC requests. An attacker can exploit this issue to crash the rpcbind server, denying service to legitimate users.
  • Ref: http://www.securityfocus.com/bid/21964
  • 07.3.34 - CVE: Not Available
  • Platform: Aix
  • Title: IBM FTPD Local Information Disclosure Vulnerability
  • Description: IBM FTPD is prone to a local information disclosure vulnerability that arises because of a failure in the application to properly secure privileged information contained in the "/etc/ftpaccess.ctl" file. Specifically, the "puseronly" and "pgrouponly" lines in this file may be used to obtain privileged and sensitive password information. IBM AIX versions 5.3.0.30 and later are reported to be vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/21941
  • 07.3.35 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX FTPD Ephemeral Port Exhaustion Denial of Service
  • Description: A remote denial of service vulnerability has been reported in the IBM AIX FTPD server implementation. A remote authenticated FTPD user may exhaust all available ephemeral network ports on the computer. AIX versions 5.2 and 5.3 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21940
  • 07.3.36 - CVE: Not Available
  • Platform: Unix
  • Title: Fetchmail Multiple Remote Denial of Services Vulnerabilities
  • Description: Fetchmail is a mail-retrieval utility. It is affected by multiple denial of service vulnerabilities when it processes messages that use the "mda" option. Fetchmail version 6.3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/21902
  • 07.3.37 - CVE: Not Available
  • Platform: Unix
  • Title: HP DECNet-Plus For OpenVMS Unspecified Security Bypass
  • Description: HP DECNet-Plus for OpenVMS is a network protocol application for VAX and ALPHA systems. It is prone to an unspecified security bypass vulnerability that may allow remote attackers to bypass security restrictions. DECNet-Plus OpenVMS ALPHA version 7.3-2 and DECNet-Plus for OpenVMS VAX version 7.3 are reportedly vulnerable. Ref: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt
  • 07.3.38 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Client NWGINA.DLL User Profile Security Bypass
  • Description: Novell Client is prone to a security bypass vulnerability that resides in the "DWGINA.DLL" library. The vulnerability could allow an authenticated attacker to gain access to another user's profile in a Citrix session. Version 4.93 SP3 is reportedly vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm
  • 07.3.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime System Content Delivery Server Information Disclosure
  • Description: Sun Java System Content Delivery Server is a content management server available for various operating systems. It is prone to an undisclosed information disclosure vulnerability. Sun Java System Content Delivery Server versions 5.0 and 5.0PU1 are reportedly vulnerable. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102764-1&searchclause=%22category:security%22%2420%22availability,%2420security%22%2420category:security
  • 07.3.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hewlett Packard OpenView Network Node Manager Remote Code Execution
  • Description: HP OpenView Network Node Manager is used to perform remote network administration. It is prone to an unspecified remote code execution vulnerability. Versions 7.50 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22013
  • 07.3.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hewlett Packard OpenView Network Node Manager Information Disclosure
  • Description: HP OpenView Network Node Manager is used to perform remote administration of HP computer hardware. An unspecified information disclosure vulnerability exists that could allow unauthorized users to gain read access to files with the privileges of the user running the application. Please see the advisory for further information.
  • Ref: http://www.securityfocus.com/bid/22009
  • 07.3.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Snort GRE Packet Decoding Denial of Service
  • Description: Snort is a network intrusion detection system. It is vulnerable to a denial of service issue due to an integer underflow flaw in the "DecodeGRE()" function in the "decode.c" source file. Snort version 2.6.1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/456598
  • 07.3.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xine Errors.C Remote Format String
  • Description: Xine media player is affected by a format string issue due to insufficient sanitization of the "errors_create_window()" routine in the "errors.c" source file. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/22002
  • 07.3.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VideoLan VLC Media Player Unspecified Denial Of Service
  • Description: VLC Media Player is a multimedia application for playing audio and video files. It is exposed to a denial of service issue because it fails to sufficiently handle user-supplied data when processing WMV files. VLC Media Player version 0.8.6a is affected.
