Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 8
February 19, 2007

SANS Newsletters Home

This report contains so many critical vulnerabilities in Microsoft Windows and Microsoft Office that readers might well miss the notices of important vulnerabilities in Apple Mac OS, in two Cisco security products, in PHP, HP-UX and even in a popular BitTorrent client.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows (#1, #4, #5, #6, #7, #8, #9, #13)
    • Microsoft Office
    • 5 (#2, #3)
    • Other Microsoft Products
    • 9
    • Third Party Windows Apps
    • 5
    • Apple
    • 2 (#10)
    • Linux
    • 3
    • Solaris
    • 2
    • AIX
    • 1
    • Unix
    • 2 (#12)
    • Cross Platform
    • 8 (#14)
    • Web Application - XSS
    • 10
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 27 (#11)
    • Network Device
    • 1 (#15, #16)
    • Hardware
    • 3

***************** Sponsored By Fiberlink Communications *****************

Mobile Preparedness for Business Continuity. Are you prepared to turn office workers into mobile workers during times of crisis? Does your plan consider complete endpoint security and easy-to-use network connectivity for all users? This whitepaper discusses steps you should take to ensure protection and productivity during an emergency. http://www.sans.org/info/3591 ************************************************************************* Announcing SANS 2007 in San Diego Mar 29-April 6 More than 50 immersion courses plus a big expo all on the ocean. Why SANS? "I have attended courses by several of SANS rivals, and SANS blew them away." (Alton Thompson, US Marines). http://www.sans.org/sans2007/event.php *************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
Other Software
Patches
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

*************************** Sponsored Link: ***************************

1) The SANS Encryption Summit, April 23-25, provides concrete, actionable information you can deploy as soon as you return to work. http://www.sans.org/info/3596 *************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Data Access Components Buffer Overflow (MS07-009)
  • Affected:
    • Microsoft Windows 2000/XP/2003

  • Description: The Microsoft Data Access Components (MDAC) is used to access databases and other data storage systems, and is installed by default on Microsoft Windows. The "ADODB.Connection" ActiveX control, installed as part of MDAC, contains a buffer overflow vulnerability. A web page that instantiates this control could exploit this overflow and execute arbitrary code with the privileges of the current user. Technical details and a working exploit for this vulnerability are publicly available. Additionally, exploit code targeting arbitrary ActiveX controls is widely available and easily adaptable to take advantage of this vulnerability. Other vulnerabilities in MDAC have been widely exploited in the past.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (4) CRITICAL: Microsoft HTML Help ActiveX Control Code Execution Vulnerability (MS07-008)
  • Affected:
    • Microsoft Windows 2000/XP/2003

  • Description: Microsoft HTML Help is Microsoft's standard format for help documents. The Microsoft HTML Help ActiveX control, used to view these documents, contains a buffer overflow vulnerability. A web page that instantiates this control could trigger this overflow and execute arbitrary code with the privileges of the current user. Full technical details for this vulnerability are not believed to be publicly available, but similar exploits have been widely exploited in the past. Reusable exploit code targeting arbitrary ActiveX controls is widely available and easily adaptable.

  • Status: Microsoft confirmed, updates available. Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (5) CRITICAL: Microsoft Malware Protection Engine Integer Overflow (MS07-010)
  • Affected:
    • Microsoft Windows Live OneCare
    • Microsoft Antigen for Exchange and for SMTP Gateway versions 9.x
    • Microsoft Windows Defender
    • Microsoft Forefront Security

  • Description: The Microsoft Malware Protection Engine, used by various Microsoft products to scan for and detect malware, contains an integer overflow vulnerability. A specially-crafted Portable Document Format (PDF) file could trigger this vulnerability and execute arbitrary code with the privileges of the process accessing the document (typically SYSTEM). In many cases (for example, email gateways that automatically scan attachments), no user interaction is necessary to exploit this vulnerability. Malicious documents could be delivered to vulnerable systems via email, web, instant messaging, peer-to-peer file sharing, etc.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (6) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS07-016) (1) Microsoft Internet Explorer contains a memory corruption vulnerability when instantiating certain Component Object Model (COM) objects. A web page that instantiates one o
  • Affected:
    • Microsoft Windows 2000/XP/2003

  • Description: Microsoft Internet Explorer contains multiple vulnerabilities:

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (7) HIGH: Microsoft OLE Dialog Memory Corruption (MS07-011)
  • Affected:
    • Microsoft Windows 2000/XP/2003

  • Description: The Microsoft Object Linking and Embedding (OLE) Dialog component, contains a memory corruption vulnerability. A specially-crafted Rich Text Format (RTF) document that embeds an OLE component could exploit this vulnerability and execute arbitrary code with the privileges of the current user. The Microsoft security bulletin says the user must interact with the embedded component to trigger the vulnerability.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (8) HIGH: Microsoft MFC Memory Corruption (MS07-012)
  • Affected:
    • Microsoft Windows 2000/XP/2003
    • Microsoft Visual Studio .NET 2002/2003

  • Description: The Microsoft MFC component, shipped with Microsoft Windows and Microsoft Visual Studio .NET, contains a memory corruption vulnerability. A specially-crafted Rich Text Format (RTF) document that embeds an Object Linking and Embedding (OLE) component could exploit this vulnerability and execute arbitrary code with the privileges of the current user. According to the security bulletin, the user must interact with the embedded component to trigger the vulnerability. This issue is believed to be related to MS07-011, above.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (9) HIGH: Microsoft RichEdit Memory Corruption (MS07-012)
  • Affected:
    • Microsoft Windows 2000/XP/2003

  • Description: The Microsoft RichEdit component contains a memory corruption vulnerability. A specially-crafted Rich Text Format (RTF) document that embeds a Object Linking and Embedding (OLE) component could exploit this vulnerability and execute arbitrary code with the privileges of the current user. According to the security bulletin, the user must interact with the embedded component to trigger the vulnerability. This issue is believed to be related to MS07-011, above.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (11) MODERATE: PHP Multiple Vulnerabilities
  • Affected:
    • PHP 5.x versions prior to 5.2.1
    • PHP 4.x versions prior to 4.4.5

  • Description: PHP contains multiple remotely-exploitable vulnerabilities. Specially-crafted requests could trigger these vulnerabilities and potentially lead to arbitrary code execution with the privileges of the PHP process, arbitrary file overwrites, denials-of-service, and other conditions. According to the PHP advisory, some of these vulnerabilities are remotely exploitable. While no in-depth technical information has been published, because PHP is open source, technical details can be obtained via source code analysis.

  • Status: PHP confirmed, updates available. Versions 4.4.5 and 5.2.1 released to fix the flaws. Council Site Actions: Not officially in use here. Non-corporate users advised to update.

  • References:
Other Software
  • (12) CRITICAL: HP-UX SLSd Arbitrary File Creation Vulnerability
  • Affected:
    • HP HP-UX 11.11i and 10.20, and probably other versions.

  • Description: HP-UX, HP's UNIX-based operating system, contains a flaw in its "SLSd_daemon" program. This program is used to provide distributed access to graphics hardware. A specially-crafted request to the RPC service provided by this program could allow an attacker to write an arbitrary file to any location on the filesystem, with root privileges. By overwriting certain files, an attacker could completely compromise the vulnerable system. Some technical details for this vulnerability are publicly available.

  • Status: HP confirmed, updates available.

  • Council Site Actions: Two of the responding council sites are using the affected software. One site has SLSd disabled on all of their HP-UX systems. The other will deploy the update during their next regularly scheduled system maintenance cycle.

  • References:
  • (13) HIGH: Microsoft Interactive Training Buffer Overflow (MS07-005)
  • Affected:
    • Microsoft Step-by-Step Interactive Training

  • Description: Microsoft Step-by-Step Interactive Training, used to train end users using a variety of methods, contains a buffer overflow vulnerability. A specially-crafted bookmark file (a file used by the Interactive Training system to store links to topics and other information) could exploit this vulnerability. Successfully exploiting this vulnerability would allow the attacker to execute arbitrary code with the privileges of the current user. Note that, depending on the configuration, bookmark files may be automatically opened without prompting. Some technical details for this vulnerability are publicly available.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All of the reporting council sites are responding to the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. Some sites will use accelerated update pushes for higher criticality items.

  • References:
  • (14) HIGH: uTorrent Buffer Overflow
  • Affected:
    • uTorrent version 1.6 and possibly prior

  • Description: uTorrent, a popular BitTorrent client, contains a buffer overflow. A specially-crafted request could trigger this buffer overflow and allow arbitrary code execution with the privileges of the vulnerable process. Technical details and a working exploit are publicly available for this exploit. Note that BitTorrent clients are often connected to large numbers of other systems, and for long periods of time, allowing for more opportunities for exploitation.

  • Status: uTorrent confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary. References; uTorrent Change Log http://download.utorrent.com/1.6.1/utorrent-1.6.1.txt Exploit http://downloads.securityfocus.com/vulnerabilities/exploits/22533.c Wikipedia Article on BitTorrent http://en.wikipedia.org/wiki/BitTorrent uTorrent Home Page http://www.utorrent.com SecurityFocus BID http://www.securityfocus.com/bid/22530

  • (15) HIGH: Cisco Intrusion Prevention System Multiple Vulnerabilities (1) Specially-crafted traffic sent as IP fragments could bypass the protections provided by the IPS, potentially allowing malicious traffic to vulnerable systems. Users can mitigate
  • Affected:
    • Cisco Intrusion Prevention System running IOS versions 12.3 and 12.4
    • Note that, due to the large number of Cisco IOS releases with these
    • version numbers, users are advised to check the Cisco security advisory
    • for a full list of vulnerable versions.

  • Description: Cisco's Intrusion Prevention System (IPS) contains multiple vulnerabilities:

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (16) MODERATE: Cisco Firewall Services Module Multiple Vulnerabilities (1) Specially-crafted HTTP traffic may cause a vulnerable device to reload, leading to a denial-of-service condition. Note that the device must be configured to perform enhanced HTT
  • Affected:
    • Cisco Firewall Services Module in Cisco Catalyst 6500 series switch and
    • Cisco 7600 series routers

  • Description: The Cisco Firewall Services Module, an integrated firewall module for Cisco Catalyst switches and Cisco routers, contains multiple vulnerabilities:

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 8, 2007

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities Week 8 2007 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5378 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.8.1 - CVE: Not Available
  • Platform: Windows
  • Title: Trend Micro OfficeScan Client ActiveX Control Remote Buffer Overflow
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. It is exposed to a remote buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3 are affected. Ref: http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt
  • 07.8.2 - CVE: Not Available
  • Platform: Windows
  • Title: Comodo Firewall Flawed Component Control Cryptographic Hash
  • Description: Comodo is a firewall application. Comodo Firewall is prone to a component control cryptographic hash issue because of a design error. Comodo Firewall Pro versions 2.4.17.183 and 2.4.16.174, and Comodo Personal Firewall version 2.3.6.81 are affected. Ref: http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
  • 07.8.3 - CVE: Not Available
  • Platform: Windows
  • Title: MailEnable SMTP NTLM Authentication Unspecified Denial of Service
  • Description: MailEnable is mail server software.It is prone to a remote denial of service vulnerability because it fails to properly handle user-supplied input. This issue arises in the SMTP server during NTLM authentication when processing base64 encoded input and may result in a crash of the affected service. MailEnable Professional and Enterprise Edition versions 2.37 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/22565
  • 07.8.5 - CVE: Not Available
  • Platform: Windows
  • Title: ActSoft DVD-Tools DVDTools.OCX ActiveX Control Remote Buffer Overflow
  • Description: ActSoft DVD Tools is an ActiveX controller that allows users to convert DVD's into other video formats. ActSoft DVD Tools is prone to a remote buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. ActSoft DVD Tools version 3.8.5 is affected.
  • Ref: http://support.microsoft.com/kb/240797 http://www.securityfocus.com/bid/22558
  • 07.8.6 - CVE: CVE-2007-0211
  • Platform: Windows
  • Title: Microsoft Windows Shell Hardware Detection Service Privilege Escalation
  • Description: Microsoft Windows Shell Hardware Detection service is used to detect and register new hardware. The service is prone to a local privilege escalation vulnerability due to a lack of proper input validation on an unspecified function parameter. Microsoft Windows XP Tablet PC Edition SP2 and prior versions are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx
  • 07.8.7 - CVE: Not Available
  • Platform: Windows
  • Title: iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow
  • Description: Total Video Player is a multiformat video player for Microsoft Windows. The application is prone to a stack based buffer overflow vulnerability because it fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer. Version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/22553
  • 07.8.8 - CVE: CVE-2007-0210
  • Platform: Windows
  • Title: Microsoft Windows Image Acquisition Service Privilege Escalation
  • Description: Microsoft Windows Image Acquisition (WIA) service enables communication between imaging programs and imaging devices. The service is prone to a vulnerability due to an unchecked buffer. See the advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx
  • 07.8.9 - CVE: CVE-2007-0026
  • Platform: Windows
  • Title: Microsoft Windows OLE Dialog Remote Code Execution
  • Description: Rich Text Files (RTF) provide a format for text and graphic interchange that can be used within different operating systems and operating devices. OLE is the technology that is used to create and edit compound documents and provides embedding and linking support. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx
  • 07.8.11 - CVE: CVE-2007-0671
  • Platform: Microsoft Office
  • Title: Microsoft Excel Remote Denial of Service
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. It is reportedly prone to a denial of service vulnerability because when the application handles a specially crafted spreadsheet file it results in a NULL pointer dereference. Microsoft Excel 2003 SP3 and earlier versions are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-015.mspx
  • 07.8.12 - CVE: CVE-2007-0208
  • Platform: Microsoft Office
  • Title: Microsoft Word Macro Permissions Bypass Arbitrary Code Execution
  • Description: Microsoft Word is prone to a remote code execution vulnerability because the application fails to handle maliciously crafted Word files. Microsoft Works Suite 2006 and prior versions are affected. Refer to the advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
  • 07.8.13 - CVE: CVE-2007-0209
  • Platform: Microsoft Office
  • Title: Microsoft Word Malformed Drawing Object Arbitrary Code Execution
  • Description: Microsoft Word is prone to a remote code execution vulnerability because the application fails to handle maliciously crafted Word files containing a malformed drawing object. See the advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
  • 07.8.14 - CVE: CVE-2007-0032
  • Platform: Microsoft Office
  • Title: Microsoft Office and Microsoft Windows RichEdit Component Remote Code Execution
