Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 32
August 6, 2007

SANS Newsletters Home

Apple Macs are being targeted for many of the same types of attacks as Windows - this week both specially crafted PDFs and malicious web sites have been shown to be able to infect Mac OS-X and Safari and various third-party applications included with OS-X. Also, the security scanner, Nessus has multiple critical vulnerabilities and the Novell client for Windows has a buffer overflow has a critical vulnerability, as well.

Alan PS. Cost savings for SANS Network Security 2007 in Las Vegas (September 22-30) expire Wednesday, August 8, at 11:59 PM. EDT. http://www.sans.org/ns2007

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - -------------------------------------------------------------------------
    • Third Party Windows Apps
    • 17 (#2, #3, #4)
    • Mac Os
    • 1 (#1)
    • Linux
    • 4
    • HP-UX
    • 2
    • Solaris
    • 2
    • Aix
    • 2
    • Cross Platform
    • 18 (#5, #6)
    • Web Application - Cross Site Scripting
    • 14
    • Web Application - SQL Injection
    • 15
    • Web Application
    • 21
    • Network Device
    • 1

*************************************************************************

SECURITY TRAINING UPDATE

SANS Network Security 2007 (September 22-30, in Las Vegas) is the largest fall conference on cybersecurity with more than 40 courses and wonderful evening sessions and a big vendor exposition. Most importantly, it brings together the top rated teachers in cybersecurity in the world. How good are they? Here's what past attendees said:

"This course has valuable information that can be implemented immediately in the work place." (Christopher O'Brien, Booz Allen Hamilton)

"The quality of teachers, speakers, and even attendees is far superior to any other training event I've attended." (Corinne Cook, Jeppesen)

"SANS provides by far the most in-depth security training with the true experts in the field as instructors." (Mark Smith, Costco Wholesale)

Registration information: http://www.sans.org/ns2007/

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
HP-UX
Solaris
Aix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple Mac OS X and Safari Multiple Vulnerabilities (Security Update 2007-007)
  • Affected:
    • Apple Mac OS X versions 10.4.10 and prior
    • Apple iPhone versions prior to 1.0.1

  • Description: Apple has released Security Update 2007-007, which addresses several vulnerabilities in Mac OS X, Safari, and various third-party applications included in Mac OS X. Flaws in WebCore and WebKit (the web frameworks used by most Mac OS X applications to render web pages), CoreAudio (Mac OS X's audio framework), and Quartz Composer could allow a specially crafted web page to execute arbitrary code with the privileges of the current user. A specially crafted PDF file could also lead to arbitrary code execution with the privileges of the current user. Additionally, flaws in the mDNSResponder subsystem could allow attackers to execute arbitrary code with root privileges. Several other flaws could allow arbitrary FTP command execution, cross site scripting, web response splitting, and other vulnerabilities. Numerous flaws in third-party components could also lead to a variety of vulnerabilities, including arbitrary code execution.

  • Status: Apple confirmed, updates available. Note that the vulnerabilities in WebCore, WebKit, and other components also affect the iPhone. Successfully exploiting these vulnerabilities would allow an attacker to take complete control of the phone. The Mac OS X updates are available via Apple's Software Update facility. The iPhone updates are available only through iTunes.

  • Council Site Actions: Only one of the responding council sites is using the affected software and they have already pushed the updates to their Apple desktops and servers.

  • References:
  • (2) CRITICAL: Nessus Vulnerability Scanner ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Nessus Vulnerability Scanner versions 3.0.6 and prior

  • Description: Nessus, a popular vulnerability scanning application, contains several flaws in its "SCANCTRL" ActiveX control. The control fails to properly validate calls to its "deleteReport", "deleteNessusRC", "saveNessusRC", and "addsetConfig" methods. A specially crafted web page that instantiates this control could exploit these vulnerabilities to overwrite arbitrary files, send arbitrary local files to a remote host, or delete arbitrary files.. Note that by overwriting certain files, arbitrary code execution is possible. Full technical details and proofs-of-concept are available for these vulnerabilities.

  • Status: Nessus has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism.

  • Council Site Actions: Two of the responding council sites are using the affected software. One site has already updated to Version 3.0.6.1, and the other site will upgrade during their next regularly scheduled system maintenance cycle.

  • References:
  • (3) CRITICAL: Novell Client NWSPOOL.DLL Buffer Overflow
  • Affected:
    • Novell Client for Microsoft Windows versions 4.91 and prior

  • Description: The Novell Client for Microsoft Windows provides machines running Microsoft Windows access to Novell network services. This client exports a Remote Procedure Call (RPC) interface via a named pipe. Several procedures exported through this interface fail to properly validate the lengths of their arguments, and therefore and an overlong string provided to the interface can trigger a buffer overflow vulnerability and allow an attacker to execute arbitrary code on the system. Some technical details for this vulnerability are publicly available.

  • Status: Novell confirmed, updates available.

  • References:
  • (4) HIGH: Ipswitch Internet Collaboration Suite Multiple Vulnerabilities
  • Affected:
    • Ipswitch Internet Collaboration Suite 2006
    • Ipswitch IMail Premium 2006.21 and prior

  • Description: Ipswitch IMail and Ipswitch Internet Collaboration Suite, a popular enterprise mail and collaboration system for Microsoft Windows, contain multiple vulnerabilities in its implementation of the IMAP "SEARCH" command. An overlong IMAP SEARCH command would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). Note that attacker would require authentication to exploit these vulnerabilities.

  • Status: Ipswitch has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration is not in production or widespread use, or is not officially supported at any of the responding council sites. They reported that no action was necessary.

  • References:
  • (5) HIGH: Xpdf Buffer Overflow
  • Affected:
    • Xpdf versions 3.0 and prior
    • Viewers based on Xpdf, including Kpdf

  • Description: Xpdf, a Portable Document Format (PDF) viewer for the X Window System contains a buffer overflow in its handling of PDF documents. Xpdf or an application based thereon is installed by default on many Unix, Unix-like, and Linux systems. A specially-crafted PDF document could trigger this overflow, and potentially execute arbitrary code with the privileges of the current user. Note that, depending on the configuration, PDF documents may be opened automatically by the vulnerable application without first prompting the user. Many PDF viewers and other applications use Xpdf or code from Xpdf, and are therefore vulnerable. Also, since Xpdf is open source, full technical details for this vulnerability may be obtained via source code analysis.

  • Status: Vendor confirmed, updates available.

  • Council Site Actions: Two of the responding council sites are using the affected software, but on a limited basis. Both sites plan to patch or replace the software during their next regularly scheduled system maintenance cycle.

  • References:
  • (6) MODERATE: Mozilla Products Script Execution Vulnerability
  • Affected:
    • Mozilla products that have been patched for the MFSA 2007-20 vulnerability

  • Description: The Mozilla Firefox web browser, Thunderbird email client, and SeaMonkey internet suite, contain a flaw in their handling of certain URLs when an addon uses the "about:blank" page. A specially crafted webpage could exploit this vulnerability to execute arbitrary JavaScript with "chrome" privileges. These privileges are usually reserved for local JavaScript and involve the user interface. At the very least, attackers could use this vulnerability to alter the user interface (including spoofing the current location), in addition to other vulnerabilities. A proof-of-concept for this vulnerability is available, as are full technical details. Note that the exact nature of the vulnerability depends on the affected addon.

  • Status: Mozilla confirmed, updates available. Note that this vulnerability was introduced by the patch for the MFSA 2007-20 vulnerability.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 32, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5547 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.32.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Panda Antivirus 2008 Local Privilege Escalation
  • Description: Panda Antivirus is an antivirus application for the Microsoft Windows operating system. The application is exposed to a local privilege escalation issue that stems from a design error. Panda Antivirus version 2008 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475373
  • 07.32.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystem Ichitaro Unspecified Code Execution
  • Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to an unspecified code execution issue. The problem occurs when the application tries to process a malformed document. Ref: http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99
  • 07.32.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BlueSkyChat ActiveX Control Buffer Overflow
  • Description: BlueSkyChat is an ActiveX control utilized by several third-party web-based chat server sites. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. BlueSkyChat ActiveX control version 8.1.2.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.32.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nullsoft Winamp M3U File Denial of Service
  • Description: Winamp is a freely available media player from Nullsoft. It is available for the Microsoft Windows platform. The application is exposed to a remote denial of service issue due to a failure in the application to properly handle certain "m3u" files. Winamp version 5.35 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475161
  • 07.32.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Visionsoft Audit Multiple Remote Vulnerabilities
  • Description: Visionsoft Audit is an IT auditing application available for Microsoft Windows. The application is exposed to multiple remote issues. Visionsoft Audit version 12.4.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25153
  • 07.32.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch IMail Server and Collaboration Suite (ICS) Multiple Buffer Overflow Vulnerabilities
  • Description: Ipswitch IMail Server is an email server that serves clients their mail via a web interface. It runs on Microsoft Windows. The application is exposed to multiple buffer overflow issues because these applications fail to properly bounds check user-supplied input before copying it into an insufficiently sized memory buffer. Ipswitch Collaboration Suite (ICS) 2006, IMail Premium versions 2006.2 and 2006.21 are affected.
  • Ref: http://www.securityfocus.com/bid/25176
  • 07.32.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware Vielib.DLL ActiveX Control Multiple Remote Code Execution Vulnerabilities
  • Description: VMWare is virtualization software available for a variety of platforms. An ActiveX control installed with VMware is exposed to multiple remote code execution issues because the application fails to verify the origin of a call to the "CreateProcess" and "CreateProcessEx" methods in the "vielib.dll" dynamic library. VMware version 6.0.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.32.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ArgoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite
  • Description: ArGoSoft Mail Server is a Windows-based mail server. The application is exposed to an arbitrary file overwrite issue that occurs in the "mlsrv.dll" ActiveX control with CLSID: 3F06B376-8DB8-49D1-8BF8-D4C070EFEBA5. ArGoSoft Mail Server version 1.8.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25105
  • 07.32.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Guidance Software EnCase Forensic Multiple Denial of Service Vulnerabilities
  • Description: Guidance Software EnCase Forensic is a computer forensics application for the Microsoft Windows operating platform. EnCase is exposed to multiple denial of service issues because it fails to handle specially crafted and malformed NTFS file systems.
  • Ref: http://www.securityfocus.com/archive/1/474727
  • 07.32.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Guidance Software EnCase Forensic Unspecified Denial of Service
  • Description: Guidance Software EnCase Forensic is a computer forensics application for the Microsoft Windows operating platform. EnCase is exposed to an unspecified denial of service issue when a specially crafted NTFS file system is parsed, the affected software will enter and infinite-recursion loop. This will exhaust memory on the stack. EnCase Forensics version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474811
  • 07.32.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraDefrag FindFiles Function Buffer Overflow
  • Description: UltraDefrag is a freely available defragmentation application for Microsoft Windows operating systems. The application is exposed to a buffer overflow issue due to a failure of the application to perform adequate bounds checks on user-supplied data. UltraDefrag versions prior to 1.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/25102
  • 07.32.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware Vielib.DLL ActiveX Control Remote Code Execution
  • Description: VMWare is virtualization software available for a variety of platforms. An ActiveX control installed with VMware is exposed to a remote code execution issue because the application fails to verify the origin of a call to the "StartProcess" method in the "viewlib.dll" dynamic library. VMware version 6.0.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.32.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution
  • Description: The Baidu Soba search bar is an application that integrates with the Baidu.com website. An ActiveX control installed with the Baidu Soba search bar is exposed to a remote code execution issue that occurs because the "BaiduBar.dll" ActiveX control fails to properly sanitize remotely supplied data. The Baidu Soba search bar version 5.4 is affected.
  • Ref: http://www.fortiguardcenter.com/advisory/FGA-2007-10.html
  • 07.32.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware IntraProcessLogging.DLL ActiveX Control Arbitrary File Overwrite
  • Description: An ActiveX control installed with VMware is exposed to an arbitrary file overwrite issue that occurs because the application fails to sanitize user-supplied input to the "SetLogFileName" method in the "IntraProcessLogging.dll" dynamic library. VMware version 5.5.3.42958 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.32.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell Client NWSPOOL.DLL Unspecified Buffer Overflow
  • Description: Novell Client is a workstation application to enable access to Novell NetWare network services. The application is exposed to an unspecified buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer in the "NWSPOOL.DLL" library. Novell Client version 4.91 SP4 is affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005400.html
  • 07.32.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow
  • Description: Yahoo! Widgets are small applications that bring Internet interactivity to the desktop. The issue affects an ActiveX control in the Yahoo! Widgets Engine. Yahoo! Widgets Engine is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue resides in the YDPCTL.YDPControl.1 ActiveX control. Yahoo! Widgets Engine 4.0.3 (build 178) is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.32.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
  • Description: Nessus is a security scanner application for multiple operating systems. Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX control is exposed to multiple issues due to insecure access to methods such as "deleteReport()", "deleteNessusRC()", and "saveNessusRC()". Nessus version 3.0.6 is affected.
  • Ref: http://secunia.com/advisories/26243/
  • 07.32.18 - CVE: CVE-2007-2403, CVE-2007-2404, CVE-2007-3745,CVE-2007-3744, CVE-2007-3746, CVE-2007-3747, CVE-2007-3748,CVE-2007-2405, CVE-2007-2406, CVE-2007-2407, CVE-2007-2409,CVE-2007-2410, CVE-2007-0478
  • Platform: Mac Os
  • Title: Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Apple Mac OS X versions 10.4.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25159
  • 07.32.19 - CVE: Not Available
  • Platform: Linux
  • Title: Dovecot ACL Plugin Security Bypass
  • Description: Dovecot is a mail server application for Linux and UNIX-like operating systems. The application is exposed to a security bypass issue when a user with "i" (insert) permissions for a certain mailbox uses the "COPY" and "APPEND" commands to save other flags. Dovecot versions prior to 1.0.3 are affected.
  • Ref: http://www.dovecot.org/list/dovecot-news/2007-August/000048.html
  • 07.32.20 - CVE: CVE-2007-3388
  • Platform: Linux
  • Title: TrollTech QT QTextEdit Multiple Format String Vulnerabilities
  • Description: Trolltech Qt is an application framework for developing graphical user interfaces (GUI) for the X Windows system. It is primarily used in KDE and supports windowing, multimedia, and other functionality. The application framework is exposed to multiple format string issues because it fails to securely display error messages. Trolltech Qt version 3 is affected.
  • Ref: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248417
  • 07.32.21 - CVE: Not Available
  • Platform: Linux
  • Title: KDE Konqueror Assert Denial of Service
  • Description: Konqueror is a browser included with the KDE desktop manager. The application is exposed to a remote denial of service issue because it fails to handle improperly formated HTML code. Konqueror versions 3.5.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25170
  • 07.32.22 - CVE: Not Available
  • Platform: Linux
  • Title: Fail2Ban Remote Denial of Service
  • Description: Fail2Ban is an application designed to monitor authentication failure messages and block hosts that attempt brute-force attacks against network services. The application is exposed to a remote denial of service issue because it fails to properly ensure the validity of authentication failure messages for SSH connection attempts. Fail2Ban versions 0.8.0 and earlier are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=181214
  • 07.32.23 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX ARPA Transport Unspecified Local Denial of Service
  • Description: ARPA Transport software is used to provide TCP/IP and Socket support as well as TCP/IP administration commands. Instances of HP-UX that are running ARPA Transport software are exposed to an unspecified local denial of service issue. HP-UX versions 11.11 and 11.23 are affected.
  • Ref: http://www.securityfocus.com/bid/25165
  • 07.32.24 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX ARPA Transport Unspecified Remote Denial of Service
  • Description: ARPA Transport software is used to provide TCP/IP and Socket support as well as TCP/IP administration commands. The application is exposed to a remote denial of service issue due to an unspecified error. HP-UX B.11.31, B.11.23 and B.11.11 are affected.
  • Ref: http://www.securityfocus.com/bid/25147
  • 07.32.25 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris DTrace Local Denial of Service
  • Description: Sun Solaris is exposed to a local denial of service issue that is triggered when certain unspecified DTrace D programs are executed by users. The kernel may panic with the "send mondo timeout" message. This issue may be triggered by users with the "PRIV_DTRACE_USER" privilege. Solaris 10 SPARC and x86 are affected.
  • Ref: http://sunsolve.sun.com/show.do?target=tous
  • 07.32.26 - CVE: Not Available
  • Platform: Solaris
  • Title: Solaris FingerD Daemon Information Disclosure
  • Description: The Sun Solaris operating system is exposed to an information disclosure issue due to a design error in the "fingerd" daemon. Sun Solaris versions 7.0 _x86, 8 and 9 are affected.
  • Ref: http://www.securityfocus.com/archive/1/474858
  • 07.32.27 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX Pioinit File Overwrite Code Execution
  • Description: The IBM AIX "pioinit" script is a boot script used to initialize printer services. AIX is exposed to an issue that allows attackers to execute arbitrary code with superuser privileges due to insecure permissions on the "pioinit" script. IBM AIX versions 5.2 and 5.3 are affected. Ref: http://www14.software.ibm.com/webapp/set2/sas/f/genunix3/aixfixes.html
  • 07.32.28 - CVE: CVE-2007-4003
  • Platform: Aix
  • Title: IBM AIX Pioout Arbitrary Library Loading Code Execution
  • Description: The IBM AIX "pioout" is a program used to interface with printer drivers. It is installed setuid-superuser by default. AIX is exposed to an issue that allows attackers to execute arbitrary code with superuser privileges due to insecure permissions on the shared libraries that are loaded by the program. IBM AIX versions 5.2 and 5.3 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=569
  • 07.32.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
  • Description: Sun Java System Web Server is an application for serving and managing web applications. The application is exposed to multiple HTTP redirect related issues which include HTTP response splitting, HTTP header injection, and unauthorized access to system resources.
  • Ref: http://sunsolve.sun.com/show.do?target=tous
  • 07.32.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
  • Description: Mozilla Firefox is a browser available for multiple operating systems. Minimo is a minimalist browser for Windows mobile created by the Mozilla foundation. Minimo shares some of the same functionality as Firefox. The application is exposed to an information disclosure weakness. Firefox version 2.0.0.6 and Minimo .2 are affected.
  • Ref: http://airscanner.com/security/07080103_minimo.2.htm
  • 07.32.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kaspersky Anti-Spam Insecure File Permissions
  • Description: Kaspersky Anti-Spam is a mail filter designed to identify and process spam. The application is exposed to an insecure file permissions issue because of an access validation error in setting access rights regarding previous updates for previous product versions. Kaspersky Anti-Spam versions 3.0 MP1 prior to Critical Fix 2 (3.0.278.4) are affected.
  • Ref: http://www.kaspersky.com/technews?id=203038705
  • 07.32.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: The Sleuth Kit Multiple Denial of Service And Buffer Overflow Vulnerabilities
  • Description: The Sleuth Kit Forensic is a computer forensics application for various platforms. The Sleuth Kit is exposed to multiple denial of service and buffer overflow issues. The Sleuth Kit versions prior to 2.09 are affected. http://sourceforge.net/project/shownotes.php?group_id=55685&release_id=515880
  • 07.32.33 - CVE: CVE-2007-2408
  • Platform: Cross Platform
  • Title: Apple Safari Disable Java Preference Failure Weakness
  • Description: Apple Safari is a browser for multiple operating platforms. The application is exposed to a weakness that may result in the execution of potentially malicious Java applets. Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are affected.
  • Ref: http://www.securityfocus.com/bid/25157
  • 07.32.34 - CVE: CVE-2007-3108
  • Platform: Cross Platform
  • Title: OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure
  • Description: OpenSSL is a freely-available cryptographic library available for multiple platforms. It is used in many products. The application is exposed to a local information disclosure issue due to an implementation flaw in the RSA algorithm. OpenSSL 0.9.8 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/RGII-74KLP3
  • 07.32.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: iBON Search Field Local Denial of Service
  • Description: iBON is a database of collated information designed for use with Slovenian businesses. The application is exposed to a local denial of service issue because it fails to perform adequate boundary checks on user-supplied input. iBON versions prior to iBON 2007 are affected. Ref: http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=3837;list=fulldisc
  • 07.32.36 - CVE: CVE-2007-3844
  • Platform: Cross Platform
  • Title: Mozilla Firefox Chrome-Loaded About:Blank Script Execution
  • Description: Mozilla Firefox is a browser available for multiple operating systems. The application is exposed to an issue that allows JavaScript to execute with unintended privileges. Firefox versions 2.0.0.5 and earlier are affected.
  • Ref: http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
  • 07.32.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/Cm2/Hierarchical Viewer Unspecified Denial of Service
  • Description: Hitachi JP1/Cm2/Hierarchical Viewer is exposed to an unspecified denial of service issue when the application receives unexpected data. JP1/Cm2/Hierarchical Viewer for Windows, HP-UX, and Solaris are affected. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html
  • 07.32.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi uCosminexus Application Server Session Failover User Data Leak
  • Description: Hitachi uCosminexus Application Server is a JTEE-compliant environment for running applications. The Application Server is exposed to a user data leak issue that resides in the Cosminexus Component Container. The affected container uses session information in an insecure manner, allowing certain unspecified malicious requests to trigger the unintended re-use of session data of other users. Hitachi uCosminexus Application Server, which is included in various Hitachi applications is affected. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
  • 07.32.39 - CVE: CVE-2007-3387
  • Platform: Cross Platform
  • Title: KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow
  • Description: Portable Document Format (PDF) is a file format developed by Adobe. The following KDE applications can be used to view PDF files: "kpdf", "kword" and "xpdf". These applications are exposed to a stack-based buffer overflow issue that occurs because the applications fail to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.kde.org/info/security/advisory-20070730-1.txt
  • 07.32.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TIBCO Rendezvous RVD Daemon Unspecified Denial of Service
  • Description: TIBCO Rendezvous is a network-based message passing platform. The RVD daemon in TIBCO Rendezvous is exposed to a remote denial of service issue. TIBCO Rendezvous version 7.5.2 is affected. Please refer to the link below for further information. Ref: http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf
  • 07.32.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Win32Service Extension Safe_Mode Restriction Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to a "safe_mode" restriction bypass issue that resides in the "win32service" extension. PHP version 5.2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474828
  • 07.32.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CoreHTTP Http.C Buffer Overflow
  • Description: CoreHTTP is an HTTP server implemented in C. It is available for POSIX-based operating systems. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. CoreHTTP version 0.5.3 alpha is affected.
  • Ref: http://www.securityfocus.com/bid/25120
  • 07.32.43 - CVE: CVE-2007-2953
  • Platform: Cross Platform
  • Title: Vim HelpTags Command Remote Format String
  • Description: Vim is a text-editing application available for multiple operating platforms. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before including it in the format specifier argument of a formatted printing function. Vim versions 6.4 and 7.1 are affected.
  • Ref: http://secunia.com/secunia_research/2007-66/advisory/
  • 07.32.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Advanced Webhost Billing System Multiple Vulnerabilities
  • Description: Advanced Webhost Billing System (AWBS) is a domain management system. The application is exposed to the following remote issues: a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input to an unspecified script and parameter, an information disclosure issue because the application does not properly control what information users can view regarding dedicated servers in a co-hosting environment, and an SQL injection issue because the application fails to sufficiently sanitize user-supplied input to an unspecified script and parameter. Advanced Webhost Billing System (AWBS) version 2.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25089
  • 07.32.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ADempiere Bazaar WebUI Unspecified Authentication Bypass
  • Description: ADempiere Bazaar is an open source CRM and business application system. The application is exposed to an unspecified authentication bypass issue that allows access to certain system level windows that are intended for administrators. ADempiere Bazaar versions prior to 3.3 beta (Victoria Edition) are affected.
  • Ref: http://www.securityfocus.com/bid/25091
  • 07.32.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MLDonkey Country-Based IP Blocking Security Bypass
  • Description: MLDonkey is a peer-to-peer client that operates on multiple platforms and networks. The application is exposed to a security bypass issue due to a design error. MLDonkey versions prior to 2.9.0 are affected.
  • Ref: http://www.securityfocus.com/bid/25093
  • 07.32.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress Upload.PHP Cross-Site Scripting
  • Description: WordPress allows users to generate news pages and web-logs dynamically. It is implemented in PHP with a MySQL database. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "style" parameter of the "wp-admin/upload.php" script when the "post_id" parameter is set to a negative value. WordPress version 2.2.1 is affected.
  • Ref: http://trac.wordpress.org/ticket/4689
  • 07.32.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebDirector Index.PHP Cross-Site Scripting
  • Description: WebDirector is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "deslocal" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/25166
  • 07.32.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Sametime Server Unspecified Cross-Site Scripting
  • Description: IBM Lotus Sametime Server is a commercially-available instant-messaging and web conferencing application. IBM Lotus Sametime Server is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input prior to utilizing it in dynamically-generated content. IBM Lotus Sametime Server version 7.5.1 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21266789
  • 07.32.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenRat Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: OpenRat is a web-based content management system (CMS) implemented in PHP. The application is exposed to multiple cross-site scripting isues because it fails to properly sanitize user-supplied input to the "subaction", and "action" parameters of "index.php". OpenRat versions 0.8-beta1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25169
  • 07.32.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP-Nuke Search Module Cross-Site Scripting
  • Description: PHP-Nuke is a PHP-based content management system. The application is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. This issue occurs in an unspecified parameter of the search module.
  • Ref: http://www.securityfocus.com/archive/1/475249
  • 07.32.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Interact is an Online Learning Environment implemented in PHP, Apache, and MySQL. The software is exposed to multiple unspecified cross-site scripting issues because it fails to sanitize user-input to multiple unspecified scripts. Interact Online Learning Environment versions prior to 2.4 are affected.
  • Ref: http://www.interactole.org/spaces/space.php?space_key=1
  • 07.32.53 - CVE: CVE-2007-3384
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat Error Message Reporting Cross-Site Scripting
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. The software is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input before displaying error messages in "modules/generators/ErrorHandler.java". Specifically, input to the "Name" and "Value" fields of cookies is not properly sanitized. Tomcat versions 3.3 to 3.3.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/475321
  • 07.32.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Open Webmail Multiple Cross-Site Scripting Vulnerabilities
  • Description: Open Webmail is a Perl/CGI-based webmail application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Open Webmail version 2.5.2 20060821 is affected. Ref: http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html
  • 07.32.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebEvent Webevent.CGI Cross-Site Scripting
  • Description: WebEvent is a web-based calendar and scheduler application implemented in CGI/Perl. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "cmd" parameter of the "webevent.cgi" script.
  • Ref: http://www.securityfocus.com/bid/25148
  • 07.32.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Novell GroupWise WebAccess User.Id Parameter Cross-Site Scripting
  • Description: Novell GroupWise WebAccess is a secure mobile collaboration application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "User.Id" parameter of the "webacc" servlet. Novell GroupWise WebAccess version 6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/25126
  • 07.32.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IT!CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: IT!CMS is a content management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "wndtitle" parameter of the "lang-en.php", "menu-ed.php", and "titletext-ed.php" scripts. IT!CMS version 0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475064
  • 07.32.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Multiple Cross-Site Scripting Vulnerabilities
  • Description: Drupal CMS is a content management application available for a number of platforms, including Microsoft Windows and Unix/Linux variants. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Drupal versions prior to 4.7.7 and prior to 5.2 are affected.
  • Ref: http://drupal.org/files/sa-2007-018/advisory.txt
  • 07.32.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: sBlog Search.PHP Cross-Site Scripting
  • Description: sBlog is a PHP-based weblog application. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the unspecified parameter of the "search.php" script. sBlog version 0.7.3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/25098
  • 07.32.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpSysInfo Index.php Cross-Site Scripting
  • Description: phpSysInfo is an open source web application to display host information. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "index.php" script. phpSysInfo version 2.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25090
  • 07.32.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Hunkaray Okul Portali Duyuruoku.ASP SQL Injection
  • Description: Hunkaray Okul Portali is an ASP-based web portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "duyuruoku.asp" script before using it in an SQL query. Hunkaray Okul Portali version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475354
  • 07.32.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Arena paBugs Index.PHP SQL Injection
  • Description: paBugs is a web-based bug-tracking application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cid" parameter of the "index.php" script. paBugs version 2.0 Beta 3 is affected.
  • Ref: http://www.securityfocus.com/bid/25178
  • 07.32.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Adult Directory Directory.PHP SQL Injection
  • Description: Prozilla Adult Directory is a PHP-based directory application for adult content. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat_id" parameter of the "directory.php" script.
  • Ref: http://www.securityfocus.com/bid/25135
  • 07.32.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: wolioCMS Multiple SQL Injection Vulnerabilities
  • Description: wolioCMS is a content management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "member.php" script and the "login" input field on the administrative login page before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/475068
  • 07.32.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Gmaps Component Index.PHP SQL Injection
  • Description: The Joomla! Gmaps component is a PHP-based map component for the Joomla! content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mapId" parameter of the "index.php" script before using it in an SQL query. Gmaps version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/25146
  • 07.32.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SimpleBlog Comments_Get.ASP SQL Injection
  • Description: SimpleBlog is a ASP-based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "comments_get.asp" script before using it in an SQL query. SimpleBlog version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25123
  • 07.32.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Commerce Multiple Products admin.aspx SQL Injection
  • Description: Auction Script is a web-based portal application. Shopping Cart Script is a web-based shopping cart application. Multi-Vendor E-Shop Script is a shopping cart application that can handle products from multiple vendors. Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Username" field of "admin.aspx" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/475062
  • 07.32.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP123 Top Sites Category.PHP SQL Injection
  • Description: PHP123 Top Sites is a topsite application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "category.php" script.
  • Ref: http://www.securityfocus.com/bid/25128
  • 07.32.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Berthanas Ziyaretci Defteri Yonetici.ASP SQL Injection
  • Description: Berthanas Ziyaretci Defteri is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the username and password login form parameters of the "yonetici.asp" script before using it in an SQL query. Berthanas Ziyaretci Defteri version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474930
  • 07.32.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Real Estate Listing Website Application Template Login Dialog SQL Injection
  • Description: Real Estate Listing Website Application Template is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password login form parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/474934
  • 07.32.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LinPHA New_images.PHP SQL Injection
  • Description: LinPHA is a web-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "order" parameter of the "new_images.php" script. LinPHA versions up to 1.3.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25119
  • 07.32.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Online Event Registration Template Sign_In.ASPX SQL Injection
  • Description: Online Event Registration Template is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password login form parameter of the "sign_in.aspx" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/474931
  • 07.32.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Online Store Application Template Sign_In.ASPX SQL Injection
  • Description: Online Store Application Template is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password login form parameter of the "sign_in.aspx" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/25112
  • 07.32.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Message Board / Threaded Discussion Forum Sign_In.ASPX SQL Injection
  • Description: Message Board / Threaded Discussion Forum is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password login form parameter of the "sign_in.aspx" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/474937
  • 07.32.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Metyus Forum Portal Philboard_Forum.ASP SQL Injection
  • Description: Metyus Forum Portal is a web portal application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forumid" parameter of the "philboard_forum.asp" script before using it in an SQL query. Metyus Forum Portal 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/474815
  • 07.32.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Tor ControlPort Missing Authentication Unauthorized Configuration Change
  • Description: Tor is an implementation of second-generation onion routing, a connection-oriented anonymous communication service. The application is exposed to an unauthorized configuration change issue due to a design error when handling multiple connections to the ControlPort. Tor version 0.1.2.15 is affected.
  • Ref: http://archives.seul.org/or/announce/Aug-2007/msg00000.html
  • 07.32.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla Tour de France Pool Module mosConfig_absolute_path Remote File Include
  • Description: Tour de France Pool is a PHP-based module for the Joomla content manager. The application is prone to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "admin.tour_toto.php" script. Tour de France Pool version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475356
  • 07.32.78 - CVE: Not Available
  • Platform: Web Application
  • Title: ArticleLive NX Multiple Unspecified Vulnerabilities
  • Description: ArticleLive NX is a web-based article publishing application. The application is exposed to multiple unspecified issues. ArticleLive NX versions 1.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25150
  • 07.32.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordpress Multiple Input Validation Vulnerabilities
  • Description: WordPress allows users to generate news pages and web logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to multiple input validation issues. WordPress version 2.2.1 is affected. Ref: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
  • 07.32.80 - CVE: Not Available
  • Platform: Web Application
  • Title: WikiWebWeaver Index.PHP Arbitrary File Upload
  • Description: WikiWebWeaver is a PHP-based wiki. The application is exposed to an arbitrary file upload issue because the application fails to sanitize user-supplied input. WikiWebWeaver version 1.0 Beta 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475242
  • 07.32.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Live for Speed Replay File Buffer Overflow
  • Description: Live for Speed is an online racing simulator. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/25168
  • 07.32.83 - CVE: Not Available
  • Platform: Web Application
  • Title: IDE Group Online DVD Rental System Unspecified Cross-Site Scripting
  • Description: Online DVD Rental System is a web-based video rental application. The application is prone to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Online DVD Rental System 5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25177
  • 07.32.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Pluck Multiple Input Validation Vulnerabilities
  • Description: Pluck is a PHP-based content management system. The application is exposed to multiple input validation issues because the application fails to sufficiently sanitize user-supplied data. Pluck version 4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475323
  • 07.32.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Holotech Phorm FileUpload.PHP Arbitrary File Upload
  • Description: Holotech Phorm is a web-based mail application implemented in PHP. Phorm is formerly known as PHPMail. The application is exposed to an issue that lets attackers upload arbitrary files because the application fails to sufficiently sanitize files uploaded via the "fileupload.php" script. Phorm version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475098
  • 07.32.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Aplomb Poll Madoa Parameter Multiple Remote File Include Vulnerabilities
  • Description: Aplomb Poll is a PHP-based voting application. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "Madoa" parameter of the scripts "index.php", "vote.php" and "admin.php". Aplomb Poll version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25138
  • 07.32.87 - CVE: Not Available
  • Platform: Web Application
  • Title: BellaBiblio Admin.PHP Authentication Bypass
  • Description: BellaBiblio is a flat-file book rating and review script. The application is exposed to an authentication bypass issue that occurs in the "admin.php" script. An attacker can set the "bellabiblio" cookie value to "administrator" in order to bypass authentication as an administrative user.
  • Ref: http://www.securityfocus.com/archive/1/475103
  • 07.32.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Dora Emlak Script Admin.ASP Insecure Default Password
  • Description: Dora Emlak Script is a web-based application implemented in ASP. The application is exposed to an insecure default password issue where an attacker may log in to the "administartor/yonetim/patron/admin.asp" page with login password values of "sifre1" and "sifre2", and perform application functions as a trusted user. Dora Emlak Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/475101
  • 07.32.89 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Multiple Remote File Include Vulnerabilities
  • Description: vBulletin is a bulletin board application. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to these script and parameter groups: "functions.php : classfile", "functions_cron.php : nextitem" and "functions_forumdisplay.php : specialtemplates". vBulletin version 3.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/25141
  • 07.32.90 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Blogger Pref.DB Authentication Bypass
  • Description: PHP-Blogger is a photoblog application. The application is exposed to an authentication bypass issue because the administrator password hash is accessible in the "data/pref.db" file. PHP-Blogger version 2.2.7 is affected.
  • Ref: http://forcehacker.com/forum/viewtopic.php?t=2352
  • 07.32.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! 1.0.12 Multiple Security Vulnerabilities
  • Description: Joomla! is an open-source content management application. Joomla! is exposed to multiple security issues because of design and configuration weaknesses and a failure in the application to properly sanitize user-supplied input in a variety of scenarios. Joomla! versions prior to 1.0.13 are affected.
  • Ref: http://www.securityfocus.com/bid/25122
  • 07.32.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Neocrome Seditio PFS.PHP Arbitrary File Upload
  • Description: Neocrome Seditio is a content management system (CMS). The application is exposed to an issue that lets attackers upload arbitrary files because the application fails to sufficiently sanitize files uploaded via the "pfs.php" script. Seditio version v121 is affected.
  • Ref: http://www.securityfocus.com/bid/25130
  • 07.32.93 - CVE: Not Available
  • Platform: Web Application
  • Title: phpCoupon Remote Payment Bypass
  • Description: phpCoupon is a web-based coupon application implemented in PHP. It allows businesses to purchase and utilize coupon services from companies. The application is exposed to a remote payment bypass issue due to a failure of the application to properly secure PayPal payment transactions.
  • Ref: http://www.securityfocus.com/bid/25116
  • 07.32.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection
  • Description: Pay Roll - Time Sheet and Punch Card Application With Web Interface is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password login form parameter of the "login.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/25114
  • 07.32.95 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress WP-FeedStats HTML Injection
  • Description: WP-FeedStats is a plug-in for WordPress. It tracks web page feeds. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. WP-FeedStats versions prior to 2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/25085
  • 07.32.96 - CVE: CVE-2007-3909, CVE-2007-3910
  • Platform: Web Application
  • Title: Bandersnatch Multiple Input Validation Vulnerabilities
  • Description: Bandersnatch is a PHP-based application that logs Jabber instant messaging traffic. The application is exposed to multiple input validation issues which include: SQL injection in the "date" and "limit" parameters in "index.php" script and an HTML injection issue in the "resource name" form field parameter of the "conversation logs" script because the application fails to sufficiently sanitize user-supplied input. Bandersnatch version 0.4 is affected. Ref: http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-006.txt
  • 07.32.97 - CVE: CVE-2007-2927
  • Platform: Network Device
  • Title: Atheros Wireless Drivers Denial of Service
  • Description: Atheros wireless device drivers are hardware drivers for supporting Atheros 802.11 a/b/g wireless adapters for Microsoft Windows. Atheros wireless drivers are exposed to a denial of service issue because they fail to properly handle malformed wireless frames.
  • Ref: http://www.kb.cert.org/vuls/id/730169

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I learned techniques and processes that I can use as soon as I walk back into work.
-Michael Marrion

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.