@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
• (2) CRITICAL: Trend Micro ServerProtect Insecure Method Exposure
• (3) CRITICAL: Hewlett-Packard HP-UX swagentd RPC Buffer Overflow
• (4) CRITICAL: ClamAV Multiple Executable Parsing Vulnerabilities
• (5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
• (6) HIGH: Yahoo! Toolbar ActiveX Control Buffer Overflow
• (7) HIGH: IBM Lotus Domino Web Access ActiveX Control Buffer Overflow
• (8) HIGH: Novell GroupWise HTML Email Buffer Overflow
• (9) MODERATE: Opera Multiple Vulnerabilities

Other Software

• (10) CRITICAL: St. Bernard Open File Manager Buffer Overflow
• (11) HIGH: iMesh ActiveX Control Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 07.52.1 - iMesh "IMWebControl" ActiveX Control Code Execution
• 07.52.2 - Novell GroupWise "img" Tag Buffer Overflow
• 07.52.3 - IBM Lotus Domino Web Access "dwa7w.dll' ActiveX Control Memory Corruption
• 07.52.4 - RavWare RavFLIC ActiveX Control Buffer Overflow
• 07.52.5 - WFTPD Explorer Remote Buffer Overflow
• 07.52.6 - HP Software Update "RulesEngine.dll" ActiveX Control Multiple File Overwrite Vulnerabilities
• 07.52.7 - Yahoo! Toolbar YShortcut.dl ActiveX Control Remote Buffer Overflow
• 07.52.8 - Adobe Flash Player ActiveX Control "navigateToURL" API Cross Domain Scripting
• 07.52.9 - HP eSupportDiagnostics "dpediag.dll" ActiveX Control Multiple Information Disclosure Vulnerabilities

Mac Os

• 07.52.10 - Apple Mac OS X Catalog and Distribution File Arbitrary Command Execution Weakness
• 07.52.11 - Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
• 07.52.12 - Apple Mac OS X Keychain Security Bypass
• 07.52.13 - Apple Mac OS X SMB Utilities Local Stack-Based Buffer Overflow

Linux

• 07.52.14 - Perl Net::DNS DNS Response Remote Denial of Service
• 07.52.15 - rPath Linux KDM Unspecified Local Denial of Service
• 07.52.16 - libexif Image Tag Remote Denial of Service
• 07.52.17 - Exiv2 EXIF File Handling Integer Overflow
• 07.52.18 - Linux Kernel "hrtimers" Local Denial of Service
• 07.52.19 - scponly Local Arbitrary Command Execution Weakness
• 07.52.20 - autofs nodev Mount Option Privilege Escalation
• 07.52.21 - libexif Image Tag Remote Integer Overflow
• 07.52.22 - Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service
• 07.52.23 - ClamAV "mspack.c" Off-By-One Buffer Overflow
• 07.52.24 - Adobe Flash Player JPG Header Remote Heap-Based Buffer Overflow

HP-UX

• 07.52.25 - HP-UX rpc.yppasswd Unspecified Remote Denial of Service

Solaris

• 07.52.26 - Sun Solaris NFS "netgroups" Security Bypass
• 07.52.27 - Sun Ray Device Manager Daemon Multiple Vulnerabilities

Unix

• 07.52.28 - Common UNIX Printing System SNMP "asn1_get_string()" Remote Buffer Overflow

Cross Platform

• 07.52.29 - SurgeMail Malformed Host Header Denial of Service
• 07.52.30 - Apple Safari Subframe Same Origin Policy Violation
• 07.52.31 - Appian Business Process Management Suite Remote Denial of Service
• 07.52.32 - Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities
• 07.52.33 - St. Bernard Open File Manager Remote Heap-Based Buffer Overflow
• 07.52.34 - Easylon OPC Server Arbitrary Code Execution
• 07.52.35 - NeoOffice OpenOffice Code Unspecified Security
• 07.52.36 - Anon Proxy Server Remote Shell Command Execution Vulnerabilities
• 07.52.37 - exiftags Multiple Unspecified Buffer Overflow and Denial of Service Vulnerabilities
• 07.52.38 - Hammer of Thyrion Multiple Remote Buffer Overflow Vulnerabilities
• 07.52.39 - BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service
• 07.52.40 - PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
• 07.52.41 - Adobe Flash Player Policy File Cross Domain Security Bypass
• 07.52.42 - Rosoft Media Player M3U Denial of Service
• 07.52.43 - Google Toolbar Dialog Spoofing
• 07.52.44 - ClamAV "libclamav/pe.c" MEW Packed PE File Integer Overflow
• 07.52.45 - Asterisk Host-Based Authentication Security Bypass
• 07.52.46 - Adobe Flash Player Multiple Security Vulnerabilities
• 07.52.47 - Adobe Flash Player DNS Rebinding
• 07.52.48 - Opera Web Browser Multiple Security Vulnerabilities
• 07.52.49 - MySQL Server Unspecified Remote Arbitrary Command Execution
• 07.52.50 - Adobe Flash Player "asfunction" Cross-Site Scripting
• 07.52.51 - ProWizard 4 PC Multiple Remote Stack-Based Buffer Overflow Vulnerabilities
• 07.52.52 - Xen "copy_to_user()" Local Security Bypass
• 07.52.53 - Ingres Flawed In User Authentication Unauthorized Access
• 07.52.54 - HP Tru64 FFM Unspecified Local Denial of Service
• 07.52.55 - Adobe Flash Player Unspecified Privilege Escalation
• 07.52.56 - Adobe Flash Player HTTP Response Splitting

Web Application - Cross Site Scripting

• 07.52.57 - Google Web Toolkit Benchmark Reporting System Unspecified Cross-Site Scripting
• 07.52.58 - Flyspray Multiple Cross-Site Scripting Vulnerabilities
• 07.52.59 - Ganglia Web Frontend Multiple Cross-Site Scripting Vulnerabilities
• 07.52.60 - Mambo Index.PHP Multiple Cross-Site Scripting Vulnerabilities
• 07.52.61 - Citrix Web Interface On-line Help Cross-Site Scripting
• 07.52.62 - GAMERFUN EXPLORER GF-3XPLORER Local File Include and Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 07.52.63 - Woltlab Burning Board Lite Search.PHP Multiple SQL Injection Vulnerabilities
• 07.52.64 - FreeWebshop Multiple SQL Injection Vulnerabilities
• 07.52.65 - PHP Real Estate Classifieds "fullnews.php" SQL Injection
• 07.52.66 - my123tkShop e-Commerce-Suite "mainfile.php" SQL Injection
• 07.52.67 - phpMyRealty Multiple SQL Injection Vulnerabilities
• 07.52.68 - Plogger "plog-rss.php" SQL Injection
• 07.52.69 - Aeries Browser Interface "LostPwd.asp" SQL Injection

Web Application

• 07.52.70 - RaidenHTTPD "workspace.php" Directory Traversal
• 07.52.71 - LineShout Multiple HTML Injection Vulnerabilities
• 07.52.72 - Uber-Uploader Multiple Arbitrary File Upload Vulnerabilities
• 07.52.73 - WebGUI Secondary Admin Security Bypass
• 07.52.74 - SquirrelMail Unauthorized Source Code Modification Package Compromise Vulnerability
• 07.52.75 - phPay Windows Installations Local File Include
• 07.52.76 - Centreon Multiple Remote File Include Vulnerabilities
• 07.52.77 - phpRPG Multiple Vulnerabilities
• 07.52.78 - WordPress Unauthorized Post Access
• 07.52.79 - Black Sheep Web Software Form Tools Multiple Remote File Include Vulnerabilities
• 07.52.80 - FreeWebshop Cookie Security Bypass
• 07.52.81 - Neuron News Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
• 07.52.82 - PHP Security Framework Multiple Input Validation Vulnerabilities
• 07.52.83 - pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File Creation
• 07.52.84 - PhpMyDesktop|arcade "RR.php" Remote File Include
• 07.52.85 - Perforce P4Web Content-Length Header Remote Denial of Service
• 07.52.86 - Dokeos "My production" Arbitrary File Upload
• 07.52.87 - id3lib ID3 Tags Buffer Overflow
• 07.52.88 - Sun Management Center Insecure Default Account Unauthorized Access
• 07.52.89 - xeCMS "view.php" Local File Include
• 07.52.90 - iDevSpot iSupport "index.php" Local File Include
• 07.52.91 - SiteScape Forum "dispatch.cgi" Tcl Command Injection

Network Device

• 07.52.92 - Cisco Application Inspection in Firewall Services Module Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 52, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 07.52.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: iMesh "IMWebControl" ActiveX Control Code Execution
• Description: iMesh is a P2P client for the Microsoft Windows operating platform. The application is exposed to a code execution issue because the application fails to sanitize user-supplied data which can lead to memory corruption. This issue affects the "IMWeb.IMWebControl.1" ActiveX control of "IMWebControl.dll". iMesh versions 7.1.0.37263 and earlier are affected.
• Ref: http://retrogod.altervista.org/rgod_imesh.html

• 07.52.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Novell GroupWise "img" Tag Buffer Overflow
• Description: Novell GroupWise client is an Intranet/Internet GroupWare solution available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. GroupWise version 6.5.6 is affected.
• Ref: http://www.securityfocus.com/archive/1/485100

• 07.52.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: IBM Lotus Domino Web Access "dwa7w.dll' ActiveX Control Memory Corruption
• Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging, and data-driven applications. Web Access is a web browser-based client for Lotus Domino. The application is exposed to a memory corruption issue because of an insecure method in the ActiveX control "dwa7w.dll". Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0498.html

• 07.52.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: RavWare RavFLIC ActiveX Control Buffer Overflow
• Description: RavFLIC is an ActiveX control for playing Autodesk FLC/FLI content. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "FileName()" method. RavFLIC version 1.0.0.1 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.52.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: WFTPD Explorer Remote Buffer Overflow
• Description: WFTPD Explorer is an FTP client for Microsoft Windows operating systems. The application is exposed to a remote heap-based buffer overflow issue because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. WFTPD Explorer version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/26935

• 07.52.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: HP Software Update "RulesEngine.dll" ActiveX Control Multiple File Overwrite Vulnerabilities
• Description: HP Software Update is an application installed by default on multiple HP laptop models. The application is exposed to multiple issues that attackers can exploit to overwrite arbitrary files. HP Software Update version 3.0.8.4 with "RulesEngine.dll" ActiveX control 1.0 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.52.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Yahoo! Toolbar YShortcut.dl ActiveX Control Remote Buffer Overflow
• Description: The Yahoo! Toolbar YShortcut ActiveX control allows users to map shortcuts to URI addresses. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Yahoo! Toolbar version 1.4.1 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.52.8 - CVE: CVE-2007-6244
• Platform: Third Party Windows Apps
• Title: Adobe Flash Player ActiveX Control "navigateToURL" API Cross Domain Scripting
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to a cross domain scripting issue that exists in the "navigateToURL" API, which takes a URL and the name of the frame to be navigated as arguments. Adobe Flash Player versions 9.0.48.0, 8.0.35.0. 7.0.70.0 and earlier are affected.
• Ref: http://support.microsoft.com/kb/240797

• 07.52.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: HP eSupportDiagnostics "dpediag.dll" ActiveX Control Multiple Information Disclosure Vulnerabilities
• Description: HP eSupportDiagnostics is an ActiveX control used to aid in web-based support. The application is exposed to multiple information disclosure issues. HP eSupportDiagnostics ActiveX control, "hpediag.dll" version 1.0.11.0 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059205.html

• 07.52.10 - CVE: CVE-2007-5863
• Platform: Mac Os
• Title: Apple Mac OS X Catalog and Distribution File Arbitrary Command Execution Weakness
• Description: Apple Mac OS X is exposed to an arbitrary command execution weakness. This issue occurs when Mac OS X checks for new updates. Specifically, the catalog file and distribution files are downloaded on the computer using plain HTTP without any form of verification to certify legitimate client-server communication.
• Ref: http://www.securityfocus.com/archive/1/485237

• 07.52.11 - CVE: CVE-2007-4708, CVE-2007-4709, CVE-2007-4710,CVE-2007-5847, CVE-2007-5848, CVE-2007-5849, CVE-2007-5850,CVE-2007-5851, CVE-2007-5852, CVE-2007-5853, CVE-2007-5854,CVE-2007-5855, CVE-2007-5857, CVE-2007-5859, CVE-2007-5861,CVE-2007-5860, CVE-2007-5876
• Platform: Mac Os
• Title: Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
• Description: Apple Mac OS X is exposed to multiple security issues. These issues affect Mac OS X and various applications. Attackers may exploit these issues to execute arbitrary code, trigger denial of service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X versions 10.5.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/26910

• 07.52.12 - CVE: CVE-2007-5862
• Platform: Mac Os
• Title: Apple Mac OS X Keychain Security Bypass
• Description: Apple Mac OS X Keychain is the password management system used by the operating system to manage user authentication. The application is exposed to a security bypass issue because it fails to properly validate user credentials before performing certain actions. Mac OS X version 10.4.10 is affected.
• Ref: http://docs.info.apple.com/article.html?artnum=307177

• 07.52.13 - CVE: CVE-2007-3876
• Platform: Mac Os
• Title: Apple Mac OS X SMB Utilities Local Stack-Based Buffer Overflow
• Description: Mac OS X is an operating platform developed by Apple. "mount_smbfs" is an SMB (Server Message Block protocol) utility used for locally mounting remote SMB shares. The application is exposed to a local stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Mac OS X and Mac OS X Server versions 10.4.11 and earlier are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=633

• 07.52.14 - CVE: CVE-2007-6341
• Platform: Linux
• Title: Perl Net::DNS DNS Response Remote Denial of Service
• Description: The Perl Net::DNS module allows scripts written in Perl to perform DNS queries. The application is exposed to a remote denial of service issue due to a failure of the module to properly handle malformed DNS responses. DNS version 0.60 is affected.
• Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316

• 07.52.15 - CVE: CVE-2007-5963
• Platform: Linux
• Title: rPath Linux KDM Unspecified Local Denial of Service
• Description: rPath Linux KDM is prone to a local denial of service issue. This issue affects KDM from the "kdebase" package. Version 3.4.2 is affected. More information about this issue can be found at the link below.
• Ref: http://www.securityfocus.com/archive/1/485238

• 07.52.16 - CVE: CVE-2007-6351
• Platform: Linux
• Title: libexif Image Tag Remote Denial of Service
• Description: The libexif library is a freely available library that is used to read and write EXIF data. It is implemented in C. The library is exposed to a denial of service issue while parsing image tags contained in EXIF files and is caused by an infinite recursion.
• Ref: http://rhn.redhat.com/errata/RHSA-2007-1165.html

• 07.52.17 - CVE: Not Available
• Platform: Linux
• Title: Exiv2 EXIF File Handling Integer Overflow
• Description: Exiv2 is a freely available, open-source EXIF and IPTC image metadata library. The application is exposed to an integer overflow issue because it fails to properly verify user-supplied data. Exiv2 version 0.15 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=425921

• 07.52.18 - CVE: CVE-2007-5966
• Platform: Linux
• Title: Linux Kernel "hrtimers" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle certain "hrtimers" relative timeout values. This issue can manifest itself when large relative timeout values are added to the current time in the "hrtimer_start()" function. Linux kernel versions prior to 2.6.23.10 are affected.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10

• 07.52.19 - CVE: Not Available
• Platform: Linux
• Title: scponly Local Arbitrary Command Execution Weakness
• Description: scponly is a shell-like application that provides remote read and write access but does not allow remote execution privileges. The application is exposed to a weakness that can result in arbitrary command execution due to certain interaction between scponly and applications such as svn, svnserve, unison, and rsync. scponly version 4.6 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

• 07.52.20 - CVE: CVE-2007-6285
• Platform: Linux
• Title: autofs nodev Mount Option Privilege Escalation
• Description: The "autofs" utility controls the operation of the "automount" daemon for mounting and unmounting filesystems on the Linux operating system. The utility is exposed to a privilege escalation issue because of a flaw in its default configuration. Filesystems mounted under "/net" using the "hosts" automount map do not have the "nodev" mount option enabled by default.
• Ref: https://rhn.redhat.com/errata/RHSA-2007-1176.html

• 07.52.21 - CVE: CVE-2007-6352
• Platform: Linux
• Title: libexif Image Tag Remote Integer Overflow
• Description: The libexif library is a freely available library that is used to read and write exif data. It is implemented in C. The library is expsoed to an integer overflow issue because it fails to properly ensure that integer values are not overrun. Specifically, this issue occurs when parsing image tags contained in exif files.
• Ref: http://rhn.redhat.com/errata/RHSA-2007-1165.html

• 07.52.22 - CVE: CVE-2007-4567
• Platform: Linux
• Title: Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue because it fails to adequately validate specially-crafted IPv6 "Hop-By-Hop" headers. Computers configured with IPv6 can crash when processing specially-crafted "Hop-By-Hop" extended headers. Ref: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.22-rc1

• 07.52.23 - CVE: CVE-2007-6336
• Platform: Linux
• Title: ClamAV "mspack.c" Off-By-One Buffer Overflow
• Description: ClamAV is a multi platform anti virus toolkit used to scan email messages for viruses. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to insufficiently sized memory buffers. ClamAV version 0.91.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/485322

• 07.52.24 - CVE: CVE-2007-6242
• Platform: Linux
• Title: Adobe Flash Player JPG Header Remote Heap-Based Buffer Overflow
• Description: Adobe Flash Player is an application that plays Flash media (.SWF). The application is exposed to a remote heap-based buffer overflow issue because the application fails to handle user-supplied input using consistent signedness. Adobe Flash Player versions 9.0.48.0, 8.0.35.0, 7.0.70.0, and earlier are affected.
• Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html

• 07.52.25 - CVE: CVE-2007-6419
• Platform: HP-UX
• Title: HP-UX rpc.yppasswd Unspecified Remote Denial of Service
• Description: HP-UX rpc.yppasswd is exposed to a remote denial of service issue. The cause of this issue is currently unknown. HP-UX versions B.11.31, B.11.23 and B.11.11 are affected.
• Ref: http://www.securityfocus.com/bid/26971

• 07.52.26 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris NFS "netgroups" Security Bypass
• Description: Sun Solaris is exposed to a security bypass issue due to an unspecified error affecting servers that are configured as NFS servers and have superuser access granted for some "netgroups". Sun Solaris version 10 for SPARC and x86 platforms is affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1

• 07.52.27 - CVE: Not Available
• Platform: Solaris
• Title: Sun Ray Device Manager Daemon Multiple Vulnerabilities
• Description: Sun Ray Server Software includes the Ray Device Manager daemon (utdevmgrd(1M)) used to manage peripheral devices. The daemon is exposed to multiple issues due to unspecified errors. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1&searchclause=

• 07.52.28 - CVE: CVE-2007-5849
• Platform: Unix
• Title: Common UNIX Printing System SNMP "asn1_get_string()" Remote Buffer Overflow
• Description: Common UNIX printing System (CUPS) is a cross platform printing server for UNIX type systems. The application is exposed to a remote buffer overflow issue because the software fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. CUPS versions 1.2, 1.3 and prior to 1.3.5 are affected.
• Ref: http://www.securityfocus.com/bid/26917

• 07.52.29 - CVE: Not Available
• Platform: Cross Platform
• Title: SurgeMail Malformed Host Header Denial of Service
• Description: SurgeMail is a mailserver available for various platforms. The application is exposed to a remote denial of service issue because the application fails to handle specially-crafted HTTP POST requests. Specifically, the application fails to handle POST requests containing a malformed "Host" header. SurgeMail version 38k4 for Microsoft Windows is affected.
• Ref: http://www.securityfocus.com/archive/1/485224

• 07.52.30 - CVE: CVE-2007-5858
• Platform: Cross Platform
• Title: Apple Safari Subframe Same Origin Policy Violation
• Description: Apple Safari is exposed to an issue that allows an attacker to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for subframe access. This issue is due to a failure of the application to implement a properly secure frame navigation policy. Safari 3 for both Microsoft Windows and Apple Mac OS X platforms is affected.
• Ref: http://docs.info.apple.com/article.html?artnum=307178

• 07.52.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Appian Business Process Management Suite Remote Denial of Service
• Description: Appian Business Process Management Suite (BPMS) is a web based business process management application. It is available for various platforms. The application is exposed to a remote denial of service issue because it fails to handle specially-crafted packets. Appian BPMS version 5.6 SP1 is affected.
• Ref: http://www.securityfocus.com/bid/26913

• 07.52.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities
• Description: Trend Micro ServerProtect is an antivirus application designed specifically for servers. The application is exposed to multiple remote insecure method exposure issues because the application does not properly restrict access to certain DCE/RPC methods. ServerProtect version 5.58 (Security Patch 3) is affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-077.html

• 07.52.33 - CVE: CVE-2007-6281
• Platform: Cross Platform
• Title: St. Bernard Open File Manager Remote Heap-Based Buffer Overflow
• Description: St. Bernard Open File Manager is an enterprise data backup solution. The application is exposed to a remote heap-based buffer overflow issue because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently-sized memory buffer. Open File Manager version 9.5 is affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-078.html

• 07.52.34 - CVE: CVE-2007-4473
• Platform: Cross Platform
• Title: Easylon OPC Server Arbitrary Code Execution
• Description: Easylon OPC Server provides OPC (OLE for Process Control) services used in control systems to consolidate field and network device information. The application is exposed to an arbitrary code execution issue. Easylon OPC Server versions prior to 2.3.44 are affected.
• Ref: http://www.kb.cert.org/vuls/id/205073

• 07.52.35 - CVE: Not Available
• Platform: Cross Platform
• Title: NeoOffice OpenOffice Code Unspecified Security
• Description: NeoOffice is a set of Office applications based on the OpenOffice source code and is available for Mac OS X. The application is exposed to an unspecified issue.
• Ref: http://neowiki.neooffice.org/index.php/NeoOffice_Release_Notes

• 07.52.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Anon Proxy Server Remote Shell Command Execution Vulnerabilities
• Description: Anon Proxy Server is a web-based anonymous proxy server. The application is exposed to two issues that allow arbitrary shell commands to run because the software fails to adequately escape user-supplied input.
• Ref: http://www.securityfocus.com/archive/1/485151

• 07.52.37 - CVE: CVE-2007-6031, CVE-2007-6354, CVE-2007-6355,CVE-2007-6356
• Platform: Cross Platform
• Title: exiftags Multiple Unspecified Buffer Overflow and Denial of Service Vulnerabilities
• Description: exiftags is an application for extracting Exif (Exchangeable Image File) image metadata from image files. The application is exposed to multiple issues due to unspecified errors in the way application processes Exif data. exiftags versions prior to 1.01 are affected.
• Ref: http://johnst.org/sw/exiftags/CHANGES

• 07.52.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Hammer of Thyrion Multiple Remote Buffer Overflow Vulnerabilities
• Description: Hammer of Thyrion is a source port of the Hexen II game for Linux, FreeBSD and Mac OS X. The application is exposed to multiple remote buffer overflow issues because it fails to bounds check user-supplied data before copying it into insufficiently sized buffers. Hammer of Thyrion version 1.4.2 is affected.
• Ref: http://uhexen2.sourceforge.net/

• 07.52.39 - CVE: Not Available
• Platform: Cross Platform
• Title: BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service
• Description: BalaBit IT Security syslog-ng is an enterprise level system logging application for multiple operating platforms. The application is exposed to a denial of service issue because it fails to adequately sanitize user-supplied input. syslog-ng and syslog-ng-premium-edition prior to versions 2.0.6 and 2.1.8 are affected.
• Ref: http://www.securityfocus.com/archive/1/485180

• 07.52.40 - CVE: Not Available
• Platform: Cross Platform
• Title: PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
• Description: PeerCast is a peer-to-peer (P2P) radio streaming application implemented in C++. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. These issues occur in the "handShakeHTTP()" function of the "servhs.cpp" source file. PeerCast versions 0.12.17, SVN 334 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/485199

• 07.52.41 - CVE: CVE-2007-6243
• Platform: Cross Platform
• Title: Adobe Flash Player Policy File Cross Domain Security Bypass
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to a cross-domain security bypass issue that will allow an attacker to bypass the same-origin policy file. Specifically, certain SWF files can bypass the browser's same-origin policy. Adobe Flash Player versions 9.0.48.0, 8.0.35.0. 7.0.70.0 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html

• 07.52.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Rosoft Media Player M3U Denial of Service
• Description: Rosoft Media Player is an application that plays various media supported by ACM Codecs that are installed on the same computer. The application is exposed to a denial of service issue because it fails to adequately handle malformed .M3U files. Rosoft Media Player version 4.1.7 is affected.
• Ref: http://www.securityfocus.com/archive/1/485253

• 07.52.43 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Toolbar Dialog Spoofing
• Description: Google Toolbar is a customizable toolbar designed for web browsers. The application is exposed to a dialog-spoofing issue that occurs when installing a custom button onto Google Toolbar. Google Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet Explorer and Google Toolbar 4 for Firefox are affected.
• Ref: http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVuln erability.aspx

• 07.52.44 - CVE: CVE-2007-6335
• Platform: Cross Platform
• Title: ClamAV "libclamav/pe.c" MEW Packed PE File Integer Overflow
• Description: ClamAV is a multi-platform anti-virus toolkit used to scan email messages for viruses. The application is exposed to an integer overflow issue because it fails to properly verify user-supplied data. ClamAV version 0.91.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/485285

• 07.52.45 - CVE: CVE-2007-6430
• Platform: Cross Platform
• Title: Asterisk Host-Based Authentication Security Bypass
• Description: Asterisk is an open-source PBX application available for multiple operating platforms. The application is exposed to a security bypass issue that affects the SIP and IAX protocols due to the way database-based registrations ("realtime") are processed. Specifically, the application fails to validate IP addresses when logging into the application with a correct username and no password. Asterisk Open Source versions prior to 1.2.26 and 1.4.16 are affected, Asterisk Business Edition versions prior to B.2.3.6 are affected, and Asterisk Business Edition versions prior to C.1.0-beta8 are affected.
• Ref: http://www.securityfocus.com/archive/1/485287

• 07.52.46 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Flash Player Multiple Security Vulnerabilities
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to multiple security issues. Adobe Flash Player versions prior to 9.0.48.0, 8.0.35.0, and 7.0.70.0 are affected.
• Ref: http://www.securityfocus.com/bid/26929/references

• 07.52.47 - CVE: CVE-2007-5275
• Platform: Cross Platform
• Title: Adobe Flash Player DNS Rebinding
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to a DNS rebinding issue that allows remote attackers to establish arbitrary TCP sessions. The application allows Flash movies to open TCP sockets to arbitrary hosts that serve an XML policy file authorizing the origin of the movie. The issue occurs because Flash player checks the policy file against domain names and not IP addresses, and for this reason it is possible to authorize a domain and then rebind the domain to a different IP address.
• Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html

• 07.52.48 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser Multiple Security Vulnerabilities
• Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to multiple issues. Opera versions prior to 9.25 are affected.
• Ref: http://www.opera.com/docs/changelogs/windows/925/#security

• 07.52.49 - CVE: Not Available
• Platform: Cross Platform
• Title: MySQL Server Unspecified Remote Arbitrary Command Execution
• Description: MySQL is a freely available SQL database for multiple platforms. The application is exposed to an unspecified issue that allows remote attackers to execute arbitrary commands on the database. MySQL versions 5.0.45 and 5.0.51 are affected. Ref: http://blog.wslabi.com/2007/12/focus-on-mysql-remote-code-execution.html

• 07.52.50 - CVE: CVE-2007-6244
• Platform: Cross Platform
• Title: Adobe Flash Player "asfunction" Cross-Site Scripting
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. ActionScript is a language used to develop media processed by Adobe Flash Player. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied data. The issue exists in the "asfunction" protocol when handling certain SWF files.
• Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html

• 07.52.51 - CVE: Not Available
• Platform: Cross Platform
• Title: ProWizard 4 PC Multiple Remote Stack-Based Buffer Overflow Vulnerabilities
• Description: ProWizard 4 PC is a music ripper for various MOD packed formats. The application is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. ProWizard 4 PC versions 1.62 and earlier are affected.
• Ref: http://aluigi.altervista.org/adv/prowizbof-adv.txt

• 07.52.52 - CVE: CVE-2007-6416
• Platform: Cross Platform
• Title: Xen "copy_to_user()" Local Security Bypass
• Description: Xen is an open-source hypervisor or virtual machine monitor. The application is exposed to a local security bypass issue due to an error in PAL emulation. Specifically, the issue resides in the "copy_to_user()" function. Xen version 3.1.2 on IA64 platforms is affected. Ref: http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7

• 07.52.53 - CVE: CVE-2007-6334
• Platform: Cross Platform
• Title: Ingres Flawed In User Authentication Unauthorized Access
• Description: Ingres is an enterprise-level database server. It is included in several Computer Associates applications. The application is exposed to an unauthorized access issue due to a flaw in user authentication. When connecting to the database, a user will be authenticated using the previous user's credentials. Ingres versions 2.5 and 2.6 when running on Windows are affected.
• Ref: http://www.ingres.com/support/security-alertDec17.php

• 07.52.54 - CVE: Not Available
• Platform: Cross Platform
• Title: HP Tru64 FFM Unspecified Local Denial of Service
• Description: HP Tru64 running FFM (File-on-File Mounting Filesystem) is exposed to a local denial of service issue. The FFM filesystem allows regular, character, or block special files to be mounted over regular files, and is generally used by a FIFO-based pipe. HP Tru64 versions v5.1B-3 and v5.1B-4 running FFM are exposed.
• Ref: http://www.securityfocus.com/archive/1/485395

• 07.52.55 - CVE: CVE-2007-6246
• Platform: Cross Platform
• Title: Adobe Flash Player Unspecified Privilege Escalation
• Description: Adobe Flash Player is an application that plays Flash media files (SWF). The application is exposed to an issue that allows attackers to gain elevated privileges on affected computers. The issue is caused due to an unspecified memory permission error. Adobe Flash Player versions prior to 9.0.115.0 are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html

• 07.52.56 - CVE: CVE-2007-6245
• Platform: Cross Platform
• Title: Adobe Flash Player HTTP Response Splitting
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to an HTTP response splitting issue because it fails to adequately sanitize user-supplied input. Adobe Flash Player versions 9.0.48.0, 8.0.35.0, and 7.0.70.0 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html

• 07.52.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Google Web Toolkit Benchmark Reporting System Unspecified Cross-Site Scripting
• Description: Google Web Toolkit is a Java software development framework for writing AJAX applications. The application is exposed to a cross-site scripting issue because it fails to sanitize an unspecified input parameter to the benchmark reporting system. Google Web Toolkit versions prior to 1.4.61 are affected. Ref: http://code.google.com/webtoolkit/releases/release-notes-1.4.61.html

• 07.52.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Flyspray Multiple Cross-Site Scripting Vulnerabilities
• Description: FlySpray is a bug tracking system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "$_SERVER["QUERY_STRING"]" parameter of the "savesearch" JavaScript function and the "details" parameter of the "index.php" script. Flyspray versions 0.9.9 through 0.9.9.3 are affected.
• Ref: http://www.securityfocus.com/bid/26891

• 07.52.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Ganglia Web Frontend Multiple Cross-Site Scripting Vulnerabilities
• Description: Ganglia is a distributed monitoring system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Ganglia versions prior to 3.0.6 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=562168&group_id=43021

• 07.52.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Mambo Index.PHP Multiple Cross-Site Scripting Vulnerabilities
• Description: Mambo is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "option" parameter of the "index.php" script and the "Itemid" parameter of the "index.php" script when the "option" parameter is set to "com_frontpage". Mambo version 4.6.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/485257

• 07.52.61 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Citrix Web Interface On-line Help Cross-Site Scripting
• Description: Citrix NetScaler is an appliance that accelerates the performance of applications. The application is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. Citrix Web Interface versions 2.0 and earlier are affected.
• Ref: http://support.citrix.com/article/CTX115283

• 07.52.62 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: GAMERFUN EXPLORER GF-3XPLORER Local File Include and Cross-Site Scripting Vulnerabilities
• Description: GAMERFUN EXPLORER GF-3XPLORER is a PHP script for managing files of a web server. The application is exposed to multiple issues. GF-3XPLORER version 2.4 is affected.
• Ref: http://www.securityfocus.com/bid/26936

• 07.52.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Woltlab Burning Board Lite Search.PHP Multiple SQL Injection Vulnerabilities
• Description: Woltlab Burning Board Lite is a bulletin board application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. Specifically, this issue occurs in the "showposts", "sortby" and "sortorder" parameters of the "search.php" script. Woltlab Burning Board Lite version 1.0.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/485408

• 07.52.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FreeWebshop Multiple SQL Injection Vulnerabilities
• Description: FreeWebshop is a shopping cart application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters before using it in an SQL query. FreeWebshop version 2.2.1 is affected.
• Ref: http://newhack.org/advisories/FreeWebShop-2.2.1.txt

• 07.52.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP Real Estate Classifieds "fullnews.php" SQL Injection
• Description: PHP Real Estate Classifieds is a web-based package for real estate ads. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "fullnews.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/26888

• 07.52.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: my123tkShop e-Commerce-Suite "mainfile.php" SQL Injection
• Description: my123tkShop e-Commerce-Suite is a web-based shop application. The application is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. my123tkShop version 0.9.1 is affected.
• Ref: http://www.securityfocus.com/bid/26890

• 07.52.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpMyRealty Multiple SQL Injection Vulnerabilities
• Description: phpMyRealty is a PHP-based real estate listings application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters before using it in an SQL query: "search.php" script through the "type" parameter, and the "findlistings.php" script through the "listing_updated_days" parameter. phpMyRealty versions 1.0.9 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/26932

• 07.52.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Plogger "plog-rss.php" SQL Injection
• Description: Plogger is a photo gallery application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "plog-rss.php" script before using it in an SQL query. Plogger version 1.0 Beta 3 is affected. Ref: http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf

• 07.52.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Aeries Browser Interface "LostPwd.asp" SQL Injection
• Description: Aeries Browser Interface is a web portal for student information. It is a component of the Aeries Student Information System, implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data used in the Forgot Password section of the "LostPwd.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/26962

• 07.52.70 - CVE: Not Available
• Platform: Web Application
• Title: RaidenHTTPD "workspace.php" Directory Traversal
• Description: RaidenHTTPD is a web server application for the Windows operating platform. It features a PHP-based web administration (WebAdmin) tool that is disabled by default. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "ulang" parameter of the "raidenhttpd-admin/workspace.php" script. The issue only occurs when the "WebAdmin" feature is enabled. RaidenHTTPD version 2.0.19 is affected.
• Ref: http://www.securityfocus.com/archive/1/485221

• 07.52.71 - CVE: Not Available
• Platform: Web Application
• Title: LineShout Multiple HTML Injection Vulnerabilities
• Description: LineShout is a PHP-based shoutbox application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. These issues affect "nickname" and "message" form field parameters. LineShout version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/26906

• 07.52.72 - CVE: Not Available
• Platform: Web Application
• Title: Uber-Uploader Multiple Arbitrary File Upload Vulnerabilities
• Description: Uber-Uploader is a file-uploader application that displays a progress bar to the user. The application is exposed to multiple issues that allow attackers to upload arbitrary files because it fails to properly verify user-supplied input. Uber-Uploader version 5.3.6 is affected.
• Ref: http://www.securityfocus.com/archive/1/485235

• 07.52.73 - CVE: Not Available
• Platform: Web Application
• Title: WebGUI Secondary Admin Security Bypass
• Description: WebGUI is a web application framework and content management system (CMS). The application is exposed to a security bypass issue because the application fails to properly validate user privileges. Specifically, an unprivileged attacker who is a "secondary admin" user can create users with administration privileges which results in privilege escalation. WebGUI versions prior to 7.4.18 are affected. Ref: http://www.plainblack.com/getwebgui/advisories/webgui-7_4_18-stable-released

• 07.52.74 - CVE: Not Available
• Platform: Web Application
• Title: SquirrelMail Unauthorized Source Code Modification Package Compromise Vulnerability
• Description: SquirrelMail is a web mail application. The application is exposed to a compromise of the source code. In some source code repositories, the affected versions of the application were modified with malicious content. Specifically, a vulnerability was created that allows a remote attacker to execute arbitrary code in the context of the web server process. SquirrelMail versions 1.4.11 and 1.4.12 are affected.
• Ref: http://www.squirrelmail.org/index.php

• 07.52.75 - CVE: Not Available
• Platform: Web Application
• Title: phPay Windows Installations Local File Include
• Description: phPay is a web-based commerce and shop application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input.
• Ref: http://www.securityfocus.com/archive/1/485149

• 07.52.76 - CVE: Not Available
• Platform: Web Application
• Title: Centreon Multiple Remote File Include Vulnerabilities
• Description: Centreon (formerly Oreon) is a network and system monitoring application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Centreon versions 1.4 and 1.4.1 are affected.
• Ref: http://www.securityfocus.com/archive/1/485152

• 07.52.77 - CVE: Not Available
• Platform: Web Application
• Title: phpRPG Multiple Vulnerabilities
• Description: phpRPG is a web-based role playing game engine. The application is exposed to two issues: an SQL injection issue affecting the "username" and "password" fields of the login script, and an issue that lets attackers steal sessions from other users. phpRPG version 0.8.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/485158

• 07.52.78 - CVE: Not Available
• Platform: Web Application
• Title: WordPress Unauthorized Post Access
• Description: WordPress allows users to generate news pages and web logs dynamically. The application is exposed to an issue that lets unauthorized users read posts before they have been published. The issue is caused by a flaw in the "is_admin" function in the "query.php" script. WordPress version 2.3.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/485160

• 07.52.79 - CVE: Not Available
• Platform: Web Application
• Title: Black Sheep Web Software Form Tools Multiple Remote File Include Vulnerabilities
• Description: Black Sheep Web Software Form Tools is a web-based application for form processing. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "g_root_dir" parameter of the "global/templates/admin_page_open.php" and "global/templates/client_page_open.php" scripts. Form Tools version 1.5.0b is affected.
• Ref: http://www.securityfocus.com/bid/26889

• 07.52.80 - CVE: Not Available
• Platform: Web Application
• Title: FreeWebshop Cookie Security Bypass
• Description: FreeWebshop is a shopping cart application implemented in PHP. The application is prone to a security bypass issue because it fails to properly validate user credentials before performing certain actions. FreeWebshop versions prior to 2.2.7 are affected.
• Ref: http://newhack.org/advisories/freewebshop.2.2.7.txt

• 07.52.81 - CVE: Not Available
• Platform: Web Application
• Title: Neuron News Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Neuron News is a web-based news reader. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Neuron News version 1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/485176

• 07.52.82 - CVE: Not Available
• Platform: Web Application
• Title: PHP Security Framework Multiple Input Validation Vulnerabilities
• Description: PHP Security Framework is a framework that protects applications against various PHP-based issues. The application is exposed to multiple input validation issues. PHP Security Framework version Beta 1 is affected.
• Ref: http://www.securityfocus.com/archive/1/485175

• 07.52.83 - CVE: CVE-2007-6358
• Platform: Web Application
• Title: pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File Creation
• Description: pdftops.pl alternate pdftops filter for CUPS is a Perl script that wraps xpdf's pdftops utility to act as a CUPS filter. The application is exposed to a security issue because it creates temporary files in an insecure manner. The issue presents itself because the "files/pdftops.pl" script creates insecure temporary files with predictable names according to the pattern "$TMPDIR/pdfin.$$.tmp". pdftops.pl alternate pdftops filter for CUPS versions prior to 1.20 are affected.
• Ref: http://www.cups.org/articles.php?L515

• 07.52.84 - CVE: Not Available
• Platform: Web Application
• Title: PhpMyDesktop|arcade "RR.php" Remote File Include
• Description: PhpMyDesktop|arcade is a PHP-based application that provides games, bulletin board services, and chat functionality. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpdns_basedir" parameter of the "RR.php" script. PhpMyDesktop|arcade version 1.0 final is affected.
• Ref: http://www.securityfocus.com/bid/26931

• 07.52.85 - CVE: CVE-2007-6349
• Platform: Web Application
• Title: Perforce P4Web Content-Length Header Remote Denial of Service
• Description: Perforce P4Web is a web-based revision control system available for Mac OS X, Unix, and Windows platforms. The application is exposed to a remote denial of service issue because it fails to handle specially crafted HTTP requests. P4Web versions 2006.2 and earlier running on Windows are affected.
• Ref: http://www.securityfocus.com/archive/1/485321

• 07.52.86 - CVE: Not Available
• Platform: Web Application
• Title: Dokeos "My production" Arbitrary File Upload
• Description: Dokeos is a content manager. The application is exposed to an arbitrary file upload issue because the application fails to sufficiently sanitize user-supplied data. The issue exists in the "My Production" form field parameter of the "My Profile" page. Dokeos version 1.8.4 is affected.
• Ref: http://www.securityfocus.com/bid/26940

• 07.52.87 - CVE: Not Available
• Platform: Web Application
• Title: id3lib ID3 Tags Buffer Overflow
• Description: The id3lib library is an open-source library for reading and manipulating ID3v1 and ID3v2 tags. The application is exposed to a buffer overflow issue because the it fails to perform adequate boundary checks on user-supplied data. This issue affects the "ParseExtend()" function of the "header_tag.cpp" source file. id3lib versions committed to the CVS repository are affected.
• Ref: http://www.securityfocus.com/archive/1/485323

• 07.52.88 - CVE: Not Available
• Platform: Web Application
• Title: Sun Management Center Insecure Default Account Unauthorized Access
• Description: Sun Management Center (MC) is a web-based system management interface for Sun Solaris. The application is exposed to an insecure default account issue in its Oracle database component. The Oracle database component runs under the unprivileged user "smcorau". Sun MC versions 3.5 Update 1, 3.6, and 3.6.1 for the Solaris platform are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1&searchclause=

• 07.52.89 - CVE: Not Available
• Platform: Web Application
• Title: xeCMS "view.php" Local File Include
• Description: xeCMS a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "list" parameter of the "view.php" script.
• Ref: http://www.securityfocus.com/archive/1/485335

• 07.52.90 - CVE: Not Available
• Platform: Web Application
• Title: iDevSpot iSupport "index.php" Local File Include
• Description: iSupport is a Help Desk application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "include_file" parameter of the "index.php" script. iSupport version 1.8 is affected.
• Ref: http://www.securityfocus.com/archive/1/485392

• 07.52.91 - CVE: Not Available
• Platform: Web Application
• Title: SiteScape Forum "dispatch.cgi" Tcl Command Injection
• Description: SiteScape Forum is a web-based forum application available for multiple operating platforms. The application is exposed to a command execution issue because it fails to adequately sanitize user-supplied input.
• Ref: http://www.securityfocus.com/archive/1/485398

• 07.52.92 - CVE: CVE-2007-5584
• Platform: Network Device
• Title: Cisco Application Inspection in Firewall Services Module Denial of Service
• Description: Cisco Firewall Services Module (FWSM) is an integrated firewall module for some models of Cisco networking equipment. The application is exposed to a denial of service issue because it fails to handle specially crafted network packets. This issue occurs when processing data streams in the control-plane path with Layer 7 Application Inspections.
• Ref: http://www.securityfocus.com/archive/1/485320

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.