  • Description: Microsoft Office and Microsoft Windows are prone to a remote code execution vulnerability. This issue occurs when the RichEdit OLE component included with Microsoft Windows and Microsoft Office does not perform sufficient validation when parsing specially crafted OLE objects embedded within Rich Text Files (RTF). Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx
  • 07.8.16 - CVE: CVE-2007-0217
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer FTP Server Response Parsing Memory Corruption
  • Description: Microsoft Internet Explorer is prone to a memory corruption vulnerability when parsing certain FTP server responses. This issue occurs when Internet Explorer follows FTP URIs and attempts to process responses returned from malicious servers. Internet Explorer 6.0 and earlier are affected. Refer to the advisory for details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
  • 07.8.17 - CVE: CVE-2007-0219
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption
  • Description: Microsoft Internet Explorer is prone to a memory corruption vulnerability. The vulnerability arises because of the way Internet Explorer attempts to instantiate certain COM objects as ActiveX controls. The COM objects may let remote attackers corrupt process memory and facilitate arbitrary code execution in the context of the currently logged-in user on the affected computer. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
  • 07.8.19 - CVE: CVE-2007-0025
  • Platform: Other Microsoft Products
  • Title: Microsoft MFC Embedded OLE Object Remote Code Execution
  • Description: Rich Text Files (RTF) provide a format for text and graphic interchange that can be used within different operating systems and operating devices. Please refer to the Microsoft advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx
  • 07.8.20 - CVE: CVE-2007-0214
  • Platform: Other Microsoft Products
  • Title: Microsoft HTML Help ActiveX Control Remote Code Execution
  • Description: Microsoft HTML Help ActiveX control is a program for inserting help navigation and secondary window functionality into HTML files. See the advisory for details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/MS07-008.mspx
  • 07.8.21 - CVE: CVE-2006-5270
  • Platform: Other Microsoft Products
  • Title: Microsoft Antivirus Engine Integer Overflow
  • Description: Microsoft Antivirus Engine is prone to an integer overflow vulnerability. This issue occurs when the application processes maliciously crafted PDF files. Versions of Microsoft Windows Live OneCare and prior are affected. Please refer to Microsoft Advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/ms07-010.mspx
  • 07.8.22 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer JavaScript Key Filtering Variant
  • Description: Microsoft Internet Explorer is prone to a JavaScript key filtering vulnerability due to the failure of the browser to securely handle keystroke input from users. Microsoft Internet Explorer 6.0 SP1 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/22531 http://www.securityfocus.com/archive/1/459823
  • 07.8.23 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service
  • Description: Microsoft Windows Mobile is an operating system for smart phones and PDAs. It includes various embedded versions of applications including Office and Internet Explorer. Internet Explorer for Windows Mobile is prone to a remote denial of service vulnerability because the software fails to properly handle malformed remote data. Microsoft Windows Mobile version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/459571 http://www.securityfocus.com/bid/22500
  • 07.8.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: uTorrent Torrent File Handling Remote Heap Buffer Overflow
  • Description: uTorrent is a bit torrent application. It is prone to a remote heap based buffer overflow vulnerability because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. uTorrent version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/22530
  • 07.8.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Roaring Penguin Software MIMEDefang Unspecified Remote Buffer Overflow
  • Description: MIMEDefang is an email filter intended to protect Windows clients. MIMEDefang is prone to a buffer overflow vulnerability because the application fails to properly bounds-check unspecified user-supplied data. This issue affects versions 2.59 and 2.60. Ref: http://lists.roaringpenguin.com/pipermail/mimedefang/2007-February/032011.html http://www.securityfocus.com/bid/22514
  • 07.8.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SmidgeonSoft PEBrowse Remote Buffer Overflow
  • Description: SmidgeonSoft PEBrowse is a freely available application used to analyse and disassemble Win32 executables without executing them or loading them into memory as an active process. It is prone to a remote buffer overflow issue due to failure of the application to properly bounds check user-supplied data contained in PE-formatted executable files. PEBrowse Professional version 8.2.1.0 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/22501
  • 07.8.29 - CVE: Not Available
  • Platform: Linux
  • Title: HP Serviceguard for Linux Unspecified Remote Unauthorized Access
  • Description: HP Serviceguard for Linux is a high-availability clustering system for critical applications. It is exposed to an unspecified unauthorized access vulnerability. HP Serviceguard for Linux A.11.16 .10 and A.11.15 .07 are affected.
  • Ref: http://www.securityfocus.com/archive/1/460216
  • 07.8.30 - CVE: CVE-2007-0006
  • Platform: Linux
  • Title: Linux Kernel Key_Alloc_Serial() Local Denial of Service
  • Description: The Linux kernel is prone to a denial of service vulnerability because of a NULL pointer dereference. This vulnerability affects the "key_alloc_serial()" function. Kernel versions 2.6.x are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22539
  • 07.8.31 - CVE: Not Available
  • Platform: Linux
  • Title: March Networks Digital Video Recorders Unspecified Denial of Service
  • Description: March Networks DVRs are digital video recorder devices that use an embedded Linux operating platform. These devices are prone to an unspecified denial of service vulnerability because of an unspecified failure in the device to handle incoming traffic through TCP port 80. All March Networks DVR 3000 and 4000 series devices are vulnerable.
  • Ref: http://www.securityfocus.com/bid/22497
  • 07.8.32 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris TCP Subsystem Remote Denial of Service
  • Description: Sun Solaris is prone to a remote denial of service vulnerability. It is vulnerable due to handling TCP processes under high network load. Sun Solaris versions 10.0 _x86 and earlier are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102796-1&searchclause=
  • 07.8.33 - CVE: CVE-2007-0882
  • Platform: Solaris
  • Title: Sun Solaris Telnet Remote Authentication Bypass
  • Description: Sun Solaris is vulnerable to a bypass authentication issue because the telnet process passes switches to the login process which can bypass authentication. Sun Solaris versions 10.0 and 11.0 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1&searchclause=
  • 07.8.34 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX SWCONS Buffer Overflow
  • Description: IBM AIX swcons is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into insufficiently sized memory buffers. IBM AIX version 5.3 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IY94901
  • 07.8.35 - CVE: Not Available
  • Platform: Unix
  • Title: HP-UX ARPA Transport Software Unspecified Local Denial of Service
  • Description: HP-UX running the ARPA Transport Software is prone to an unspecified local denial of service vulnerability. This issue occurs because the application fails to handle exceptional conditions. HP-UX versions B.11.23 and B.11.11 are affected. Ref: http://www1.itrc.hp.com/service/cki/docDisplay.do?admit=-682735245+1171397844076+28353475&docId=c00863839
  • 07.8.36 - CVE: Not Available
  • Platform: Unix
  • Title: HP-UX SLSD Remote Arbitrary File Creation
  • Description: HP-UX running SLSd is prone to a remote arbitrary file creation vulnerability. SLSd is a Single Logical Screen X Daemon. This issue occurs when "SLSD_DAEMON = 1" is present in "/etc/rc.config.d/slsd". Version HP-UX B.11.11 is affected.
  • Ref: http://www.securityfocus.com/bid/22551"> http://www.securityfocus.com/bid/22551 http://www.securityfocus. com/archive/1/460073
  • 07.8.37 - CVE: CVE-2007-0898
  • Platform: Cross Platform
  • Title: ClamAV MIME Header ID Parameter String Directory Traversal
  • Description: ClamAV is an antivirus toolkit. The application is exposed to a directory traversal vulnerability because it fails to properly sanitize user-supplied directory traversal strings ("../") in the "id" string taken from MIME headers in a multipart email message. Versions prior to the 0.90 stable release are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476
  • 07.8.38 - CVE: CVE-2007-0451
  • Platform: Cross Platform
  • Title: SpamAssassin Long URI Handling Remote Denial of Service
  • Description: SpamAssassin is a mail filter designed to identify and process spam. It is exposed to a remote denial of service vulnerability when the application handles excessively long URIs included in message content. SpamAssassin versions prior to 3.1.8 are affected. Ref: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt
  • 07.8.39 - CVE: CVE-2007-0897
  • Platform: Cross Platform
  • Title: ClamAV CAB File Remote Denial of Service
  • Description: ClamAV is an antivirus application designed for scanning email traffic over mail gateways. It is exposed to a denial of service issue because it fails to sufficiently handle cabinet header data. Versions prior to 0.90 stable are vulnerable. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475
  • 07.8.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Amarok Magnature Shell Command Injection
  • Description: Amarok Magnature is a music player for Linux and Unix. The application is prone to a shell command injection vulnerability because it fails to properly sanitize user-supplied input to the Magnature component. Amarok Magnature version 1.4 is affected.
  • Ref: http://bugs.kde.org/show_bug.cgi?id=138499 http://www.securityfocus.com/bid/22568
  • 07.8.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MiniWebSVR Multiple Request Remote Denial of Service
  • Description: MiniWebsvr is web server application. The server is prone to a denial of service vulnerability because it fails to sufficiently handle multiple HTTP GET requests. MiniWebsvr versions 0.0.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22557
  • 07.8.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MoinMoin Multiple Cross-Site Scripting Vulnerabilities
  • Description: MoinMoin is a Wiki type program. It is available for Unix and Linux platforms. The application is vulnerable to multiple cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "hitcounts" and "general" parameters in Info Pages. Version 1.5.7 is affected.
  • Ref: http://www.securityfocus.com/bid/22515
  • 07.8.44 - CVE: CVE-2007-0857
  • Platform: Cross Platform
  • Title: MoinMoin Multiple Cross-Site Scripting Vulnerabilities
  • Description: MoinMoin is a Wiki type program. The application is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input to various parameters. MoinMoin versions 1.5.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22506
  • 07.8.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Deskpro Faq.PHP Cross-Site Scripting
  • Description: Deskpro is a customer relationship management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "article" parameter of the "faq.php" script. Version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/460200
  • 07.8.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Calendar Express Search.PHP Cross-Site Scripting
  • Description: Calendar Express is a web-based calendar application. The application is exposed to cross-site scripting issue because it fails to properly sanitize user-supplied input to the "allwords" parameter of the "search.php" script. Calendar Express 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/460198
  • 07.8.47 - CVE: CVE-2006-5859
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Unspecified Cross-Site Scripting
  • Description: ColdFusion is software for developing web applications. The application is vulnerable to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content. Adobe ColdFusion MX 7.02 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/22544 http://www.adobe.com/support/security/bulletins/apsb07-03.html
  • 07.8.48 - CVE: CVE-2006-5860
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe JRun Administrator Console Cross-Site Scripting
  • Description: JRun is a J2EE application server that is available for Microsoft Windows, Unix and Linux variants. The application is vulnerable to cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the administrative console before displaying it in dynamically generated content. Macromedia JRun version 4.0 and prior versions are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb07-05.html http://www.securityfocus.com/bid/22547/info
  • 07.8.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wordpress Templates.PHP Cross-Site Scripting
  • Description: Wordpress allows users to generate news pages and web logs dynamically. Wordpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "file" parameter of the "admin/templates.php" script. WordPress Wordpress (B2) 0.6.2.1 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/22534
  • 07.8.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TaskFreak! Error.PHP Cross-Site Scripting
  • Description: TaskFreak! is a web-based task manager. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "znMessage" parameter of the "error.php"script. TaskFreak! version 0.5.5 multi user edition is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22537
  • 07.8.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: JBoss Portal Noproject Portal Cross-Site Scripting
  • Description: JBoss Portal is a web portal application. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "noproject" parameter of the community page. Group JBoss Portal version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/22526
  • 07.8.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Community Server SearchResults.ASPX Cross-Site Scripting
  • Description: Community Server is a web-based image gallery. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "q" parameter of the "SearchResults.aspx" script.
  • Ref: http://www.securityfocus.com/archive/1/459848 http://www.securityfocus.com/bid/22529
  • 07.8.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Atlassian JIRA BrowseProject.JSPA Cross-Site Scripting
  • Description: Atlassian JIRA is a web portal written in Java/JavaScript. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "id" parameter of the "BrowseProject.jspa" script. Version 3.7.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/459590
  • 07.8.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Qdig QWD Variable Cross-Site Scripting
  • Description: Quick Digital Image Gallery (Qdig) is a web-based image gallery. The application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "Qwd" parameter. Qdig version 1.2.9.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/459664
  • 07.8.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CodeAvalanche News Inc_Listnews.ASP SQL Injection
  • Description: CodeAvalanche News is a web-based news script application. The application is exposed to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "CAT_ID" parameter of the "inc_listnews.asp" script before using it in an SQL query. xfairguy CodeAvalanche News version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22582
  • 07.8.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ibProArcade Arcade.PHP SQL Injection
  • Description: ibProArcade is a professional arcade system for vBulletin. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "gsearch" parameter of the "arcade.php" script before using it in an SQL query. This issue affects version 2.5.9+.
  • Ref: http://www.securityfocus.com/bid/22575
  • 07.8.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PollMentor Pollmentorres.ASP SQL Injection
  • Description: PollMentor is a web-based polling application. The application is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "id" parameter of the "pollmentorres.asp" script before using it in an SQL query. Version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/22542
  • 07.8.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpCC Nickpage.PHP SQL Injection
  • Description: phpCC is a web-based content management system. It is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "npid" parameter of the "nickpage.php" script. Version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/22540
  • 07.8.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Philboard Philboard_forum.ASP SQL Injection
  • Description: Philboard is a web-based bulletin board application. The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "forumid" parameter of the "philboard_forum.asp" script before using it in an SQL query. philboard version 1.14 is affected.
  • Ref: http://www.securityfocus.com/bid/22532
  • 07.8.60 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyMail Objects Connect Method Remote Stack Buffer Overflow
  • Description: EasyMail Objects is an application which provides email sending and receiving for ActiveX applications. The application is prone to a remote stack-based buffer overflow issue because the application fails to properly bounds check user-supplied data prior to copying it to an insufficiently sized buffer. Versions prior to 6.5 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/460237
  • 07.8.61 - CVE: Not Available
  • Platform: Web Application
  • Title: LifeType Unspecified Parameter Handling Information Disclosure
  • Description: LifeType is an open source web-based blog application. It is exposed to an information disclosure issue because the application fails to properly sanitize user-supplied input to an unspecified parameter. LifeType versions 1.1.5 and earlier are affected. Ref: http://www.lifetype.net/blog/lifetype-development-journal/2007/02/14/critical-security-issue-lifetype-1.1.6-and-lifetype-1.2-beta2-released
  • 07.8.62 - CVE: Not Available
  • Platform: Web Application
  • Title: nabopoll Survey.Inc.PHP Remote File Include
  • Description: nabopoll is a complete voting/survey system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "survey.inc.php" script. Version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22573
  • 07.8.63 - CVE: Not Available
  • Platform: Web Application
  • Title: ZebraFeeds Multiple Remote File Include Vulnerabilities
  • Description: ZebraFeeds is a newsfeed aggregator application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "zf_path" parameter of the "aggregator.php" and "controller.php" scripts. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22576
  • 07.8.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Webapp.Org Webapp Multiple Remote Vulnerabilities
  • Description: WebAPP is web-portal application implemented in Perl. WebAPP is prone to multiple remote vulnerabilities which include an information disclosure vulnerability, a vulnerability when entering data through a hijacked form, an unauthorized access vulnerability and many more. WebAPP versions 0.9.9 .3.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/22563
  • 07.8.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities
  • Description: Jupiter CMS is a content manager. Jupiter CMS is prone to multiple input validation vulnerabilities because the application fails to properly sanitize user-supplied input. Jupiter CMS version 1.1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/460076 http://www.securityfocus.com/bid/22560
  • 07.8.66 - CVE: Not Available
  • Platform: Web Application
  • Title: WebTester Multiple Input Validation Vulnerabilities
  • Description: WebTester is web-based test and quiz creation application. The application is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input. The issues include multiple unspecified cross-site scripting issues and multiple SQL injection issues. Versions 5.0.20060927 and prior are affected.
  • Ref: http://www.securityfocus.com/archive/1/460078 http://www.securityfocus.com/bid/22559
  • 07.8.67 - CVE: Not Available
  • Platform: Web Application
  • Title: AT Contenator Nav.PHP Remote File Include
  • Description: AT Contenator is a web application. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "Root_To_Script" parameter of the "_admin/nav.php" script. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22543
  • 07.8.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
  • Description: Fullaspsite Shop is web-based ecommerce application. It is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input to the "cat" parameter of the "listmain.asp" script.
  • Ref: http://www.securityfocus.com/bid/22545
  • 07.8.69 - CVE: Not Available
  • Platform: Web Application
  • Title: @Mail Search.HTML HTML Injection
  • Description: @Mail is a web-based application used to access email via a web page or wireless device. The application is prone to an input validation vulnerability that allows malicious HTML and script code to be injected before the input is used in dynamically generated content. Specifically this issue occurs in the search form of the "html/[languaje folder]/help/search.html" before being processed by the "search.pl" script. @Mail versions 4.61 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/22552 http://lostmon.blogspot.com/2007/02/mail-searchpl-keywords-variable-cross.html
  • 07.8.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Radical Technologies Portal Search Multiple Input Validation Vulnerabilities
  • Description: Portal Search is an application that allows users to search multiple sites. The application is prone to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied input. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/459794
  • 07.8.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Virtual Calendar Multiple Cross-Site Scripting Vulnerabilities
  • Description: Virtual Calendar is a web-based calendar application. The application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the "sho", "t" and "yr" parameters.
  • Ref: http://www.securityfocus.com/bid/22536
  • 07.8.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Apache Stats Extract Function Multiple Input Validation Vulnerabilities
  • Description: Apache Stats is a web traffic monitoring application. It is prone to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied data in an "extract()" PHP function call. Versions prior to 0.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/22388
  • 07.8.73 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyVisites Multiple Input Validation Vulnerabilities
  • Description: phpMyVisites is a web traffic statistics and measurement application. The application is prone to an HTTP response splitting vulnerability which affects the "pagename" parameter. It is also prone to a cross-site scripting vulnerability which affects the "GetCurrentCompletePath()" routine and a local file include vulnerability affecting the "pmv_ck_view" cookie parameter. phpMyVisites versions prior to 2.2 stable are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/459792
  • 07.8.74 - CVE: Not Available
  • Platform: Web Application
  • Title: TagIt! TagBoard Multiple Remote File Include Vulnerabilities
  • Description: TagIt! TagBoard is a bulletin board. The application is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to various scripts. TagBoard versions 2.1.b Build 2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/22518
  • 07.8.75 - CVE: Not Available
  • Platform: Web Application
  • Title: php rrd Browser 'p' Parameter Directory Traversal
  • Description: php rrd browser is an rrd utility for polling and researching. The application is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. The issue occurs when specially crafted HTTP GET requests containing a directory traversal string are sent to the "p" parameter. Versions prior to 0.2.1 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/459804
  • 07.8.76 - CVE: Not Available
  • Platform: Web Application
  • Title: phpPolls phpPollAdmin.PHP3 Administrative Authentication Bypass
  • Description: phpPolls is a web-based poll script. This issue occurs due to insufficient access validation. Specifically, users may access the administrative script "phpPollAdmin.php3" without supplying a password. Version 1.0.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/459789
  • 07.8.78 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP 'str_ireplace' Remote Denial of Service
  • Description: PHP is a general purpose scripting language that is especially suited for web development. It is prone to a denial of service vulnerability due to an error in the "str_ireplace()" routine. This issue affects PHP version 5.2.1.
  • Ref: http://www.securityfocus.com/archive/1/459856
  • 07.8.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Allons_voter Administrative Authentication Bypass
  • Description: Allons_voter is a web-based survey script. Allons_voter is prone to a vulnerability that will let attackers gain administrative access to the application. This is due to insufficient access validation. Specifically, users may access administrative scripts such as "admin_ajouter.php" and "admin_supprimer.php" without supplying a password. Allons_voter version 1.0 5s is affected.
  • Ref: http://www.securityfocus.com/archive/1/459652 http://www.securityfocus.com/bid/22508
  • 07.8.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Nabopoll Administrative Authentication Bypass
  • Description: Nabopoll is a web-based survey script. It is prone to a vulnerability that allows ordinary users to access administrative scripts such as "config_edit.php", "template_edit.php" and "survey_edit.php" without supplying a password. Nabopoll versions 1.2 and 1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/22509
  • 07.8.82 - CVE: Not Available
  • Platform: Web Application
  • Title: OPENi-CMS Plugin Remote File Include
  • Description: OPENi-CMS Plugin is a XAMP content management system. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "oi_dir" parameter of the "index.php" script before using it in an "include()" function call. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/22511/info
  • 07.8.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Plain Old Webserver Firefox Extension Directory Traversal
  • Description: Plain Old Webserver is a Firefox extension which adds a simple web server to the browser. The application is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input via URI requests. Versions 0.0.7 and 0.0.8 are affected.
  • Ref: http://www.securityfocus.com/bid/22502
  • 07.8.84 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Versions 5.2.0 and Prior Multiple Vulnerabilities
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial of service condition, and potentially execute code. Versions 4.4.4 and prior in 4 branch; and versions 5.2.0 and prior in 5 branch are affected.
  • Ref: http://www.php.net/ChangeLog-5.php#5.2.1 http://www.php.net/releases/5_2_1.php http://www.securityfocus.com/bid/22496
  • 07.8.85 - CVE: CVE-2006-6758
  • Platform: Web Application
  • Title: Kiwi CatTools TFTP Directory Traversal
  • Description: Kiwi CatTool provides automated device configuration management on routers, switches and firewalls. The application is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. The issue occurs when crafted GET and PUT requests contain directory traversal strings. This issue affects versions prior to 3.2.0 beta and 3.2.8.
  • Ref: http://www.kiwisyslog.com/kb/idx/5/178/article/
  • 07.8.86 - CVE: Not Available
  • Platform: Web Application
  • Title: eXtreme File Hosting Arbitrary RAR File Upload
  • Description: eXtreme File Hosting is a web-based file manager. The application is prone to an arbitrary file upload vulnerability because it fails to sufficiently sanitize user-supplied input when uploading malicious PHP code disguised as RAR archive files. An attacker may trigger this exploit by placing malicious PHP code into a file with a ".php.rar" file extension and uploading it.
  • Ref: http://www.securityfocus.com/bid/22498
  • 07.8.87 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco IOS Intrusion Prevention System Multiple Vulnerabilities
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. IOS is prone to multiple issues which affect the IPS intrusion prevention system. These issues include: a security bypass vulnerability, which occurs because IPS signatures that use regular expressions can be evaded by sending malicious data as IP fragments, and a denial of service vulnerability, which is tracked in Cisco Bug ID CSCsa53334. Cisco IOS 12.4 XB and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/22549 http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
  • 07.8.89 - CVE: Not Available
  • Platform: Hardware
  • Title: Cisco PIX/ASA Privilege Escalation
  • Description: Cisco PIX and ASA security appliances are prone to a privilege escalation vulnerability. This issue occurs when the "LOCAL" method is used for user authentication. Cisco PIX/ASA version 7.2.2 is affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml
  • 07.8.90 - CVE: CVE-2007-0859
  • Platform: Hardware
  • Title: Palm OS Treo Find Feature Information Disclosure
  • Description: Palm OS Treo smartphones are vulnerable to a local information disclosure issue because the software fails to properly secure access to certain features when locked. The following devices are known to be affected: Cingular Treo 650, Treo650-1.03a-VZW and Treo650-1.12-SPCS, Cingular Treo 680 and Sprint/Verizon Treo 700p.
  • Ref: http://www.securityfocus.com/archive/1/460059

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

I think this course changed my life.
-James Welcher, LBNL

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU