Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 31
July 30, 2007

SANS Newsletters Home

This week four CA products (eTrust IDS, Unicenter, CleverPath, and BrightStor) were found to all use a common service that has a critical buffer overflow error.

Ten days to the early registration deadline (Wednesday, August 8) for SANS Network Security in Las Vegas. Registration url: http://www.sans.org/ns2007

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - -------------------------------------------------------------------------
    • Windows
    • 2
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 15 (#1, #3, #4, #5, #6, #7, #9)
    • Linux
    • 2
    • Solaris
    • 1
    • Aix
    • 4
    • Cross Platform
    • 28 (#2, #8)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 16
    • Network Device
    • 1

*************************************************************************

SECURITY TRAINING UPDATE

SANS Network Security 2007 (September 22-30, in Las Vegas) is the largest fall conference on cybersecurity with more than 40 courses and wonderful evening sessions and a big vendor exposition. Most importantly, it brings together the top rated teachers in cybersecurity in the world. How good are they? Here's what past attendees said: "This course has valuable information that can be implemented immediately in the work place." (Christopher O'Brien, Booz Allen Hamilton) "The quality of teachers, speakers, and even attendees is far superior to any other training event I've attended." (Corinne Cook, Jeppesen) "SANS provides by far the most in-depth security training with the true experts in the field as instructors." (Mark Smith, Costco Wholesale)

Registration information: http://www.sans.org/ns2007/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Aix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Yahoo! Widgets ActiveX Control Buffer Overflow
  • Affected:
    • Yahoo! Widgets Engine versions prior to 4.0.5

  • Description: The Yahoo! Widgets engine is used to run small applications, called "widgets". The Yahoo! Widgets engine contains an ActiveX control, which contains a buffer overflow. A malicious web page that instantiates this control could trigger this buffer overflow, and allow an attacker to execute arbitrary code with the privileges of the current user. Note that only the Yahoo! Widgets engine on Microsoft Windows is vulnerable.

  • Status: Yahoo! confirmed, updates available. Users may mitigate the impact of this vulnerability by disabling the affected ActiveX control via Microsoft's "kill bit" mechanism. Doing so, however, may impact normal functionality.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. Most of the responding council sites are not taking any action; however, a few sites plan to notify their users in case they are running the affected software.

  • References:
  • (2) CRITICAL: Computer Associates Multiple Products Multiple Vulnerabilities
  • Affected:
    • Computer Associates eTrust Intrusion Detection System Products
    • Computer Associates Unicenter Products
    • Computer Associates CleverPath Products
    • Computer Associates BrightStor Products

  • Description: The Computer Associates Message Queuing Server ("cam.exe") is a component used by multiple Computer Associates products. This component contains a buffer overflow. A specially crafted request to this service would allow an attacker to exploit this buffer overflow and execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). Additionally, the Computer Associates eTrust Intrusion Detection System installs an ActiveX control that does not properly validate its input. A malicious web page that instantiates this control would be able to load arbitrary DLLs and therefore execute arbitrary code with the privileges of the current user.

  • Status: Computer Associates confirmed, updates available. Users may be able to mitigate the impact of the ActiveX control vulnerability by disabling the control via Microsoft's "kill bit" mechanism for CLSID "41266C21-18D8-414B-88C0-8DCA6C25CEA0".

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (3) CRITICAL: BakBone NetVault Reporter Scheduler Buffer Overflow
  • Affected:
    • BakBone NetVault Reporter versions prior to 3.5 Update 4

  • Description: The BakBone NetVault Reporter is used to produce reports and other information in the BakBone NetVault system. The product consists of both a client and a server application. Both the client and server applications contain a buffer overflow when processing filenames. By sending an overlong filename to either the client or the server in a GET or POST request, an attacker could trigger this buffer overflow and execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Note that some technical details are available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users may be able to mitigate the impact of this vulnerability by blocking access to TCP ports 7977 and 7978 at the network perimeter.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (4) HIGH: Panda Antivirus Products Multiple Vulnerabilities
  • Affected:
    • Panda Antivirus Products

  • Description: Panda products using the Panda Antivirus engine or the Panda AdminSecure agent contain remotely exploitable vulnerabilities. A specially-crafted Microsoft Windows executable file cold trigger a buffer overflow in the antivirus scanning engine, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that the antivirus engine may be configured to scan emails or other files automatically. In such cases, simply sending an email to a vulnerable server or otherwise causing a file to be scanned would be sufficient for exploitation. Additionally, a flaw in the Panda AdminSecure agent would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. The AdminSecure agent is used for remote administration of Panda products.

  • Status: Panda confirmed, updates available. Users can mitigate the impact of the AdminSecure vulnerability by blocking access to TCP ports 19226 and 19227 at the network perimeter.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (5) HIGH: Borland InterBase Create Request Buffer Overflow
  • Affected:
    • Borland InterBase 2007

  • Description: Borland InterBase is a popular database engine used in a variety of applications. The database engine contains a buffer overflow in its handling of certain remote commands. An overlong string sent to the "create" command could trigger this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the current user. Note that some technical details are publicly available for this vulnerability.

  • Status: Borland confirmed, updates available. Users may be able to mitigate the impact of this vulnerability by blocking TCP port 3050 at the network perimeter.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (6) HIGH: ESET NOD32 Multiple Vulnerabilities
  • Affected:
    • ESET NOD32 Antivirus versions prior to 2.2289

  • Description: ESET NOD32 is a popular enterprise antivirus solution. The antivirus engine contains a flaw in its handling of of CAB ("cabinet") archive files. A specially crafted CAB file could trigger a heap corruption vulnerability and potentially execute arbitrary code with the privileges of the vulnerable process. Note that the antivirus engine may be configured to automatically scan email or other files. In such cases, it is sufficient for exploitation to simply cause an email to transit a vulnerable server or otherwise cause a file to be scanned. The antivirus engine also suffers from two denials-of-service in the processing of compressed executable files.

  • Status: ESET confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (8) MODERATE: ISC BIND Remote Cache Poisoning
  • Affected:
    • ISC BIND 9 versions prior to 9.4.1 patch 1

  • Description: ISC BIND, by far the most popular DNS server on the internet, contains a flaw in its algorithm used to generate transaction ID numbers. All DNS requests have a random transaction ID number embedded within them to identify the request in the current set of pending requests. If this transaction ID is guessed, an attacker could provide a false reply to the DNS server or otherwise impersonate actors in other requests, and potentially poison the DNS cache. A poisoned DNS cache will return false information in response to requests, allowing an attacker to divert traffic to attacker-controlled systems. The flaw in BIND's transaction ID generator provides predictability of transaction IDs by observing several preceding transaction IDs. Two different proofs-of-concept are publicly available, as are technical details.

  • Status: ISC confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to this item. They plan to upgrade to the latest version during their next maintenance cycle. A few sites are still investigating if the vendor version they have installed is vulnerable.

  • References:
Other Software
  • (9) HIGH: LinkedIn Browser Toolbar ActiveX Control Buffer Overflow
  • Affected: LinkedIn Browser Toolbar

  • Description: LinkedIn is a popular social networking web site. The LinkedIn Browser Toolbar allows users to access LinkedIn content from a special toolbar in their web browser. This toolbar installs an ActiveX control that contains a buffer overflow vulnerability. A malicious web page that instantiates this control could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Note that technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5533 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.31.1 - CVE: Not Available
  • Platform: Windows
  • Title: Windows RSH daemon Stack Based Buffer Overflow
  • Description: Windows RSH daemon (RSHD) is a daemon service that runs client commands and returns results. The application is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Windows RSH daemon version 1.8 is affected.
  • Ref: http://www.securityfocus.com/bid/25044
  • 07.31.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Explorer GIF File Denial of Service
  • Description: Windows Explorer is exposed to a denial of service issue that occurs when the application is used to open a folder containing a malicious GIF file. Windows Explorer on Microsoft Windows XP SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/25013
  • 07.31.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer SeaMonkey Browser URI Handler Command Injection
  • Description: Microsoft Internet Explorer is exposed to an issue that lets attackers inject commands through SeaMonkey's "mailto" protocol handler. These issues stem from an input validation error and arise when SeaMonkey is installed on the same computer as a vulnerable instance of Internet Explorer.
  • Ref: http://www.securityfocus.com/bid/25021
  • 07.31.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Crystal Player Playlist File Buffer Overflow
  • Description: Crystal Player is a multimedia application for the Microsoft Windows operating system. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Crystal Player version 1.98 is affected.
  • Ref: http://www.securityfocus.com/bid/25083
  • 07.31.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Clever Internet ActiveX Suite CLINetSuiteX6.OCX Arbitrary File Download or Overwrite
  • Description: Clever Internet ActiveX Suite is a set of com-based components that facilitate various web-based activities. The application is exposed to an arbitrary file overwrite issue due to a design error because the application fails to restrict access to files specified by user input to the "GetToFile" method in the "CLINETSUITEX6.OCX" ActiveX control. Clever Internet ActiveX Suite version 6.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.31.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sun Java System Application Server JSP Source Code Disclosure
  • Description: Sun Java System Application Server on the Microsoft Windows platform is exposed to a JSP source code disclosure issue. Please refer to the link below for further information. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1&searchclause=
  • 07.31.7 - CVE: CVE-2007-3875
  • Platform: Third Party Windows Apps
  • Title: Multiple Computer Associates Products Arclib.DLL Malformed CHM File Denial of Service
  • Description: Multiple Computer Associates products are exposed to a denial of service issue because the applications fail to handle malformed CHM files that contain an invalid "previous listing chunk number" field. The applications that use the "arclib.dll" library versions prior to 7.3.0.9 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567
  • 07.31.8 - CVE: CVE-2007-3302
  • Platform: Third Party Windows Apps
  • Title: Computer Associates ETrust Intrusion Detection Caller.DLL Remote Code Execution
  • Description: Computer Associates eTrust Intrusion Detection System is a network security application that provides functionality such as intrusion detection, antivirus, centralized monitoring and web filtering. The application is exposed to a remote code execution issue that occurs in the "Caller.dll" ActiveX control. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568
  • 07.31.9 - CVE: CVE-2007-0060
  • Platform: Third Party Windows Apps
  • Title: Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow
  • Description: Multiple Computer Associates products are exposed to a remote stack-based buffer overflow issue that affects the Message Queuing (CAM / CAFT) component. The application fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. CA Message Queuing software versions prior to v1.11 Build 54_4 on Windows and NetWare are affected. Ref: http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
  • 07.31.10 - CVE: CVE-2007-3566
  • Platform: Third Party Windows Apps
  • Title: Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow
  • Description: Borland InterBase is a scalable database application available for multiple operating platforms. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-13
  • 07.31.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch Instant Messaging Remote Denial of Service
  • Description: Ipswitch Instant Messaging Server is a commercially-available instant messaging server application for Microsoft Windows platforms. The application is exposed to a remote denial of service issue due to a failure of the application to properly handle unexpected network data. Ipswitch IM Server version 2.0.5.30 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566
  • 07.31.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LinkedIn Browser Toolbar ActiveX Control Buffer Overflow
  • Description: LinkedIn Browser Toolbar is an ActiveX control that acts as a browser plug-in to provide access to the LinkedIn social network. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. LinkedIn Browser Toolbar version 3.0.2.1098 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.31.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IBM WebSphere Application Server 6.0.2.19 Unspecified Vulnerability
  • Description: IBM WebSphere Application Server is prone to an unspecified issue that affects the Samples component. IBM WebSphere Application Server versions prior to 6.0.2.21 are affected. Please refer to the link below for more information.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24015925
  • 07.31.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan Method Buffer Overflow
  • Description: Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows. The Zenturi ProgramChecker "sasatl.dll" ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.31.15 - CVE: CVE-2007-3679
  • Platform: Third Party Windows Apps
  • Title: Citrix EPA ActiveX Control Design Flaw
  • Description: Citrix Access Gateway is an SSL/VPN appliance. It offers a clientless SSL VPN solution implemented through a series of browser-based controls. The application is exposed to a remote code execution issue due to a design error in the endpoint checking control by enticing victims into visiting a malicious webpage.
  • Ref: http://support.citrix.com/article/CTX113815
  • 07.31.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Data Dynamics ActiveReport Actrpt2.DLL ActiveX Control Arbitrary File Overwrite
  • Description: Data Dynamics ActiveReport is an add-on application to the Microsoft Visual Studio development tool. Data Dynamics ActiveReport ActiveX control is exposed to an arbitrary file overwrite issue due to a design error. Data Dynamics ActiveReport versions 2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/24994
  • 07.31.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Panda Antivirus EXE File Remote Code Execution
  • Description: Panda Antivirus is exposed to a remote code execution issue due to the failure of the application to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer. Panda Antivirus versions prior to 20 July 2007 are affected.
  • Ref: http://www.securityfocus.com/archive/1/474247
  • 07.31.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TeamSpeak WebServer Remote Denial of Service
  • Description: TeamSpeak WebServer is a web server application. The application is exposed to a remote denial of service issue because the application's TCP sessions do not expire, and no check is made by the application for the length of incoming HTTP data. TeamSpeak WebServer version 2.0 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/24977
  • 07.31.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Unspecified Random Device Driver Reseed Weakness
  • Description: The Linux kernel is exposed to a weakness related to reseeding in the random device driver. Linux kernel versions prior to 2.4.34.6 are affected.
  • Ref: http://www.securityfocus.com/bid/25029
  • 07.31.20 - CVE: Not Available
  • Platform: Linux
  • Title: RSBAC User Management Crypto API Authentication Bypass
  • Description: Rule Set Based Access Control is a kernel level user access control application. The application is exposed to an authentication bypass issue due to an error in the way the Linux Kernel Crypto API is utilized with user management modules. RSBAC versions 1.3.3 and 1.3.4 running on Linux Kernel 2.6.20 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/25001
  • 07.31.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Low Bandwidth X Proxy Information Disclosure
  • Description: Low Bandwidth X Proxy (lbxproxy) is used to speed up connections to the X11 Display Server when connections are made over low bandwidth. The application is exposed to an information disclosure issue that results from an access validation error. Sun Solaris versions 8, 9, and 10 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102948-1&searchclause=
  • 07.31.22 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX ARP Command Local Privilege Escalation
  • Description: IBM AIX is expsoed to a local privilege escalation issue due to the failure of the application to perform adequate boundary checks on user-supplied data. AIX versions 5.2 and 5.3 are affected. Ref: http://www14.software.ibm.com/webapp/set2/sas/f/genunix3/aixfixes.html
  • 07.31.23 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX Capture Command Local Stack Based Buffer Overflow
  • Description: IBM AIX is a Unix-based operating platform. The "capture" command is used to dump printed terminal data to a file. The application is exposed to a local, stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. IBM AIX versions 5.2 and 5.3 are affected. Ref: http://www14.software.ibm.com/webapp/set2/sas/f/genunix3/aixfixes.html
  • 07.31.24 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX FTP Client Local Buffer Overflow
  • Description: The IBM AIX FTP application is installed by default on the IBM AIX operating system. It is installed setuid-superuser and uses the file transfer protocol to transfer files between two hosts. The application is exposed to a local buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. IBM AIX versions 5.2 and 5.3 are affected. Ref: http://www14.software.ibm.com/webapp/set2/sas/f/genunix3/aixfixes.html
  • 07.31.25 - CVE: Not Available
  • Platform: Aix
  • Title: IBM LPD Command Local Privilege Escalation
  • Description: IBM AIX is exposed to a local privilege escalation issue due to the failure of the application to perform adequate boundary checks on user-supplied data. AIX versions 5.2 and 5.3 are affected.
  • Ref: http://www.securityfocus.com/bid/25078
  • 07.31.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Browser URI Handlers Command Injection Vulnerabilities
  • Description: Multiple browsers are exposed to issues that let attackers inject commands through various protocol handlers. These issues stem from an input validation error and arise in Mozilla Firefox and Netscape Navigator. Mozilla Firefox versions 2.0.0.5 and 3.0a6 and Netscape Navigator 9 are affected.
  • Ref: http://www.securityfocus.com/bid/25053
  • 07.31.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP GD Extension ImagePSLoadFont Function Local Buffer Overflow
  • Description: PHP includes a graphics extension called GD, which is used for graphics operations. The "imagepsloadfont" function is used to load a PostScript font file into memory. This function is available when PHP is compiled with the "--with-t1lib" configure directive. The application is exposed to a local buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP version 5.2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25079
  • 07.31.28 - CVE: CVE-2007-2925
  • Platform: Cross Platform
  • Title: ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass
  • Description: ISC's BIND 9 is exposed to a security bypass issue because the default access control list is not configured properly. BIND 9 versions up to 9.4.1 are affected.
  • Ref: http://www.isc.org/index.pl?/sw/bind/bind-security.php
  • 07.31.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libvorbis Denial of Service And Memory Corruption Vulnerabilities
  • Description: Libvorbis is a library that allows media applications to play Ogg Vorbis files. The application is exposed to these remote issues: a denial of service issue in the "block.c" file when the application reads an invalid block size, a heap memory corruption issue in the "_01inverse()" function of the "res0.c" file when invalid "blocksize_0" and "blocksize_1" values are specified in an Ogg Vorbis file, and a memory corruption issue in the clean-up process of the "vorbis_info_clear()" function which resides in the "info.c" file due to an invalid mapping resulting from an out of bounds dispatch table lookup. libvorbis library version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474729
  • 07.31.30 - CVE: CVE-2007-3911
  • Platform: Cross Platform
  • Title: BakBone NetVault Report Manager Multiple Heap Buffer Overflow Vulnerabilities
  • Description: NetVault Report Manager is an application that provides visual monitoring, alerts and backup reports for computers. The application is exposed to multiple heap-based buffer overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. NetVault Report Manager version 3.5 prior to update 4 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-044.html
  • 07.31.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Festival Insecure Command Local Privilege Escalation
  • Description: Festival is a text-to-speech accessibility application available for multiple operating platforms. The application is exposed to a privilege escalation issue that runs with superuser privileges and listens on localhost port 1314 (127.0.0.1:1314) but does not require a password prior to executing arbitrary commands submitted via localhost. Festival versions 1.95 (2.0 beta) and earlier are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=170477
  • 07.31.32 - CVE: CVE-2007-2950
  • Platform: Cross Platform
  • Title: Multiple Vendor Discovery/Asset Manager Local Privilege Escalation
  • Description: Centennial Discovery, Symantec Discovery, and Numara Asset Manager are inventory applications for tracking and auditing hardware and software assets. These products are exposed to a local privilege escalation issue because of insecure default permissions associated with the "Asset Manager" directory. Numara Asset Manager version 8.0, Centennial Discovery 2006 Feature Pack 1, and Symantec Discovery version 6.5 are all affected.
  • Ref: http://secunia.com/secunia_research/2007-59/advisory/
  • 07.31.33 - CVE: CVE-2007-3531
  • Platform: Cross Platform
  • Title: NVClock Local Privilege Escalation
  • Description: NVClock is a utility that is used to overclock NVIDIA based video cards. The application is exposed to an unspecified privilege escalation issue that makes improper use of an insecure temporary file in the /tmp directory. NVClock version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/25052
  • 07.31.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Network Access Restriction Security Bypass
  • Description: The Java Runtime Environment is an application that allows users to run Java applications. The application is exposed to a security bypass issue that occurs because the application allows untrusted Java Applets hosted on a remote computer to bypass certain network restrictions.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm
  • 07.31.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Panda AdminSecure Agent Remote Integer Overflow
  • Description: Panda AdminSecure is a set of administrative tools for managing Panda antivirus solutions that deployed over a network. The application is exposed to a remote integer overflow issue that affects the AdminSecure agent when it processes user-supplied data with a malicious "length" value.
  • Ref: http://www.securityfocus.com/archive/1/474551
  • 07.31.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Win32STD Extension Safe_Mode and Disable_Functions Restriction Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to a "safe_mode" and "disable_functions" restriction bypass issue. PHP version 5.2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25041
  • 07.31.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Norman Virus Control DOC OLE File Parsing Denial of Service
  • Description: Norman Virus Control is an antivirus application available for various operating systems. The application is exposed to a denial of service issue because it fails to handle specially crafted ".DOC" OLE2 files due to a divide-by-zero condition.
  • Ref: http://www.nruns.com/parsing-engines-advisories.php
  • 07.31.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL Access Validation and Denial of Service Vulnerabilities
  • Description: MySQL is an open source SQL database application available for multiple operating platforms. The application is exposed to multiple remote issues, including a denial of service issue that occurs in the connection protocol, and an access validation issue. Versions of MySQL 5 prior to 5.0.45 are affected.
  • Ref: http://www.securityfocus.com/bid/25017
  • 07.31.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Norman Antivirus Products OLE2 File Parser Scan Bypass
  • Description: Multiple Norman Antivirus products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The issue occurs because the application fails to properly handle maliciously crafted OLE2 ".doc" files. Norman Virus Control version 5.90 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474428/30/0/threaded
  • 07.31.40 - CVE: CVE-2007-2926
  • Platform: Cross Platform
  • Title: ISC BIND 9 Remote Cache Poisoning
  • Description: A remote DNS cache poisoning issue affects BIND 9 because it fails to use secure DNS transaction IDs. The internal state of the pseudo random number generator (PRNG) that the software utilizes to create transaction IDs can be determined by remote attackers. BIND 9 versions up to 9.4.1 are affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-0740.html
  • 07.31.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kerio MailServer Attachment Filter Unspecified
  • Description: Kerio MailServer is a mail server designed for use with Microsoft Windows, Apple Mac OS X, Linux and Unix variant operating systems. The application is exposed to an unspecified issue due to an error in the attachment filter. Kerio MailServer versions prior to 6.4.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25038
  • 07.31.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FSPLIB Library Multiple Stack Buffer Overflow Vulnerabilities
  • Description: The FSPLIB Library is a C-based implementation of an FSP (File Service Protocol) stack. The library is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. FSPLIB Library versions prior to 0.9 are affected.
  • Ref: http://www.securityfocus.com/bid/25034
  • 07.31.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tor Multiple Vulnerabilities And Information Disclosure Weaknesses
  • Description: Tor is an implementation of second generation onion routing, a connection oriented anonymous communication service. The application is exposed to multiple issues, including a denial of service issue due to a possible buffer overflow in the BSD natd support, a design error when handling streamid's from different exists within the same circuit, a design error when handling guard nodes, and an information disclosure weakness.
  • Ref: http://archives.seul.org/or/announce/Jul-2007/msg00000.html
  • 07.31.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xserver HTTP Post Request Buffer Overflow
  • Description: Xserver is an HTTP server implemented in C. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. xserver version 0.1 alpha is affected.
  • Ref: http://www.securityfocus.com/bid/25030
  • 07.31.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SecurityReporter Directory Traversal Vulnerability And Authentication Bypass
  • Description: SecurityReporter is a security event analysis and reporting application. The application is exposed to multiple remote issues which include an authentication bypass issue due to a logic flaw that disables authentication for files that end in ".gif" or files that start with "/eventcache". The application is also exposed to a directory traversal issue because the application fails to sufficiently sanitize user-supplied input. SecurityReporter version 4.6.3 is affected.
  • Ref: http://www.oliverkarow.de/research/securityreporter.txt
  • 07.31.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Norman Virus Control Products LZH Multiple Buffer Overflow Vulnerabilities
  • Description: Norman Virus Control is an antivirus application available for various operating systems. Multiple Norman Virus Control Products are prone to three buffer overflow issues because the applications fail to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.nruns.com/parsing-engines-advisories.php
  • 07.31.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Norman Virus Control ACE Parsing Buffer Overflow
  • Description: Norman Virus Control is an antivirus application available for various operating systems. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer when parsing specially crafted "ACE" files. Virus Control version 5.90 is affected.
  • Ref: http://www.nruns.com/parsing-engines-advisories.php
  • 07.31.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iPhone Mobile Safari Browser Remote Vulnerability
  • Description: Apple iPhone is a mobile phone. It contains a stripped down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. The application is exposed to an unspecified remote issue that can allow an attacker to gain unauthorized access to a device with administrative privileges.
  • Ref: http://www.securityevaluators.com/iphone/exploitingiphone.pdf
  • 07.31.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VHCS PHPSessionID Session Fixation
  • Description: VHCS is a control panel application for shared, reseller, virtual and dedicated server management systems. The application is exposed to a session fixation issue that occurs because an attacker can predefine a victim user's "PHPSESSIONID" cookie parameter. VHCS version 2.4.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25006
  • 07.31.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ESET NOD32 Antivirus Multiple Remote Vulnerabilities
  • Description: ESET NOD32 Antivirus is an antivirus application available for Microsoft Windows, Novell, UNIX, Linux, and other UNIX-like operating systems. The application is exposed to multiple remote issues, including a heap memory corruption issue due to a race condition, a denial of service issue when parsing specially crafted "ASPACK" packed files, and a denial of service issue resulting from a divide-by-zero condition. ESET NOD32 versions prior to 2.2289 are affected.
  • Ref: http://www.nruns.com/parsing-engines-advisories.php
  • 07.31.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Itaka Screenshot URL Security Bypass
  • Description: Itaka is an on-demand screen capture server. The application is exposed to a security bypass issue because the application fails to verify authentication credentials when accessing the screenshots. Itaka version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24985
  • 07.31.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: uFMOD Unspecified Vulnerability
  • Description: uFMOD is an XM player library written in assembly language. The application is exposed to an unspecified vulnerability due to the improper handling of malformed files. uFMOD versions prior to 1.2.5 are affected.
  • Ref: http://www.securityfocus.com/bid/24980
  • 07.31.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera View Source Scrolling Denial of Service
  • Description: Opera is a web browser available for multiple platforms. The application is exposed to a denial of service issue that occurs when viewing and scrolling through the source code of a specially crafted HTML files. Opera versions 9.20 and 9.22 are affected.
  • Ref: http://www.securityfocus.com/bid/24986
  • 07.31.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nukedit Login.ASP Cross-Site Scripting
  • Description: Nukedit is a content manager application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "email" parameter of the "utilities/login.asp" script. Nukedit versions 4.9.5, 4.9.6, 4.9.7 and 4.9.7b are affected.
  • Ref: http://www.securityfocus.com/bid/25081
  • 07.31.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mitridata Form Mail Email Form Processor Pro Base Parameter Cross-Site Scripting
  • Description: Mitridata Form Mail: Email Form Processor Pro is an application that processes forms on websites. The application is developed in PHP, Perl and ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "base" parameter of the "simple-contact-form-with-preview.html" script.
  • Ref: http://www.securityfocus.com/archive/1/474615
  • 07.31.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vikingboard Multiple Cross-Site Scripting Vulnerabilities
  • Description: Vikingboard is a forum board. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the following script and parameter groups: "cp.php : id, f, e, act", "user.php : u", "help.php : act", "post.php : e, f, t, poll, p", "report.php : p" and "topic.php : s". Vikingboard version 0.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25056
  • 07.31.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FORMfield AdMan Login.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: FORMfield AdMan is an advertisement management server. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "user" and "pwd" parameters of the "login.php" script. AdMan version 1.0.20051202 is affected.
  • Ref: http://www.securityfocus.com/bid/25057
  • 07.31.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Aruba Mobility Controllers Login Pages Cross-Site Scripting
  • Description: The Aruba Mobility Controllers application is used to scale ArubaOS and other software module capabilities on enterprise networks. The application's management interface is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the login page CGI script. Aruba Mobility Controllers versions prior to 2.5.4.18, and FIPS versions prior to 2.4.8.6-FIPS are affected.
  • Ref: http://www.securityfocus.com/bid/25059
  • 07.31.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FORMfield Secure Login.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: FORMfield Secure is a web-based group management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "user" and "pwd" parameters of the "login.php" script. FORMfields Secure version 1.0.20070629 is affected.
  • Ref: http://www.securityfocus.com/bid/25024
  • 07.31.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: W1L3D4 Philboard W1L3D4_Aramasonuc.ASP Cross-Site Scripting
  • Description: W1L3D4 Philboard is a web-based forum. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "searchterms" parameter of the "W1L3D4_aramasonuc.ASP" script. W1L3D4 Philboard version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25055
  • 07.31.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CPanel Resname Parameter Cross-Site Scripting
  • Description: cPanel is a web hosting control panel. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "resname" parameter of the "changepro.html" script. cPanel version 10.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25047
  • 07.31.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AlstraSoft SMS Text Messaging Enterprise Multiple Cross-Site Scripting Vulnerabilities
  • Description: SMS Text Messaging Enterprise is a free SMS text messaging application. The application is exposed to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the following script and parameter groups: "admin/membersearch.php: domain, q" and "dmin/edituser.php: userid". AlstraSoft SMS Text Messaging Enterprise version 2.0 is affected. Ref: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
  • 07.31.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AlstraSoft Text Ads Enterprise Multiple Cross-Site Scripting Vulnerabilities
  • Description: AlstraSoft Text Ads Enterprise is a web-based advertising application. The application is exposed to multiple cross-site scripting issues due to a failure in the application to properly sanitize user-supplied input to the following script and parameter groups: "- /ads/forgot_uid.php : r", "/ads/search_results.php : query, AlexaRating", and "/ads/website_page.php : pageId". AlstraSoft Text Ads Enterprise version 2.1 is affected. Ref: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
  • 07.31.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webbler CMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Webbler CMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the following parameters of the "/uploader/index.php" script: "login" and "page". Webbler CMS version 3.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25040
  • 07.31.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Alisveris Sitesi Scripti Index.ASP Cross-Site Scripting
  • Description: Alisveris Sitesi Scripti is a web application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "index.asp" script.
  • Ref: http://www.securityfocus.com/bid/25007
  • 07.31.66 - CVE: CVE-2007-3383
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat SendMailServlet Cross-Site Scripting
  • Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. Tomcat versions 4.0.0 to 4.0.6 and 4.1.0 to 4.1.36 are affected.
  • Ref: http://tomcat.apache.org/security-4.html
  • 07.31.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: UseBB PHP_SELF Multiple Cross-Site Scripting Vulnerabilities
  • Description: UseBB is a freely available, open source Web forum application. The application is exposed to a cross-site scripting issue due to a failure in the application to properly sanitize user-supplied input. UseBB version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/24990
  • 07.31.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MetaLib Keyword Search Keyword Searches Cross-Site Scripting
  • Description: MetaLib is an application that provides a consolidated search environment for remote information resources. Movable Type is exposed to a cross-site scripting issue that occurs in an unspecified parameter related to keyword searches of an unspecified script. MetaLib version 3.13 is affected.
  • Ref: http://escarpment.net/exlibris.txt
  • 07.31.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BSM Store Dependent Forums UserName Parameter SQL Injection
  • Description: BSM Store Dependent Forums is a web-forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" form field parameter of an unspecified script before using it in an SQL query. BSM Store Dependent Forums version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/25072
  • 07.31.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IndexScript Show_cat.PHP SQL Injection
  • Description: IndexScript is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat_id" parameter of the "show_cat.php" script. IndexScript version 2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/25064
  • 07.31.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: webyapar Multiple SQL Injection Vulnerabilities
  • Description: webyapar is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following script and parameter groups: "download : kat_id" and "uyurular_detay : id". webyapar version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25061
  • 07.31.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpMyForum EditPost.PHP SQL Injection
  • Description: phpMyForum is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to unspecified parameters of the "editpost.php" script before using it in an SQL query. phpMyForum versions prior to 4.1.4 are affected.
  • Ref: http://www.securityfocus.com/bid/25009
  • 07.31.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Image Racer SearchResults.ASP SQL Injection
  • Description: Image Racer is a photo stock application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "SearchWord" parameter of the "SearchResults.asp" script before using it in an SQL query. Image Racer version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25010
  • 07.31.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlogSite Professional Index.PHP SQL Injection
  • Description: BlogSite Professional is a PHP-based web log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "news_id" parameter of the "index.php" script. NetArt Media BlogSite Professional version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/24976
  • 07.31.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Alisveris Sitesi Scripti Index.ASP SQL Injection Vulnerabilities
  • Description: Alisveris Sitesi Scripti is a web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cat_id" and "product_id" parameters of the "index.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/25005
  • 07.31.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WSN Links Basic Edition CatID Parameter SQL Injection
  • Description: WSN Links Basic Edition is a web-based directory application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "catid" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/24996
  • 07.31.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iExpress Property Pro Vir_Login.ASP SQL Injection
  • Description: iExpress Property Pro is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" input box of the "vir_Login.asp" script.
  • Ref: http://www.securityfocus.com/bid/24992
  • 07.31.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iExpress Munch Pro Login SQL Injection
  • Description: iExpress Munch Pro is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password field of the login script.
  • Ref: http://www.securityfocus.com/bid/24993
  • 07.31.79 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPHostBot Authorize.PHP Remote File Include
  • Description: PhpHostBot is a client account creation and billing application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "login_form" parameter of the "authorize.php" script. PhpHostBot version 1.05 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474682
  • 07.31.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Ifoto Index.PHP Directory Traversal
  • Description: iFoto is a web-based image gallery application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory-traversal string ("../") are sent to the "dir" parameter of the "index.php" script. iFoto version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25065
  • 07.31.81 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Video Share Enterprise Multiple Input Validation Vulnerabilities
  • Description: AlstraSoft Video Share Enterprise is a PHP-based video sharing application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Ref: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
  • 07.31.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Vikingboard Multiple Information Disclosure Weaknesses
  • Description: Vikingboard is a bulletin board application. The application is exposed to multiple information disclosure issues because an attacker may compose malicious HTTP requests using the "debug" parameter of the "forum.php" and "cp.php" scripts to obtain sensitive information. Vikingboard version 0.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25060
  • 07.31.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Webbler CMS Mail A Friend Open Email Relay
  • Description: Webbler CMS is a PHP-based content management system. The application is exposed to an open email relay issue which occurs in the "mail to friend" form. The application does not restrict attackers to send unsolicited emails to unsuspecting victims. Webbler CMS version 3.1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474521
  • 07.31.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Article Directory Index.PHP Remote File Include
  • Description: Article Directory is a web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/25042
  • 07.31.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Entertainment CMS Custom.PHP Local File Include
  • Description: Entertainment CMS is a content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pagename" parameter of the "custom.php" script.
  • Ref: http://www.securityfocus.com/bid/25039
  • 07.31.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Confixx Saveserver.PHP Remote File Include
  • Description: Confixx is a web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "thisdir" parameter of the "admin/business_inc/saveserver.php" script. Confixx PRO version 3.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25036
  • 07.31.87 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Affiliate Network Pro Multiple Input Validation Vulnerabilities
  • Description: AlstraSoft Affiliate Network Pro is a web application. The application is exposed to multiple input validation issues because the application fails to sufficiently sanitize user-supplied input. AlstraSoft Affiliate Network Pro version 8.0 is affected. Ref: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
  • 07.31.88 - CVE: Not Available
  • Platform: Web Application
  • Title: StatCounter HTTP Referrer Field HTML Injection
  • Description: StatCounter is a web tracker, hit counter, and web stats application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the HTTP "Referrer" field before using it in dynamically generated content.
  • Ref: http://www.securityfocus.com/bid/25028
  • 07.31.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHMe Function_List.PHP Local File Include
  • Description: PHMe is a content management system (CMS). The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "action" parameter of the "resources/function_list.php" script. PHMe version 0.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25011
  • 07.31.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Webspell Index.PHP Local File Include
  • Description: Webspell is a web-based forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "site" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/25012
  • 07.31.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Search Component Remote Command Execution
  • Description: Joomla! is a web-based content management system (CMS). The application is exposed to a remote command execution issue because it fails to adequately sanitized user-supplied data. Joomla! version 1.5 beta 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474417
  • 07.31.92 - CVE: Not Available
  • Platform: Web Application
  • Title: JBlog Multiple Input Validation Vulnerabilities
  • Description: JBlog is a web-log application. The application is exposed to multiple input validation issues, including cross-site scripting and HTML injection issues because the application fails to properly sanitize user-supplied input. JBlog version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474320
  • 07.31.93 - CVE: Not Available
  • Platform: Web Application
  • Title: RGameScript Pro Page.PHP Remote File Include
  • Description: RGameScript Pro is a content management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "page.php" script.
  • Ref: http://www.securityfocus.com/bid/24995
  • 07.31.94 - CVE: Not Available
  • Platform: Web Application
  • Title: dirLIST Information Disclosure And Security Bypass Vulnerabilities
  • Description: dirLIST is an http://www.php.net/directory listing utility. The application is exposed to the following issues: an information disclosure issue due to a lack of proper sanitization of user-supplied input, and an authentication bypass issue. dirLIST version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/24987
  • 07.31.95 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Wireless LAN Control ARP Storm Multiple Denial of Service Vulnerabilities
  • Description: The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). The application is exposed to multiple denial of service issues because the application fails to properly handle unicast ARP traffic. Cisco Wireless LAN Control versions 3.2, 4.0 and 4.1 are affected. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

A significant amount of information but with the information so well documented in the books, this will become a valuable reference tool for me in the future
-Rick Funaro, KAPL, Inc

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU