@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 46
November 12, 2007

The most critical vulnerabilities this week: Apple QuickTime: Partly because Apple's QuickTime gets installed automatically with iTunes, on both Macs and Windows, the newly discovered security flaws in QuickTime present a massive and fertile attack surface for criminals. This class of vulnerability (those found on personal computers - often used in offices) is both the criminals' and spies' current target of choice for building botnets and for executing targeted attacks against governments and other sensitive sites.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 3 (#4)
    • Linux
    • 12
    • HP-UX
    • 1
    • Solaris
    • 1
    • Unix
    • 2 (#5, #7)
    • Cross Platform
    • 19 (#1, #2, #3, #6, #8)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 10
    • Web Application
    • 37
    • Network Device
    • 2

******************* Sponsored By Sourcefire, Inc. ***********************

Hackers are keeping up with their training. Are you?

Whether you're looking to take a Sourcefire® or SNORT® class or gain full certification, Sourcefire offers a wide selection of courses for your convenience. Learn how to get the most from your Snort or Sourcefire system.

Contact Sourcefire Training today at 734.743.6550 or go to http://www.sans.org/info/19231

*************************************************************************

TRAINING UPDATE Where can you find Hacker Exploits, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - Washington DC (12/13-12/18): http://www.sans.org/cdi07 - - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php - - London (11/26 - 12/1): http://www.sans.org/london07/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* SPONSORED LINKS *******************************

1) Hack Your Own Apps! Click the link below to find out what Web Application penetration testing is all about. http://www.sans.org/info/19216

2) Secure your 1:1 laptop inititaive with the 8e6 Mobile Client for PC and Macs. http://www.sans.org/info/19221

3) Over 450 security professional participated in the 2007 Web Security Leadership Survey. Get the results at http://www.sans.org/info/19226

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Oracle PITRIG_DROPMETADATA Buffer Overflow
  • Affected:
    • Oracle Database Server version 10g
  • Description: The Oracle Database Server contains a flaw in its handling of calls to the PITRIG_DROPMETADATA procedure in the XDB.XDB_PITRIG_PKG database package. Passing overlong arguments to this procedure could trigger a buffer overflow and allow an attacker to execute arbitrary code with the privileges of the database server. An attacker would need authentication to exploit this vulnerability, however, authentication may be provided by exploiting an SQL injection vulnerability in an application connected to the database. Some technical details and a proof-of-concept are available for this vulnerability.

  • Status: Oracle confirmed, no updates available. Oracle has stated that a patch will be released in a future Critical Patch Update.

  • References:
  • (3) HIGH: OpenBase Multiple Vulnerabilities
  • Affected:
    • OpenBase versions 10.0.5 and prior
  • Description: OpenBase is a popular relational database engine. The database server contains multiple vulnerabilities. A command injection vulnerability exists in several of the stored procedures in the database, while a buffer overflow vulnerability exists in the parsing of SQL queries. Successfully exploiting any of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the database server process (often SYSTEM/root). An attacker would require authorization to exploit these vulnerabilities, however authentication may be provided by exploiting an SQL injection vulnerability in an application connected to the database. Proofs-of-concept and technical details are available for these vulnerabilities in the advisory.

  • Status: OpenBase confirmed, updates available.

  • References:
  • (4) HIGH: AOL AmpX ActiveX Control Multiple Vulnerabilities
  • Affected:
    • AOL AmpX ActiveX Control
  • Description: The AOL AmpX ActiveX control is an ActiveX control distributed by AOL for real-time audio streaming. The control is used by AOL Radio and is commonly used to embed streaming audio in web pages. This control contains multiple buffer over vulnerabilities. A malicious web page that instantiates this control could exploit one of these buffer overflows and execute arbitrary code with the privileges of the current user. Some technical details are available for this vulnerability.

  • Status: AOL confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's kill bit mechanism for CLSID B49C4597-8721-4789-9250-315DFBD9F525. Note that this will disable normal application functionality.

  • References:
  • (5) MODERATE: Common UNIX Printing System Internet Printing Protocol Buffer Overflow
  • Affected:
    • Common UNIX Printing System versions prior to 1.3.4
  • Description: The Common UNIX Printing System (CUPS) is a printing system used by a number of UNIX and UNIX-like systems. CUPS can access and share printers using the Internet Printing Protocol (IPP). CUPS fails to properly handle certain malformed IPP requests. A specially crafted IPP request could trigger a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the CUPS server process. Technical details for this vulnerability are available in the CUPS bug report and via source code analysis. CUPS forms the basis of the printing systems on Apple Mac OS X and numerous Linux distributions, as well as other UNIX and UNIX-like systems. Note that, in many common configurations, CUPS is not remotely vulnerable to this issue. Unconfirmed reports indicate that this issue may be exploitable only by users on the local network.

  • Status: CUPS confirmed, updates available.

  • References:
  • (6) MODERATE: Perl-Compatible Regular Expressions Library Multiple Vulnerabilities
  • Affected:
    • Perl-Compatible Regular Expressions Library versions prior to 7.3
  • Description: The Perl-Compatible Regular Expressions Library (PCRE) is a popular library implementing regular expression operations compatible with those implemented in the Perl programming language. Regular expressions are strings that define matches for other strings and data. A specially crafted regular expression passed to the library could trigger one of several vulnerabilities. These vulnerabilities include several buffer and integer overflow vulnerabilities, the exploitation of which would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Denial-of-service and information disclosure vulnerabilities are also present. Note that the attacker must be able to pass regular expressions into the library to successfully exploit these vulnerabilities; applications that do not accept arbitrary regular expressions are not vulnerable. This library is widely used by numerous applications. Technical details are available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: Xpdf Multiple Vulnerabilities
  • Affected:
    • Xpdf versions 3.02 and prior
  • Description: Xpdf is a Portable Document Format (PDF) viewer for the X Window System, and also forms the basis of other PDF viewers, including Kpdf for the K Desktop Environment (KDE). A specially crafted PDF file passed to the application could trigger one of several buffer overflow or memory corruption vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending on the application and configuration, PDF documents may be opened automatically upon download. Technical details for these vulnerabilities are available in the security advisory and via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
Other Software
  • (8) MODERATE: Link Grammar Parser Buffer Overflow
  • Affected:
    • Link Grammar Parser Library versions 4.1b and prior
  • Description: The Link Grammar Parser Library (LGL) is a natural language parsing library based on the theory of link grammars. The library contains a buffer overflow in its handling of sentences. An overlong word in a sentence can trigger this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the vulnerable process. The AbiWord open source word processor uses the LGL to perform grammar checking; therefore a specially crafted AbiWord document may be able to exploit this vulnerability. Other applications may use this library for language parsing. Some technical details are available for this vulnerability in the advisory and via source code analysis.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 07.46.1 - CVE: CVE-2007-4223
  • Platform: Other Microsoft Products
  • Title: Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation
  • Description: Microsoft DebugView is an analysis tool for displaying debug output. The application is exposed to a local privilege escalation issue because unspecified functionality within the application allows user-supplied data to be copied into kernel memory space. The kernel module "Dbgv.sys" is loaded when an administrator runs DebugView; the module remains accessible by all users until a reboot. Microsoft DebugView version 4.64 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483358

  • 07.46.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 13, 2007. The highest severity rating for these issues is "Critical". Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/rating.mspx

  • 07.46.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EDraw Flowchart Component ActiveX Control Arbitrary File Overwrite
  • Description: The EDraw Flowchart Component is an ActiveX control to create business and technical diagrams. The application is exposed to an issue that lets attackers overwrite files. The EDraw Flowchart Component version 3.1 of the control is affected.
  • Ref: http://support.microsoft.com/kb/240797

  • 07.46.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Viewpoint Media Player AxMetaStream.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Viewpoint Media Player is a browser plug-in for viewing various types of digitial media. The application is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Viewpoint Media Player version 3.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797

  • 07.46.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Adobe Shockwave Player ActiveX Control ShockwaveVersion Remote Denial of Service
  • Description: Adobe Shockwave Player ActiveX Control is exposed to a denial of service issue because the application fails to properly bounds check user-supplied data. Adobe Shockwave Player version 10 is affected.
  • Ref: http://www.securityfocus.com/bid/26388

  • 07.46.6 - CVE: Not Available
  • Platform: Linux
  • Title: iSCSI Enterprise Target IETD.CONF Local Information Disclosure
  • Description: iSCSI Enterprise Target is an enterprise open-source iSCSI target implementation. The application is exposed to a local information disclosure issue because the "/etc/ietd.conf" file has incorrect permissions. iSCSI Enterprise Target version 0.4.15 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873

  • 07.46.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel IEEE80211 HDRLen Remote Denial of Service
  • Description: The Linux kernel ieee80211 driver is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied data. Linux kernel versions prior to 2.6.22.11 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.11

  • 07.46.8 - CVE: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661,CVE-2007-1662, CVE-2007-1667, CVE-2007-1668, CVE-2007-1666
  • Platform: Linux
  • Title: PCRE Regular Expression Library Multiple Security Vulnerabilities
  • Description: PCRE is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. The application is exposed to multiple issues.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-0967.html

  • 07.46.9 - CVE: Not Available
  • Platform: Linux
  • Title: DAViCal Really Simple CalDAV Store Unspecified Information Disclosure
  • Description: Really Simple CalDAV Store (RSCDS) is a CalDAV compatible repository calendar and notes entries. CalDAV is a client-server protocol for managing calendar resources. The application is exposed to an information disclosure issue that stems from an unspecified error. RSCDS versions prior to 0.9.1 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=549414&gr oup_id=179845

  • 07.46.10 - CVE: CVE-2007-4829
  • Platform: Linux
  • Title: Perl Archive::Tar Module Remote Directory Traversal
  • Description: Perl Archive::Tar is a Perl module for handling tar archives. The application is exposed to a directory traversal issue because it fails to sufficiently validate user-supplied data. Specifically, the module fails to validate the name of a directory symbolic link. Ref: https://issues.rpath.com/browse/RPL-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

  • 07.46.11 - CVE: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
  • Platform: Linux
  • Title: Xpdf Multiple Remote Stream.CC Vulnerabilities
  • Description: Xpdf is an open-source implementation of a PDF viewer for the X window system. The application is exposed to multiple remote issues due to flaws in various functions in the "Stream.cc" source file. Xpdf version 3.02pl1 is affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-1021.html

  • 07.46.12 - CVE: CVE-2007-4129
  • Platform: Linux
  • Title: CoolKey PK11IPC1 Insecure Temporary File Creation
  • Description: CoolKey is an application that provides smart card login, single sign-on, secure messaging, and secure email access. The application is exposed to temporary files in an insecure manner when it creates the word writable file "/tmp//pk11ipc1".
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-0631.html

  • 07.46.13 - CVE: Not Available
  • Platform: Linux
  • Title: Cypress for BitchX Information Disclosure Backdoor
  • Description: An attacker compromised the source code for Cypress for BitchX and altered it to include a malicious backdoor. This backdoor introduces an information disclosure issue that let remote users gain access to potentially sensitive information. Cypress version 1.0k is affected.
  • Ref: http://www.securityfocus.com/archive/1/483350

  • 07.46.14 - CVE: CVE-2007-4570
  • Platform: Linux
  • Title: Mcstrans Mcstrans.C Local Denial of Service
  • Description: Mcstrans is the translation daemon used on computers with SELinux enabled to translate program context into human-readable form. The application is exposed to a local denial of service issue because of an algorithmic flaw. The daemon fails to adequately check user-supplied data.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-0542.html

  • 07.46.15 - CVE: CVE-2007-4994
  • Platform: Linux
  • Title: Red Hat Certificate System Certificate Revocation List Bypass Weakness
  • Description: Red Hat Certificate System (RHCS) in an enterprise solution designed to manage Public Key Infrastructure deployments. The application is exposed to a weakness which may allow users with certain revoked certificates to bypass the revocation list. Red Hat Certificate System version 7.2 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0934.html

  • 07.46.16 - CVE: CVE-2007-5846
  • Platform: Linux
  • Title: Net-SNMP GETBULK Remote Denial of Service
  • Description: Net-SNMP is an SNMP (Simple Network Management Protocol) package that supplies users with a server as well as client utilities to support SNMP. The application is exposed to a remote denial of service issue when the SNMP agent tries to process an SNMP "GETBULK" request with an overly large "max-repetitions" value. Net-SNMP versions prior to 5.4.1 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694

  • 07.46.17 - CVE: Not Available
  • Platform: Linux
  • Title: TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
  • Description: TorK is an anonymity manager made for the KDE Desktop on Linux and Unix systems. It manages Tor network configuration. The application is exposed to multiple insecure configuration issues because of several default configuration options used by the Privoxy web proxy server. TorK versions prior to 0.22 are affected.
  • Ref: http://www.usvn.info/news/

  • 07.46.18 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Aries PA-RISC Emulator Unspecified Local Unauthorized Access
  • Description: HP-UX Aries PA-RISC emulator is a dynamic binary translator that transparently executes applications compiled for PA-RISC/HP-UX. The application is exposed to a local unauthorized access issue. HP-UX Aries PA-RISC emulator software running on HP-UX IA-64 platforms is affected.
  • Ref: http://www.securityfocus.com/archive/1/483460

  • 07.46.19 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Volume Manager Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade Unix distribution. The application is exposed to an unspecified denial of service issue. The problem occurs in the Solaris Volume Manager (SVM) ioctl(2) interface. A local unprivileged attacker can exploit this issue to cause a system panic on an affected computer, resulting in a denial of service condition. Solaris versions 9 and 10 for SPARC and x86 architectures are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103143-1&searchclause=

  • 07.46.20 - CVE: Not Available
  • Platform: Unix
  • Title: BitchX E_HOSTNAME Function Insecure Temporary File Creation
  • Description: BitchX is a freely available, open-source IRC client. It is available for Unix, Linux, and other Unix-like operating systems. The application is expsoed to a security issue because it creates temporary files in an insecure manner. BitchX version 1.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149

  • 07.46.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firefly Media Server Multiple Null Pointer Dereference Vulnerabilities
  • Description: Firefly Media Server is a music server application. The project was formerly known as mt-daapd. The application is exposed to multiple NULL-pointer dereference issues. Firefly Media Server version 0.2.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483210

  • 07.46.22 - CVE: CVE-2007-2987
  • Platform: Cross Platform
  • Title: AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access
  • Description: AdventNet EventLog Analyzer is a web-based system log management application. The application is exposed to an issue that can result in unauthorized access to the application's SQL database. EventLog Analyzer Build version 4030 is affected.
  • Ref: http://forums.adventnet.com/viewtopic.php?t=247521

  • 07.46.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
  • Description: Firefly Media Server (formerly known as mt-daapd) is a multi-platform digital music server. The application is affected by multiple format string issues because of incorrect usage of "printf()"-type functions, allowing format specifiers to be supplied directly to vulnerable functions from external data. Firefly Media Server versions prior to 0.2.4.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/483209

  • 07.46.24 - CVE: CVE-2007-5795
  • Platform: Cross Platform
  • Title: GNU Emacs Local Variable Handling Code Execution
  • Description: Emacs is a freely available text editor. The application is exposed to an arbitrary code execution issue which results due to a design error. Emacs version 22.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

  • 07.46.25 - CVE: CVE-2007-4677
  • Platform: Cross Platform
  • Title: Apple QuickTime Color Table Atom Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when parsing color table atoms in a movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html

  • 07.46.26 - CVE: CVE-2007-3751
  • Platform: Cross Platform
  • Title: Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities
  • Description: Apple QuickTime for Java is exposed to multiple unspecified privilege escalation issues. QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms is affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306896

  • 07.46.27 - CVE: CVE-2007-2395
  • Platform: Cross Platform
  • Title: Apple QuickTime Image Description Atom Remote Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue when parsing image description atoms in a malicious movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306896

  • 07.46.28 - CVE: CVE-2007-3750
  • Platform: Cross Platform
  • Title: Apple QuickTime STSD Atom Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when parsing Sample Table Sample Descriptor (STSD) atoms in a movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306896

  • 07.46.29 - CVE: CVE-2007-4675
  • Platform: Cross Platform
  • Title: Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620

  • 07.46.30 - CVE: CVE-2007-4672
  • Platform: Cross Platform
  • Title: Apple QuickTime PICT Image Remote Stack Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-068.html

  • 07.46.31 - CVE: CVE-2007-4676
  • Platform: Cross Platform
  • Title: Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=306896

  • 07.46.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: C++ Sockets Library HTTPSocket Class Remote Denial of Service
  • Description: C++ Sockets Library is a cross-platform open-source class library that implements a number of protocols including TCP, UDP, ICMP, HTTP/HTTPS. HTTPSocket is one of the classes in C++ Sockets Library. The library is exposed to a remote denial of service issue that stems from an error in processing of invalid HTTP requests in the HTTPSocket class. C++ Sockets Library versions prior to 2.2.5 are affected.
  • Ref: http://www.alhem.net/Sockets/Changelog

  • 07.46.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenBase Buffer Overflow Vulnerability and Multiple Remote Command Execution Vulnerabilities
  • Description: OpenBase is an relational database application available for various operating systems. The application is exposed to multiple remote issues. Kindly, refer to the link below for further details. Ref: http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt

  • 07.46.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service
  • Description: MySQL is a freely available SQL database for multiple platforms. The application is exposed to a remote denial of service issue because the database server fails to properly handle unexpected conditions. MySQL versions 5.1.23 and earlier are affected.
  • Ref: http://bugs.mysql.com/bug.php?id=32125

  • 07.46.35 - CVE: CVE-2006-5782
  • Platform: Cross Platform
  • Title: HP OpenView Client Configuration Manager Remote Authentication Bypass
  • Description: The HP OpenView Client Configuration Manager is exposed to a remote authentication bypass issue due to a design error in the Radia Notify Daemon; the error results in a lack of authentication. Specifically, a valid username and password are not required when remotely issuing arbitrary commands to "radexecd.exe". Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552

  • 07.46.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/CM2/Network Node Manager Multiple Unspecified Vulnerabilities
  • Description: Hitachi JP1/Cm2/Network Node Manger software is used to monitor and manage network nodes. The application is exposed to multiple unspecified issues that can result in denial of service conditions or arbitrary code execution as well as a vulnerability arising from invalid behavior of the software's web utility function. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-002_e/index-e.html

  • 07.46.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Informix Dynamic Server Multiple Vulnerabilities
  • Description: IBM Informix Dynamic Server is an application server that runs on various platforms. The application is exposed to multiple issues.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27011082

  • 07.46.38 - CVE: CVE-2007-5395
  • Platform: Cross Platform
  • Title: Link Grammar SEPARATE_WORD Function Remote Buffer Overflow
  • Description: Link Grammar is an English language parser implemented in C language. AbiSource Link Grammar is a version of the parser used by AbiWord and maintained by AbiSource Community. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Link Grammar version 4.1b and Abiword Link Grammar 4.2.4 are affected.
  • Ref: http://secunia.com/secunia_research/2007-79/advisory/

  • 07.46.39 - CVE: CVE-2007-4517
  • Platform: Cross Platform
  • Title: Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow
  • Description: Oracle Database Server is an enterprise database server system available for multiple operating platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue affects the "OWNER" and "NAME" parameters of the "XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA" procedure.
  • Ref: http://www.securityfocus.com/archive/1/483416

  • 07.46.40 - CVE: CVE-2007-5589
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin Server_Status.PHP Cross-Site Scripting
  • Description: phpMyAdmin is a web-based administration interface for mySQL databases. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "server_status.php" script. phpMyAdmin version 2.11.1.2 is affected.
  • Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6

  • 07.46.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Helios Calendar Admin/Index.PHP Cross-Site Scripting
  • Description: Helios Calendar is a PHP-based application for managing and publishing event information. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "admin/index.php" script. Helios Calendar version 1.2.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/26312

  • 07.46.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NetCommons Cross-Site Scripting
  • Description: NetCommons is a web-based portal. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters and scripts. NetCommons versions of the 1.0.x branch prior to 1.0.11 and versions of the 1.1.x branch prior to 1.1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/26328

  • 07.46.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: JLMForo System Buscado.PHP Cross-Site Scripting
  • Description: JLMForo System is a web application. The application is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "clave" parameter of the "buscador.php" script.
  • Ref: http://www.securityfocus.com/bid/26331

  • 07.46.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Coppermine Photo Gallery Displayecard.PHP Cross-Site Scripting
  • Description: Coppermine Photo Gallery is a PHP-based image gallery. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "data" parameter of the "displayecard.php" script. Coppermine Photo Gallery versions prior to 1.4.14 are affected.
  • Ref: http://coppermine-gallery.net/forum/index.php?topic=48106.0

  • 07.46.45 - CVE: CVE-2007-5581
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco Unified MeetingPlace Web Conference Login Multiple Cross-Site Scripting Vulnerabilities
  • Description: Cisco Unified MeetingPlace Web Conference is a web conferencing application that allows users to schedule and attend online meetings and to access meeting materials. The application is exposed to multiple cross-site scripting issues because the software fails to sufficiently sanitize user-supplied input to the "FirstName" and "LastName" parameters of the login page. Unified MeetingPlace versions 6.0, 5.4, 5.3 and earlier are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml

  • 07.46.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ManageEngine OpManager JSP/Login.DO Multiple Cross-Site Scripting Vulnerabilities
  • Description: ManageEngine OpManager is a network monitoring/management application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/26368

  • 07.46.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting
  • Description: Computer Associates SiteMinder (formerly Netegrity SiteMinder) is an access management solution. The web agent is a component that controls access to resources that can be identified with a URI. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize input to the "SMAUTHREASON" parameter of the "forms/smpwservices.fcc" script.
  • Ref: http://www.securityfocus.com/archive/1/483367

  • 07.46.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cerberus FTP Server Web Interface Cross-Site Scripting
  • Description: Cerberus FTP Server is an FTP server that runs on Microsoft Windows platforms. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to an unknown parameter used by the web interface. Cerberus FTP Server versions prior to 2.46 are affected.
  • Ref: http://www.cerberusftp.com/cerberus-releasenotes.htm#ReleaseNotes

  • 07.46.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mozilla Firefox Jar URI Cross-Site Scripting
  • Description: Mozilla Firefox is a browser available for multiple platforms. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. The problem occurs in the implementation of the "jar" protocol.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=369814

  • 07.46.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Helpdesk Login SQL Injection
  • Description: PHP Helpdesk is a web-based, help desk task management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the login page before using it in an SQL query. PHP Helpdesk version 0.6.16 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483256

  • 07.46.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Vendejo Articles.PHP SQL Injection
  • Description: E-Vendejo is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "articles.php" script before using it in an SQL query. E-Vendejo version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/26330

  • 07.46.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Message Board Printer.ASP SQL Injection
  • Description: ASP Message Board is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "boards/printer.asp" script before using it in an SQL query. ASP Message Board version 2.2.1c is affected.
  • Ref: http://www.securityfocus.com/bid/26334

  • 07.46.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JPortal Mailer.PHP SQL Injection
  • Description: JPortal is a PHP-based, web-forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "to" parameter of the "mailer.php" script before using it in an SQL query. JPortal version 2 is affected.
  • Ref: http://www.milw0rm.com/exploits/4611

  • 07.46.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UPublisher Multiple SQL Injection Vulnerabilities
  • Description: UPublisher is an automated news publishing system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. UPublisher version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/453462

  • 07.46.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPWind AdminUser Parameter SQL Injection
  • Description: PHPWind Board is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "AdminUser" parameter. PHPWind versions 5.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21011

  • 07.46.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UStore/USupport Detail.ASP SQL Injection
  • Description: UStore is a web-based ecommerce application implemented in ASP. USupport is a web-based support forum implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "detail.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/451307

  • 07.46.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MiNT Haber Sistemi Duyuru.asp SQL Injection
  • Description: MiNT Haber Sistemi is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "duyuru.asp" script before using it in an SQL query. MiNT Haber Sistemi version 2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/22030

  • 07.46.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wiz-Ad Login Page SQL Injection
  • Description: Wiz-Ad is an ASP-based application for managing and serving advertisements. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. Specifically, the issue occurs in the password field when the username is set to "Administrator" or "Client". Wiz-Ad version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25819

  • 07.46.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Rapid Classified AgencyCatResult.ASP SQL Injection
  • Description: Rapid Classified is an ASP-based advertisement application. Rapid Classified is exposed to an SQL injection issue. The application fails to properly sanitize user-supplied input to the "cmbCat" parameter of the "agencyCatResult.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/483436

  • 07.46.60 - CVE: Not Available
  • Platform: Web Application
  • Title: DM Guestbook Multiple Local File Include Vulnerabilities
  • Description: DM Guestbook is a PHP-based guestbook application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. DM Guestbook version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26300

  • 07.46.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Scribe Forum.PHP Remote PHP Code Execution
  • Description: Scribe is a flat-file, bulletin board application implemented in PHP. The application is exposed to an arbitrary PHP code execution issue because it fails to properly sanitize user-supplied input. Specifically, when a new user is registered, the application creates a file named "/regged/[username].php". Malicious PHP script code may be injected into this file when it is created via the "Register" parameter of the "forum.php" script. Scribe version 0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483183

  • 07.46.62 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Tivoli Service Desk Maximo HTML Injection
  • Description: IBM Tivoli Service Desk Maximo is a commercially available, web-based service desk application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. IBM Tivoli Service Desk Maximo version 6.2 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06387

  • 07.46.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Ax Developer CMS Index.PHP Local File Include
  • Description: Ax Developer CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "module" parameter of the "index.php" script. Ax Developer CMS version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26306

  • 07.46.64 - CVE: Not Available
  • Platform: Web Application
  • Title: JLMForo System ModificarPerfil.PHP HTML Injection
  • Description: JLMForo System is a web application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the signature form field of the "modifcarPerfil.php" script.
  • Ref: http://www.securityfocus.com/bid/26311

  • 07.46.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Remote Services Net Connect Software Local Format String
  • Description: Sun Remote Services (SRS) Net Connect Software is a web-based asset configuration and patch reporting application used to manage Sun server and storage systems. The application is exposed to a local format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610

  • 07.46.66 - CVE: Not Available
  • Platform: Web Application
  • Title: GuppY Includes.Inc Remote File Include
  • Description: GuppY is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "selskin" parameter used by the "/inc/includes.inc" script. GuppY version 4.6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/26315

  • 07.46.67 - CVE: Not Available
  • Platform: Web Application
  • Title: scWiki Common.PHP Remote File Include
  • Description: scWiki is a wiki application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "pathdo" parameter of the "includes/common.php" script. scWiki version 1.0 Beta 2 is affected.
  • Ref: http://www.securityfocus.com/bid/26316

  • 07.46.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Quick And Dirty Blog Categories.PHP Local File Include
  • Description: Quick And Dirty Blog is a blogging application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme" parameter of the "categories.php" script. Quick And Dirty Blog version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/26317

  • 07.46.69 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Helpdesk Index.PHP Local File Include
  • Description: PHP Helpdesk is a web-based, help desk and task management application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "whattodo" parameter of the "index.php" script. PHP Helpdesk version 06.16 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483256

  • 07.46.70 - CVE: Not Available
  • Platform: Web Application
  • Title: SF-Shoutbox Main.PHP Multiple HTML Injection Vulnerabilities
  • Description: SF-Shoutbox is a web application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. SF-Shoutbox versions 1.2.1 to 1.4 are affected.
  • Ref: http://www.securityfocus.com/bid/26320

  • 07.46.71 - CVE: Not Available
  • Platform: Web Application
  • Title: SyndeoCMS MAIN.INC.PHP Remote File Include
  • Description: SyndeoCMS is a fork of the Site@School content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cmsdir" parameter of the "main.inc.php" script. SyndeoCMS version 2.5.01 is affected.
  • Ref: http://www.securityfocus.com/bid/26321

  • 07.46.72 - CVE: Not Available
  • Platform: Web Application
  • Title: nuBoard Index.PHP Remote File Include
  • Description: nuBoard is a forum application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "site" parameter of the "index.php" script. nuBoard version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/26322

  • 07.46.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Vortex Portal Multiple Remote File Include Vulnerabilities
  • Description: Vortex Portal is a content management application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "cfgProgDir" parameter of the following scripts: "admincp/auth/secure.php" and "admincp/auth/checklogin.php". Vortex Portal version 1.0.42 is affected.
  • Ref: http://www.securityfocus.com/bid/26325

  • 07.46.74 - CVE: CVE-2007-5567
  • Platform: Web Application
  • Title: Galmeta Post Upload_Config.PHP Remote File Include
  • Description: Galmeta Post is a content management system (CMS). The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "DDS" parameter of the "/tmp/post_static_0-11/_lib/fckeditor/upload_config.php" script. Galmeta Post version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/26329

  • 07.46.75 - CVE: Not Available
  • Platform: Web Application
  • Title: JBC Explorer Auth.Inc.PHP Authentication Bypass
  • Description: JBC Explorer PHP-based application that allows users to view files on the web server. The application is exposed to an authentication bypass issue. The issue exists in the "dirsys/modules/auth/index_auth.php" script when "sccr=1" is passed to "dirsys/modules/auth.php" via an HTTP POST request. JBC Explorer version 7.20 RC1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/483268

  • 07.46.76 - CVE: Not Available
  • Platform: Web Application
  • Title: easyGB Index.PHP Local File Include
  • Description: easyGB is a web-based, guest book application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "DatabaseType" parameter of the "index.php" script. easyGB version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26335

  • 07.46.77 - CVE: CVE-2007-5599
  • Platform: Web Application
  • Title: awrate.com Message Board 404.PHP and TopBar.PHP Multiple Remote File Include Vulnerabilities
  • Description: awrate.com message board is a web application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "toroot" parameter of the "404.php" and "topbar.php" scripts. awrate.com message board version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26336

  • 07.46.78 - CVE: Not Available
  • Platform: Web Application
  • Title: PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
  • Description: PicoFlat CMS is a web-based content manager. The application is exposed to multiple security bypass issues because it fails to properly validate user privileges. PioFlat CMS versions prior to 0.4.18 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=549287&group_id=195156

  • 07.46.79 - CVE: CVE-2007-5776
  • Platform: Web Application
  • Title: i-Gallery igallery.ASP Remote Information Disclosure
  • Description: i-Gallery is a web-based photo gallery application implemented in ASP. The application is exposed to a remote information disclosure issue because it fails to properly sanitize user-supplied input. Specifically, the application does not properly sanitize the "d" parameter of the "igallery.asp" script of a combination of encoded backslash characters ("%5c") and directory traversal strings ("../"). i-Gallery version 3.4 is affected. Ref: http://www.securityfocus.com/archive/1/archive/1/482788/100/0/threaded

  • 07.46.80 - CVE: CVE-2007-5116
  • Platform: Web Application
  • Title: Perl Unicode Regular Expression Buffer Overflow
  • Description: Perl is exposed to a buffer overflow issue due to a failure of the application to sufficiently bounds check user-supplied input. Perl version 5.8 is affected.
  • Ref: http://www.securityfocus.com/bid/26350

  • 07.46.81 - CVE: Not Available
  • Platform: Web Application
  • Title: OrangeHRM REDIRECT Function Remote Security Bypass
  • Description: OrangeHRM is a PHP-based application for managing human resources. The application is exposed to a security bypass issue because it fails to properly validate user privileges. Specifically, this issue affects the "reDirect" function in the "php/orangehrm/lib/controllers/RepViewController.php" script. OrangeHRM versions prior to 2.2.2 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=550550&group_id=156477

  • 07.46.82 - CVE: CVE-2007-5741
  • Platform: Web Application
  • Title: Plone Multiple Modules Script Execution Vulnerabilities
  • Description: Plone is a web-based content management system (CMS) implemented in Python. The application is exposed to multiple script execution issues that affect the "statusmessages" and "linkintegrity" modules. Plone versions 2.5.4 and earlier of the 2.5 branch and Plone versions 3.0.2 and earlier of the 3.0 branch are affected.
  • Ref: http://www.securityfocus.com/archive/1/483343

  • 07.46.83 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyChat Languages.Lib.PHP Local File Include
  • Description: phpMyChat is a web chat application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "ChatPath" parameter of the "languages.lib.php" script. phpMyChat versions 0.15.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/450923

  • 07.46.84 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyChat Plus Multiple Local File Include Vulnerabilities
  • Description: phpMyChat Plus is a chat application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "ChatPath" parameter. phpMyChat Plus versions 1.9 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20972

  • 07.46.85 - CVE: Not Available
  • Platform: Web Application
  • Title: VBlog CFGProgDir Parameter Multiple Remote File Include Vulnerabilities
  • Description: vBlog is a web-log implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "cfgProgDir" parameter.
  • Ref: http://www.securityfocus.com/bid/20977

  • 07.46.86 - CVE: Not Available
  • Platform: Web Application
  • Title: CMSMelborp User_Standard.PHP Remote File Include
  • Description: CMSmelborp is a content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "relative_root" parameter of "user_standard.php".
  • Ref: http://www.securityfocus.com/bid/21022

  • 07.46.87 - CVE: Not Available
  • Platform: Web Application
  • Title: eIQnetworks Enterprise Security Analyzer Multiple Buffer Overflow Vulnerabilities
  • Description: eIQnetworks Enterprise Security Analyzer is a distributed application for enterprise security. The application is exposed to multiple buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Enterprise Security Analyzer version 2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465488

  • 07.46.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Weblord.it MS TopSites Unauthorized Access Vulnerability and HTML Injection
  • Description: MS TopSites is a PHP-based site rating module for PHP-Nuke. The application is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/archive/1/483353

  • 07.46.89 - CVE: Not Available
  • Platform: Web Application
  • Title: IrayoBlog Irayofuncs.PHP Board Remote File Include
  • Description: IrayoBlog is a web-log application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "irayodirhack" parameter of the "irayofuncs.php" script. IrayoBlog versions 0.2.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20968

  • 07.46.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Ezboxx Multiple Input Validation Vulnerabilities
  • Description: Ezboxx is a web-based portal application implemented in ASP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Ezboxx Portal System Beta versions 0.7.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22029

  • 07.46.91 - CVE: CVE-2007-0320
  • Platform: Web Application
  • Title: InstallFromTheWeb Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: Macrovision/InstallShield InstallFromTheWeb is a web-based software installer. The application is exposed to multiple unspecified buffer overflow issues because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797

  • 07.46.92 - CVE: Not Available
  • Platform: Web Application
  • Title: E107 Mailout.PHP Remote Command Execution
  • Description: e107 is a content manager implemented in PHP. The application is exposed to a command execution issue because it fails to sanitize user-supplied input in the "mailer" parameter, which is passed to "popen()" call when sending a test email. This issue resides in the "mailout.php" script. e107 version 0.7.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/465483

  • 07.46.93 - CVE: Not Available
  • Platform: Web Application
  • Title: MyWebFTP Pass.PHP Hashed Password Information Disclosure
  • Description: MyWebFTP is a PHP-based FTP client. The application is exposed to an information disclosure issue because unauthorized users can access the "mwftp5/free/_files/conf/pass.php" script. The script contains the administrator's password hash.
  • Ref: http://www.securityfocus.com/bid/26366

  • 07.46.94 - CVE: CVE-2007-3921
  • Platform: Web Application
  • Title: GForge Insecure Temporary File Creation
  • Description: GForge is a PHP-based application for managing source code. The application creates temporary files in an insecure manner. Local users could truncate system files with the privileges of the GForge user.
  • Ref: http://www.securityfocus.com/bid/26373

  • 07.46.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PEAR::MDB2 BLOB Field Information Disclosure
  • Description: MDB2 is a PEAR (PHP Extension and Application Repository) module that implements a database abstraction layer for PHP applications. It is the result of merging the PEAR DB and Metabase modules. The application is exposed to an information disclosure issue because the library fails to securely handle URIs in BLOB and CLOB database fields. MDB2 version 2.5.0a1 is affected.
  • Ref: http://pear.php.net/bugs/bug.php?id=10024

  • 07.46.96 - CVE: Not Available
  • Platform: Web Application
  • Title: USVN Subversion Repository Information Disclosure
  • Description: USVN is a web-based application for administering software repositories. The application is exposed to an information disclosure issue that occurs because it allows unauthorized users to view the list of files in a subversion repository. USVN version 6.5 is affected.
  • Ref: http://www.usvn.info/news/

  • 07.46.97 - CVE: Not Available
  • Platform: Network Device
  • Title: BT Home Hub Login Procedure Authentication Bypass
  • Description: BT Home Hub is a wireless router developed by BT. The application is exposed to a authentication bypass issue because the devices allow users to bypass the login procedure when attempting to view and change router configurations. BT Home Hub firmware version 6.2.2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/26333

  • 07.46.98 - CVE: CVE-2007-5789
  • Platform: Network Device
  • Title: Grandstream HandyTone-488 PSTN To VoIP Adapter IP Stack Remote Denial of Service
  • Description: Grandstream HandyTone-488 is a Voice over IP (VoIP) phone. The application is exposed to a denial of service issue that resides in the implementation of its IP stack. Specifically, the device fails to handle fragmented IP packets over port 5060. This port is used to communicate with the device's public IP address. Ref: http://www.sipera.com/index.php?action=resources,threat_advisory&tid=362

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.