  • Ref: http://www.securityfocus.com/bid/22003
  • 07.3.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Denial of Service
  • Description: Cisco Unified Contact Center Enterprise provides routing and call treatment for multiple communication channels. It is prone to a vulnerability that may cause the JTapi Gateway service to restart and subsequently cause temporary denial of service conditions. Please see the advisory for further information.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml
  • 07.3.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Snort Backtracking Denial of Service
  • Description: Snort is prone to a denial of service vulnerability because it fails to handle specially-crafted network packets. An attacker can exploit this issue to cause the affected system to consume 100% of CPU resources. Snort versions prior to 2.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/21991
  • 07.3.48 - CVE: CVE-2006-6143
  • Platform: Cross Platform
  • Title: MIT Kerberos 5 RPC Library Remote Code Execution
  • Description: MIT Kerberos 5 is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos 5 is prone to a remote code execution vulnerability that resides in the server-side portion of the Kerberos RPC library. Currently, the "kadmind" service is known to be vulnerable. Other applications that utilize this library may also be affected.
  • Ref: http://www.securityfocus.com/bid/21970
  • 07.3.49 - CVE: CVE-2006-6144
  • Platform: Cross Platform
  • Title: MIT Kerberos Administration Daemon Free Pointers Remote Code Execution
  • Description: MIT Kerberos 5 is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos 5 is exposed to a remote code execution issue. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21975
  • 07.3.50 - CVE: CVE-2006-5858
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Information Disclosure
  • Description: Adobe ColdFusion is prone to an unspecified information disclosure vulnerability. ColdFusion MX7, 7.0.1 and 7.0.2 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21978
  • 07.3.51 - CVE: CVE-2006-5857
  • Platform: Cross Platform
  • Title: Adobe Acrobat Reader Unspecified Heap Corruption Vulnerability
  • Description: Adobe Acrobat Reader is a free document viewer for reading and commenting on PDF and PostScript files. It is exposed to a remote code execution issue. Please refer to the link below for further details.
  • Ref: http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
  • 07.3.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Direct Web Rendering Multiple Remote Vulnerabilities
  • Description: Direct Web Rendering is an application that exports Java code to a web browser. It is affected by multiple denial of service and security bypass issues. Direct Web Rendering versions prior to 1.1.4 are affected.
  • Ref: http://www.securityfocus.com/bid/21955
  • 07.3.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SF Apache And Microsoft IIS Range Denial of Service
  • Description: Apache and Microsoft IIS are prone to a denial of service vulnerability. This issue affects the implementation of the "HTTP/1.1 Range" header functionality defined by RFC 2616.
  • Ref: http://www.securityfocus.com/bid/21865
  • 07.3.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Reader Plugin Open Parameters Cross-Site Scripting
  • Description: Adobe Reader is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Please refer to the advisory for further information.
  • Ref: http://www.adobe.com/support/security/advisories/apsa07-01.html
  • 07.3.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CenterICQ IJHook.CC Remote Buffer Overflow
  • Description: CenterICQ is an instant messaging application. It is exposed to a buffer overflow vulnerability. The vulnerability occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently-sized buffer. This issue affects versions 4.9.11 up to 4.21.0.
  • Ref: http://www.securityfocus.com/bid/21932
  • 07.3.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple PDF Readers Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Portable Documents Format (PDF) is a file format developed by Adobe. Multiple PDF readers are exposed to multiple remote buffer overflow vulnerabilities. See the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21910
  • 07.3.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acunetix Web Vulnerability Scanner Remote Denial of Service
  • Description: Acunetix Web Vulnerability Scanner allows users to audit web applications for common web-based attacks such as cross-site scripting. The sniffer component is affected by a remote denial of service issue because the application fails to properly handle exceptional conditions. Acunetix Web Vulnerability Scanner version 4.0 is vulnerable and other versions may be affected as well.
  • Ref: http://www.securityfocus.com/bid/21898
  • 07.3.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kaspersky AntiVirus Scan Engine PE File Denial of Service
  • Description: Kaspersky Antivirus is prone to a denial of service vulnerability when an invalid value is specified for the "NumberofRVaAndSizes" field in the header of a portable executable (PE) file. Multiple versions prior to and including 6.0 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21901
  • 07.3.59 - CVE: CVE-2007-0141
  • Platform: Web Application - Cross Site Scripting
  • Title: Yet Another Link Directory Yald.PHP Cross-Site Scripting
  • Description: Yet Another Link Directory is a link directory. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "search" input field of the "yald.php" script. Yet Another Link Directory version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21904
  • 07.3.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Fastilo Index.PHP Cross-Site Scripting
  • Description: Fastilo is a web-based shopping-cart application implemented in PHP. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of the "p" parameter of the "index.php" script. All known versions are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22007
  • 07.3.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Movable Type Cross-Site Scripting
  • Description: Movable Type is a web log application. It is exposed to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Movable Type version 3.33 is affected.
  • Ref: http://www.securityfocus.com/bid/21999
  • 07.3.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: iPlanet Web Server Search Module Cross-Site Scripting
  • Description: iPlanet Web Server is a HTTP server application. It is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "NS-max-records" parameter of the search module. iPlanet Web Server version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/21977
  • 07.3.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki AJAX Unspecified Cross-Site Scripting
  • Description: MediaWiki is an editing application designed for large scale wiki sites. The application is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the AJAX support module. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/21956
  • 07.3.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: B2evolution Login.PHP Cross-Site Scripting
  • Description: B2evolution application is a blog engine. It is prone to a cross site scripting issue because it fails to properly sanitize user-supplied input to the "redirect_to" parameter of the "htsrv/login.php" script. B2evolution version 1.8.6 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21953
  • 07.3.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GForge Advanced_Search.PHP Cross-Site Scripting
  • Description: Gforge is an application for managing source code. Insufficient sanitization of the "word" parameter of the "advanced_search.php" script exposes the application to a cross-site scripting issue. Gforge version 4.5.11 is affected.
  • Ref: http://www.securityfocus.com/bid/21946
  • 07.3.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Unspecified Cross-Site Scripting
  • Description: Drupal is a content manager. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Drupal versions 4.6 and 4.7 series are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/21887
  • 07.3.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress Invalid CSRF Token Cross-Site Scripting
  • Description: Wordpress allows users to generate news pages and web logs dynamically. It is prone to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified URL variables used by the token-based CSRF portion of the application's administrative interface. WordPress versions prior to 2.0.5 are affected.
  • Ref: http://www.securityfocus.com/bid/21893
  • 07.3.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Shopstorenow E-commerce Shopping Cart Orange.ASP SQL Injection
  • Description: Shopstorenow E-commerce Shopping Cart is a web-based e-commerce solution. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "CatID" parameter of the "orange.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/21905
  • 07.3.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Charset Decoding SQL Injection
  • Description: WordPress is a desktop publishing application. It is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data. WordPress versions 2.0.5 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21907
  • 07.3.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Wp-trackback.PHP SQL Injection
  • Description: WordPress is an application for desktop publishing. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "tb_id" parameter of the "wp-trackback.php" script. WordPress versions 2.0.6 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21983
  • 07.3.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: uniForum WBSearch.ASPX SQL Injection
  • Description: uniForum is a web forum application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to "wbsearch.aspx". uniForum versions 4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21966
  • 07.3.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LocazoList Classifieds Main.ASP SQL Injection
  • Description: LocazoList Classifieds is an application for managing classified ads. Insufficient sanitization of the "subcatID" parameter of the "main.asp" script exposes the application to an SQL injection issue.
