3 Days left to Save $400 on SANS DFIR Summit

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 46
November 20, 2006

Once again, lots of critical Windows flaws. But don't let the Windows flaws make you miss number 5. Winzip is very widely deployed; a vulnerability there can be just as bad as a vulnerability in Windows. Most organization do not have automatic patching capabilities that encompass Winzip, so exploits using the Winzip vulnerability can be much more damaging.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 5 (#1, #2, #3, #4, #6,
    • Third Party Windows Apps
    • 17 (#5, #7, #8, #11, #13)
    • Mac Os
    • 1
    • Linux
    • 3
    • HP-UX
    • 1
    • BSD
    • 1
    • Unix
    • 2
    • Cross Platform
    • 8 (#9, #10, #12)
    • Web Application-Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 27
    • Web Application
    • 31 (#14)
    • Network Device
    • 2
    • Hardware
    • 1

************************* Sponsored by SANS 2007 ************************

SANS 2007 (SANS' biggest annual conference, San Diego Mar. 29-Apr. 6) just opened for registration. SANS annual conferences stand out from all other programs because of the multitude of learning opportunities in one place (51 courses and lots of exhibits and BOFs) http://www.sans.org/sans2007/

These comments from past SANS conference attendees will give you a picture of the program:

"Fantastic! Ton's of information. My mind is now Jello- I'll be back next year" Kurt Danielson, National Marrow Donor Program

"My 4th SANS conference! Each time the instructors are top-notch and I come away amazed and educated." Bill Wildprett, Washington State CTED

"Better, more densely packed, value than any other program I've attended...even undergrad and graduate courses." Mark Laughlin, RT Communications

"This conference really taught me the skills I needed to immediately improve the processes where I work." Karissa Truitt, AT&T Government Solutions

If you don't want to wait for March, try these great venues:

Washington DC, Dec. 9 (16 courses) http://www.sans.org/cdieast06/

Orlando Bootcamp, Jan. 13 (25 courses): http://www.sans.org/bootcamp07/

Or San Jose, Phoenix, Prague, or Brisbane (5 or 6 courses)

See complete list of more than 70 upcoming programs in cities around the world at http://www.sans.org/training_events/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
HP-UX
BSD
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft XML Core Services XMLHTTP ActiveX Control Remote Code Execution (MS06-071)
  • Affected:
    • Microsoft XML Core Services versions 4.0 and 6.0
  • Description: Microsoft XML Core Services, Microsoft's implementation of various XML technologies, contains a remote code execution vulnerability in the XMLHTTP ActiveX control. A malicious web page that instantiates this control could execute arbitrary code with the privileges of the current user. Users can mitigate the impact of this vulnerability by disabling the vulnerable ActiveX controls via Microsoft's "kill bit" mechanism for CLSIDs "88d96a0a-f192-11d4-a65f-0040963251e5" and "88d969c5-f192-11d4-a65f-0040963251e5". This vulnerability is being actively exploited in the wild. This vulnerability was covered in a previous @RISK entry.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to the majority of the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. They will expedite the process if exploits are released.

  • References:
  • (4) CRITICAL: Microsoft Agent Buffer Overflow (MS06-068)
  • Affected:
    • Microsoft Windows 2000 SP4
    • Microsoft Windows XP SP2
    • Microsoft Windows 2003 SP0/SP1
  • Description: Microsoft Agent, a set of technologies used to enhance and manipulate the Microsoft Windows user interface, contains a buffer overflow. A specially-crafted web page that instantiates a vulnerable ActiveX control could exploit this vulnerability and execute arbitrary code with the privileges of the current user. It is believed to be also possible to exploit this vulnerability via specially-crafted ".ACF" file. Users can mitigate the impact of this vulnerability by disabling the vulnerable ActiveX controls via Microsoft's "kill bit" mechanisms for CLSIDs "D45FD31B-5C6E-11D1-9EC1-00C04FD7081F", F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5", "4BAC124B-78C8-11D1-B9A8-00C04FD97575", "D45FD31D-5C6E-11D1-9EC1-00C04FD7081F", and "D45FD31E-5C6E-11D1-9EC1-00C04FD7081F".

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All reporting council sites are responding to the majority of the Microsoft issues in the same manner. They plan to distribute the patches during their next regularly scheduled system maintenance window. They will expedite the process if exploits are released.

  • References:
  • (7) MODERATE: Panda ActiveScan Multiple Vulnerabilities
  • Affected:
    • Panda ActiveScan version 5.53.00 and possibly prior
  • Description: Panda ActiveScan, a popular anti-spam and anti-malware solution, contains multiple vulnerabilities in included ActiveX components. A malicious web page that instantiates these ActiveX controls could exploit these vulnerabilities to execute arbitrary code with the privileges of the current user, disclose sensitive information, or reboot the victim's system.

  • Status: Panda confirmed, updates available.

  • References:
  • (8) MODERATE: Adobe Macromedia Flash Player Multiple Vulnerabilities (MS06-069)
  • Affected:
    • Microsoft Windows XP SP2
  • Description: Adobe Macromedia Flash Player, a popular player for rich web content, contains multiple vulnerabilities. This player is included with Microsoft Windows. These vulnerabilities include remote code execution, denial-of-service conditions, and the execution of arbitrary JavaScript. Note that, by default, Flash content is displayed automatically by most browsers. A fixed version of Flash Player was released by Adobe in September 2006. This issue is specifically for the version of Flash Player included by default with Microsoft Windows. These issues were discussed in a previous @RISK entry.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Most of the reporting council sites are responding to this item. They plan to distribute the patches during their next regularly scheduled system maintenance window. A few sites don't officially support this application and are investigating appropriate action, if any.

  • References:
Other Software
  • (10) HIGH: D-Link A5AGU.SYS Wireless Driver Buffer Overflow
  • Affected:
    • D-Link A5AGU.SYS driver version 1.0.1.41 and possibly prior
  • Description: The D-Link A5AGU.SYS device driver, used to control D-Link wireless cards, contains a buffer overflow vulnerability. By sending a specially-crafted 802.11 (WiFi) frame to a vulnerable system, an attacker could exploit this buffer overflow and take complete control of the vulnerable system. No authentication is required, and attackers need only be within wireless range of the vulnerable system. This driver is primarily designed for Microsoft Windows systems, but it is believed to be compatible with the "NdisWrapper" cross-platform driver framework, making it possible to run this driver under Linux (and possibly other operating systems) on the Intel platform. This vulnerability was discovered as part of a project to discover bugs in various operating systems' kernels. Working exploits are available for this vulnerability. This vulnerability is similar to one discovered for Broadcom wireless device drivers that was documented in a previous issue of @RISK.

  • Status: D-Link has not confirmed, no updates available. Newer versions of the driver available with some cards appear to resolve this issue. Note that some reports have listed the driver as "ASAGU.SYS".

  • References:
  • (11) MODERATE: Marshal MailMarshal ARJ Directory Traversal Vulnerability
  • Affected:
    • MailMarshal SMTP versions 5.x, 6.x and 2006
    • MailMarshal for Exchange 5.x
  • Description: Marshal MailMarshal, a popular product used to protect against email spam, malware, phishing, and other threats, contains a directory-traversal vulnerability when processing ARJ-compressed archives. Specially-crafted file names within these archives can cause the arbitrary creation of files on the server. It is not possible to delete or replace existing files. This vulnerability could be leveraged execute arbitrary code on the system by placing files in locations where it is known they will be executed. Some technical details for this vulnerability are publicly available.

  • Status: Marshal confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (12) MODERATE: PowerDNS Recursor Multiple Vulnerabilities
  • Affected:
    • PowerDNS versions prior to 3.1.4
  • Description: PowerDNS, a popular Domain Name System (DNS) server, contains multiple vulnerabilities in its recursor component: (1) By sending a specially-crafted request to the recursor, an attacker could exploit a buffer overflow and potentially execute arbitrary code with the privileges of the PowerDNS recursor process. (2) Sending a specially-crafted request to the recursor can cause the process to exhaust its allocated stack space and crash, leading to a denial-of-service condition. Because this product is open source, technical details for these vulnerabilities can be easily obtained via source code analysis.

  • Status: PowerDNS confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (13) MODERATE: Grisoft AVG Anti-Virus Multiple Vulnerabilities
  • Affected:
    • AVG Anti-Virus versions prior to 7.1.407
  • Description: AVG Anti-Virus, a popular anti-virus system, contains multiple vulnerabilities. By sending a specially-crafted file through the system, an attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the anti-virus process. No technical details for these vulnerabilities are currently available.

  • Status: Grisoft confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (14) LOW: Verity Ultraseek Multiple Vulnerabilities
  • Affected:
    • Ultraseek
  • Description: Ultraseek, a popular web search solution, contains multiple vulnerabilities. Attackers could exploit these vulnerabilities to bypass web proxy and other restrictions or disclose sensitive information. Authenticated users can also exploit these vulnerabilities to read arbitrary files on the server hosting Ultraseek.

  • Status: Ultraseek confirmed, updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5247 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 06.46.1 - CVE: CVE-2006-4688
  • Platform: Windows
  • Title: Microsoft Client Service for Netware Denial of Service
  • Description: Microsoft Client Service for Netware allows clients to have access to NetWare files, print and directory services. It is prone to a denial of service vulnerability. This issue occurs because the application fails to handle specially crafted network messages.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-066.mspx

  • 06.46.2 - CVE: CVE-2006-4691
  • Platform: Windows
  • Title: Microsoft Windows Workstation Service Remote Code Execution
  • Description: Microsoft Windows Workstation service is a routing service used by the operating system to determine if file or print requests are local or remote in nature. Routing and Remote Access is prone to a memory corruption issue due to insufficient sanitization of user-supplied network data before copying it to an insufficiently sized memory buffer. Microsoft Windows 2000 SP4 and XP SP2 versions are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-070.mspx

  • 06.46.3 - CVE: CVE-2006-4687
  • Platform: Windows
  • Title: Microsoft Internet Explorer HTML Rendering Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue. An attacker can exploit this issue by enticing a victim into visiting a malicious web page. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-067.mspx

  • 06.46.4 - CVE: CVE-2006-4688,CVE-2006-4689
  • Platform: Windows
  • Title: Windows Client Service For Netware Remote Code Execution
  • Description: Microsoft Client Service for Netware is vulnerble to a remote code execution issue when receiving malformed messages containing arbitrary code to the Client Service for Netware. See advisory for futher details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-066.mspx

  • 06.46.5 - CVE: CVE-2006-3445
  • Platform: Windows
  • Title: Microsoft Agent ActiveX Control Remote Code Execution
  • Description: Microsoft Agent is a set of software services for developers to enhance the user interface of web based applications. It is exposed to a remote code execution issue when a malformed ".ACF" file is processed.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-068.mspx

  • 06.46.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Infinicart Multiple Input Validation Vulnerabilities
  • Description: Infinicart is a shopping cart application. It is prone to multiple input validation issues because it fails to properly sanitize user-supplied input to various parameters of multiple scripts.
  • Ref: http://www.securityfocus.com/bid/21043

  • 06.46.7 - CVE: CVE-2006-5487
  • Platform: Third Party Windows Apps
  • Title: Marshal MailMarshal UNARJ Extraction Remote Directory Traversal
  • Description: Marshal MailMarshal is a file compression utility. It is vulnerable to a remote directory traversal vulnerability when a file contained in an archive contains a "../" directory traversal string in its name. MailMarshal versions SMTP 5.x, MailMarshal SMTP 6.x, MailMarshal SMTP 2006 and MailMarshal for Exchange 5.x are vulnerable.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-06-039.html

  • 06.46.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell BorderManager ISAKMP Predictable Cookie
  • Description: Novell BorderManager is a security tool providing firewall and VPN functionality. Due to a design error it is prone to an issue that results in creating predictable ISAKMP cookies. Novell BorderManager 3.8 Support Pack 4 is affected.
  • Ref: http://www.securityfocus.com/bid/21014

  • 06.46.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avahi Unauthorized Data Manipulation
  • Description: Avahi is an application to discover services available on the local network. Avahi versions prior to 0.6.15 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21016

  • 06.46.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AVG Anti-Virus Multiple Remote Code Execution Vulnerabilities
  • Description: AVG Anti-Virus is an antivirus application. It is prone to multiple remote code execution issues due to flaws in the file parsing engine of the software. AVG Anti-Virus versions earlier than 7.1.407 are affected.
  • Ref: http://www.securityfocus.com/bid/21029

  • 06.46.11 - CVE: CVE-2006-5198
  • Platform: Third Party Windows Apps
  • Title: WinZip ActiveX Control Remote Code Execution
  • Description: WinZip is a file compression utility. It is vulnerable to a remote code execution issue in an ActiveX control that is installed with the package. WinZip versions in the 10.0 series prior to build 7245 are vulnerable.
  • Ref: http://www.winzip.com/wz7245.htm

  • 06.46.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ASPIntranet Default.ASP SQL Injection
  • Description: ASPIntranet is a content management system for intranets. It is prone to an SQL injection vulnerability because it fails to sanitize user-supplied data to the "a" parameter of the "default.asp" script file. ASPIntranet version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21061

  • 06.46.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Evolve Merchant Viewcart.ASP SQL Injection
  • Description: Evolve Merchant is a e-commerce application. It is exposedto an SQL injection issue because the application fails to sanitize user-supplied input to the "zoneid" parameter of the "viewcart.asp" script.
  • Ref: http://www.securityfocus.com/bid/21070

  • 06.46.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Conxint FTP Multiple Directory Traversal Vulnerabilities
  • Description: Conxint is an FTP server application available for Microsoft Windows. The application is prone to multiple directory traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input to the "MKD", "DIR" and "GET" commands. Version 2.2.0603 is vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/21081

  • 06.46.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Teamtek Universal FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
  • Description: Universal FTP is an FTP server. It is vulnerable to multiple denial of service issues. See advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21085

  • 06.46.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: F-PROT Antivirus Unspecified Buffer Overflow
  • Description: F-PROT Antivirus is prone to an unspecified remote heap-based buffer overflow vulnerability because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. This vulnerability is reported on F-PROT Antivirus version 3.16f.
  • Ref: http://www.securityfocus.com/bid/21086

  • 06.46.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Eudora WorldMail Server Unspecified Buffer Overflow
  • Description: Eudora WorldMail Server is exposed to an unspecified buffer overflow issue because it fails to perform bounds checks on user-supplied input before copying it to an insufficiently sized buffer. Eudora WorldMail 3 version 6.1.22.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21095

  • 06.46.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
  • Description: Outpost Firewall PRO is prone to multiple local denial of service vulnerabilities because the application fails to properly handle unexpected input. Specifically, the hooked SSDT functions that the application provides fail to properly handle unexpected input. Outpost Firewall PRO versions 4.0 (964.582.059) and 4.0 (971.584.079) are vulnerable to these issues.
  • Ref: http://www.securityfocus.com/archive/1/451672

  • 06.46.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Biba Selenium Web Server Multiple Vulnerabilities
  • Description: Biba Selenium Web Server is a web server application. It is exposed to a cross site scripting issue because it fails to sanitize user-supplied input in the 404 error page. Biba Software Selenium Web Server version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21100

  • 06.46.20 - CVE: CVE-2006-3890
  • Platform: Third Party Windows Apps
  • Title: Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
  • Description: Sky Software FileView is prone to a remote code execution issue because the ActiveX control marks several dangerous methods as "Safe for Scripting". Versions in the 10.0 series earlier to build 7245 are affected.
  • Ref: http://isc.sans.org/diary.php?storyid=1861 http://www.kb.cert.org/vuls/id/225217

  • 06.46.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mercury Mail Transport System Unspecified Buffer Overflow
  • Description: Mercury Mail Transport System is prone to an unspecified remote buffer overflow vulnerability. Version 4.01b is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21110

  • 06.46.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Panda ActiveScan ActiveX Controls Multiple Remote Vulnerabilities
  • Description: Panda ActiveScan is an online antivirus product. Panda ActiveScan ActiveX controls are prone to multiple remote vulnerabilities. Panda ActiveScan version 5.53.00 is vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/21132

  • 06.46.23 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Safari JavaScript Regular Expression Match Remote Denial of Service
  • Description: Apple Safari web browser is prone to a denial of service vulnerability when executing certain JavaScript code. Specifically, when the regular expression functionality of the JavaScript engine attempts to match a buffer containing 8192 bytes, a crash is triggered. Apple Safari version 2.0.4 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/451542

  • 06.46.24 - CVE: CVE-2006-5778
  • Platform: Linux
  • Title: NetKit FTP Server ChDir Information Disclosure
  • Description: Netkit FTP Server (ftpd) is a generic FTP server with optional SSL support. It is prone to an information disclosure vulnerability due to a design error as the application makes a "chdir(homedir)" command as root before setting the user's UID. Netkit FTP Server versions 0.17 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/21000

  • 06.46.25 - CVE: Not Available
  • Platform: Linux
  • Title: Extremail Remote Unspecified Buffer Overflow
  • Description: EXtremail is a mailserver application that supports IMAP4, POP3 and SMTP. It is exposed to an unspecified remote buffer overflow vulnerability because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. EXtremail version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21084

  • 06.46.26 - CVE: Not Available
  • Platform: Linux
  • Title: Pragma Systems FortressSSH Unspecified Stack Buffer Overflow
  • Description: Pragma Systems FortressSSH is an SSH server for the Microsoft Windows operating system. It is expased to an unspecified remote stack-based buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. Version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21106

  • 06.46.27 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP Tru64 POSIX Threads Library Local Privilege Escalation
  • Description: HP Tru64 is vulnerable to a local unspecified privilege escalation issue in the POSIX Threads library. HP Tru64 versions 5.1 A PK6, 4.0 G PK4 and 4.0 F PK8 are vulnerable. Ref: http://www1.itrc.hp.com/service/cki/docDisplay.do?admit=-682735245+1163704513944+28353475&docId=c00800193

  • 06.46.28 - CVE: Not Available
  • Platform: BSD
  • Title: Multiple BSD Vendor FireWire IOCTL Local Integer Overflow
  • Description: Multiple BSD operating systems are prone to a local integer overflow vulnerability. This issue affects the FireWire subsystem. Specifically, the "fw_ioctl()" function in the "fwdev.c" source file in these operating systems fails to properly bounds check a signed integer length value prior to its use in a "copyout()" function call. TrustedBSD, FreeBSD, NetBSD, and DragonFly BSD are all vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/21089

  • 06.46.29 - CVE: Not Available
  • Platform: Unix
  • Title: Chetcpasswd Multiple Vulnerabilities
  • Description: Chetcpasswd is a CGI utility that allows users to change their system passwords using their browser. It is prone to multiple vulnerabilities. Please see the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21102

  • 06.46.30 - CVE: Not Available
  • Platform: Unix
  • Title: Kerio WebStar Local Privilege Escalation
  • Description: Kerio WebStar is a web server for small business. The application installs both of its binaries "WSWebServer" and "WSAdminServer" with setuid being inherited from superuser, which exposes this to local privilege escalation issue.
  • Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/21123.pl

  • 06.46.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ProFTPD Unspecified Remote Code Execution
  • Description: ProFTPD is an FTP server implementation that is available for UNIX and Linux platforms. It is prone to an unspecified remote code execution vulnerability. It is conjectured that a remote attacker can exploit this issue to gain unauthorized access to a computer in the context of the server. This issue is reported to affected version 1.3.0. Other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/20992

  • 06.46.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow
  • Description: The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer overflow issue because the driver fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Version 1.0.1.41 of the ASAGU.SYS driver is affected.
  • Ref: http://www.securityfocus.com/bid/21032

  • 06.46.33 - CVE: CVE-2006-4251, CVE-2006-4252
  • Platform: Cross Platform
  • Title: PowerDNS Remote Denial of Service and Buffer Overflow Vulnerabilities
  • Description: PowerDNS is a DNS nameserver application. It is prone to a denial of service issue when the "CNAME" records contain circular references which lead to an endless lookup taking up all the available stack space, resulting in an application crash. The application is also prone to a buffer overflow issue due to insufficient sanitization of user-supplied parameters to the "pdns_recursor.cc" file. PowerDNS Recursor versions 3.1.4 and earlier are affected.
  • Ref: http://doc.powerdns.com/powerdns-advisory-2006-01.html http://doc.powerdns.com/powerdns-advisory-2006-02.html

  • 06.46.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Information Disclosure
  • Description: The Sun Java runtime environment is prone to an information disclosure issue. JDK and JRE 5.0 Update 7 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/21077

  • 06.46.35 - CVE: CVE-2006-5793
  • Platform: Cross Platform
  • Title: LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service
  • Description: LibPNG is the official Portable Network Graphics (PNG) reference library. It is vulnerable to a denial of service issue when processing malformed PNG files. See advisory for further details.
  • Ref: https://issues.rpath.com/browse/RPL-790

  • 06.46.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Access Gateway Unspecified Information Disclosure
  • Description: Citrix Access Gateway is an SSL/VPN appliance. It is exposed to an information disclosure issue when the Advanced Access Control (AAC) option is used with Access Gateway. Multiple versions of this software are affected.
  • Ref: http://support.citrix.com/article/CTX111695

  • 06.46.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Links ELinks SMBClient Remote Command Execution
  • Description: Links is a text based web browser available for multiple systems. The applications are prone to an arbitrary command execution vulnerability because they fail to properly process web site data containing smb commands. Links version 1.00pre12 and ELinks version 0.11.1 are reportedly vulnerable
  • Ref: http://www.securityfocus.com/bid/21082

  • 06.46.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kerio MailServer Remote Unspecified Denial of Service
  • Description: Kerio MailServer is mail server designed for corporate networks. It is exposed to a denial of service issue. Kerio Mailserver version 6.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21091

  • 06.46.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drake CMS Index.PHP Cross-Site Scripting
  • Description: Drake CMS is a content management application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "id" parameter of "index.php". Version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/20998

  • 06.46.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM WebSphere FaultFactor Cross-Site Scripting
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. Insufficient sanitization of "faultfactor" tag expoxes this application to a cross-site scripting issue. WebSphere Application Server version 6 is vulnerable.
  • Ref: http://www.securiteam.com/windowsntfocus/6X00B0UHFE.html

  • 06.46.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
  • Description: cPanel is an application for managing customer relations. It is prone to multiple cross-site scripting vulnerabilities. cPanel version 10 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21027

  • 06.46.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Email Signature Script Unspecified Cross-Site Scripting
  • Description: Email Signature Script is a signature generation script for webmail applications. The application is prone to a cross-site scripting vulnerability. Email Signature Script version 1.0.0 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/21046

  • 06.46.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
  • Description: DirectAdmin is a web based server control panel application.The insufficient sanitization of user input exposes this application to cross site scripting vulnerability issue. DirectAdmin version 1.28.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21049

  • 06.46.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yetihost Helm Multiple Cross-Site Scripting Vulnerabilities
  • Description: Helm is a web-based control panel application. It is prone to multiple cross-site scripting vulnerabilities due to insufficient input sanitization in several scripts. Version 3.2.10 is reportedly vulnerable. Please see the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21096

  • 06.46.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPKit Multiple SQL Injection Vulnerabilities
  • Description: PHPKit is a content management and community builder application implemented in PHP. The application is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to the "catid" parameter of the "faq.php" page, and unspecified parameters of the "guestbook/print.php" script before using it in an SQL query. PHPKit version 1.6.1 RC2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/451304

  • 06.46.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NuSchool CampusNewsDetails.ASP SQL Injection
  • Description: NuSchool is an online educational management system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "NewsID" parameter of the "CampusNewsDetails.asp" script. NuSchool version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21006

  • 06.46.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NuCommunity Cl_CatListing.ASP SQL Injection
  • Description: NuCommunity is an online community portal system. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "cl_cat_ID" parameter of the "cl_CatListing.asp" script. Version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21015

  • 06.46.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NuRealestate Propertysdetails.ASP SQL Injection
  • Description: NuRealestate is an online realestate management system. It is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "PropID" parameter of the "propertysdetails.asp" script. NuRealestate version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21017

  • 06.46.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BrewBlogger PrintLog.PHP SQL Injection
  • Description: BrewBlogger is a web-based blogging application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "id" parameter of the "printLog.php" script. BrewBlogger version 1.3.1 is vulnerable.
  • Ref: http://www.craigheffner.com/security/exploits/brewblogger1.3.1.txt

  • 06.46.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
  • Description: Live Support is a chat application and Easy Portal is a web application implemented in ASP.The insufficient sanitization of user input exposes this aplication to SQL injection vulnerability issue. Version 1.4 for Easy portal and version 1.3 for Live Support are affected.
  • Ref: http://www.securityfocus.com/archive/1/451370

  • 06.46.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Portal Default1.ASP SQL Injection
  • Description: ASP Portal is a portal Web site application implemented in ASP. It uses a Microsoft Access database as the back end. The application is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input to the "Poll_ID" parameter of the "default1.asp" script. ASP Portal versions 4.0.0 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/451384

  • 06.46.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Munch Pro Switch.ASP SQL Injection
  • Description: Munch Pro is a web-based application for restaurants. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "catid" parameter of the "switch.asp" script. Version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21044

  • 06.46.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 20/20 Real Estate Listings.ASP SQL Injection
  • Description: 20/20 Real Estate is a web-based real estate listing system. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the "itemID" parameter of the "listings.asp" script. 20/20 Real Estate version 3.2 is vulnerable. Ref: http://aria-security.net/advisory/Real%20Estate%20Listing%20System.txt

  • 06.46.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FunkyASP Glossary Glossary.ASP SQL Injection
  • Description: FunkyASP Glossary is a web-based glossary application implemented in ASP. The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "alpha" parameter of the "glossary.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/21055

  • 06.46.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SiteXpress E-Commerce System Dept.ASP SQL Injection
  • Description: SiteXpress E-Commerce System is a web-based commerce application. It is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input to the "id" parameter of the "dept.asp" script.
  • Ref: http://www.securityfocus.com/bid/21059

  • 06.46.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site Outlet E-Commerce Kit Multiple SQL Injection Vulnerabilities
  • Description: Site Outlet e-commerce Kit is a e-commerce solution. The insufficient sanitization of "keyword" and "cid" parameters of "catalogue.php" script and "pid" parameter of "viewDetail.asp" script exposes this application to multiple SQL injection issues.
  • Ref: http://www.securityfocus.com/archive/1/451771

  • 06.46.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DMXReady Site Engine Manager Index.ASP SQL Injection
  • Description: DMXReady Site Engine Manager is a content management system. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "mid" parameter of the "index.asp" script. Versions 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21064

  • 06.46.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Smiley Default.ASP SQL Injection
  • Description: ASP Smiley is a web site application implemented in ASP. The application is exposed to multiple SQL injection vulnerabilities due to insufficient sanitization of "Username" field of "default.asp" script. ASP Smiley version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21063

  • 06.46.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pilot Cart Pilot.ASP SQL Injection
  • Description: Pilot cart is an E-commerce application. It is exposed to an SQL injection issue because the application fails to properly sanitize user-supplied input before using it in an SQL query. Version 7.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21065

  • 06.46.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Megamail Product_Review.PHP Multiple SQL Injection Vulnerabilities
  • Description: Megamail is a web-based mail application implemented in PHP. The application is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to the "t", "productId", "sk", "x" and "so" parameters of the "product_review.php" script and the "orderNo" parameter of the "order-track.php" script.
  • Ref: http://www.securityfocus.com/archive/1/451300

  • 06.46.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CandyPress Store Multiple SQL Injection Vulnerabilities
  • Description: CandyPress Store is a virtual storefront application implemented in ASP. Insufficient sanitization of user input exposes this application to sql injection issue. CandyPress Store version 3.5.2.14 is affected.
  • Ref: http://www.securityfocus.com/bid/21090

  • 06.46.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: High Performance Computers Solutions Shopping Cart Multiple SQL Injection Vulnerabilities
  • Description: High Performance Computers Solutions Shopping Cart is a shopping cart application. It is vulnerable to multiple SQL injection issues due to insufficient sanitization of user-supplied input to various parameters and scripts. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/451595

  • 06.46.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dragon Event Listing Multiple SQL Injection Vulnerabilities
  • Description: Dragon Event Listing is a web-based calendar and event listing application. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to multiple scripts. Dragon Internet Events Listing version 2.0.01 is affected.
  • Ref: http://www.securityfocus.com/bid/21098

  • 06.46.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WWWeb Cocepts CactuShop Multiple SQL Injection Vulnerabilities
  • Description: WWWeb Concepts CactuShop is a web-based ecommerce application. It is exposed to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize input to the "prodtype" parameter of the "prodtype.asp" script and the "product" parameter of the "product.asp" script.
  • Ref: http://www.securityfocus.com/bid/21076

  • 06.46.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BPG Multiple Products Vjob Parameter SQL Injection
  • Description: BPG Easy Publisher and Smart Publisher Pro are content management systems. They are vulnerable to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "vjob" parameter of the "bpg/publications_list.asp" script. BPG Easy Publisher and Smart Publisher Pro version 2.77 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21094

  • 06.46.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: I Systems UK Estate Agent Manager Default.ASP SQL Injection
  • Description: I Systems UK Estate Agent Manager is real estate listings web application implemented in ASP. The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user supplied data to the "Username" form field parameter of the "admin/default.asp" script file before using it in an SQL query. Versions 1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21103

  • 06.46.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPIntranet Mutiple SQL Injection Vulnerabilities
  • Description: ASPIntranet is a content management system for intranets. Insufficient sanitization of user supplied data exposes this application to multiple SQL injection vulnerabilities. ASPIntranet version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21105

  • 06.46.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 20/20 Data Shed Listings.ASP SQL Injection
  • Description: 20/20 Data Shed is a web-based inventory application. It is prone to an SQL injection vulnerability due to insufficient sanitization of the "itemID" parameter of the "listings.asp" script. Version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21109

  • 06.46.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Aspmforum Multiple SQL Injection Vulnerabilities
  • Description: Aspmforum is a web-based application implemented in ASP. It is exposed to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/21113

  • 06.46.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: I-Gallery Multiple Input Validation Vulnerabilities
  • Description: I-gallery is a web-based photo gallery implemented in ASP. The application is prone to multiple input-validation vulnerabilities. Versions 3.4 and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/21122

  • 06.46.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlogTorrent Preview Announce.PHP Cross-Site Scripting
  • Description: BlogTorrent Preview is an application that allows uses to view torrent files in a web-browser. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "left" parameter of the "announce.php" script. Versions 0.92 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21125

  • 06.46.72 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPJobscheduler Multiple Remote File Include Vulnerabilities
  • Description: phpjobscheduler is a workflow application for developing websites. The insufficient sanitization of "installed_config_file" exposes this application to remote file include vulnerability issues. phpjobscheduler version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/451360

  • 06.46.73 - CVE: Not Available
  • Platform: Web Application
  • Title: RoundCube Webmail index.PHP Cross-Site Scripting
  • Description: RoundCube Webmail is a web-based IMAP email client application. It is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "_task" parameter of "index.php". Round Cube Webmail versions 0.1 -20051021 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21042

  • 06.46.74 - CVE: Not Available
  • Platform: Web Application
  • Title: ContentNow Multiple Input Validation Vulnerabilities
  • Description: ContentNow is a content management system. It is vulnerable to multiple input validation issues because the application fails to sufficiently sanitize user-supplied input to various parameters. ContentNow version 1.30 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21024

  • 06.46.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Samedia LandShop LS.PHP Multiple Input Validation Vulnerabilities
  • Description: SAMEDIA LandShop is an open source content management system. It is prone to multiple input validation issues because it fails to sufficiently sanitize user-supplied input data to the "action/ls.php" script.
  • Ref: http://www.securityfocus.com/bid/20989

  • 06.46.76 - CVE: Not Available
  • Platform: Web Application
  • Title: ExoPHPdesk Pipe.PHP Remote File Include
  • Description: Exophpdesk is a helpdesk application implemented in PHP. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "lang_file" parameter of "pipe.php". Exophpdesk version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21003

  • 06.46.77 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Functions.PHP Remote File Include
  • Description: WordPress is a helpdesk application. Insufficient sanitization of the "file" parameter in the "functions.php" script exposes the application to a remote file include issue. WordPress version 2.0.5 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/451311

  • 06.46.78 - CVE: Not Available
  • Platform: Web Application
  • Title: ShopSystems Index.PHP SQL Injection
  • Description: ShopSystems is a shopping cart application. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sessid" parameter of the "index.php" script file before using it in an SQL query. Versions 4.0 and earlier affected.
  • Ref: http://www.securityfocus.com/bid/21005

  • 06.46.79 - CVE: Not Available
  • Platform: Web Application
  • Title: phpManta View-Sourcecode.PHP Local File Include
  • Description: phpManta is suite of PHP classes, intended to help PHP programmers writing PHP websites and applications. It is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "view-sourcecode.php" script. phpManta version 1.0.2 and prior are vulnerable to this issue; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21008

  • 06.46.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Rama CMS Lang Parameter Local File Include
  • Description: Rama CMS is a content management system.The insufficient sanitization of "lang" cookie parameter exposes this application to Local File Include issue. Rama CMS version 0.68 and earlier are affected. Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/rama_poc.txt

  • 06.46.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPWCMS Wcs_User_Lang Local File Include
  • Description: PHPWCMS is a content management system. It is vulnerable to a local file include issue due to insufficient sanitization of user-supplied input to the "wcs_user_lang" cookie parameter. PHPWCMS version 1.2.6 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/2758

  • 06.46.82 - CVE: Not Available
  • Platform: Web Application
  • Title: NuStore Products.ASP SQL Injection
  • Description: NuStore is a shopping cart system. It is exposed to an SQL injection because it fails to sufficiently sanitize user-supplied data to the "CategoryID" parameter of the "Products.asp" script file before using it in an SQL query. NuStore version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21019

  • 06.46.83 - CVE: Not Available
  • Platform: Web Application
  • Title: ELOG Web Logbook ELogD Server Denial Of Service
  • Description: ELOG Web Logbook is a web log application. It is prone to a remote denial of service vulnerability because the application fails to properly handle HTTP GET request referring to any logbook prefixed with the word "global". This causes a NULL pointer dereference in the server process resulting in denial of service conditions
  • Ref: http://www.securityfocus.com/bid/21028

  • 06.46.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Phpdebug Debug_test.PHP Remote File Include
  • Description: Phpdebug is an application for debugging PHP code. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "debugClassLocation" parameter of "debug_test.php". Phpdebug version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21047

  • 06.46.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Bitweaver Multiple Input Validation Vulnerabilities
  • Description: Bitweaver is a web application framework and content manager. It is exposed to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Bitweaver versions 1.3.1 and earlier are affected..
  • Ref: http://www.securityfocus.com/bid/20988

  • 06.46.86 - CVE: Not Available
  • Platform: Web Application
  • Title: XLineSoft PHPRunner PHPRunner.INI Local Information Disclosure
  • Description: XLineSoft PHPRunner is a PHP based web interface for local and remote databases. It is prone to an information disclosure vulnerability due to sensitive data being saved in the unencrypted "windowsPHPRunner.ini" file. Version 3.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21054

  • 06.46.87 - CVE: Not Available
  • Platform: Web Application
  • Title: AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
  • Description: ALTOOLS ALFTP is an FTP client/server application available for the Microsoft Windows operating system. The server portion of the application is exposed to multiple security issues. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/bid/21058

  • 06.46.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Plesk Multiple HTML Injection Vulnerabilities
  • Description: Plesk is a web based administration console implemented in PHP. The application is prone to multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The vulnerabilities reside in unspecified input boxes in the "get_password.php" and "login_up.php3' scripts. Plesk versions 8.0.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21067

  • 06.46.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPPeanuts Inspect.PHP Remote File Include
  • Description: PHPPeanuts is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "Include" parameter of the "pntUnit/Inspect.php" script. Phppeanuts 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21057

  • 06.46.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Inventory Manager Multiple Input Validation Vulnerabilities
  • Description: Inventory Manager is a web portal application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. All versions of Inventory Manager are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21069

  • 06.46.91 - CVE: Not Available
  • Platform: Web Application
  • Title: MGInternet Property Site Manager Multiple Input Validation Vulnerabilities
  • Description: MGinternet Property Site Manager is a content management system (CMS) for real estate web sites. It is prone to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/21073

  • 06.46.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Dotdeb PHP PHP_Self Path_Info Email Header Injection
  • Description: Dotdeb PHP is a PHP package available from the Dotdeb unofficial Debian repository. The insufficient sanitization of "PHP_SELF" variable exposes this application to email header injection issue. PHP4 versions prior to 4.4.4 are affected. PHP5 versions prior to 5.2.0 rev 3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/451528

  • 06.46.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Netvios Page.ASP SQL Injection
  • Description: Netvios is a web-based operating platform. It is prone to an SQL injection issue because it fails to sanitize user-supplied data to the "NewsID" parameter of the "News/page.asp" script file. Netvios versions 2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/21088

  • 06.46.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Eudora WorldMail Server Remote Unspecified Denial of Service
  • Description: Eudora WorldMail Server is prone to a remote denial of service vulnerability due to an uspecified error. Eudora WorldMail version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21099

  • 06.46.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Nucleus CMS Unspecified HTML Injection
  • Description: Nucleus CMS is a content management system. It is vulnerable to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to an unspecified script parameter. Nucleus CMS versions prior to 3.24 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21104

  • 06.46.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Hot Links Perl PHP Information Disclosure
  • Description: Hot Links is a web directory application. It is prone to an information disclosure vulnerability because it fails to authenticate the user during specific download requests. Specifically, this issue occurs when requests are made using the "dl" parameter of the "dlback.php" script. All versions of Hot Links SQL-PHP and Hot Links Pro are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21112

  • 06.46.97 - CVE: Not Available
  • Platform: Web Application
  • Title: BaalAsp Forum Multiple Input Validation Vulnerabilities
  • Description: BaalAsp Forum is a web-based application implemented in ASP. Insufficient sanitization of "adminlogin.asp' and "userlogin.asp" scripts exposes this application to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/21111

  • 06.46.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Extreme CMS Multiple HTML Injection Vulnerabilities
  • Description: Extreme CMS is a web-based content management system. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of various fields in the "admin/options.php" script. Extreme CMS version 0.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21116

  • 06.46.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Extreme CMS Options.PHP Authentication Bypass
  • Description: Extreme CMS is a web based content management system. It is prone to an authentication bypass vulnerability because it fails to authenticate users who access the "admin/options.php" script, which is used for modifying sensitive data. Extreme CMS 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/21118

  • 06.46.100 - CVE: CVE-2006-5819
  • Platform: Web Application
  • Title: Verity Ultraseek Information Disclosure and Request Proxying Vulnerabilities
  • Description: Verity Ultraseek is a web-based search application. It is prone to a number of vulnerabilities that allow remote attackers to proxy attacks to internal networks and computers, gain unauthorized access to unspecified information through a number of vulnerable scripts, and allow authenticated users to retrieve arbitrary system file contents. Versions prior to 5.7 are vulnerable. Please see the advisory for further details.
  • Ref: http://www.securityfocus.com/bid/21120

  • 06.46.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Blog:CMS Dir_Plugins and Dir_Libs Multiple Remote File Include Vulnerabilities
  • Description: BLOG:CMS is a content management system for blog web sites. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Version 4.0.0.0 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21124

  • 06.46.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Odysseus Blog Blog.PHP Cross-Site Scripting
  • Description: Odysseus Blog is a multi user blogging application. It is prone to cross site scripting issues because it fails to sanitize user-supplied input to the "page" parameter of the "blog.php" script. Odysseus Blog version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21128

  • 06.46.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Citrix Access Gateway Advanced Access Control Multiple Vulnerabilities
  • Description: Citrix Access Gateway is an SSL/VPN appliance. It is prone to multiple vulnerabilities that arise when the Advanced Access Control options is used with Access Gateway. Versions 4.0 and 4.2 are reportedly vulnerable. Please see the advisory for further details.
  • Ref: http://support.citrix.com/article/CTX111614 http://support.citrix.com/article/CTX111615

  • 06.46.104 - CVE: Not Available
  • Platform: Network Device
  • Title: XTACACS Unspecified Buffer Overflow
  • Description: XTACACS is an authentication application for NASs. It is vulnerable to an unspecified remote buffer overflow issue. XTACACS version 4.12 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21107

  • 06.46.105 - CVE: Not Available
  • Platform: Hardware
  • Title: Digipass Go3 Insecure Encryption
  • Description: Digipass Go3 is a device that generates one-time passwords. The device is prone to an insecure encryption vulnerability. This issue occurs because the device uses an insecure single key encryption algorithm to encrypt sensitive data.
  • Ref: http://www.securityfocus.com/bid/21040

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.