Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 53
December 31, 2007

SANS Newsletters Home

Happy New Year

As 2008 begins, security professionals are facing an unprecedented escalation of targeted attacks that are penetrating the defenses causing enormous damage. Antivirus tools are more and more impotent; firewalls are being bypassed. A much higher level of skill is needed. During 2008 SANS will try to help by radically improving training in key areas from secure coding to penetration testing to searching for the enemy within." We hope you will join with us in raising the standards of excellence in information security and we wish all of you a healthy and happy new year.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 2
    • Third Party Windows Apps
    • 7 (#1, #2, #4)
    • Novell
    • 1
    • Cross Platform
    • 9 (#3)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 15
    • Web Application
    • 29
    • Network Device
    • 1

************************* SECURITY TRAINING UPDATE *********************

Where can you find Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and SANS' other top-rated courses? - - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php - - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php - - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/prague08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** SPONSORED LINK ********************************

1) Insider threat research report shows CEO's in denial. Download the report now from ArcSight. http://www.sans.org/info/21463

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: AOL Picture Editor ActiveX Control Multiple Buffer Overflows
  • Affected:
    • AOL Picture Editor

  • Description: The AOL Picture Editor is an image editing application by AOL. Some of its functionality is provided by an ActiveX control, known as "YGPPicEdit". This control contains several methods vulnerable to buffer overflows. A specially crafted web page that instantiated this control could exploit one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept for this vulnerability are publicly available.

  • Status: AOL has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "085891E5-ED86-425F-8522-C10290FA8309". Note that this may impact normal functionality.

  • References:
  • (2) HIGH: Persits Software XUpload ActiveX Control Buffer Overflow
  • Affected:
    • Persits Software XUpload ActiveX Control versions prior to 3.0.0.4

  • Description: The Persits Software XUpload ActiveX control is an ActiveX control to simplify uploading of files to remote servers. It contains a buffer overflow in its "AddFolder()" method. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept for this vulnerability are publicly available. This control is used in other software, including HP's LoadRunner load testing suite.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "E87F6C8E-16C0-11D3-BEF7-009027438003". Note that this may affect normal application functionality.

  • References:
  • (4) MODERATE: Winace Uuencoding Buffer Overflow
  • Affected:
    • Winace versions prior to 2.69

  • Description: Winace is a popular archiving solution for Microsoft Windows. It contains a flaw in its handling of uuencoded files. Uuencoding is a plain text encoding format used to send binary files across media that may not support binary transmission (such as email). A specially crafted uuencoded file could trigger a buffer overflow vulnerability in Winace, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, uuencoded files may be opened by Winace automatically without first prompting the user.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 53, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5694 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.53.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word Wordart Doc Denial of Service
  • Description: Microsoft Word is a word processing application. The application is exposed to a denial of service issue when handling malformed ".doc" files with excessively large "wordart" content. Microsoft Word 2003 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485452
  • "worda - CVE: Not Available00006B90 to are changed to The second issue occurs whenhandling a file with modified content.
  • Platform: Microsoft Office
  • Title: Microsoft Office Publisher Multiple Denial of Service Vulnerabilities
  • Description: Microsoft Office Publisher is an application for designing and publishing documents. The application is exposed to multiple denial of service issues when handling malformed files. The first issue occurs when handling a malformed file where the values of
  • Ref: http://www.securityfocus.com/archive/1/485456
  • 07.53.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinUAE Buffer Overflow
  • Description: WinUAE is an Amiga emulator for Windows. The application is exposed to a local stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. WinUAE versions prior to 1.4.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485446
  • 07.53.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Zoom Player Malformed ZPL File Buffer Overflow
  • Description: Zoom Player is a media player for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling Malformed ZPL files containing an http link pointing to a file with a PLS extension. Specifically, this issue occurs when a large amount of data is passed into an insufficiently sized buffer. The buffer is then passed to the "wsprintf()" function, which results in a buffer overflow. Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch are affected.
  • Ref: http://www.securityfocus.com/archive/1/485499
  • 07.53.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Macrovision InstallShield Update Service "isusweb.dll" Remote Buffer Overflow
  • Description: The Macrovision InstallShield Update Service ActiveX control is a web-based software updating component commonly installed with Macrovision InstallShield and FLEXnet software. The application is exposed to a remote buffer overflow issue because it fails to properly sanitize user-supplied data. This issue presents itself when excessive data is passed to the "DownloadAndExecute()" method through its second argument. InstallShield Update Service version 5.1.100.47363 is affected.
  • Ref: http://support.installshield.com/kb/view.asp?articleid=Q113020
  • 07.53.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winace UUE File Handling Buffer Overflow
  • Description: Winace is a file compression/decompression tool for Microsoft Windows platforms. It supports various formats such as UUE, CAB, JAR, ZIP, RAR, TAR, GZ, TAR.GZ, LZA, LHA, etc. The application is exposed to a heap buffer overflow issue when handling specially crafted UUE files. This issue arises because Winace fails to perform boundary checks on user-supplied data. Winace versions prior to 2.69 are affected.
  • Ref: http://www.securityfocus.com/bid/27017
  • 07.53.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Total Player M3U File Denial of Service
  • Description: Total Player is an audio player. It is available for Microsoft Windows platforms. The application is exposed to a denial of service issue because it fails to properly handle certain "m3u" files. The issue may be triggered by an overly long entry in an "m3u" play list. Total Player version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485513
  • 07.53.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Persits Software XUpload ActiveX Control Remote Buffer Overflow
  • Description: The XUpload ActiveX control allows users to upload files to a server. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. XUpload version 2.1.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.53.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL Picture Editor "YGPPicEdit.dll" ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: AOL Picture Editor is an ActiveX control shipped with AOL instant messenger that allows users to edit pictures. The application is exposed to multiple issues that attackers can exploit to run arbitrary code. The issues stem from various buffer overflow conditions. AOL Picture Editor "YGPPicEdit.dll" version 9.5.1.8 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.53.10 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Identity Manager Client "asampsp" Denial of Service
  • Description: Novell Identity Manager is an identity-management product that provisions user/password management for the enterprise. The client application is exposed to a denial of service issue because it fails to properly handle certain syslog messages with unescaped format characters. Specifically, this issue affects the "asampsp" process. Novell Identity Manager version 3.5.1 is affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html
  • 07.53.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server and Web Proxy Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Sun Java System Web Server and Sun Java System Web Proxy Server are both developed by Sun Microsystems. These applications are exposed to multiple cross-site scripting issues because they fail to sanitize user-supplied input. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1&searchclause=
  • 07.53.12 - CVE: CVE-2007-5342
  • Platform: Cross Platform
  • Title: Apache Tomcat JULI Logging Component Default Security Policy
  • Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The server includes the JULI logging component that allows third-party web applications to specify their own log configurations. The server is exposed to an issue that can allow third-party web applications to write files to arbitrary locations with the privileges of the user running the server. Tomcat versions 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485481
  • 07.53.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
  • Description: VideoLAN VLC media player is a multimedia application for playing audio and video files. The application is exposed to multiple remote code execution issues. VLC version 0.8.6d is affected.
  • Ref: http://www.securityfocus.com/archive/1/485488
  • 07.53.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TCPreen "FD_SET()" Remote Buffer Overflow
  • Description: TCPreen is an application that monitors communications between clients and servers through streams such as TCP sessions. It is available for multiple operating platforms. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer.TCPreen prior to 1.4.4 are vulnerable.
  • Ref: http://anonsvn.remlab.net/svn/tcpreen/tags/1.4.4/NEWS
  • 07.53.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ImgSvr Error Message Remote Script Execution
  • Description: ImgSvr is a database for digital photos. The application is exposed to a remote script execution issue because it fails to adequately sanitize user-supplied input. ImgSvr version 0.6.21 is affected.
  • Ref: http://www.securityfocus.com/bid/27033
  • 07.53.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Bitflu StorageFarabDb Module ".torrent" File Handling Security Bypass
  • Description: Bitflu is a BitTorrent client for Linux and BSD platforms. Bitflu is exposed to a security bypass issue that affects the "StorageFarabDb" module. The issue arises when the application handles a malicious ".torrent" file. Bitflu versions prior to 0.42 are affected.
  • Ref: http://bitflu.workaround.ch/ChangeLog.txt
  • 07.53.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Extended Module Player (xmp) "oxm.c" And "dtt_load.c" Multiple Local Buffer Overflow Vulnerabilities
  • Description: Extended Module Player (xmp) is a command-line module player used for handling module formats from Amiga, Atari, Acorn, Apple IIgs, and PC platforms. The application is exposed to multiple local buffer overflow issues because it fails to perform adequate boundary checks prior to copying user-supplied input into an insufficiently sized buffer. Extended Media Player version 2.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485573
  • 07.53.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libnemesi Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Libnemesi is an open-source client library used for implementing RTSP/RTP streaming in applications. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Libnemesi version 0.6.4-rc1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485575
  • 07.53.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Feng Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities
  • Description: Feng is a freely-available multimedia streaming server that supports RTSP and RTP (Real-Time Streaming protocols). The application is exposed to multiple remote buffer overflow and denial of service issues. Feng version 0.1.15 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485574
  • 07.53.20 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dokeos "forum" and "origin" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Dokeos is a PHP-based application for online learning. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Dokeos versions 1.8.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/485458
  • 07.53.21 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TikiWiki "tiki-special_chars.php" Cross-Site Scripting
  • Description: TikiWiki is a wiki application. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "area_name" parameter of the "tiki-special_chars.php" script. TikiWiki version 1.9.8.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485483
  • 07.53.22 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SimpleForum "simpleforum.cgi" Cross-Site Scripting
  • Description: SimpleForum is a web-based forum application implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search" form field parameter of the "simpleforum.cgi" script. SimpleForum version 4.6.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485483
  • 07.53.23 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Limbo CMS "com_option" Parameter Cross-Site Scripting
  • Description: Limbo CMS is a content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "com_option" parameter of the "admin.php" script. Limbo CMS version 1.0.4.2 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-limbo-cms.html
  • 07.53.24 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Adobe Dreamweaver and Acrobat Connect include pre-generated Shock Wave Files (SWF), which are Flash media files played via Adobe Flash Player. Some of the pre-generated SWF files included are exposed to a cross-site scripting issue. SWF files included with Dreamweaver CS3 and Acrobat Connect are affected.
  • Ref: http://www.adobe.com/support/security/advisories/apsa07-06.html
  • 07.53.25 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: iPortalX Multiple Cross-Site Scripting Vulnerabilities
  • Description: iPortalX is an ASP-based web portal. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "KW" parameter of the "search.asp" script, the "Date" parameter of the "blogs.asp" script, and the "SF" parameter of the "members.asp" script. All versions of iPortalX are affected.
  • Ref: http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1
  • 07.53.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mambo Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Mambo is a PHP-based content manager. The application is exposed to multiple remote issues. Mambo versions prior to 4.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/27046
  • 07.53.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NetBizCity FaqMasterFlexPlus "faq.php" Cross-Site Scripting
  • Description: FaqMasterFlexPlus is a web-based FAQ management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "cat_name" parameter of the "faq.php" script. All versions of FaqMasterFlexPlus are affected.
  • Ref: http://www.securityfocus.com/bid/27051
  • 07.53.28 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Moodle "view_entry.php" SQL Injection
  • Description: Moodle is a content manager for online courseware. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "ing/blocks/mrbs/code/web/view_entry.php" script before using it in an SQL query. Moodle version 1.8.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485434
  • 07.53.29 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: nicLOR CMS sezione_news.php SQL Injection
  • Description: nicLOR CMS is a web-based content management system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sezione_news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/26983
  • 07.53.30 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wallpaper Complete Website "category.php" SQL Injection
  • Description: Wallpaper Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "category.php" script before using it in an SQL query. Wallpaper Complete Website version 1.0.09 is affected.
  • Ref: http://www.securityfocus.com/bid/26984
  • 07.53.31 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IP Reg Multiple SQL Injection Vulnerabilities
  • Description: IP Reg is an IPAM tool to keep track of assets, nodes (IP addresses, MAC addresses, DNS aliases) within different subnets, over different locations or VLANs. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. IP Reg version 0.3 is affected.
  • Ref: http://sourceforge.net/project/showfiles.php?group_id=211757
  • 07.53.32 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: zBlog "index.php" Multiple SQL Injection Vulnerabilities
  • Description: zBlog is a web-based blogging application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the "categ" parameter of the "categ" page, and the "article" parameter of the "articles" page, accessed through "index.php". zBlog version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/26994
  • 07.53.33 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Brand039 MMSLamp "default.php" SQL Injection
  • Description: MMSLamp is a web-based application for content management. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idpro" parameter of the "default.php" script before using it in an SQL query. All versions of MMSLamp are affected.
  • Ref: http://www.securityfocus.com/bid/26995
  • 07.53.34 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AdultScript "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: AdultScript is a script for managing adult videos. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the "id" parameter of the "videolink_count.php" and "links.php" scripts. AdultScript versions 1.6.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/26996
  • 07.53.35 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP ZLink "go.php" SQL Injection
  • Description: PHP ZLink is short URL redirection script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "go.php" script before using it in an SQL query. PHP ZLink version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/26997
  • 07.53.36 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MeGaCheatZ "ItemID" Parameter Multiple SQL Injection Vulnerabilities
  • Description: MeGaCheatZ is a game cheats script. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the "ItemID" parameter of the "comments.php", "view.php", and "ViewItem.php" scripts. MeGaCheatZ version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/26999
  • 07.53.37 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eSyndiCat Link Directory "suggest-link.php" SQL Injection
  • Description: eSyndiCat Link Directory is a PHP-based application for managing directories and links. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "suggest-link.php" script before using it in an SQL query. All versions of eSyndiCat Link Directory are affected.
  • Ref: http://www.securityfocus.com/bid/27029
  • 07.53.38 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MailMachinePRO "showMsg.php" SQL Injection
  • Description: MailMachinePRO is a mailing list management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "showMsg.php" script before using it in an SQL query. MailMachinePRO version 2.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/27030
  • 07.53.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Web Sihirbazi "default.asp" Multiple SQL Injection Vulnerabilities
  • Description: Web Sihirbazi is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the "pageid" and the "id" parameters of the "default.asp" script. Web Sihirbazi version 5.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27031
  • 07.53.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blakord Portal Multiple SQL Injection Vulnerabilities
  • Description: Blakord Portal is a web-based content management system. It is implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the "id" parameter of multiple unspecified modules. Blakord Portal versions 1.3.a and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27038
  • 07.53.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XZeroScripts XZero Community Classifieds SQL Injection
  • Description: XZero Community Classifieds is a web application for classifieds. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "subcatid" parameter of the "index.php" script before using it in an SQL query. XZero Community Classifieds versions 4.95.11 and earlier are affected.
  • Ref: http://www.xzeroscripts.com/products/xzero_classifieds/
  • 07.53.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetBizCity FaqMasterFlexPlus "faq.php" SQL Injection
  • Description: FaqMasterFlexPlus is a web-based FAQ management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "faq.php" script before using it in an SQL query. All versions of FaqMasterFlexPlus are affected.
  • Ref: http://www.securityfocus.com/bid/27052
  • 07.53.43 - CVE: Not Available
  • Platform: Web Application
  • Title: NmnNewsletter "confirmUnsubscription.php" Remote File Include
  • Description: NmnNewsletter is a news letter management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "output" parameter of the "confirmUnsubscription.php" script. NmnNewsletter version 1.0.7 is affected.
  • Ref: http://sourceforge.net/projects/nmnnewsletter/
  • 07.53.44 - CVE: Not Available
  • Platform: Web Application
  • Title: Arcadem LE "frontpage_right.php" Remote File Include
  • Description: Arcadem LE is a web-based arcade engine. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "loadadminpage" parameter of the "admin/frontpage_right.php" script. Arcadem LE version 2.04 is affected.
  • Ref: http://www.securityfocus.com/bid/26986
  • 07.53.45 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog Games.PHP ID Remote File Include
  • Description: MyBlog is a content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "games.php" script.
  • Ref: http://www.securityfocus.com/archive/1/485457
  • 07.53.46 - CVE: Not Available
  • Platform: Web Application
  • Title: Shadowed Portal "control.php" Local File Include
  • Description: Shadowed Portal is a web-based portal application. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "usr" parameter of the "control.php" script. Shadowed Portal version 5.7d3 is affected.
  • Ref: http://www.securityfocus.com/bid/26988
  • 07.53.47 - CVE: Not Available
  • Platform: Web Application
  • Title: mBlog "index.php" Local File Include
  • Description: mBlog is a web-based blogging application. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script. mBlog version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/26989
  • 07.53.48 - CVE: Not Available
  • Platform: Web Application
  • Title: Social Engine "global_lang" Multiple Local File Include Vulnerabilities
  • Description: Social Engine is a social networking platform. The application is exposed to multiple local file include issues because it fails to sufficiently sanitize user-supplied input to the "global_lang" parameter. Social Engine version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26990
  • 07.53.49 - CVE: Not Available
  • Platform: Web Application
  • Title: PHCDownload Username HTML Injection
  • Description: PHCDownload is remote file-management application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when registering a new user. Specifically, the user name supplied during registration is not sanitized before being displayed in the admin panel. PHCDownload version 1.10 is affected.
  • Ref: http://www.securityfocus.com/bid/26991
  • 07.53.50 - CVE: Not Available
  • Platform: Web Application
  • Title: Agares Media ThemeSiteScript "loadadminpage" Parameter Remote File Include
  • Description: ThemeSiteScript facilitates creation and management of a themes website. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "loadadminpage" parameter of the "index.php" script. ThemeSiteScript version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/26998
  • 07.53.51 - CVE: Not Available
  • Platform: Web Application
  • Title: Jupiter Panel Module Privilege Escalation
  • Description: Jupiter is a PHP-based content manger. The application is exposed to a privilege escalation issue because the application fails to perform adequate access validation on input passed to the "tmp[authorization]" parameter of the "panel" module. Jupiter version 1.1.5e is affected.
  • Ref: http://www.securityfocus.com/bid/27000
  • 07.53.52 - CVE: Not Available
  • Platform: Web Application
  • Title: PDFlib Multiple Remote Buffer Overflow Vulnerabilities
  • Description: PDFlib is a library of tools used for create and edit PDF documents. PDFlib is designed to support web-based PDF creation. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. PDFlib version 7.02 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485479
  • 07.53.53 - CVE: Not Available
  • Platform: Web Application
  • Title: Logaholic Multiple Input Validation Vulnerabilities
  • Description: Logaholic is a web-analytic and statistics application for monitoring websites. The application is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/archive/1/485480
  • 07.53.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Tikiwiki CMS "tiki-listmovies.php" Directory Traversal
  • Description: Tikiwiki CMS is a wiki application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "movie" parameter of the "tiki-listmovies.php" script. Tikiwiki CMS versions prior to 1.9.9 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485482
  • 07.53.55 - CVE: Not Available
  • Platform: Web Application
  • Title: CuteNews "search.php" Information Disclosure
  • Description: CuteNews is a web-based news application. The application is exposed to an information disclosure issue. The application fails to properly sanitize user-supplied input. This issue occurs in the "files_arch[]" array parameter of the "search.php" script. CuteNews versions 1.4.5 and 1.3.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485485
  • 07.53.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla mosDirectory Component mosConfig_absolute_path Remote File Include
  • Description: mosDirectory is an information directory component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "modules/mod_pxt_latest.php" script. mosDirectory version 2.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27014
  • 07.53.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Jupiter "index.php" Local File Include
  • Description: Jupiter is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "n" parameter of the "index.php" script. Jupiter version 1.1.5e is affected.
  • Ref: http://www.securityfocus.com/archive/1/485486
  • 07.53.58 - CVE: Not Available
  • Platform: Web Application
  • Title: RunCMS Multiple Input Validation Vulnerabilities
  • Description: RunCMS is a web-based content management system. The application is exposed to multiple input validation issues. RunCMS version 1.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485512
  • 07.53.59 - CVE: Not Available
  • Platform: Web Application
  • Title: TeamCal Pro Multiple Remote and Local File Include Vulnerabilities
  • Description: TeamCal Pro is a web-based content manager. The application is exposed to multiple remote and local file include issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/27022
  • 07.53.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Agares Media phpAutoVideo Multiple Remote and Local File Include Vulnerabilities
  • Description: Agares Media phpAutoVideo is a web-based video site application. The application is exposed to multiple remote and local file include issues because it fails to properly sanitize user-supplied input. phpAutoVideo version 2.21 is affected.
  • Ref: http://www.milw0rm.com/exploits/4782
  • 07.53.61 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP MySQL Open Source Help Desk "form.php" Code Injection
  • Description: PHP MySQL Open Source Help Desk (PMOS) is a web-based help desk application implemented in PHP. This application was previously sold as InverseFlow Help Desk. The application is exposed to an arbitrary PHP code injection issue because it fails to properly sanitize user-supplied input to the "form.php" script. PMOS versions 2.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27032
  • 07.53.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and Unspecified Weakness
  • Description: Gallery is a PHP-based photo album application. The application is exposed to multiple remote issues. Gallery versions prior to 2.2.4 are affected. Ref: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00771.html
  • 07.53.63 - CVE: Not Available
  • Platform: Web Application
  • Title: auraCMS "admin_users.php" Access Validation
  • Description: auraCMS is a content manager. The application is exposed to an access validation issue that can be leveraged to create unauthorized administrative user accounts. This issue affects the "admin_users.php" script. auraCMS version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27037
  • 07.53.64 - CVE: Not Available
  • Platform: Web Application
  • Title: PNphpBB2 "printview.php" Local File Include
  • Description: PNphpBB2 module is a PHPBB forum for the PostNuke content manager. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "phpEx" parameter of the "printview.php" script. PNphpBB2 versions 1.2i and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27039
  • 07.53.65 - CVE: Not Available
  • Platform: Web Application
  • Title: XZeroScripts XZero Community Classifieds "config.inc.php" Remote File Include
  • Description: XZero Community Classifieds is a web application for classifieds. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path_escape" parameter of the "config.inc.php" script. XZero Community Classifieds versions 4.95.11 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27040
  • 07.53.66 - CVE: Not Available
  • Platform: Web Application
  • Title: XZeroScripts XZero Community Classifieds Local File Include
  • Description: XZero Community Classifieds is a web application for classifieds. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "pagename" parameter of the "index.php" script. XZero Community Classifieds versions 4.95.11 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27041
  • 07.53.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis "view.php" HTML Injection
  • Description: Mantis is a web-based bug tracker. It is written in PHP and supported by a MySQL database. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when handling an uploaded file. This issue affects the "view.php" script. Specifically, the name of a file to be uploaded can be used to execute arbitrary HTML and script code in a user's browser. Mantis versions prior to 1.1.0 are affected.
  • Ref: http://www.mantisbt.org/bugs/view.php?id=8679
  • 07.53.68 - CVE: Not Available
  • Platform: Web Application
  • Title: PDNS-Admin Authentication Bypass
  • Description: PDNS-Admin, or PowerDNS Administrator, is a PHP-based tool to administer domains created with PowerDNS. The application is exposed to an authentication bypass issue because it fails to adequately verify user credentials before allowing the creation of new domains. PDNS-Admin version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27036
  • 07.53.69 - CVE: Not Available
  • Platform: Web Application
  • Title: xml2owl "showCode.php" Command Execution
  • Description: The "xml2owl" program is a PHP-based web application that converts Extensible Markup Language (XML) files to WebOntology Language (OWL) files. The application is exposed to an issue that allows attackers to execute arbitrary PHP commands. It affects the "path" parameter of the "showCode.php" script. The value of the "path" parameter is directly supplied as an argument to a call to the PHP "shell_exec()" function. xml2owl version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27050
  • 07.53.70 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenBiblio Multiple Input Validation Vulnerabilities
  • Description: OpenBiblio is a web-based library system. The application is exposed to the following input validation issues: an SQL injection issue that affects the "reset" variable of the "report_criteria.php" script, multiple cross-site scripting issues and multiple HTML injection issues. Openbiblio versions 0.5.2-pre4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27053
  • 07.53.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Joovili "picture" Parameter Multiple Local File Include Vulnerabilities
  • Description: Joovili is a social networking platform implemented in PHP. The application is exposed to multiple local file include issues because it fails to sufficiently sanitize user-supplied input to the "picture" parameter in the "images.inc.php" script (Joovili version 2.x) and the "joovili.images.php" script (Joovili version 3.x). Joovili versions 3.0.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27056
  • 07.53.72 - CVE: Not Available
  • Platform: Network Device
  • Title: March Networks 3204 DVR Information Disclosure
  • Description: March Networks 3204 Digital Video Recorder (DVR) is a video recording appliance. The application is exposed to an information disclosure issue due to an access validation error. Ref: http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Intense training! An excellent combination of technical and theory instruction.
-Richard Brull

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc