Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 51
December 17, 2007

SANS Newsletters Home

Three of this week's Microsoft vulnerabilities (in Internet Explorer, Windows, and DirextX) are ranked CRITICAL, meaning that immediate patching is not optional. But Microsoft has a lot of company on the HIGH list: Intuit Quickbooks, Apple Quicktime, multiple TrendMicro products, and Java for Apple Mac OS X.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 5 (#1, #2, #3, #4, #10)
    • Microsoft Office
    • 2
    • Other Microsoft Products
    • 5
    • Third Party Windows Apps
    • 8 (#5, #6, #11)
    • Mac Os
    • 2 (#8, #9)
    • Linux
    • 8
    • HP-UX
    • 1
    • Aix
    • 1
    • Novell
    • 1
    • Cross Platform
    • 22 (#7)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 18
    • Web Application
    • 23
    • Network Device
    • 1

************************* SECURITY TRAINING UPDATE *********************

Where can you find Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and SANS' other top-rated courses? - - New Orleans (1/12-1/17): http://www.sans.org/ security08/event.php"> http://www.sans.org/ security08/event.php - - San Jose (2/2 - 2/8): http://www.sans.org/ siliconvalley08/event.php"> http://www.sans.org/ siliconvalley08/event.php - - Phoenix (2/11 - 2/18) http://www.sans.org/ phoenix08/event.php"> http://www.sans.org/ phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/ prague08"> http://www.sans.org/ prague08 - - and in 100 other cites and on line any-time: http://www.sans.org/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
HP-UX
Aix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** SPONSORED LINK *******************************

1) Know the truth. Advanced event correlation is vital to analyzing enterprise data. Download the whitepaper. http://www.sans.org/info/20976

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Windows Media ASF Parsing Vulnerability (MS07-068)
  • Affected:
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows XP
    • Microsoft Windows 2000
    • Microsoft Windows 2000 Server

  • Description: The Advanced Systems Format (ASF) file format is a digital media container file format developed by Microsoft. The component used by Microsoft Windows (called variously the Windows Media Format Runtime and Windows Media Services) contains a flaw in its parsing of ASF files. A specially crafted ASF file could trigger this vulnerability and allow an attacker to execute arbitrary code with the privileges of the current user. In the default configuration of most applications, ASF content is played automatically upon receipt. Any application that uses the vulnerable component is itself likely vulnerable. Known vulnerable applications include Windows Media Player. Some technical details for this vulnerability are publicly available.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (4) HIGH: Microsoft Windows Message Queueing Service Buffer Overflow (MS07-065)
  • Affected:
    • Microsoft Windows 2000 Server
    • Microsoft Windows 2000
    • Microsoft Windows XP

  • Description: The Microsoft Windows Message Queueing Service (MSMQ) provides Microsoft Windows systems with a reliable, potentially asynchronous, messaging service. This service exports a Remote Procedure Call (RPC) interface, allowing remote systems to access the service on a server system. A flaw in the handling of certain calls to this RPC service leads to a buffer overflow vulnerability. A specially crafted call to this service could trigger this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the vulnerable service. On Microsoft Windows 2000 Professional and Windows XP systems, an attacker would require valid authentication credentials to exploit this vulnerability. The vulnerable subsystem is not installed or enabled by default, but is often deployed. A proof-of-concept for this vulnerability is publicly available.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (5) HIGH: Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
  • Affected:
    • Intuit QuickBooks Online Edition versions 10 and prior

  • Description: Intuit QuickBooks Online Edition is a web-based version of Intuit's popular QuickBooks bookkeeping software. Functionality for this software is provided by a group of ActiveX controls. Several of these controls contain multiple vulnerabilities. A malicious web page that instantiates one of these controls could trigger one of these vulnerabilities and potentially execute arbitrary code with the privileges of the current user. These vulnerabilities may be related to a vulnerability discussed in a previous edition of @RISK. Note that Microsoft Security Bulletin MS07-069, referenced above, contains updates that disable the vulnerable versions of these controls via Microsoft's "kill bit" mechanism.

  • Status: Intuit confirmed, updates available.

  • References:
  • (6) HIGH: HP Info Center ActiveX Control Multiple Vulnerabilities
  • Affected:
    • HP Info Center

  • Description: HP Info Center is a system information and user assistance package provided by HP and Compaq for some of its desktop and notebook computers. It allows support personnel to gather system configuration information. Part of its functionality is provided by an ActiveX control. This control contains multiple vulnerabilities. A malicious web page that instantiated this control could exploit one of these vulnerabilities to execute arbitrary code with the privileges of the current user, modify system configuration, or disclose arbitrary file contents. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "62DDEB79-15B2-41E3-8834-D3B80493887A". Note that this may impact normal application functionality.

  • References:
  • (7) HIGH: Trend Micro Multiple Products Uuencoded Data Handling Vulnerability
  • Affected:
    • Trend Micro Antivirus 2008
    • Trend Micro Internet Security 2008
    • Trend Micro Internet Security Pro 2008

  • Description: Multiple Trend Micro products do not properly handle malformed uuencoded documents. Uuencoding is an encoding format used to encode binary data as text, allowing its transmission in text-only environments. A specially crafted document or message that has been uuencoded or contains uuencoded data could trigger a vulnerability in various Trend Micro products. Exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that it is possible to exploit these vulnerabilities by having a malicious document or message scanned by the software; therefore, no user interaction is required to trigger this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Apple QuickTime Multiple Vulnerabilities
  • Affected:
    • Apple QuickTime versions prior to 7.3.1

  • Description: Apple QuickTime is Apple's streaming media framework for Apple Mac OS X and Microsoft Windows. QuickTime contains multiple vulnerabilities in the parsing of several file formats. A specially crafted QuickTime Link (QTL) file or Flash file could trigger one of these vulnerabilities and allow an attacker to execute arbitrary code with the privileges of the current user. QuickTime files are generally opened without first prompting the user in the default configuration of most applications. Additionally, a flaw in the handling of Real Time Streaming Protocol (RTSP) responses could trigger a buffer overflow vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Both QuickTime for Microsoft Windows and Apple Mac OS X are reportedly vulnerable. Some of these vulnerabilities may be related to issues discussed in previous editions of @RISK.

  • Status: Apple confirmed, updates available.

  • References:
  • (10) MODERATE: Microsoft Windows SMBv2 Signature Validation Vulnerability (MS07-063)
  • Affected:
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: The Server Message Block (SMB) protocol is the default resource sharing protocol used by Microsoft Windows. SMBv2 is the second major version of this protocol, and provides users the ability to cryptographically sign sessions. Microsoft Windows does not properly implement the signature process. An attacker who could modify SMB traffic in transit could recompute the cryptographic signature of a packet after modifying it, allowing arbitrary modification of the SMB session without loss of perceived trust. Such an attacker would be able to do anything the legitimate user of the SMB session could do. This attack vector is an example of an exploitable Man-in-the-Middle attack.

  • Status: Microsoft confirmed, updates available.

  • References:
Other Software
  • (11) HIGH: Justsystems Ichitaro Buffer Overflow
  • Affected:
    • Justsystems Ichitaro versions 2007 and prior

  • Description: Justsystems Ichitaro is a popular Japanese-language word processing suite. It contains a flaw in its handling of certain documents. A specially crafted document could trigger a buffer overflow vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Depending on configuration, Ichitaro documents may be opened without first prompting the user. This vulnerability is currently being actively exploited in the wild by a virus known as "Trojan.Tarodrop.F". No further technical details are available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.51.1 - CVE: CVE-2007-5350
  • Platform: Windows
  • Title: Microsoft Windows Vista Kernel ALPC Local Privilege Escalation
  • Description: Microsoft Windows Vista is exposed to a local privilege escalation issue. The flaw stems from insufficient validation of requests made through ALPC. Specifically, the operating system fails to properly validate legacy reply paths.
  • Ref: http://www.kb.cert.org/vuls/id/601073
  • 07.51.2 - CVE: CVE-2007-0064
  • Platform: Windows
  • Title: Microsoft Windows Media Format Runtime ASF File Remote Code Execution
  • Description: Windows Media Format Runtime is a library for Microsoft Windows operating systems. It handles audio and video files for applications such as Microsoft Media Player. The library is exposed to a remote code execution issue because it fails to properly handle malformed ASF (Advanced Systems Format) files.
  • Ref: http://www.kb.cert.org/vuls/id/319385
  • 07.51.3 - CVE: CVE-2007-5351
  • Platform: Windows
  • Title: Microsoft Windows SMBv2 Code Signing Remote Code Execution
  • Description: Microsoft Windows SMBv2 (Server Message Block, version 2) is a version of SMB included with Microsoft Windows Vista and Server 2008. It supports digital signatures to enable clients and servers to validate the authenticity of network packets. The application is exposed to a remote code execution issue because it fails to properly validate digital signatures in SMBv2 network traffic.
  • Ref: http://www.kb.cert.org/vuls/id/520465
  • 07.51.4 - CVE: CVE-2007-3901
  • Platform: Windows
  • Title: Microsoft DirectX SAMI File Parsing Remote Code Execution
  • Description: Microsoft DirectX is a component for Microsoft Windows. Microsoft DirectShow is an integrated component for DirectX that allows users to stream media. The application is exposed to a remote code execution issue when it parses the parameters of malformed Synchronized Accessible Media Interchange (SAMI) file types. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
  • 07.51.5 - CVE: CVE-2007-3895
  • Platform: Windows
  • Title: Microsoft DirectX WAV and AVI File Parsing Remote Code Execution
  • Description: Microsoft DirectX is a component for Microsoft Windows. Microsoft DirectShow is an integrated component for DirectX that allows users to stream media. The application gets exposed to remote code execution issue when Microsoft DirectShow fails to perform sufficient validation of WAV and AVI file parameters.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
  • 07.51.6 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office Insecure Document Signing Weakness
  • Description: Microsoft Office is a suite of applications used to create and edit office documents and data (such as text documents and spreadsheets). The application is exposed to securely sign XML-based documents. Office documents can be digitally signed by the author using a combination of private and public key data. Microsoft Office 2007 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484919
  • 07.51.7 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office Hyperlink Signing Weakness
  • Description: Microsoft Office is a suite of applications used to create and edit office documents and data (such as text documents and spreadsheets). The "word/_rels_document.xml.rels" file contains the target and the ID of URLs contained in an Office file. Microsoft Office 2007 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485031
  • 2007-5347 - CVE: CVE-
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer DHTML Object Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. The application is exposed to a remote memory corruption issue because it fails to adequately handle user-supplied input to certain DHTML object methods.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-513.htm
  • 07.51.9 - CVE: CVE-2007-3902
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Unspecified Remote Memory Corruption
  • Description: Microsoft Internet Explorer is a web browser for the Windows operating system. The application is exposed to a remote memory corruption issue when the application accesses certain unspecified objects that have not been initialized or have been deleted.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
  • 07.51.10 - CVE: CVE-2007-3039
  • Platform: Other Microsoft Products
  • Title: Microsoft Message Queuing Service Buffer Overflow
  • Description: Microsoft Message Queuing (MSMQ) is a messaging protocol that allows applications running on disparate servers to communicate in a failsafe manner. The application is exposed to buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when validating input strings sent to the MSMQ service.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-076.html
  • 07.51.11 - CVE: CVE-2007-3903
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Variant Unspecified Remote Memory Corruption
  • Description: Microsoft Internet Explorer is a web browser for the Windows operating system. The application is exposed to a remote memory corruption issue. This issue occurs when the application accesses certain unspecified objects that have not been initialized or have been deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
  • 07.51.12 - CVE: CVE-2007-5344
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Second Variant Unspecified Remote Memory Corruption
  • Description: Microsoft Internet Explorer is a web browser for the Windows operating system. The application gets exposed to a remote memory corruption issue when the application accesses certain unspecified objects that have not been initialized or have been deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
  • 07.51.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Windows Media Player Remote Stack-Based Buffer Overflow
  • Description: Windows Media Player is a media player application that supports multiple file formats. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Windows Media Player version 6.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484781
  • 07.51.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AVS Media AVSMJPEGFILE.DLL ActiveX Control Remote Buffer Overflow Denial of Service
  • Description: AVS Media produces a variety of multimedia related applications. The application is exposed to a buffer overflow issue. This issue affects the "CreateStill" method of the "AVSMJPEGFILE.DLL" ActiveX control library. AVSMJPEGFILE.DLL version 1.1.1.102 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.51.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Vantage Linguistics AnswerWorks ActiveX Controls Multiple Unspecified Vulnerabilities
  • Description: Vantage Linguistics AnswerWorks is a search application designed for use in help system applications. The application is exposed to multiple unspecified issues. AnswerWorks versions 3.0.0.0 - - 4.0.0.100 and 5.0.0.0 - 5.0.0.6 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.51.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Intuit QuickBooks Online Edition ActiveX Controls Multiple Unspecified Vulnerabilities
  • Description: Intuit QuickBooks is an accounting application available for Microsoft Windows. The application is exposed to multiple unspecified issues. Intuit QuickBooks versions prior to QuickBooks Online Edition 10 are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
  • 07.51.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Trend Micro Products UUE Malformed Zip File Buffer Overflow
  • Description: Trend Micro AntiVirus plus AntiSpyware, Trend Micro Internet Security and Internet Security Pro are Internet security solutions developed by Trend Micro. These applications are exposed to a buffer overflow issue because they fail to perform adequate boundary checks on user-supplied data. The issue occurs in the "sfctlCom.exe" process when the "PCCScan.dll" library copies the filename of a ZIP into a static buffer using the "wcsncpy_s()" function.
  • Ref: http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
  • 07.51.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP Info Center HPInfoDLL.DLL ActiveX Control Multiple Arbitrary Code Execution Vulnerabilities
  • Description: HP Info Center is a component of HP's Quick Launch Buttons application. It provides one-button system information and hardware configuration on multiple HP laptop models. The application is exposed to multiple arbitrary code execution issues. HP Info Center 1.0.1.1 with HPInfoDLL.dll ActiveX control 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484880
  • 07.51.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystem Ichitaro JSGCI.DLL Unspecified Stack-Based Buffer Overflow
  • Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to an unspecified stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before using it in an insufficiently sized buffer. Ichitaro versions 2005, 2006 and 2007 are affected. Ref: http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99
  • 07.51.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities
  • Description: QK SMTP Server is an SMTP server available for Microsoft Windows. The application is exposed to multiple remote denial of service issues because the application fails to handle specially-crafted SMTP commands. Specifically, the application fails to handle excessively long "HELO", "MAIL FROM", "RCPT TO" and "data" commands. QK SMTP Server version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/26856
  • 07.51.21 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X ubc_subr.c Local Denial of Service
  • Description: Apple Mac OS X is exposed to a local denial of service issue because the kernel fails to properly handle exceptional conditions. The issue occurs in the "bsd/kern/ubc_subr.c" source file. Specifically, when the "hashes()" function returns a NULL-character, a NULL-pointer exception will occur in "cs_validate_page". Apple Mac OS X version 10.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26840
  • 07.51.22 - CVE: CVE-2007-6263
  • Platform: Linux
  • Title: netkit-ftpd dataconn() Uninitialized File Stream Memory Corruption
  • Description: netkit-ftpd is a file transfer protocol daemon that supports SSL. The application is exposed to a memory corruption issue because the "dataconn()" in "ftpd.c" declares a file stream without initializing it and later calls "fclose()" on the stream. Netkit ftpd version 0.17 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0174.html
  • 07.51.23 - CVE: CVE-2007-5769
  • Platform: Linux
  • Title: netkit-ftp getreply() Uninitialized Output Stream Memory Corruption
  • Description: netkit-ftp is a file transfer protocol client application. The application is exposed to a memory corruption issue because the "getreply()" function in "ftp.c" calls "fclose()" on an uninitialized output stream ("cout"). netkit-ftp version 0.17 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0174.html
  • 07.51.24 - CVE: CVE-2007-4135
  • Platform: Linux
  • Title: NFSv4 ID Mapper nfsidmap Username Lookup Local Privilege Escalation
  • Description: nfsidmap is used for mapping file paths on computer networks that use the Network File System (NFS) protocol. The application is exposed to a local privilege escalation issue because it fails to adequately handle certain files. nfsidmap versions prior to 0.17 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0951.html
  • 07.51.25 - CVE: CVE-2007-5497
  • Platform: Linux
  • Title: Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple Unspecified Integer Overflow Vulnerabilities
  • Description: e2fsprogs, or Ext2 Filesystems Utilities, is a set of utilities used to create, manage, and debug ext2/ext3 filesystems. The application is exposed to multiple unspecified integer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. e2fsprogs versions 1.38 through 1.40.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/484777
  • 07.51.26 - CVE: Not Available
  • Platform: Linux
  • Title: SAP MaxDB Unspecified Remote Execution
  • Description: SAP MaxDB is a database application developed by SAP. The application is exposed to an unspecified remote code execution issue. MaxDB versions 7.6.00.37 and 7.4.3.32 are affected.
  • Ref: http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000166
  • 07.51.27 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Mmap_min_addr Local Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue due to errors in enforcing the "mmap_min_addr" low memory protection. Local attackers could exploit this issue by running specially crafted binaries that make use of the "do_brk()" function or by expanding the stack. Linux kernel versions prior to 2.6.24-rc5 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
  • 07.51.28 - CVE: CVE-2007-5964
  • Platform: Linux
  • Title: autofs nosuid Mount Option Local Privilege Escalation
  • Description: The "autofs" utility controls the operation of the "automount" daemon for mounting and unmounting filesystems on the Linux operating system. The utility is exposed to a local privilege escalation issue because of a flaw in its default configuration.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-1128.html
  • 07.51.29 - CVE: CVE-2007-6249
  • Platform: Linux
  • Title: Portage
  • Description: Portage is the default package management system for Gentoo Linux. The application is exposed to an information disclosure issue. Specifically, the "etc-update" utility uses an unsuitable umask value to create temporary files when updating configuration files. Portage versions prior to 2.1.3.11 are affected.
  • Ref: http://www.securityfocus.com/bid/26864
  • 07.51.30 - CVE: CVE-2007-6195
  • Platform: HP-UX
  • Title: HP-UX Running DCE Unspecified Remote Denial of Service
  • Description: HP-UX DCE is a set of components used in conjunction with the operating system to facilitate distributed computing services. The application is exposed to an unspecified remote denial of service issue. HP-UX versions B.11.11 and B.11.23 running DCE are affected.
  • Ref: http://www.securityfocus.com/bid/26855
  • 07.51.31 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX 5300-06 Service Pack 4 and 5300-07 Technology Level Multiple Unspecified Vulnerabilities
  • Description: IBM AIX is exposed to multiple unspecified issues. Please refer to the link below for further details. Ref: http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriesfixpackinformation/5300-06-04-0748
  • 07.51.32 - CVE: CVE-2007-6302639135_f.SAL_Public.html
  • Platform: Novell
  • Title: Novell Netmail and M+Netmail Unspecified Code Execution
  • Description: Novell Netmail and M+Netmail are commercially available email and calendar systems. The application is exposed to an unspecified code execution issue. Novell Netmail and M+Netmail versions 3.5.2 are affected.
  • Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/990/3
  • 07.51.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firefly Media Server Multiple Information Disclosure and Denial of Service Vulnerabilities
  • Description: Firefly Media Server is a digital music server designed to serve music to Roku Soundbridge and Apple iTunes. The application is exposed to multiple issues because it fails to handle specially crafted HTTP GET requests. Firefly Media server version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484763
  • 07.51.34 - CVE: CVE-2007-5939
  • Platform: Cross Platform
  • Title: Heimdal FTPD gss_userok() Free Uninitilized Pointer Memory Corruption
  • Description: Heimdal is an implementation of the Kerberos 5 network authentication protocol. The application is exposed to a memory corruption issue that affects its FTP daemon. Heimdal versions 0.7.2 and earlier are affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0175.html
  • 07.51.35 - CVE: CVE-2007-5969
  • Platform: Cross Platform
  • Title: MySQL Server RENAME TABLE System Table Overwrite
  • Description: MySQL is a freely available SQL database for multiple platforms. The application is exposed to a local denial of service issue because the database server fails to properly handle unexpected symbolic links. MySQL versions prior to 5.0.51 are affected.
  • Ref: http://forums.mysql.com/read.php?3,186931,186931
  • 07.51.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SHTTPD Multiple File Access And Directory Traversal Vulnerabilities
  • Description: SHTTPD is an HTTP webserver application for multiple operating systems; it is implemented in C/C++. The application is exposed to multiple file access issues because it fails to adequately sanitize user input.
  • Ref: http://www.securityfocus.com/archive/1/484761
  • 07.51.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Easy File Sharing Web Server Directory Traversal and Multiple Information Disclosure Vulnerabilities
  • Description: Easy File Sharing Web Server is a commercially available webserver software package distributed by EFS Software. It is available for the Microsoft Windows platform. The application is exposed to a directory traversal and multiple information disclosure issues. Easy File Sharing Web Server version 4.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484760
  • 07.51.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SquirrelMail G/PGP Encryption Plugin Access Validation And Input Validation Vulnerabilities
  • Description: The G/PGP encryption plugin for SquirrelMail provides encryption, decryption, and digital-signature support within the SquirrelMail webmail system. The application is exposed to multiple issues. SquirrelMail G/PGP Encryption Plugin versions 2.0, 2.0.1, and 2.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/484794
  • 07.51.39 - CVE: CVE-2007-6015
  • Platform: Cross Platform
  • Title: Samba Send_MailSlot Stack-Based Buffer Overflow
  • Description: Samba is a suite of software that provides file and print services for "SMB/CIFS" clients. It is available for multiple operating platforms. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. The issue occurs in the "send_mallslot()" function when handling specially crafted "SAMLOGO" domain packets.
  • Ref: http://us3.samba.org/samba/security/CVE-2007-6015.html
  • 07.51.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DOSBox Unauthorized File System Access
  • Description: DOSBox is a DOS emulator available for multiple platforms. The application is exposed to an issue that may allow a client application to access files on the host operating system. DOSBox versions 0.72 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/484835
  • 07.51.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BadBlue Directory Traversal and Buffer Overflow
  • Description: BadBlue is a web server application that allows users to share files. The application is exposed to multiple remote issues. BadBlue version 2.72b is affected.
  • Ref: http://www.securityfocus.com/archive/1/484834
  • 07.51.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BarracudaDrive Web Server Denial of Service and Multiple Input Validation Vulnerabilities
  • Description: BarracudaDrive Web Server is a commercial webserver. The application is exposed to a denial of service issue and multiple input validation issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/484833
  • 07.51.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Simple HTTPD Aux Remote Denial of Service
  • Description: Simple HTTPD is an HTTP server. The application is exposed to a denial of service issue because it fails to handle specially-crafted HTTP requests. Specifically, the application terminates when requesting the DOS auxiliary port. Simple HTTPD version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/26813
  • 07.51.44 - CVE: CVE-2007-6303, CVE-2007-6304
  • Platform: Cross Platform
  • Title: MySQL Server Privilege Escalation And Denial of Service Vulnerabilities
  • Description: MySQL is a freely available SQL database for multiple platforms. The application is exposed to the multiple issues. MySQL versions prior to 5.0.52, 5.1.23 and 6.0.4 are affected.
  • Ref: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
  • 07.51.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Backup Exec for Windows Unspecified Remote
  • Description: Symantec Backup Exec is a network-enabled backup solution from Symantec. It is available for Novell NetWare and Microsoft Windows platforms. The application is exposed to an unspecified remote issue. Symantec Backup Exec version 11d for Windows Servers is affected.
  • Ref: http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000200
  • 07.51.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BEA WebLogic Mobility Server Image Converter Unspecified Unauthorized Access
  • Description: BEA WebLogic Mobility Server is an enterprise-level application server for mobile devices. The application is exposed to an issue that results in unauthorized file access due to an unspecified error in the "ImageConverter" functionality.
  • Ref: http://dev2dev.bea.com/pub/advisory/255
  • 07.51.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Websense User-Agent Spoofing Filtering Security Bypass
  • Description: Websense is a web filtering software. The application is exposed to a security bypass issue because it fails to properly enforce filtering rules. It is possible to bypass content-filtering by spoofing the "User-Agent" header of the HTTP request. Websense Enterprise version 6.3.1 is affected.
  • Ref: http://www.websense.com/SupportPortal/SupportKbs/976.aspx
  • 07.51.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kerio WinRoute Firewall Unspecified Proxy Authentication Bypass Weakness
  • Description: Kerio WinRoute Firewall is a Windows based firewall application for corporate environments. The application is exposed to an unspecified weakness that allows local users to bypass proxy authentication. Kerio WinRoute Firewall versions prior to 6.4.1 are affected.
  • Ref: http://www.kerio.com/kwf_history.html
  • 07.51.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Robocode Unspecified Remote Java Code Execution
  • Description: Robocode is a Java programming game. The application is exposed to an unspecified remote Java code execution issue due to an error in the Event Dispatch Thread. Attackers can exploit this issue by specially crafting a robot to execute arbitrary Java code through the use of the "SwingUtilities.invokeLater()" function. Robocode versions prior to 1.5.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=37202&release_id=561213
  • 07.51.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice Insecure Document Signing Weakness
  • Description: OpenOffice is a suite of applications used to create and edit documents and data, such as text documents and spreadsheets. OpenOffice is vulnerable to a security weakness because it allows users to manipulate the "CN" parameter of the "X509issuerName" XML tag contained in the "META-INFdocumentsignatures.xml" file without needing to resign the digital certificate. OpenOffice versions 2.3.0 and 2.2.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485034
  • 07.51.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hosting Controller Multiple Remote Vulnerabilities
  • Description: Hosting Controller is a set of hosting automation tools implemented in ASP. The application is exposed to multiple issues.
  • Ref: http://www.securityfocus.com/archive/1/485028
  • 07.51.52 - CVE: CVE-2007-4706
  • Platform: Cross Platform
  • Title: Apple QuickTime QTL File Handling Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application handles specially-crafted QTL files. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://www.securityfocus.com/bid/26868
  • 07.51.53 - CVE: CVE-2007-4707
  • Platform: Cross Platform
  • Title: Apple QuickTime Flash Media Player Multiple Unspecified Vulnerabilities
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to multiple unspecified issues in the applications Flash media player. The most serious issue will allow remote code execution. QuickTime versions prior to 7.3.1 for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista and Microsoft Windows XP SP2 are affected.
  • Ref: http://www.securityfocus.com/bid/26866
  • 07.51.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Juniper Networks JUNOS Malformed BGP Remote Denial of Service
  • Description: Juniper Networks JUNOS is exposed to a remote denial of service issue when the application handles crafted BGP packets. JUNOS versions 7.3 to 8.4 are affected.
  • Ref: http://www.securityfocus.com/bid/26869
  • 07.51.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Lxlabs HyperVM Cross-Site Scripting
  • Description: HyperVM is a system management and administration application for the Linux platform. It facilitates remote administration over the web. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. HyperVM version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26751
  • 07.51.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: webSPELL is a web-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. webSPELL version 4.01.02 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484795
  • 07.51.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Websense Reporting Tools Login Page Cross-Site Scripting
  • Description: Websense Reporting Tools is a component of the Websense commercial suite of web filtering products. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "username" parameter of the login page. Ref: http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/
  • 07.51.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Thomson Speedtouch 716 URL Parameter Cross-Site Scripting
  • Description: Thomson Speedtouch 716 is a wireless router. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "b/ic/connect/index.php" script. Thomson Speedtouch 716 firmware versions 6.2.17.50 and 5.4.0.14 are affected.
  • Ref: http://www.securityfocus.com/bid/26808
  • 07.51.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: KLab HttpLogger Unspecified Cross-Site Scripting
  • Description: KLab HttpLogger is an application that allows viewing and searching visited web sites history in the browser. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter. HttpLogger version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26810
  • 07.51.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Rainboard Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Rainboard is a bulletin board system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the unspecified parameters of certain scripts. Rainboard versions prior to 2.10 are affected.
  • Ref: http://www.securityfocus.com/bid/26830
  • 07.51.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CubeCart Multiple Cross-Site Scripting Vulnerabilities
  • Description: CubeCart is a web-based e-commerce application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "search" and "buscar" parameters of unspecified scripts.
  • Ref: http://www.securityfocus.com/bid/26834
  • 07.51.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: XOOPS register.php Cross-Site Scripting
  • Description: XOOPS is open-source, freely available portal software written in object-oriented PHP. It is back-ended by a MySQL database and runs on most Unix and Linux distributions. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "modules/profile/register.php" script. XOOPS version 2.2.5 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-xoops.html
  • 07.51.63 - CVE: CVE-2007-5000
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache mod_imagemap and mod_imap Cross-Site Scripting
  • Description: Apache is an HTTP web server available for multiple operating platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters.
  • Ref: http://httpd.apache.org/security/vulnerabilities_22.html
  • 07.51.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hitachi Web Server DirectoryIndex Cross-Site Scripting
  • Description: Hitachi Web Server is a web server application available for multiple platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input used in the "DirectoryIndex()" function. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-041_e/index-e.html
  • 07.51.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hitachi Web Server "imagemap" Cross-Site Scripting
  • Description: Hitachi Web Server is a web server application available for multiple platforms. The server is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input used in the "imagemap()" function. Ref: http://www.hitachi-support.com/security_e/vuls_e/HS07-042_e/index-e.html
  • 07.51.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XIGLA SOFTWARE Absolute Banner Manager .NET SQL Injection
  • Description: Absolute Banner Manager .NET is an Ad tracking and banner management web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "z" parameter of the "abm.aspx" script. Absolute Banner Manager .NET version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26754
  • 07.51.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PenPal Multiple SQL Injection Vulnerabilities
  • Description: PenPal is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Specifically, it fails to sanitize input to the "mcity" parameter of "search-results.asp" and the "username" and "password" parameters of "login-verify.asp". PenPal version 2.0 is affected.
  • Ref: http://aria-security.net/forum/showthread.php?p=1148
  • 07.51.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TCExam Multiple Unspecified SQL Injection Vulnerabilities
  • Description: TCExam is a web-based assessment application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters and scripts before using it in an SQL query. TCExam versions prior to 5.1.000 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=559646&group_id=159398
  • 07.51.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Apache::AuthCAS Cookie SQL Injection
  • Description: Apache::AuthCAS is a Perl-based Apache authentication module. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input passed via HTTP cookie data before using it in an SQL query. This occurs in the "AuthCAS.pm" script file. Apache::AuthCAS version 0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484711
  • 07.51.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebDoc Multiple SQL Injection Vulnerabilities
  • Description: WebDoc is a proprietary content management system implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. These issues occur in the "document_id" and "cat_id" parameters of the "categories.asp" and "subcategory.asp" scripts. WebDoc version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484758
  • 07.51.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SH-News Comments.PHP SQL Injection
  • Description: SH-News is a web-based news manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "comments.php" script before using it in an SQL query. SH-News version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26778
  • 07.51.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dominion Web DWdirectory Search Parameter SQL Injection
  • Description: Dominion Web DWdirectory is a web-based directory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "search" script before using it in an SQL query. DWdirectory versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/26779
  • 07.51.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ACE Image Hosting Script Albums.PHP SQL Injection
  • Description: ACE Image Hosting Script is a web application that provides image hosting functionality. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "albums.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/26780
  • 07.51.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: p3mbo Content Injector Index.PHP Id Parameter SQL Injection
  • Description: p3mbo Content Injector is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. p3mbo Content Injector version 1.53 is affected.
  • Ref: http://www.securityfocus.com/bid/26781
  • 07.51.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress wp-db.php Character Set SQL Injection
  • Description: WordPress is a freely available application for desktop publishing. The application is exposed to an SQL injection issue because the application fails to sufficiently sanitize user-supplied input before using it in an SQL query. The issue occurs in the "escape()" function of the "wp-includes/wp-db.php" script when connecting to the database.
  • Ref: http://www.securityfocus.com/archive/1/484828
  • 07.51.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Xoops Multiple SQL Injection Vulnerabilities
  • Description: E-Xoops is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "lid", "bid", and "gid" parameters of multiple modules and scripts.
  • Ref: http://www.securityfocus.com/bid/26796
  • 07.51.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GESTDOWN Multiple SQL Injection Vulnerabilities
  • Description: GESTDOWN is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. GESTDOWN version 1.00 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/484816
  • 07.51.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: aurora framework Db_mysql.LIB SQL Injection
  • Description: aurora framework is a modular framework for rapid development of web and console applications using MVC pattern. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "value" parameter of the "pack_var()" function in "module/db.lib/db_mysql.lib" before using it in an SQL query. aurora framework versions prior to 20071208 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=560073&group_id=203287
  • 07.51.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JBoss Seam "order" Parameter SQL Injection
  • Description: JBoss Seam is a framework for development of web 2.0 applications. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "order" parameter of "thegetRenderedEjbql()" method from the "org.jboss.seam.framework.Query" class before using it in an SQL query. JBoss Seam versions prior to 2.0.0 GA are affected.
  • Ref: http://jira.jboss.com/jira/browse/JBSEAM-2084
  • 07.51.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Galaxie CMS "category.php" SQL Injection
  • Description: Galaxie CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "scid" parameter of the "category.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/26853
  • 07.51.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MKPortal Gallery Module SQL Injection
  • Description: MKPortal is a content management application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ida" parameter of the "index.php" script when the "ind" parameter is set to "gallery". MKPortal version M1.1 RC1 is affected.
  • Ref: http://www.securityfocus.com/bid/26860
  • 07.51.82 - CVE: CVE-2007-6338
  • Platform: Web Application - SQL Injection
  • Title: CourseMill Enterprise Learning Management System "userlogin.jsp" SQL Injection
  • Description: CourseMill Enterprise Learning Management System is a content manager implemented in JSP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" form field parameter of the "userlogin.jsp" script before using it in an SQL query. CourseMill Enterprise Learning Management version 4.1 SP4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485072
  • 07.51.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Typo3 SQL Injection
  • Description: Typo3 is a web based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input to the "indexed_search" extension before using it in an SQL query. Typo3 versions prior to 4.0.8 from the 3.x and 4.x branches as well as version 4.1.4 from the 4.1.x branch are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/
  • 07.51.84 - CVE: Not Available
  • Platform: Web Application
  • Title: JFreeChart Multiple HTML Injection Vulnerabilities
  • Description: JFreeChart is a Java application that generates charts and graphs. The application is exposed to multiple HTML injection issues because it fails to sanitize user-supplied input to the "chart tool tip text", "chart name", "href", "shape", and "coords" properties of a chart area. JFreeChart version 1.0.8 is affected.
  • Ref: http://www.rapid7.com/advisories/R7-0031.jsp
  • 07.51.85 - CVE: Not Available
  • Platform: Web Application
  • Title: wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
  • Description: wwwstats is a web traffic analyzer. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. These issues affect the "link" parameter and "useragent" field of the "clickstats.php" script. wwwstats versions prior to 3.22 are affected.
  • Ref: http://www.securityfocus.com/archive/1/484727
  • 07.51.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Media Player Classic Unspecified Remote Stack Buffer Overflow
  • Description: Media Player Classic is a media player application that supports multiple file formats. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Media Player Classic version 6.4.9 is affected.
  • Ref: http://www.securityfocus.com/bid/26774/references
  • 07.51.87 - CVE: Not Available
  • Platform: Web Application
  • Title: PolDoc Document Management System Download_File.PHP Directory Traversal
  • Description: PolDoc Document Management System is a web application. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "download_file.php" script. PolDoc Document Management System version 0.96 is affected.
  • Ref: http://www.securityfocus.com/bid/26775
  • 07.51.88 - CVE: CVE-2007-6232
  • Platform: Web Application
  • Title: Flat PHP Board Multiple Remote Vulnerabilities
  • Description: Flat PHP Board is a bulletin board system. The application is exposed to multiple issues. Flat PHP Board versions 1.2 and earlier are affected.
  • Ref: http://www.milw0rm.com/exploits/4705
  • 07.51.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Falt4 CMS Multiple Input Validation Vulnerabilities
  • Description: Falt4 CMS is a web-based content management system. Three vulnerabilities exist in Falt4 CMS. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Falt4 version Extreme (RC4) is affected.
  • Ref: http://www.securityfocus.com/archive/1/484813
  • 07.51.90 - CVE: Not Available
  • Platform: Web Application
  • Title: bttlxe Forum Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: bttlxe Forum is a web-based forum application implemented in ASP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. bttlxe Forum version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484804
  • 07.51.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Falcon Series One Multiple Input Validation Vulnerabilities
  • Description: Falcon Series One is a content management system (CMS). The application is exposed to a remote file include issue and multiple HTML injection issues because it fails to properly sanitize user-supplied input. Falcon Series One version 1.4.3 stable is affected.
  • Ref: http://www.securityfocus.com/bid/26798
  • 07.51.92 - CVE: Not Available
  • Platform: Web Application
  • Title: RoundCube Webmail CSS Expression Input Validation
  • Description: RoundCube Webmail is a web-based IMAP client. The application is exposed to an input validation issue because it fails to sanitize HTML email messages. This issue occurs when processing email messages that contain script code inside CSS "expression()" calls (for example, <div style="left:expression(arbitrary script code)"></div>). RoundCube Webmail version 0.1rc2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/484802
  • 07.51.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Bitweaver 2.0.0 and Prior Multiple Input Validation Vulnerabilities
  • Description: Bitweaver is a web application framework and content manager. The application is exposed to multiple input validation issues. Bitweaver versions 2.0.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/484805
  • 07.51.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke autohtml.php Local File Include
  • Description: Dance Music is part of the Music Sound PHP-Nuke module. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "autohtml.php" script. Specifically, the application fails to properly sanitize directory traversal strings ("../").
  • Ref: http://www.securityfocus.com/bid/26807
  • 07.51.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Monalbum Multiple Remote Vulnerabilities
  • Description: Monalbum is a web-based photo application. The application is exposed to multiple remote issues. Monalbum version 0.8.7 is affected.
  • Ref: http://www.securityfocus.com/bid/26811
  • 07.51.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Cybozu Products Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
  • Description: Cybozu products are exposed to multiple cross-site scripting issues because they fail to properly handle user-supplied input. Cybozu Office versions 6.6 Build 1.3, 6.5 and Garoon 1.5(4.1) versions are affected.
  • Ref: http://www.securityfocus.com/bid/26812
  • 07.51.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Mcms Easy Web Make Template Parameter Local File Include
  • Description: Mcms Easy Web Make is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter of the "modules/cms/index.php" script. Specifically, the application fails to properly sanitize directory traversal strings ("../").
  • Ref: http://www.securityfocus.com/bid/26821
  • 07.51.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Prolog Manager Insecure Encryption Username and Password Information Disclosure
  • Description: Prolog Manager is a project management application. The application is exposed to an information disclosure issue when the application sends sensitive data through an insecure channel.
  • Ref: http://www.securityfocus.com/archive/1/484886
  • 07.51.99 - CVE: Not Available
  • Platform: Web Application
  • Title: ES Simple Uploader Arbitrary File Upload
  • Description: ES Simple Uploader is a file upload script. The application is exposed to an arbitrary file upload issue because it fails to adequately sanitize user-supplied input. This issue affects the "index.php" script. ES Simple Uploader version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26827
  • 07.51.100 - CVE: Not Available
  • Platform: Web Application
  • Title: ViArt Shop/CMS/Helpdesk Products Block_site_map.PHP Remote File Include
  • Description: ViArt Shop is web-based, shopping cart software. ViArt CMS is a content management system. ViArt Helpdesk is a web-based helpdesk solution. The applications are exposed to a remote file include issue because they fail to sufficiently sanitize user-supplied input to the "root_folder_path" parameter of the "blocks/block_site_map.php" script. ViArt Shop version 3.3.2, CMS version 3.3.2 and HelpDesk version 3.3.2 are affected.
  • Ref: http://www.securityfocus.com/bid/26828
  • 07.51.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Fastpublish CMS Designconfig.PHP Remote File Include
  • Description: Fastpublish CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "config[fsBase]" parameter of the "designconfig.php" script. Fastpublish CMS version 1.9999 is affected.
  • Ref: http://www.securityfocus.com/bid/26845
  • 07.51.102 - CVE: Not Available
  • Platform: Web Application
  • Title: City Writer "head.php" Remote File Include
  • Description: City Writer is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "head.php" script. City Writer version 0.9.7 is affected.
  • Ref: http://www.securityfocus.com/bid/26848
  • 07.51.103 - CVE: Not Available
  • Platform: Web Application
  • Title: xml2owl "filedownload.php" Directory Traversal
  • Description: xml2owl is a PHP-based web application that converts Extensible Markup Language (XML) files to Web Ontology Language (OWL) files. The application is exposed to an issue that lets attackers access arbitrary files because the application fails to sufficiently sanitize user-supplied input to the "file" parameter of the "filedownload.php" script when the "mode" parameter is set to download. xml2owl version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26849
  • 07.51.104 - CVE: Not Available
  • Platform: Web Application
  • Title: DynaWeb Developers MMS Gallery "id" Parameter Multiple Directory Traversal Vulnerabilities
  • Description: MMS Gallery is a PHP-based picture gallery. The application is exposed to multiple directory traversal issues that let attackers access arbitrary files because the application fails to sufficiently sanitize user-supplied input to the "id" parameter of the "get_file.php" and "get_image.php" scripts. MMS Gallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26852
  • 07.51.105 - CVE: Not Available
  • Platform: Web Application
  • Title: AdultScript Security Bypass
  • Description: AdultScript is an adult content video management script. The application is exposed to a security bypass issue because it fails to properly validate user credentials before performing certain actions. Specifically, setting the browser to disallow redirections while requesting the "admin/administrator.php" script allows an attacker to bypass authentication and gain access to sensitive information. The attacker can use this to obtain the username and password of the administrator account. AdultScript versions 1.6 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/26870
  • 07.51.106 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI Secondary Admin Security Bypass
  • Description: WebGUI is a web application framework and content management system (CMS). The application is exposed to a security bypass issue because the application fails to properly validate user privileges. Specifically, an unprivileged attacker who is a "secondary admin" user can create users with administration privileges which results in privilege escalation. WebGUI versions prior to 7.4.18 are affected. Ref: http://www.plainblack.com/getwebgui/advisories/webgui-7_4_18-stable-released
  • 07.51.107 - CVE: Not Available
  • Platform: Network Device
  • Title: IBM Hardware Management Console Unspecified Privilege Escalation
  • Description: IBM Hardware Management Console enables an administrator to manage the configuration and operation of partitions in a computer and to monitor the computer for hardware problems. The application is exposed to a privilege escalation issue in unspecified HMC commands. Hardware Management Console version 3 release 3.7 is affected. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&amp;ID=4036

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Years of experience downloaded into your brain in 6 days.
-Chris Koutras, Titan Corp

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County