@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Apple QuickTime Response Handling Buffer Overflow
• (2) HIGH: Apple Mail Attachment Spoofing Vulnerability
• (3) MODERATE: Wireshark Multiple Vulnerabilities
• (4) MODERATE: BitDefender Online Scanner Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 07.48.1 - Microsoft Windows 2000 Insecure Random Number Generator Information Disclosure Weakness

Microsoft Office

• 07.48.2 - Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow

Third Party Windows Apps

• 07.48.3 - ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow Vulnerabilities
• 07.48.4 - Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation

Mac Os

• 07.48.5 - Apple Mac OS X Mail Arbitrary Code Execution

Linux

• 07.48.6 - Linux Kernel TCP_Input.C Remote Denial of Service
• 07.48.7 - Linux Kernel wait_task_stopped Local Denial of Service
• 07.48.8 - ISPmanager Responder Local Privilege Escalation
• 07.48.9 - feynmf feynmf.pl Insecure Temporary File Creation
• 07.48.10 - I Hear U Multiple Remote Denial of Service Vulnerabilities
• 07.48.11 - IRC Services Password Parsing Remote Denial of Service
• 07.48.12 - skge Driver Spin_Unlock Remote Denial of Service

Unix

• 07.48.13 - teTeX DVI File Parsing Multiple Vulnerabilities
• 07.48.14 - CUPS SSL Negotiation Unspecified Remote Denial of Service

Cross Platform

• 07.48.15 - LIVE555 Media Server ParseRTSPRequestString Remote Denial of Service
• 07.48.16 - ngIRCd JOIN Command Parsing Denial of Service
• 07.48.17 - OmniPCX Enterprise Audio Rerouting Information Disclosure And Denial of Service
• 07.48.18 - Multiple Web Browsers SSL Certificate SubjectAltName Validation Weakness
• 07.48.19 - Rigs of Rods Long Vehicle Name Buffer Overflow
• 07.48.20 - SMF Private Forum Messages Information Disclosure
• 07.48.21 - IBM Director CIM Server Remote Denial of Service
• 07.48.22 - Code-Crafters Ability Mail Server Multiple Remote Denial of Service Vulnerabilities

Web Application - Cross Site Scripting

• 07.48.23 - Liferay Portal Login Script Cross-Site Scripting
• 07.48.24 - FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
• 07.48.25 - Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting
• 07.48.26 - FileMaker Instant Web Publishing Cross-Site Scripting
• 07.48.27 - Feed to JavaScript (Feed2JS) Feed URI Cross-Site Scripting
• 07.48.28 - phpMyAdmin Login Page Cross-Site Scripting

Web Application - SQL Injection

• 07.48.29 - JiRo's Banner System Login.ASP Multiple SQL Injection Vulnerabilities
• 07.48.30 - IceBB HTTP_X_FORWARDED_FOR SQL Injection
• 07.48.31 - HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection
• 07.48.32 - Cacti Unspecified SQL Injection
• 07.48.33 - ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
• 07.48.34 - Click&BaneX Details.ASP SQL Injection
• 07.48.35 - SkyPortal Multiple SQL Injection Vulnerabilities
• 07.48.36 - AlstraSoft E-Friends Events Module SQL Injection
• 07.48.37 - VUNET Mass Mailer Default.ASP SQL Injection
• 07.48.38 - VUNET Case Manager Default.ASP SQL Injection

Web Application

• 07.48.39 - Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File Include
• 07.48.40 - meBiblio Index.PHP Remote File Include
• 07.48.41 - Sciurus Hosting Panel Code Injection
• 07.48.42 - phpBBViet PHPBB_Root_Path Parameter Remote File Include
• 07.48.43 - Vigile CMS Multiple Vulnerabilities
• 07.48.44 - Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include
• 07.48.45 - SWSoft Confixx Fehler.Inc.PHP Remote File Include
• 07.48.46 - bcoos Multiple Input Validation Vulnerabilities
• 07.48.47 - Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities
• 07.48.48 - phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities

Network Device

• 07.48.49 - AhnLab V3 Products ZIP File Remote Memory Corruption
• 07.48.50 - InGate Firewall And SIParator Multiple Vulnerabilities
• 07.48.51 - Belkin Wireless G Router Remote Syn Flood Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 07.48.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Windows 2000 Insecure Random Number Generator Information Disclosure Weakness
• Description: Microsoft Windows 2000 is exposed to an information disclosure weakness. The issue occurs in the "CryptGenRandom()" function. Specifically, if an attacker has knowledge of certain internal generator values and access to certain RC4 registers, the attacker can reconstruct the previous states of the random number generator.
• Ref: http://eprint.iacr.org/2007/419.pdf

• 07.48.2 - CVE: Not Available
• Platform: Microsoft Office
• Title: Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow
• Description: Microsoft Jet Database Engine (Jet) provides data access to various applications such as Microsoft Access, Microsoft Visual Basic, and third-party applications. Jet is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data. Specifically, the application fails to adequately parse data in specially crafted MDB files.
• Ref: http://www.securityfocus.com/archive/1/483797

• 07.48.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow Vulnerabilities
• Description: ComponentOne FlexGrid is a grid component designed to display, edit, format and organize tabular data. The application is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. ComponentOne FlexGrid version 7.1 Light is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.48.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation
• Description: Invensys Wondware InTouch is a SCADA control system interface for Windows. The application is exposed to a privilege escalation issue. When the application starts, a NetDDE universal share is created with insecure permissions. Wondware InTouch version 8.0 is affected.
• Ref: http://www.kb.cert.org/vuls/id/138633

• 07.48.5 - CVE: Not Available
• Platform: Mac Os
• Title: Apple Mac OS X Mail Arbitrary Code Execution
• Description: Apple Mac OS X is exposed to an issue that results in arbitrary code execution. This issue affects the Mail application when handling email attachments. Mac OS X version 10.5 is affected. Ref: http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple

• 07.48.6 - CVE: CVE-2007-5501
• Platform: Linux
• Title: Linux Kernel TCP_Input.C Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue because it fails to adequately sanitize specially crafted ACK responses. Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are affected.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8

• 07.48.7 - CVE: CVE-2007-5500
• Platform: Linux
• Title: Linux Kernel wait_task_stopped Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle certain process-exit conditions. This issue stems from a fault in the "wait_task_stopped()" function located in the "kernel/exit.c" source file. Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.23.y.git;a=commitdiff;h=36ef66c5d137b9a31fd8c35d236fb9e26ef74f97

• 07.48.8 - CVE: Not Available
• Platform: Linux
• Title: ISPmanager Responder Local Privilege Escalation
• Description: ISPmanager is a control panel for shared, virtual and dedicated web hosting. The application is exposed to a local privilege escalation issue. ISPmanager version 4.2.15.1 is affected.
• Ref: http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf

• 07.48.9 - CVE: CVE-2007-5940
• Platform: Linux
• Title: feynmf feynmf.pl Insecure Temporary File Creation
• Description: The "feynmf" tool is a LaTeX/MetaFont interface used for producing complex Feynman diagrams. The application is exposed to a security issue because it creates temporary files in an insecure manner. feynmf version 1.08 is affected.
• Ref: http://bugs.gentoo.org/show_bug.cgi?id=198231

• 07.48.10 - CVE: Not Available
• Platform: Linux
• Title: I Hear U Multiple Remote Denial of Service Vulnerabilities
• Description: I Hear U is a Voice over IP (VoIP) application for Linux. Multiple denial of service issues affect the application due to a failure of the application to handle specially crafted packets. I Hear U versions prior to 0.5.7 are affected.
• Ref: http://aluigi.altervista.org/adv/ihudos-adv.txt

• 07.48.11 - CVE: Not Available
• Platform: Linux
• Title: IRC Services Password Parsing Remote Denial of Service
• Description: IRC Services is a system of services for IRC channel operators, implemented in C language. The application is exposed to a denial of service issue because it fails to properly handle certain passwords. IRC Services versions prior to 5.0.63 and 5.1.9 are affected.
• Ref: http://www.ircservices.za.net/Changes.txt

• 07.48.12 - CVE: CVE-2006-7229
• Platform: Linux
• Title: skge Driver Spin_Unlock Remote Denial of Service
• Description: skge driver is a network driver for the Linux operating system. The application is exposed to a remote denial of service issue because the driver calls the "spin_unlock()" function and the "hw_lock()" function but does not call the "spin_lock()" function. Ref: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/65631

• 07.48.13 - CVE: CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
• Platform: Unix
• Title: teTeX DVI File Parsing Multiple Vulnerabilities
• Description: teTeX is a TeX distribution for UNIX-compatible systems. The application is exposed to multiple issues.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081

• 07.48.14 - CVE: CVE-2007-4045
• Platform: Unix
• Title: CUPS SSL Negotiation Unspecified Remote Denial of Service
• Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. The application is exposed to an unspecified remote denial of service issue in the SSL negotiation when handling specially crafted data.
• Ref: https://rhn.redhat.com/errata/RHSA-2007-1022.html

• 07.48.15 - CVE: Not Available
• Platform: Cross Platform
• Title: LIVE555 Media Server ParseRTSPRequestString Remote Denial of Service
• Description: LIVE555 Media Server is an open source RTSP (Real Time Streaming Protocol) server. The application is exposed to a remote denial of service issue because it fails to adequately sanitize user-supplied input. LIVE555 Media Server version 2007.11.01 is affected.
• Ref: http://www.securityfocus.com/archive/1/483910

• 07.48.16 - CVE: Not Available
• Platform: Cross Platform
• Title: ngIRCd JOIN Command Parsing Denial of Service
• Description: ngIRCd is an IRC daemon available for various platforms including Windows and UNIX. The application is exposed to a denial of service issue because it fails to handle certain JOIN commands in a proper manner. ngIRCd versions prior to 0.10.3 are affected.
• Ref: http://ngircd.barton.de/doc/ChangeLog

• 07.48.17 - CVE: CVE-2007-5361
• Platform: Cross Platform
• Title: OmniPCX Enterprise Audio Rerouting Information Disclosure And Denial of Service
• Description: OmniPCX Enterprise is a communication server for VOIP communication and other media. The application is exposed to an issue that can cause information disclosure and a denial of service. OmniPCX Enterprise versions 7.1 and earlier are affected. Ref: http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf

• 07.48.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Web Browsers SSL Certificate SubjectAltName Validation Weakness
• Description: Multiple web browsers are exposed to an SSL certificate validation weakness. This issue is due to the failure of the applications to properly handle subjectAltName extensions to X.509 certificates. The following web browsers are affected: Mozilla Firefox, browsers based on the Gecko rendering engine, Opera, Konqueror, and browsers based on the KHTML rendering engine such as Apple's Safari.
• Ref: http://nils.toedtmann.net/pub/subjectAltName.txt

• 07.48.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Rigs of Rods Long Vehicle Name Buffer Overflow
• Description: Rigs Of Rods is a game for multiple operating systems. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Rigs Of Rods versions 0.33d and earlier are affected.
• Ref: http://aluigi.altervista.org/adv/rorbof-adv.txt

• 07.48.20 - CVE: CVE-2007-5943
• Platform: Cross Platform
• Title: SMF Private Forum Messages Information Disclosure
• Description: Simple Machines Forum (SMF) is an open-source web forum. It will run on most UNIX and Linux variants as well as Microsoft Windows. The application is exposed to an information disclosure issue. SMF version 1.1.4 is affected.
• Ref: http://www.securityfocus.com/bid/26508

• 07.48.21 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Director CIM Server Remote Denial of Service
• Description: IBM Director is a system management application to track and view system configurations of remote systems. It is available for Linux, AIX, and Windows servers. The application is exposed to a remote denial of service issue due to a failure of the application to properly handle multiple simultaneous network connections. IBM Director versions 5.20.1 and prior on the Linux and Microsoft Windows platforms are affected.
• Ref: http://www.kb.cert.org/vuls/id/512193

• 07.48.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Code-Crafters Ability Mail Server Multiple Remote Denial of Service Vulnerabilities
• Description: Code-Crafters Ability Mail Server is a mail server for Windows 98, Me, NT, 2000, XP and 2003. The application is exposed to multiple remote denial of service issues because it fails to adequately sanitize user-supplied input. Ability Mail Server versions prior to 2.61 are affected.
• Ref: http://www.code-crafters.com/abilitymailserver/updatelog.html

• 07.48.23 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Liferay Portal Login Script Cross-Site Scripting
• Description: Liferay Portal is an enterprise web portal application implemented in Java. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "login" parameter of the "login" script. Liferay Portal versions 4.1.0 and 4.1.1 are affected.
• Ref: http://www.securityfocus.com/bid/26470

• 07.48.24 - CVE: CVE-2007-5932
• Platform: Web Application - Cross Site Scripting
• Title: FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
• Description: FatWire Content Server is a content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "search" and "advanced search" functionality. FatWire Content Server version 6.3 is affected.
• Ref: http://www.portcullis-security.com/223.php

• 07.48.25 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting
• Description: Citrix NetScaler is an appliance that accelerates application performance. The application is exposed to a cross-site scripting issue that occurs in the web management interface. Specifically, the application fails to sufficiently sanitize user-supplied data to the "/ws/generic_api_call.pl" script. Citrix NetScaler version 8.0 build 47.8 is affected.
• Ref: http://www.securityfocus.com/archive/1/483920

• 07.48.26 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: FileMaker Instant Web Publishing Cross-Site Scripting
• Description: FileMaker is a database application available for Windows and Mac OS operating systems. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter when publishing shared databases with the web publishing feature.
• Ref: http://www.securityfocus.com/bid/26515

• 07.48.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Feed to JavaScript (Feed2JS) Feed URI Cross-Site Scripting
• Description: Feed to JavaScript (Feed2JS) is an application that generates feed displays based on user-specified URIs. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to feed URIs in unspecified scripts. Feed2JS version 1.91 is affected.
• Ref: http://eduforge.org/forum/forum.php?forum_id=1227

• 07.48.28 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpMyAdmin Login Page Cross-Site Scripting
• Description: phpMyAdmin is a web-based administration interface for mySQL databases. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "convcharset" parameter of the login page ("auth_type cookie"). phpMyAdmin versions prior to 2.11.2.2 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8

• 07.48.29 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JiRo's Banner System Login.ASP Multiple SQL Injection Vulnerabilities
• Description: JiRo's Banner System is web application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the login and password parameters of the "login.asp" script before using it in an SQL query. JiRo's Banner System version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/26479

• 07.48.30 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: IceBB HTTP_X_FORWARDED_FOR SQL Injection
• Description: IceBB is a bulletin-board system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data in the "X-Forwarded-For" variable of the http request. IceBB versions 1.0-rc6 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/483916

• 07.48.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection
• Description: HotScripts Clone is a web-based software management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "software-description.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/26485

• 07.48.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Cacti Unspecified SQL Injection
• Description: Cacti is a complete front end to RRDTool. It is implemented in PHP and employs an SQL back-end database. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unknown parameter and script before using it in an SQL query. Cacti versions 0.8.7 and earlier are affected.
• Ref: http://www.cacti.net/release_notes_0_8_7a.php

• 07.48.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
• Description: ProfileCMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameters of the following modules: "profiles-codes", "video-codes" and "arcade-games". ProfileCMS version 1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/483889

• 07.48.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Click&BaneX Details.ASP SQL Injection
• Description: Click&BaneX is a web-based banner exchange system implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" parameters of "details.asp" before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/483922

• 07.48.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SkyPortal Multiple SQL Injection Vulnerabilities
• Description: SkyPortal is an ASP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SkyPortal version RC6 is affected.
• Ref: http://www.securityfocus.com/bid/26504/info

• 07.48.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AlstraSoft E-Friends Events Module SQL Injection
• Description: AlstraSoft E-Friends is a web-based social networking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "seid" parameter of the "Events" module before using it in an SQL query. AlstraSoft E-Friends version 4.98 is affected.
• Ref: http://www.securityfocus.com/bid/26519

• 07.48.37 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: VUNET Mass Mailer Default.ASP SQL Injection
• Description: Mass Mailer is a mail client application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Password" parameter of "Default.asp" before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/484021

• 07.48.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: VUNET Case Manager Default.ASP SQL Injection
• Description: VUNET Case Manager is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Password" parameter of the "Default.asp" script before using it in an SQL query. VUNET Case Manager version 3.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/484019

• 07.48.39 - CVE: Not Available
• Platform: Web Application
• Title: Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File Include
• Description: Carousel Flash Image Gallery is a component for the Joomla! content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "admin.jjgallery.php" script.
• Ref: http://www.securityfocus.com/bid/26471

• 07.48.40 - CVE: Not Available
• Platform: Web Application
• Title: meBiblio Index.PHP Remote File Include
• Description: meBiblio is a web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "action" parameter of the "index.php" script. meBiblio version 0.4.5 is affected.
• Ref: http://www.securityfocus.com/bid/26480

• 07.48.41 - CVE: Not Available
• Platform: Web Application
• Title: Sciurus Hosting Panel Code Injection
• Description: Sciurus Hosting Panel is a freely available web-based virtual host administrative interface. The application is exposed to an arbitrary PHP code injection issue because it fails to properly sanitize user-supplied input to the "filecontents" parameter of the "acp/savenews.php" script. Sciurus Hosting Panel version 2.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/26481

• 07.48.42 - CVE: Not Available
• Platform: Web Application
• Title: phpBBViet PHPBB_Root_Path Parameter Remote File Include
• Description: phpBBViet is a Vietnamese language module for phpBB. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/functions_mod_user.php" script. phpBBViet version 2.0.22 is affected.
• Ref: http://www.securityfocus.com/bid/26482

• 07.48.43 - CVE: Not Available
• Platform: Web Application
• Title: Vigile CMS Multiple Vulnerabilities
• Description: Vigile CMS is a content manager. The application is exposed to multiple issues because it fails to sanitize user-supplied input. Vigile CMS version 1.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/483907

• 07.48.44 - CVE: Not Available
• Platform: Web Application
• Title: Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include
• Description: JUser is a user registration component for the Joomla! content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "com_juser/xajax_functions.php" script. JUser version 1.0.14 is affected.
• Ref: http://www.securityfocus.com/bid/26499

• 07.48.45 - CVE: Not Available
• Platform: Web Application
• Title: SWSoft Confixx Fehler.Inc.PHP Remote File Include
• Description: SWSoft Confixx is a web-based control panel application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "url" parameter of the "html/include/fehler.inc.php" script. SWSoft Confixx version 3.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/26500

• 07.48.46 - CVE: Not Available
• Platform: Web Application
• Title: bcoos Multiple Input Validation Vulnerabilities
• Description: The "bcoos" program is a content manager based on the E-Xoops CMS. The application is exposed to multiple input validation issues because it fails to sanitize user-supplied input. bcoos version 1.0.10 is affected.
• Ref: http://www.securityfocus.com/bid/26505

• 07.48.47 - CVE: Not Available
• Platform: Web Application
• Title: Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities
• Description: TalkBack Comments and Guestbook is a web application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Talkback Comments and Guestbook version 2.2.7 is affected.
• Ref: http://www.securityfocus.com/bid/26520

• 07.48.48 - CVE: CVE-2007-5976, CVE-2007-5977
• Platform: Web Application
• Title: phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities
• Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. phpMyAdmin versions prior to 2.11.2.1 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7

• 07.48.49 - CVE: Not Available
• Platform: Network Device
• Title: AhnLab V3 Products ZIP File Remote Memory Corruption
• Description: AhnLab V3 Pro 2004 and V3 Internet Security 2007 are commercially available antivirus and network security applications. The products are exposed to a remote memory corruption issue when they try to handle specially-crafted ZIP files.
• Ref: http://www.securityfocus.com/archive/1/483799

• 07.48.50 - CVE: Not Available
• Platform: Network Device
• Title: InGate Firewall And SIParator Multiple Vulnerabilities
• Description: Ingate Firewalls are hardware firewall devices that support Session Initiation Protocol (SIP) via SIParator SIP-based communication devices. The application is exposed to multiple issues. Ingate Firewalls versions prior to 4.6.0 are affected.
• Ref: http://www.ingate.com/relnote-460.php

• 07.48.51 - CVE: Not Available
• Platform: Network Device
• Title: Belkin Wireless G Router Remote Syn Flood Denial of Service
• Description: Belkin Wireless G devices are wireless 802.11g routers with integrated 4-port ethernet switches. The application is exposed to a remote denial of service issue due to a failure of the devices to properly handle certain network traffic. Belkin Wireless G routers with model number F5D7230-4 are affected.
• Ref: http://www.securityfocus.com/archive/1/483890

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.