  • Ref: http://www.securityfocus.com/bid/21859
  • 07.3.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Smart Cart Productdetail.ASP SQL Injection
  • Description: E-SMARTCART is a shopping cart application. It is exposed to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "product_id" parameter of the "productdetail.asp" script before using it in an SQL query. E-SMARTCART version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21860
  • 07.3.74 - CVE: CVE-2007-0112
  • Platform: Web Application - SQL Injection
  • Title: CreateAuction Cats.ASP SQL Injection
  • Description: CreateAuction is a web-based auction site manager. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "catid" parameter of the "cats.asp" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/456272
  • 07.3.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IGeneric IG Shop SQL Injection
  • Description: IG Shop is a web-based online shop. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameters of the "compare_products.php" script. These issues affect version 1.0.
  • Ref: http://www.securityfocus.com/bid/21874
  • 07.3.76 - CVE: CVE-2007-0128
  • Platform: Web Application - SQL Injection
  • Title: DigiAppz DigiRez Info_Book.ASP SQL Injection
  • Description: DigiRez is an application for managing facility reservations. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "book_id" parameter of the "info_book.asp" script file. DigiRez versions 3.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21892
  • 07.3.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery Albmgr.PHP SQL Injection
  • Description: Coppermine Photo Gallery is a web-based photo gallery. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "cat" parameter of the "albmgr.php" script. Versions 1.4.10 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21894
  • 07.3.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Comment Table SQL Injection
  • Description: WordPress is a desktop publishing application. It is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the comment table of the application before using it in an SQL query. WordPress versions 2.0.5 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21896
  • 07.3.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Fetchmail Multiple Password Information Disclosure Vulnerabilities
  • Description: Fetchmail is prone to multiple local information disclosure vulnerabilities. These issues occur because the application discloses information about user passwords. These issues affect versions earlier to 6.3.6-rc4.
  • Ref: http://www.securityfocus.com/bid/21903
  • 07.3.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Fix and Chip CMS Multiple Input Validation Vulnerabilities
  • Description: Fix and Chip CMS is a content management system. It is affected by multiple cross-site scripting and HTML injection issues. Fix and Chip version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21909
  • 07.3.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Jshop Server Remote File Include
  • Description: Jshop Server is a e-commerce web application implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of the "jssShopFileSystem" parameter of the "fieldValidation.php" script. Version 1.3 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21995
  • 07.3.82 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Privmsg.PHP HTML Injection
  • Description: phpBB is a bulletin board system. It is prone to an HTML injection vulnerability due to insufficient input sanitization of the "Message body" form field of the "privmsg.php" script. phpBB version 2.0.21 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/22001
  • 07.3.83 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
  • Description: phpMyAdmin is a web-based SQL manager. It is prone to multiple input validation vulnerabilities, including multiple HTML injection issues and other unspecified vulnerabilities. phpMyAdmin version 2.9.1.1 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21987
  • 07.3.84 - CVE: Not Available
  • Platform: Web Application
  • Title: GeoIP GeoIPUpdate.C Directory Traversal
  • Description: GeoIP is an IP intelligence database that tracks internet visitors. It is affected by a directory traversal issue because it does not sanitize the filename returned by the GET request "/app/update_getfilename?product_id=%s". GeoIP versions prior to 1.4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/21959
  • 07.3.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Axiom Photo Gallery Template.PHP Remote File Include
  • Description: Axiom Photo Gallery is a web-based photo album. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "baseAxiomPath" parameter of the "template.php" script. Axiom Photo Gallery version 0.8.6 is affected.
  • Ref: http://www.securityfocus.com/bid/21972
  • 07.3.86 - CVE: Not Available
  • Platform: Web Application
  • Title: edit-X Edit_Address.PHP Remote File Include
  • Description: edit-x is a web application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "include_dir" parameter of the "edit_address.php" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/456439
  • 07.3.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Magic Photo Storage Website Multiple Remote File Include Vulnerabilities
  • Description: Magic Photo Storage Website is a web-based photo manipulation and storage application. It is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "_config[site_path]" parameter of various scripts. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21965
  • 07.3.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Banner Pro info.PHP Remote File Include Vulnerability
  • Description: Easy Banner Pro is a banner exchange application. It is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "s[phppath]" parameter of "info.php". Easy Banner Pro version 2.8 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21967
  • 07.3.89 - CVE: CVE-2007-0098
  • Platform: Web Application
  • Title: VerliAdmin Language.PHP Local File Include
  • Description: VerliAdmin is an administration tool for VerliHub, which is a Direct Connect protocol server. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "lang" parameter of the "language.php" script. VerliAdmin versions 0.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21862/info
  • 07.3.90 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyFAQ Unspecified Security Bypass
  • Description: phpMyFAQ is a freely available FAQ editor. It is prone to a security bypass vulnerability that occurs because the application fails to protect file browsing and uploading privileges from unauthorized users. phpMyFAQ versions prior to 1.6.8 are reportedly vulnerable.
  • Ref: http://www.phpmyfaq.de/advisory_2006-12-15.php
  • 07.3.91 - CVE: CVE-2006-5020
  • Platform: Web Application
  • Title: SolidState Multiple Remote File Include Vulnerabilities
  • Description: SolidState is a web-based customer management and billing application. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "base_path" parameter in several scripts. Versions prior to 0.4 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21934
  • 07.3.92 - CVE: Not Available
  • Platform: Web Application
  • Title: @lex Guestbook Multiple Input Validation
  • Description: @lex Guestbook is a guestbook application. It is prone to multiple input validation vulnerabilities. @lex Guestbook versions 4.0.2 and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21926
  • 07.3.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Novell Access Manager Identity Server IssueInstant Parameter Cross-Site Scripting
  • Description: Novell Access Manager is a multi-platform system for managing access to applications and resources. Access Manager Identity Server is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "issueinstant" parameter of "/nidp/idff/sso". Novell Access Manager version 3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21921
  • 07.3.94 - CVE: Not Available
  • Platform: Web Application
  • Title: L2J Statistik Script Index.PHP Local File Include
  • Description: L2J Statistik Script is used to create web server statistics. Insufficient sanitization of the "page" parameter in the "index.php" script exposes the application to a local file include issue. L2J Statistik Script version 0.09 is affected.
  • Ref: http://www.securityfocus.com/bid/21914
  • 07.3.95 - CVE: Not Available
  • Platform: Web Application
  • Title: AllMyVisitors Index.PHP Remote File Include
  • Description: AllMyVisitors is a site visitation statistics application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "AMV_openconfig" parameter of the "index.php" script. AllMyVisitors version 0.4.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21917
  • 07.3.96 - CVE: Not Available
  • Platform: Web Application
  • Title: AllMyGuests Multiple Remote File Include Vulnerabilities
  • Description: AllMyGuests is a guest book application. It is prone to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "_AMGconfig[cfg_serverpath]" parameter of various scripts. AllMyGuests version 0.3.0 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21918
  • 07.3.97 - CVE:CVE-2006-4575,CVE-2006-4576,CVE-2006-4577,CVE-2006-4578,CVE-2006-4579,CVE-2006-4580,CVE-2006-4581
  • Platform: Web Application
  • Title: The Address Book Multiple Remote Vulnerabilities
  • Description: The Address Book is a web-based address management application. It is vulnerable to multiple remote vulnerabilities due to insufficient sanitization of user-supplied input to various scripts. The Address Book version 1.04e is vulnerable. See the advisory for further details.
  • Ref: http://secunia.com/secunia_research/2006-76/advisory/
  • 07.3.98 - CVE: Not Available
  • Platform: Web Application
  • Title: MKPortal Multiple HTML Injection Vulnerabilities
  • Description: MKPortal is a content management system for the vBulletin package. It is prone to multiple HTML injection vulnerabilities due to insufficient sanitization of unspecified parameters within the "admin.php" script. MKPortal version 1.1RC1 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21878
  • 07.3.99 - CVE: Not Available
  • Platform: Web Application
  • Title: JamWiki Topics Relocation Authentication Bypass Vulnerability
  • Description: JamWiki is a wiki application. It is prone to an authentication bypass vulnerability because the software fails to perform sufficient permission checking when relocating admin-only and read-only topics. JamWiki versions prior to 0.5 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21879
  • 07.3.100 - CVE: Not Available
  • Platform: Web Application
  • Title: EditTag Multiple Directory Traversal Vulnerabilities
  • Description: EditTag is affected by multiple directory traversal issues because the application fails to sufficiently sanitize "../" the input sequence to the "file" parameter in multiple scripts. EditTag version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21890
  • 07.3.101 - CVE: Not Available
  • Platform: Web Application
  • Title: IGeneric IG Shop Multiple PHP Code Execution Vulnerabilities
  • Description: IG Shop is a web-based online shop. It is exposed to multiple PHP code execution vulnerabilities. The "page.php" and "cart.php" scripts fail to properly sanitize user-supplied input to the "action" parameter before including it in an "eval()" function. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21875
  • 07.3.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Page Caching Denial of Service
  • Description: Drupal is a content manager system which is affected by a denial of service vulnerability due to a design error. Drupal versions 4.6 and 4.7 are affected.
  • Ref: http://www.securityfocus.com/bid/21895
  • 07.3.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Fon La Fonera Router Unauthorized Web Access
  • Description: The Fon La Fonera Router is prone to a vulnerability that allows users to view unauthorized web sites because the router does not filter any domain names. An attacker could leverage this issue by constructing a DNS tunnel to view unauthorized web sites. All known versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21906
  • 07.3.104 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS Data-link Switching Denial of Service
  • Description: Cisco IOS Data-link Switching (DLSw) is prone to a denial of service vulnerability that occurs when the affected service that manages the DLSw partners exchanges a list of supported capabilities. If a device running the affected service receives an invalid option during this exchange, the vulnerability is triggered. Cisco IOS versions 11.0 through 12.4 are reportedly vulnerable. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00807bd128.shtml
  • 07.3.105 - CVE: Not Available
  • Platform: Network Device
  • Title: F5 Firepass Multiple Input Validation Vulnerabilities
  • Description: F5 Firepass is a network security hardware device. The device is prone to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/21957
  • 07.3.106 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Clean Access Multiple Remote Vulnerabilities
  • Description: Cisco Clean Access (CCA) is a software solution that can detect, isolate and clean infected or vulnerable devices that attempt to access arbitrary networks. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/21857
  • 07.3.107 - CVE: Not Available
  • Platform: Network Device
  • Title: Packeteer PacketShaper Multiple Buffer Overflow Denial of Service Vulnerabilities
  • Description: Packeteer PacketShaper is a bandwidth management and control hardware device. The device is prone to multiple denial of service vulnerabilities. Specifically, these vulnerabilities cause a buffer overflow to occur when the device processes a long argument of 1500 characters or more submitted to the "class show" command, or to the "POLICY" parameter of the "clastree.htm" page of the device management web page. Packeteer PacketShaper version 8.0 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21933
  • 07.3.108 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Secure Access Control Server Multiple Remote Vulnerabilities
  • Description: Cisco Secure Access Control Server Remote Access Dial-In User Service (RADIUS) and Terminal Access Control System Plus (TACACS+) security server are exposed to multiple remote vulnerabilities. Please refer to the link below for further details.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
  • 07.3.109 - CVE: CVE-2006-6870
  • Platform: Network Device
  • Title: Avahi Compressed DNS Denial of Service
  • Description: Avahi is an application to discover services available on the local network. It is vulnerable to a denial of service issue when the application processes a crafted DNS response with a label that points to itself. Avahi versions 0.6.15 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21881

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals.
-Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP