Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 42
October 15, 2007

SANS Newsletters Home

The four most critical vulnerabilities this week touch just about every Windows user: Internet Explorer, Outlook Express, Word, even Kodak Image Viewer.

The Kodak threat highlights a useful, but unpleasant fact. Microsoft patched this product because it was distributed with Windows, but most of the other products you add to your computer are not patched automatically. Many vendors expect you to check with their web site to learn about flaws that need patching. The criminals know that - hence the new wave of attacks against applications. SO many vulnerabilities are being found in applications (nearly 100 this week alone in commercial applications - thousands more in in-house developed applications) that large buyers of custom and packaged software have already begun telling their suppliers and outsourcers that proof of secure coding skills is a prerequisite for being allowed to work on software that will be deployed on enterprise systems.

If anyone at your organization writes software for a living, (Strongly) encourage him or her to demonstrate mastery of secure coding at the December Secure Coding Examinations in Washington (www.sans.org/gssp).

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2 (#5, #12)
    • Microsoft Office
    • 3 (#2, #4)
    • Other Microsoft Products
    • 4 (#3)
    • Third Party Windows Apps
    • 11 (#1, #7, #8, #9,
    • Linux
    • 3
    • BSD
    • 1
    • Solaris
    • 4
    • Cross Platform
    • 17 (#6, #10, #11)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 7
    • Web Application
    • 34
    • Network Device
    • 5

********************** Sponsored By Sourcefire, Inc. ***********************

Free Seminar 10 Locations

Unveiling the Secrets to Smart Network Security

Martin Roesch Creator of SNORT(r) Founder and CTO of Sourcefire(r)

What lies beyond basic IPS? Where are the pitfalls? Where are the treasures? Join Martin Roesch on this enlightening journey and bring back a wealth of knowledge.

Click to learn more. http://www.sans.org/info/17966

****************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* SPONSORED LINKS **********************************

1) Come to Orlando and hear the latest on encryption tools - Encryption Summit December 3-4 http://www.sans.org/info/17971

2) SANS announces a new course, "Security 539: Mac OS X Security Fundamentals" in Albuquerque, 11/29-30/07, http://www.sans.org/info/17356

****************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Kodak Image Viewer/Microsoft Windows Image Format Vulnerability (MS07-055)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: The Kodak Image Viewer, an application distributed with Microsoft Windows and used for viewing various image formats, contains a flaw in its handling of Tagged Image File Format (TIFF) images files. A specially crafted TIFF file could trigger a memory corruption vulnerability. An attacker could exploit this vulnerability to execute arbitrary code with the privileges of the current user. A malicious web site hosting such an image could also exploit this vulnerability. Full technical details for this vulnerability are publicly available.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (2) CRITICAL: Microsoft Outlook Express and Windows Mail NNTP Handling Buffer Overflow (MS07-056)
  • Affected:
    • Microsoft Outlook Express on Microsoft Windows 2000/XP/Server 2003
    • Microsoft Windows Mail on Microsoft Windows Vista

  • Description: Microsoft Outlook Express and Windows Mail are the default Network News Transport Protocol (NNTP) clients on Microsoft Windows. NNTP, often called "netnews" or just "news" is a protocol for accessing distributed discussion groups. Microsoft Outlook Express and Windows Mail fail to properly handle certain malformed responses from NNTP servers. A specially crafted server response could exploit this vulnerability to execute arbitrary code with the privileges of the current user. The vulnerable applications are configured by default to open when a user accesses an NNTP URL (one beginning with "news://"), therefore a malicious website could also exploit this vulnerability. Full technical details are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS07-057)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista

  • Description: Microsoft Internet Explorer contains multiple vulnerabilities that could lead to remote code execution or user interface spoofing. A failure to properly handle queued file downloads can lead to a memory corruption vulnerability. A specially crafted web page could exploit this vulnerability to execute arbitrary code with the privileges of the current user. Other vulnerabilities allow a web page to persist and continue to interact with the web browser after a user has navigated away from that web site.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft Word Memory Corruption Vulnerability (MS07-060)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Word contains a memory corruption vulnerability in the handling of certain malformed documents. A specially crafted Microsoft Office document could trigger this vulnerability and allow an attacker to execute arbitrary code with the privileges of the current user. The attack is believed to involve the file format used by the Apple Macintosh versions of Microsoft Office, which is not opened by all versions of the software. Note that versions of Office after Office 2000 do not automatically open documents without first prompting the user. This vulnerability is being actively exploited in the wild.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (6) HIGH: IBM DB2 Universal Database Multiple Vulnerabilities
  • Affected:
    • IBM DB2 Universal Database versions 8.2 and prior

  • Description: IBM's DB2 Universal Database is IBM's enterprise database system.It contains multiple vulnerabilities. A flaw in its DB2JDS subsystem can lead to a buffer overflow if an overlong string is provided to the system Successfully exploiting this flaw would allow an attacker to execute arbitrary code with the privileges of the current user. Additionally, two denials-of-service have been disclosed.

  • Status: IBM confirmed, updates available. Users can mitigate the impact of these vulnerabilities by blocking access to TCP port 6789 at the network perimeter, if possible.

  • Reference:
  • Zero Day Initiative Advisory
  • http://zerodayinitiative.com/advisories/ZDI-07-056.html
  • IBM Security Advisory
  • http://www-1.ibm.com/support/docview.wss?uid=swg1IY97750
  • SecurityFocus BID
  • http://www.securityfocus.com/bid/26010
  • (8) HIGH: EMC RepliStor Remote Buffer Overflow
  • Affected:
    • EMC RepliStor versions 6.1.3 and prior

  • Description: EMC ReplIStor is a popular backup and storage management solution from EMC. This service contains a buffer overflow in its handling of user requests. A specially crafted request to the application could exploit this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: EMC confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 7144 at the network perimeter, if possible.

  • References:
  • (9) HIGH: Kaspersky Labs Online Virus Scanner ActiveX Control Format String Vulnerability
  • Affected:
    • Kaspersky Labs Online Virus Scanner ActiveX Control

  • Description: The Kaspersky Labs Online Virus Scanner is a web-based antivirus solution. This application installs an ActiveX control upon use, and this ActiveX control contains a format string vulnerability. A malicious web page that instantiates this control could trigger this vulnerability and execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the control via Microsoft's "kill bit" mechanism for CLSID "0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75". Note that disabling this control will prevent legitimate application usage as well.

  • References:
  • (10) MODERATE: LibFLAC Library Multiple Integer Overflow Vulnerabilities
  • Affected:
    • LibFLAC versions prior to 1.2.1
    • Note that several popular applications, including AOL Nullsoft WinAMP
    • rely on vulnerable versions of LibFLAC

  • Description: The Free Lossless Audio Codec (FLAC) is a popular, free audio encoding scheme for lossless compression of audio data. The reference implementation is provided by LibFLAC. This library contains multiple integer overflow vulnerabilities. A specially crafted FLAC file could trigger one of these vulnerabilities and execute arbitrary code with the privileges of the current user. Numerous popular applications, including AOL Nullsoft WinAmp and most modern open source media players, use LibFLAC and therefore may be vulnerable. Depending on system configuration, a vulnerable application may be opened automatically after a user views a FLAC file, potentially automatically provided via a web site or email message. Technical details for this vulnerability are available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (11) MODERATE: Asterisk IMAP Voicemail Buffer Overflow
  • Affected:
    • Asterisk versions prior to 1.4.13

  • Description: Asterisk is a popular open source Voice over IP (VoIP) solution. Asterisk can utilize IMAP (Internet Message Access Protocol; a popular email retrieval and management protocol) to handle voice mail messages. A specially crafted email message, if treated as a voicemail by Asterisk, could trigger a buffer overflow in Asterisk, and allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Technical details for this vulnerability are available in the vendor advisory, and can also be obtained by source code analysis. An additional buffer overflow vulnerability is also addressed in this security advisory, but would require write access to the application's configuration files to exploit.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 42, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.42.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows URI Handler Command Execution
  • Description: Microsoft Windows XP with Internet Explorer 7 is exposed to a command execution issue due to a lack of proper input sanitization. This issue occurs due to a flaw in Microsoft Windows when it attempts to determine which application should be utilized when interpreting protocol handlers such as "mailto:", "http:", and others.
  • Ref: http://www.kb.cert.org/vuls/id/403150
  • 07.42.2 - CVE: CVE-2007-2228
  • Platform: Windows
  • Title: Microsoft Windows RPC NTLMSSP Remote Denial of Service
  • Description: Microsoft Windows is exposed to a remote denial of service issue because it fails to adequately handle specially crafted remote procedure call (RPC) packets. Please refer to the link below for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx
  • 07.42.3 - CVE: CVE-2007-3899
  • Platform: Microsoft Office
  • Title: Microsoft Word Workspace Memory Corruption Remote Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue while handling Word documents with malformed strings. Please refer to the link below for further information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-060.mspx
  • 07.42.4 - CVE: CVE-2007-3897
  • Platform: Microsoft Office
  • Title: Microsoft Outlook Express And Windows Mail NNTP Remote Code Execution
  • Description: Outlook Express is an email client shipped with various Microsoft operating systems. Windows Mail is the email client shipped with Windows Vista. These email clients are exposed to a remote code execution issue that occurs when handling malformed NNTP (Network News Transfer Protocol) responses.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-056.mspx
  • 07.42.5 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office 2000 and XP Unspecified Word Document Handling Denial of Service
  • Description: Microsoft Office 2000 and Office XP are exposed to an unspecified denial of service issue. The issue is currently being researched. Further information will be released when the analysis is complete.
  • Ref: http://www.securityfocus.com/bid/25991
  • 07.42.6 - CVE: CVE-2007-3892
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Address Bar Spoofing
  • Description: Microsoft Internet Explorer is exposed to an issue that lets attackers spoof the address bar of a trusted site. This issue occurs because of a flaw in the application. In certain circumstances, window content may persist after a navigation event occurs.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
  • 07.42.7 - CVE: CVE-2007-3893
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Script Error Handling Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue that stems from a user-after-free flaw in the application when it tries to handle certain script code errors related to the file download queue.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
  • 07.42.8 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution
  • Description: Microsoft Visual FoxPro provides tools to create and manage 32-bit database applications and components. The application is exposed to an issue that lets attackers execute arbitrary commands. This issue affects the "FoxDoCmd()" method of the "FPOLE.OCX" ActiveX control. Microsoft Visual FoxPro version 6.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.42.9 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Expression Media Plaintext Password Storage Weakness
  • Description: Microsoft Expression Media is an asset management tool for Windows platforms. The application is exposed to a plain text password storage weakness. This issue is due to a design error in the catalog password protection feature. Microsoft Expression Media version 1 SP 1 is affected.
  • Ref: http://support.microsoft.com/kb/942109
  • 07.42.10 - CVE: CVE-2007-4466
  • Platform: Third Party Windows Apps
  • Title: Electronic Arts SnoopyCtrl ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Electronic Arts SnoopyCtrl is an ActiveX control provided by EA.com. The ActiveX control is exposed to multiple unspecified stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. These issues affect multiple methods and parameters of "NPSnpy.dll".
  • Ref: http://www.kb.cert.org/vuls/id/179281
  • 07.42.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates ERwin Process Modeler Data Standards File Remote Denial of Service
  • Description: Computer Associates ERwin Process Modeler is an application that allows user-developed business process models. The application is exposed to a remote denial of service condition. This issue occurs because the application fails to handle exceptional conditions. Specifically, the application fails to handle malformed Data Standard files. Computer Associates ERwin Process Modeler version 7.2 is affected.
  • Ref: http://www.eleytt.com/advisories/eleytt_ERWINDSF.pdf
  • 07.42.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pegasus Imaging ImagXpress ActiveX Control CompactFile Arbitrary File Overwrite
  • Description: Pegasus Imaging ImagXpress is a set of ActiveX components that provide image manipulation and display functionality for developers of applications. The ActiveX control is exposed to an arbitrary file overwrite issue. Pegasus Imaging ImagXpress version 8.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.42.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete
  • Description: Pegasus Imaging ThumbnailXpress is an ActiveX control to display and interact with image files. The ActiveX control is exposed to an arbitrary file-delete issue. This issue affects the "CacheFile" variable of the ActiveX control. Pegasus Imaging ThumbnailXpress version 1.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.42.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
  • Description: G DATA Antivirus 2007 is an antivirus application for Microsoft Windows operating systems. The application is exposed to a buffer overflow weakness due to the failure of the application to perform adequate bounds checking. This issue affects the "SelectPath" method of the "ScanObjectBrowser.DLL" ActiveX control. G DATA Antivirus 2007 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482021
  • 07.42.15 - CVE: CVE-2007-2217
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Kodak Image Viewer Remote Code Execution
  • Description: Microsoft Windows Kodak Image Viewer is prone to a remote code execution issue because it fails to properly bounds check user-supplied data. Specifically, the application fails to adequately parse data in specially crafted image files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-055.mspx
  • 07.42.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: World in Conflict GetMagicNumberString Function Remote Denial of Service
  • Description: World in Conflict is a real-time strategy (RTS) game available for Microsoft Windows. The application is exposed to a remote denial of service issue because the application fails to handle NULL-pointer exceptions. The issue occurs in the "GetMagicNumberString()" function. World in Conflict version 1.000 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481895
  • 07.42.17 - CVE: CVE-2007-5169
  • Platform: Third Party Windows Apps
  • Title: Adobe Pagemaker MAIPM6.dll Unspecified Buffer Overflow
  • Description: Adobe Pagemaker is a document creation application. The application is exposed to an unspecified buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Pagemaker versions 7.0.1 and 7.0.2 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-15.html
  • 07.42.18 - CVE: CVE-2007-3675
  • Platform: Third Party Windows Apps
  • Title: Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String
  • Description: The Kaspersky Online Scanner is a web-based anti-virus application that users can access to remotely scan arbitrary files on their computer. The Online Scanner ActiveX control is exposed to a remote format string issue because it fails to properly sanitize user-supplied data that contains format specifiers. Kaspersky Online Scanner versions 5.0.93.1 and earlier are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
  • 07.42.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Computer Associates eTrust ITM (Threat Manager) Web Console URI Redirection
  • Description: Computer Associates eTrust ITM (Threat Manager) is an anti-virus/anti-spyware application. The application is vulnerable to a URI redirection issue. An attacker can exploit this issue by supplying the URI of a malicious site through the web-based management console. eTrust ITM (Threat Manager) version r8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482021
  • 07.42.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware Virtual Disk Mount Service Reconfig.DLL Denial of Service
  • Description: VMware Virtual Disk Mount Service ("vmount2.exe") is a process included with VMware Workstation and VMware Player. The service is exposed to a denial of service issue. The problem occurs in the "ConnectPopulatedDiskEx()" function of "Reconfig.DLL".
  • Ref: http://www.securityfocus.com/archive/1/482021
  • 07.42.21 - CVE: CVE-2007-5207
  • Platform: Linux
  • Title: Guilt Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: Guilt is a set of tools implemented in bash for managing kernel patches on top of Git, a software configuration management application. The application is exposed to multiple insecure temporary file creation issues. Specifically, Guilt uses the "$$" shell variable several times to create temporary files in "/tmp". Guilt version 0.27 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445308
  • 07.42.22 - CVE: CVE-2007-4924
  • Platform: Linux
  • Title: OpenH323 Opal SIP Protocol Remote Denial of Service
  • Description: The OpenH323 project provides an Open Source implementation of the ITU H.323 teleconferencing protocol. The library is exposed to a remote denial of service issue because of memory mismanagement when handling user-supplied data. Specifically, the "SIP_PDU::Read()" method of "sip/sippdu.cxx" does not properly validate user-supplied input to the "contentlength" parameter. OpenH323 version 2.2.4 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=296371
  • 07.42.23 - CVE: CVE-2007-5191
  • Platform: Linux
  • Title: util-linux mount umount Local Privilege Escalation
  • Description: util-linux is a freely available, open-source software package that provides implementations of standard UNIX utilities, such as "mount" and "umount". The application is exposed to a local privilege escalation issue that stems from a design error because the "mount" and "umount" programs call the "setuid" and "setgid" functions in the incorrect order and do not properly check the return values when using mount helpers. util-linux version 2.12r is affected.
  • Ref: http://www.securityfocus.com/bid/25973
  • 07.42.24 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD DHCPD Server Remote Stack Corruption
  • Description: The base installation of OpenBSD includes a DHCP server (dhcpd). It is a fork of ISC's DHCP server, and is not enabled by default. The application is exposed to a remote stack corruption issue due to a failure of the application to properly bounds check user-supplied input. OpenBSD versions 4.0, 4.1 and 4.2 are affected.
  • Ref: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c
  • 07.42.25 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris vuidmice(7M) STREAMS Modules Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to a local denial of service issue due to an unspecified error in the vuidmice(7M) STREAMS Modules. The following versions are affected: Solaris 8 x86, 9 x86, and 10 x86. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103065-1&searchclause=
  • 07.42.26 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Virtual File System Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to a local denial of service issue which stems from an unspecified error in the Virtual File System. Solaris 10 version x86 and SPARC are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103088-1&searchclause=
  • 07.42.27 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to multiple local denial of service issues that stem from unspecified errors in Solaris Trusted Extensions "labeld" label daemon. Solaris 10 versions x86 and SPARC are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103109-1&searchclause=
  • 07.42.28 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 Auditing BSM Unspecified Local Denial of Service
  • Description: Solaris 10 is one of Sun Microsystem's UNIX operating systems. The application is exposed to a local denial of service issue due to an unspecified error when Solaris Auditing BSM is enabled. Solaris 10 SPARC without patch 127111-01 and Solaris 10 x86 without patch 127112-01 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103096-1
  • 07.42.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DropTeam Multiple Remote Vulnerabilities
  • Description: DropTeam is a war strategy game developed by Battlefront. The application is exposed to multiple issues. Dropteam version 1.3.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481616
  • 07.42.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dawn of Time MUD Server Multiple Format String Vulnerabilities
  • Description: Dawn of Time is a MUD codebase originally based on the ROM codebase. The application is exposed to multiple format string issues because of incorrect usage of "printf()"-type functions, which allow format specifiers to be supplied directly to vulnerable functions from external data. Dawn of Time versions 1.69s beta4 and 1.69r are affected.
  • Ref: http://www.securityfocus.com/bid/25944
  • 07.42.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently-sized buffers. Asterisk Open Source versions prior to 1.4.13 are affected.
  • Ref: http://downloads.digium.com/pub/security/AST-2007-022.pdf
  • 07.42.32 - CVE: CVE-2007-5324
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms including Linux, AIX, Solaris, and Microsoft Windows. The application is exposed to multiple issues. IBM DB2 Universal Database versions 8.1 and 8.2 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-056.html
  • 07.42.33 - CVE: CVE-2007-4992
  • Platform: Cross Platform
  • Title: Firebird Process_Packet Remote Buffer Overflow
  • Description: Firebird is a relational database that runs on Windows, Linux, and UNIX systems. The application is exposed to a remote buffer overflow issue because the application fails to properly check boundaries on user-supplied data before using it in a finite-sized buffer. Firebird version 2.0.2 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-057.html
  • 07.42.34 - CVE: CVE-2007-5198
  • Platform: Cross Platform
  • Title: Nagios Plugins Location Header Remote Buffer Overflow
  • Description: Nagios is an open-source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. Nagios Plugins perform host and service checks and return the status of the checks to Nagios. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. Nagios Plugins version 1.4.9 is affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597
  • 07.42.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross-Site Scripting
  • Description: System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. HP System Management Homepage is exposed to a cross-site scripting issue. HP System Management Homepage (SMH) versions prior to 2.1.10 for Linux and Windows, and HP-UX versions B.11.11, B.11.23, and B.11.31 are affected. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183265
  • 07.42.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libpng Library Multiple Remote Denial of Service Vulnerabilities
  • Description: The "libpng" library is a PNG reference library. The library is exposed to multiple remote denial of service issues because it fails to handle malicious PNG files. "libpng" versions 1.2.20 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25956
  • 07.42.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libpng Library ICC Profile Chunk Off-By-One Denial of Service
  • Description: The "libpng" library is a PNG reference library. The library is exposed to a remote denial of service issue because it fails to handle malicious PNG files. "libpng" versions 1.2.21 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25957
  • 07.42.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: wzdftpd USER Command Remote Denial of Service
  • Description: wzdftpd is an FTP server application available for various operating systems. The application is exposed to a remote denial of service issue because the application fails to handle excessive data sent via the "USER" command. wzdftpd versions 0.8.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/25967
  • 07.42.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ldapscripts Local Command Line Information Disclosure
  • Description: ldapscripts is a collection of shell scripts used for managing POSIX accounts in LDAP directories. The application is exposed to an information disclosure issue because of the way it displays command-line data. ldapscripts versions 1.4 and 1.7 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582
  • 07.42.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Interstage Application Server Web Root Path Disclosure
  • Description: Interstage Application Server is a Java-based application server that includes Tomcat Servlet Services. The application is exposed to a path-disclosure issue which occurs when error pages are displayed. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
  • 07.42.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Select Identity Unspecified Remote Unauthorized Access
  • Description: HP Select Identity is an application used to manage user identities and access rights. The application is exposed to an unspecified unauthorized access issue. Select Identity versions 4.01 to 4.01.010 and 4.10 to 4.13.001 are affected.
  • Ref: http://www.securityfocus.com/archive/1/482108
  • 07.42.42 - CVE: CVE-2007-3917
  • Platform: Cross Platform
  • Title: Wesnoth Client UTF-8 Remote Denial of Service
  • Description: Wesnoth is a free, open-source strategy game. The application is exposed to a remote denial of service issue because it fails to handle unexpected input. Wesnoth version 1.2.6 is affected. Ref: http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download
  • 07.42.43 - CVE: CVE-2007-5323
  • Platform: Cross Platform
  • Title: EMC RepliStor Server Service recv() Buffer Overflow
  • Description: EMC RepliStor provides data recovery and protection for Microsoft Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before using it in an insufficiently-sized buffer. RepliStor version 6.1.3 is affected.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-18
  • 07.42.44 - CVE: CVE-2007-5325, CVE-2007-5326, CVE-2007-5327,CVE-2007-5328, CVE-2007-5329, CVE-2007-5330
  • Platform: Cross Platform
  • Title: Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
  • Description: Computer Associates BrightStor ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. Successful exploitation allows remote attackers to cause denial of service conditions, execute arbitrary machine code in the context of the affected application, and perform actions with elevated privileges. Ref: http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
  • 07.42.45 - CVE: CVE-2007-4619
  • Platform: Cross Platform
  • Title: FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
  • Description: FLAC is the Free Lossless Audio Codec. libFLAC is a library used by multiple applications to enable FLAC functionality. The application is exposed to multiple integer overflow issues because it fails to bounds check user-suppplied input before copying it into an insufficiently sized buffer. FLAC 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482115
  • 07.42.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Web Host Automation Helm Multiple Cross-Site Scripting Vulnerabilities
  • Description: Helm is an application for server management and hosting control. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the following parameters and pages: "domain.asp": "showOption" and "FileManager.asp": "Folder" and "StartPath". Helm version 3.2.16 is affected.
  • Ref: http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html
  • 07.42.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MailBee WebMail Pro Multiple Cross-Site Scripting Vulnerabilities
  • Description: MailBee WebMail Pro is a webmail client implemented in ASP and PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. MailBee WebMail Pro versions 3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/481615
  • 07.42.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IDMOS CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: IDMOS CMS is a content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to "error.php" in the "err_msg" parameter, and "templates/simple/ia.php" in the "content" parameter. IDMOS CMS version 1.0-beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/481682
  • 07.42.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TorrentTrader Multiple Cross-Site Scripting Vulnerabilities
  • Description: TorrentTrader is a web-based torrent-tracking application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "color" parameter of the "pjirc/css.php" script, and the "cat" parameter of the "browse.php" script. TorrentTrader version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481749
  • 07.42.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DB Manager Edit.ASP Cross-Site Scripting
  • Description: DB Manager is a web-based database management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "Edit.asp" script. DB Manager version 2.0 is affected.
  • Ref: http://pridels-team.blogspot.com/2007/10/db-manager-xss-vuln.html
  • 07.42.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: dbList Multiple Cross-Site Scripting Vulnerabilities
  • Description: dbList is a web-based database management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "table", "db", "strKeyWords", "pagesize", and "sort" parameters of unspecified scripts. dbList version 8.1 is affected.
  • Ref: http://pridels-team.blogspot.com/2007/10/dblist-xss-vuln.html
  • 07.42.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NetWin DNews Dnewsweb.EXE Multiple Cross-Site Scripting Vulnerabilities
  • Description: DNews is a UseNet news server available for multiple platforms. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "utag" and "group" parameters of the "dnewsweb.exe" script. DNews version 57e1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481865
  • 07.42.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin Setup.PHP Cross-Site Scripting
  • Description: phpMyAdmin is a web-based administration interface for mySQL databases. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input that will be included in dynamically generated output. The issue affects the "scripts/setup.php" script. phpMyAdmin version 2.11.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26021
  • 07.42.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! Search Component SearchWord Cross-Site Scripting
  • Description: Joomla! is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "searchword" parameter of the "com_search" component. Joomla! version 1.0.13 is affected.
  • Ref: http://securityvulns.ru/Rdocument919.html
  • 07.42.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: UMI CMS Index.PHP Cross-Site Scripting
  • Description: UMI CMS is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "search_string" parameter.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nucleus CMS Index.PHP Cross-Site Scripting
  • Description: Nucleus CMS is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "archive" parameter of the "index.php" script. Nucleus CMS version 3.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Site-Up Index.CGI Multiple Cross-Site Scripting Vulnerabilities
  • Description: Site-Up is a multilingual web-based file manager with a built-in WYSIWYG editor. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied POST data to the "search" and "search mask" parameters of "index.cgi". Site-Up version 2.64 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Homepage M Galerie.PHP SQL Injection
  • Description: PHP Homepage M is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "galerie.php" script before using it in an SQL query. PHP Homepage M version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25978
  • 07.42.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LedgerSMB/SQL-Ledger Multiple SQL Injection Vulnerabilities
  • Description: LedgerSMB and SQL-Ledger are double-entry accounting systems implemented in Perl. LedgerSMB is a fork of SQL-Ledger. The application is exposed to multiple SQL injection issues because it fails to adequately sanitize user-supplied input to the "invoice quantity" and "sort" fields of the application. LedgerSMB version 1.0.0-1.2.7 and all versions of SQL-Ledger 2.x are affected.
  • Ref: http://www.securityfocus.com/archive/1/481866
  • 07.42.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softbiz Jobs and Recruitment Script Browsecats.PHP SQL Injection
  • Description: Softbiz Jobs and Recruitment Script is a web-based jobs portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "browsecats.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/25980
  • 07.42.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MODx mutate_content.dymanic.php Multiple SQL Injection Vulnerabilities
  • Description: MODx is a PHP-based content manager. The application is exposed to multiple SQL-injection issues because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. These issues affect the "documentDirty" and the "modVariable" parameters of the "mutate_content.dynamic.php" script. MODx version 0.9.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481870
  • 07.42.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: cpDynaLinks Category.PHP SQL Injection
  • Description: cpDynaLinks is a links directory script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "category.php" script before using it in an SQL query. cpDynaLinks version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/26018
  • 07.42.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection
  • Description: Scott Manktelow Design Stride 1.0 Content Management System is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "main.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scott Manktelow Design Stride 1.0 Merchant Shop.PHP SQL Injection
  • Description: Scott Manktelow Design Stride 1.0 Merchant is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "shop.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.65 - CVE: Not Available
  • Platform: Web Application
  • Title: TikiWiki Tiki-Graph_Formula.PHP Code Injection
  • Description: TikiWiki is a wiki application. The application is exposed to an arbitrary PHP code injection issue because it fails to properly sanitize user-supplied input to the "tiki-graph_formula.php" script. TikiWiki version 1.9.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmaster-Tips.net Joomla! Panoramic Component Remote File Include
  • Description: Webmaster-Tips.net Joomla! Panoramic is a panoramic image viewing component for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.panoramic.php" script.
  • Ref: http://www.securityfocus.com/bid/25946
  • 07.42.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Crea-CMS cfg[document_uri] Parameter Multiple Remote File Include Vulnerabilities
  • Description: Crea-CMS is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "cfg[document_uri]" parameter.
  • Ref: http://www.securityfocus.com/archive/1/481669
  • 07.42.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Else If CMS Multiple Input Validation Vulnerabilities
  • Description: Else If CMS is a content management application. The application is exposed to multiple input validation issues. These issues occur because the application fails to sufficiently sanitize user-supplied input. Else If CMS version 0.6-beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/481683
  • 07.42.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmaster-Tips.net Joomla! Flash Image Gallery Component Remote File Include
  • Description: Webmaster-Tips.net Joomla! Flash Image Gallery is an image gallery component for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "admin.wmtgallery.php" script.
  • Ref: http://www.securityfocus.com/bid/25958
  • 07.42.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmaster-Tips.net Joomla! WMT Portfolio Remote File Include
  • Description: Webmaster-Tips.net Joomla! WMT Portfolio is a component for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "admin.wmtportfolio.php" script.
  • Ref: http://www.securityfocus.com/bid/25959
  • 07.42.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo/Joomla MOSMediaLite MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: The MOSMediaLite component is a module for Mambo and Joomla. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter.
  • Ref: http://www.securityfocus.com/bid/25960
  • 07.42.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Picturesolution Config.PHP Remote File Include
  • Description: Picturesolution is a web-based photo album. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "config.php" script. Picturesolution version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25961
  • 07.42.73 - CVE: Not Available
  • Platform: Web Application
  • Title: SkaDate View_Mode Multiple Directory Traversal Vulnerabilities
  • Description: SkaDate is online dating software implemented using PHP and MySQL. The application is exposed to multiple directory traversal issues because it fails to properly sanitize user-supplied input to the "view_mode" parameter of the "member/featured_list.php" and "member/online_list.php" scripts. SkaDate versions 5.0 and 6.0 are affected.
  • Ref: http://www.securityfocus.com/bid/25954
  • 07.42.74 - CVE: Not Available
  • Platform: Web Application
  • Title: SNewsCMS News_page.PHP Cross-Site Scripting
  • Description: SNewsCMS is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "page_id" parameter of the "news_page.php" scripts. SNewsCMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481745
  • 07.42.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Minki Index.PHP Cross-Site Scripting
  • Description: Minki is a web-based Wiki. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Minki version 1.30 is affected.
  • Ref: http://pridels-team.blogspot.com/2007/10/minki-xss-vuln.html
  • 07.42.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Verlihub Control Panel Page Parameter Local File Include
  • Description: Verlihub Control Panel is a web-based administration panel for VerliHub. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script before using it in a "require_once()" function call. Verlihub Control Panel version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/25968
  • 07.42.77 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPOlight webCMS preview.php Arbitrary File Download
  • Description: TYPOlight webCMS is a PHP-based content manager. The application is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "src" parameter of the "preview.php" script. TYPOlight webCMS version 2.4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/25975
  • 07.42.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Linksys SPA941 SIP From Field HTML Injection
  • Description: Linksys SPA941 devices are SIP-based phones. These phones contain web servers for administrative access. The application is exposed to an HTML injection issue because the built-in web server fails to properly sanitize user-supplied input before using it in dynamically generated content. Linksys SPA941 devices with firmware version 5.1.8 are affected.
  • Ref: http://www.securityfocus.com/bid/25987
  • 07.42.79 - CVE: Not Available
  • Platform: Web Application
  • Title: NuSEO Nuseo_Admin_D.PHP Remote File Include
  • Description: NuSEO is a tool that optimizes web sites for search engines. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "nuseo_dir" parameter of the "/useo/admin/nuseo_admin_d.php" script. NuSEO Enterprise version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/26021
  • 07.42.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Php-Stats Multiple Input Validation Vulnerabilities
  • Description: Php-Stats is a PHP-based application for managing web site statistics. The application is exposed to multiple input validation issues. An attacker can exploit these issues to compromise the application, execute arbitrary code within the context of the web server process, access or modify data, or exploit latent vulnerabilities in the underlying database. Php-Stats version 0.1.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/26022
  • 07.42.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass
  • Description: ionCube is a PHP code obfuscation application. The ionCube loader is a PHP extension that is used to decode the ionCube-encoded script files at runtime. The application is exposed to a "safe_mode" and "disable_functions" restriction bypass issue. Specifically, the "ioncube_read_file()" function fails to properly follow the "safe_mode" and "disable_functions" PHP directives. ionCube version 6.5 running on PHP version 5.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/26024
  • 07.42.82 - CVE: Not Available
  • Platform: Web Application
  • Title: LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
  • Description: LightBlog is a PHP-based blog application. The application is exposed to these issues: a privilege escalation issue because it fails to correctly verify user privileges in the "cp_memberedit.php" script, and an arbitrary file upload issue because the application fails to sanitize user-supplied input to the "main.php" script. LightBlog version 8.4.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/25990
  • 07.42.83 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Made Simple 1.1.3.1 Multiple Remote Vulnerabilities
  • Description: CMS Made Simple is a PHP-based content manager. The application is exposed to multiple remote issues. CMS Made Simple version 1.1.3.1 is affected. Ref: http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
  • 07.42.84 - CVE: Not Available
  • Platform: Web Application
  • Title: ViArt Shop Ideal_Process.PHP Directory Traversal
  • Description: ViArt Shop is web-based shopping cart software. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to unspecified parameters of the "payments/ideal_process.php" script. ViArt Shop version 3.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/481978
  • 07.42.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmaster-Tips.net Joomla! RSS Feed Reader Remote File Include
  • Description: Webmaster-Tips.net Joomla! RSS Feed Reader is a component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.wmtrssreader.php" script.
  • Ref: http://www.securityfocus.com/archive/1/481979
  • 07.42.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo/Joomla! MP3 Allopass MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: The MP3 Allopass component is a module for Mambo and Joomla!. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the following scripts: "allopass.php"and "allopass-error.php".
  • Ref: http://www.securityfocus.com/bid/26002
  • 07.42.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! JContentSubscription MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: JContentSubscription is a module for Joomla!. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter. JContentSubscription version 1.5.8 is affected.
  • Ref: http://www.securityfocus.com/bid/26003
  • 07.42.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Computer Associates Threat Manager Remote Information Disclosure
  • Description: Computer Associates Threat Manager is a web-based management console for administering anti-virus and anti-spyware applications. It is formerly known as eTrust Integrated Threat Manager (ITM). The application is exposed to a remote information disclosure issue because it fails to restrict access to sensitive information. Threat Manager version r8.1 is affected.
  • Ref: http://www.eleytt.com/advisories/eleytt_ETRUSTITM1.pdf
  • 07.42.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Pindorama Client.php Remote File Include
  • Description: Pindorama is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "c['components']" parameter of the "/active/components/xmlrpc/client.php" script. Pindorama version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26026
  • 07.42.90 - CVE: Not Available
  • Platform: Web Application
  • Title: ActiveKB NX Index.PHP Cross-Site Scripting
  • Description: ActiveKB NX is a web-based knowledgebase application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the issue affects the "page" parameter of the "/categories/[CAT]/index.php" script (where '[CAT]' is an existing category), which will accept a user-supplied script as input. ActiveKB NX version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/26027
  • 07.42.91 - CVE: Not Available
  • Platform: Web Application
  • Title: WebDesktop Multiple Remote File Include Vulnerabilities
  • Description: WebDesktop is a web-based desktop environment for web servers. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "app" parameter of the "/apps/apps.php" script and the "wsk" parameter of the "/wsk/wsk.php" script. WebDesktop version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26030
  • 07.42.92 - CVE: Not Available
  • Platform: Web Application
  • Title: boastMachine Index.PHP Local File Include
  • Description: boastMachine is a blogging application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script. boastMachine version 2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/26032
  • 07.42.93 - CVE: Not Available
  • Platform: Web Application
  • Title: CRS Manager Multiple Remote File Include Vulnerabilities
  • Description: CRS Manager is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the "index.php" and "login.php" scripts.
  • Ref: http://www.securityfocus.com/bid/26034
  • 07.42.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Scott Manktelow Design Stride 1.0 Courses Detail.PHP Multiple SQL Injection Vulnerabilities
  • Description: Stride 1.0 Courses is web-based course management application for e-learning. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "course" and "provider" parameters of the "detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Google Urchin Report.CGI Authorization Bypass
  • Description: Google Urchin is web-based analysis software implemented in CGI. The application is exposed to an authentication bypass issue because the application allows access without valid credentials to the "report.cgi" script. Urchin version 5.7.03 is affected.
  • Ref: http://www.securityfocus.com/archive/1/482006
  • 07.42.96 - CVE: Not Available
  • Platform: Web Application
  • Title: PicoFlat CMS Index.PHP Remote File Include
  • Description: PicoFlat CMS is a web-based content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "pagina" parameter of the "index.php" script. PicoFlat CMS version 0.4.14 is affected.
  • Ref: http://www.securityfocus.com/bid/26043
  • 07.42.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Flash Uploader mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: The Joomla! Flash Uploader component ("com_jfu") is a component module for the Joomla! content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the following scripts: "install.joomla_flash_uploader.php" and "uninstall.joomla_flash_uploader.php".
  • Ref: http://www.securityfocus.com/bid/26044
  • 07.42.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Linkliste Index.PHP Multiple Remote File Include Vulnerabilities
  • Description: Linkliste is a web application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "styl[top]", "url_eintrag", and "styl[themen]' parameters of the "index.php" script. Linkliste version 1.2 is affected.
  • Ref: http://securityvulns.com/Rdocument752.html
  • 07.42.99 - CVE: Not Available
  • Platform: Network Device
  • Title: BT Home Hub and Thomson/Alcatel Speedtouch 7G Multiple Vulnerabilities
  • Description: The BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are all-in-one broadband routers, VOIP devices, and digital TV receivers. BT Home Hub is widely distributed in the United Kingdom. The application is exposed to multiple web interface issues, including a remote authentication bypass issue that allows attackers to gain administrative access to the device.
  • Ref: http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
  • 07.42.100 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration
  • Description: The 3Com OfficeConnect Wireless Cable/DSL Router is a networking device identified by product number 3CRWER100-75. The device is exposed to an issue that can result in unauthorized remote administration. This issue occurs when the device is configured with remote management disabled.
  • Ref: http://www.securityfocus.com/archive/1/481977
  • 07.42.101 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities
  • Description: Cisco IOS is exposed to multiple unspecified stack overflow issues that may allow an attacker to execute arbitrary code. All Cisco IOS 12.x and IOS XR versions are affected. Please refer to the link below for further details.
  • Ref: http://www.irmplc.com/index.php/153-Embedded-Systems-Security
  • 07.42.102 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Wireless Control System Insecure Password
  • Description: Cisco Wireless Control System (WCS) is used with Cisco wireless appliances to provide system configuration, location tracking, security monitoring, and wireless LAN management. The application is exposed to an issue that permits an attacker to gain unauthorized administrative access to the affected device. Cisco Wireless Control System versions 4.1.91.0 and earlier are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml
  • 07.42.103 - CVE: Not Available12.4(2)T6 are affected.
  • Platform: Network Device
  • Title: Cisco IOS LPD Remote Buffer Overflow
  • Description: Cisco IOS (Internetwork Operating System) is the operating system used on Cisco devices. IOS includes LPD (Line Printer Daemon) support, so that Cisco devices may provide network printing services. The LPD service is not enabled by default. The application is exposed to a remote buffer overflow issue in its LPD service because it fails to perform adequate boundary checks on user-supplied data. Cisco IOS versions prior to 12.2(18)SXF11, 12.4(16a) and
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee