The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 37
September 18, 2006

SANS Newsletters Home

A big week for critical vulnerabilities: Major vulnerabilities discovered in multimedia software from Apple and Adobe, as well as multiple Microsoft software including Internet Explorer.

Good news - for a change. For everyone who has ever tried to reduce vulnerabilities, and found it very hard, today is a very good day. NIST just announced (this morning) that it is launching a cooperative effort involving NSA, DoD/DISA, DHS, and the Center for Internet Security, with the help of security and software vendors, to radically upgrade vulnerability management. The program will bring automation and standardization to vulnerability management, and it is real. Within a few months, you should expect to see new procurement language that can be used by any organization buying software or system or system integration, that will require the vendors and contractors to deliver systems and software compatible with the new automated vulnerability management program. SANS will do a free webcast on it shortly to give you more details.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • @RISK is the SANS community's consensus bulletin summarizing the most
    • important vulnerabilities and exploits identified during the past week
    • and providing guidance on appropriate actions to protect your systems
    • (PART I). It also includes a comprehensive list of all new
    • vulnerabilities discovered in the past week (PART II).
    • Summary of Updates and Vulnerabilities in this Consensus
    • - ---------------------------------------------------------------------
    • Platform Number of Updates and Vulnerabilities
    • - ---------------------------------------------------------------------
    • Windows
    • 3 (#3, #4, #9, #15)
    • Microsoft Office
    • 1 (#5)
    • Third Party Windows Apps
    • 6
    • Mac Os
    • 2
    • Linux
    • 2
    • Unix
    • 3
    • Cross Platform
    • 15 (#1, #2, #7, #8)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 34 (#10, #11, #12, #14)
    • Network Device
    • 1 (#6, #13)
    • Hardware
    • 1

**** SANS Security Summits on SCADA Security and on Laptop Encryption ***

(1) The Process Control & SCADA Security Summit, September 28 - 30, in Las Vegas, focuses on the most critical vulnerabilities in control systems that run power plants, chemical plants, transportation systems, pipelines, and more, and shows what can be done now secure these critical systems. http://www.sans.org/info.php?id=1349

(2) The Secure Storage and Encryption Summit, December 6 - 7 near Washington, DC, offers the only user-to-user program on what works in securing laptops and PDAs and other places where data is at rest. Lessons learned, surprises, problems; just what you need to reduce the pain in deploying encryption and other storage security technology. Very limited seating for this one, so if you are going to be investing your time in improving mobile data security, server security, or even database security, please register very soon. http://www.sans.org/info.php?id=1350

***********************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

*************************************************************************

SANS is coming back to New Orleans Nov. 14-21. To make it a memorable program, the four highest rated SANS teachers will teach classes of limited size to maximize interaction. You won't find better security training anywhere. How Good Are SANS Courses? Ask the alumni.

++ "I have attended courses by several of SANS rivals, and SANS blew them away." - Alton Thompson, US Marines

++ "This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately." - Dwight Leo, Defense Logistics Agency, DLA

++ "This program provided the opportunity to learn from many of the people who are defining the future direction of information technology" - - Larry Anderson, Computer Sciences Corp.

++ "The SANS classes have been uniformly excellent. To learn as much through traditional classes would have entailed weeks away from work." - - David Ritch, Department of Defense

See: http://www.sans.org/ns2006/caag.php

************************* Sponsored Links: ******************************

"Trustworthy IPS Testing and Certification" Free SANS Special Webcast tomorrow, Tuesday, September 19 at 1:00 PM EDT (1700 UTC/GMT) http://www.sans.org/info.php?id=1351

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
  • Affected:
    • Apple QuickTime version 7.1.2 and prior for Mac OS X and Microsoft
    • Windows XP/2000

  • Description: Apple's QuickTime media player and framework contains multiple file-parsing vulnerabilities. Failure to properly parse H.264 movie files, QuickTime movie files, FLC movie files, FlashPix images, and SGI images, leads to various remotely-exploitable vulnerabilities. A specially-crafted movie or image file could exploit one of these vulnerabilities and execute arbitrary code with the privileges of the current user. Note that in most common configurations, files handled by QuickTime are opened automatically. Technical details for some of these vulnerabilities, and a simple proof-of-concept for the FLC vulnerability, have been publicly posted.

  • Status: Apple confirmed, updates available.

  • Council Site Actions: Multiple reporting council plan to distribute the patches during their next regularly scheduled maintenance cycle. One other site plans to notify their Windows users to obtain the update on their own and the Mac OS users will be automatically updates using Apple's Software Update Facility.

  • References:
  • (2) HIGH: Adobe Flash Player Multiple Vulnerabilities
  • Affected:
    • Adobe Flash Player version 8.0.24.0 and prior
    • Adobe Flash Professional 8
    • Adobe Flash MX 2004
    • Adobe Flex 1.5

  • Description: Adobe's Flash Player (formerly Macromedia Flash Player), a widely-deployed system for rich web content, contains several remotely-exploitable vulnerabilities, including remote code execution and denial-of-service vulnerabilities: (1) Failure to properly handle heap memory when dynamically allocating long strings at runtime leads to a controllable memory-overwrite condition. Some technical details for this vulnerability have been publicly posted. (2) An unspecified file parsing vulnerability can lead to multiple improper memory access errors. (3) Microsoft Excel spreadsheets that embed the Adobe Flash Player ActiveX object can, with user assistance, execute arbitrary JavaScript code. (4) An unspecified vulnerability allows specially-crafted Flash file to bypass the internal sandbox protection mechanism, allowing privilege escalation. (5) An unspecified file parsing vulnerability can lead to a denial-of-service condition by crashing the viewing web browser. A specially-crafted Flash file could trigger these vulnerabilities and potentially execute arbitrary code with the privileges of the current user. Note that, in the default configuration, Flash files are displayed automatically when loaded in a web browser.

  • Status: Adobe confirmed, updates available.

  • Council Site Actions: All responding council sites plan to take action - - most will be deploying the patches during their next regular maintenance release cycle. One site will rely on individual end users to obtain the update.

  • References:
  • (4) HIGH: Microsoft Pragmatic General Multicast Buffer Overflow (MS06-052)
  • Affected:
    • Microsoft Windows XP SP1/SP2

  • Description: The Microsoft Message Queueing component (not installed by default) in Microsoft Windows XP contains a remotely-exploitable buffer overflow vulnerability. Failure to properly handle Pragmatic General Multicast (PGM) packets leads to a buffer overflow. A series of specially-crafted PGM packets could trigger this buffer overflow and allow arbitrary code execution with SYSTEM-level privileges. Users are advised to block packets with IP protocol number 113 at the network perimeter, if possible.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All responding council site plan to take action - most will be deploying the patches during their next regular maintenance release cycle.

  • References:
  • (5) HIGH: Microsoft Publisher File Parsing Buffer Overflow (MS06-054)
  • Affected:
    • Microsoft Office Publisher 2000/2002/2003

  • Description: Microsoft Office Publisher, a popular Desktop Publishing (DTP) application and Microsoft Office component, contains a remotely-exploitable file-format vulnerability. Failure to properly validate Publisher files (typically identified via the ".pub" filename extension) leads to a buffer overflow. A specially-crafted Publisher file could exploit this overflow and execute arbitrary code with the privileges of the current user. Note that Publisher files do not open by default in versions of Microsoft Office after Office 2000.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Most responding council site plan to take action and will be deploying the patches during their next regular maintenance release cycle.

  • References:
  • (6) MODERATE: Cisco IOS VTP Multiple Vulnerabilities
  • Affected:
    • Cisco switches running Cisco IOS and CatOS

  • Description: The VLAN Trunking Protocol (VTP) is a proprietary Cisco protocol used to distribute VLAN configuration information. The implementation of VTP on switches running Cisco IOS and CatOS operating systems contains several vulnerabilities: (1) VLAN names longer than 100 bytes can result in a buffer overflow in Cisco IOS. A specially-crafted VTP request could trigger this buffer overflow and execute arbitrary code on the switch. (2) A specially-crafted VTP request could lead to a denial-of-service condition on Cisco IOS-based devices. (3) Specifying a large configuration revision number can result in an integer overflow in both Cisco IOS and CatOS-based devices. Once this integer overflow has been triggered, any VTP updates sent out by the affected switch will be ignored by other switches. Users are advised to implement VTP password authentication for all VTP domains, if possible.

  • Status: Cisco confirmed, updates available.

  • Council Site Actions: Three of the responding council sites are using the affected software. One site will deploy the patch during their next maintenance cycle, another site will deploy the patch later this year unless if a DoS is observed, and the third site is still investigating.

  • References:
  • (7) MODERATE: HP OpenView Multiple Vulnerabilities
  • Affected:
    • HP OpenView Operations versions 7.1, 8.0, 8.1
    • HP OpenView Operations for Windows versions a.07.21, a.07.20, a.07.10, a.07.00

  • Description: HP OpenView, a popular enterprise-level system monitoring and management suite, contains multiple unspecified remotely-exploitable vulnerabilities. These vulnerabilities include remote unauthorized access, possibly allowing for remote command execution, and denial-of-service conditions.

  • Status: HP confirmed, updates available.

  • Council Site Actions: Only one council site is using the affected software and they plan to push the patch during their next regularly scheduled maintenance cycle.

  • References:
  • (8) MODERATE: PHP NULL Processing Arbitrary File Overwrite
  • Affected:
    • It is unknown how many PHP applications are vulnerable. It has been
    • confirmed that both phpBB and punBB are vulnerable.

  • Description: Some PHP scripts fail to properly account for NULL (ASCII 0) characters in certain user-supplied data. A specially-crafted request could exploit this vulnerability and overwrite arbitrary files with user-supplied data. A proof-of-concept exploit for phpBB has been publicly posted.

  • References:
Other Software
  • (10) HIGH: Multiple Products PHP File Include Vulnerabilities
  • Affected:
    • phpBB XS version 0.58
    • HotPlug CMS version 1.0
    • ppalCart version 2.5
    • phpLinkExchange version 1.0

  • Description: The following popular software packages reportedly contain PHP remote file include vulnerabilities: phpBB XS, HotPlug CMS, ppalCart, and phpLinkExchange. These flaws can be exploited by a remote attacker to run arbitrary PHP code on the web server hosting the vulnerable software packages. The postings show how to craft the malicious HTTP requests to exploit the flaws. Note that all of these vulnerabilities require that the PHP "register_globals" options be enabled. The "register_globals" option is disabled by default in PHP version 4.2.0 and later. Users are advised to disable the "register_globals" option if possible, and run web server software under a low-privilege account. Status: phpBB has not confirmed, no updates available. HotPlug CMS has not confirmed, no updates available. ppcalCart has not confirmed, no updates available. phpLinkExchange has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (12) HIGH: Tagger LE Remote Code Execution
  • Affected:
    • Tagger LE

  • Description: Tagger LE, used to provide user comment and chat functionality on web pages, contains a remotely-exploitable command execution vulnerability. By sending a specially-crafted request, an attacker could execute arbitrary commands with the privileges of the web server process. Technical details and a simple proof-of-concept for this vulnerability have been publicly posted.

  • Status: Tagger has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (13) MODERATE: Act Networks NetPerformer FRAD Multiple Vulnerabilities
  • Affected:
    • NetPerformer FRAD ACT SDM 95xx/93xx/92xx

  • Description: The NetPerformer FRAD (Frame Relay Access Device) contains multiple remotely-exploitable vulnerabilities: (1) Passing a username longer than 4550 bytes to the telnet service triggers a buffer overflow. It is currently unknown whether this can lead to remote code execution; currently only the denial-of-service case it known. (2) By sending a specially-crafted ICMP packet to the device, an attacker can cause the device to stop processing TCP traffic. Technical details for these vulnerabilities, as well as a simple proof-of-concept, have been publicly posted.

  • Status: NetPerformer has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (14) MODERATE: SQL-Ledger/LedgerSMB Remote Code Execution
  • Affected:
    • SQL-Ledger version 2.6.18 and prior
    • LedgerSMB version 1.0.0 and prior

  • Description: SQL-Ledger, a popular web-based accounting system, and LedgerSMB, a derivative, contain a remote code execution vulnerability. By sending a specially-crafted request to the vulnerable server, an attacker could trigger this vulnerability and execute arbitrary code with the privileges of the server process. Technical details for this vulnerability have been publicly posted.

  • Status: SQL-Ledger has confirmed, updates available. LedgerSMB has not confirmed, no updates available.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 37, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5166 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. 06.37.1 CVE: CVE-2006-3442 Platform: Windows Title: Microsoft PGM Remote Buffer Overflow Description: Microsoft Pragmatic General Multicast (PGM) is a multicast protocol to detect, report on, and request retransmission of incomplete or lost inbound data. It is prone to a remote buffer overflow vulnerability that surfaces when a specially crafted multicast message is received by the vulnerable system. This issue only affects systems when Microsoft Message Queuing (MSMQ) 3.0 is installed; this is not the default. Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-052.mspx

  • 06.37.2 - CVE: CVE-2006-0032
  • Platform: Windows
  • Title: Microsoft Indexing Service Query Validation Cross-Site Scripting
  • Description: Microsoft Indexing Service is an application to create indexed catalogs for the contents and properties of file systems and virtual Webs. It is a base service and part of the Internet Information Services (IIS). Microsoft Indexing Service is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, in the context of the victim's session.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx
  • 06.37.3 - CVE: CVE-2006-3873
  • Platform: Windows
  • Title: Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow
  • Description: Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability. A successful exploit may result in arbitrary code execution in the context of the user running the browser. HTML content containing overly long URIs pointing to web sites using the HTTP/1.1 protocol along with compression may trigger this issue. This issue presents itself because the software fails to properly bounds check the use of the "lstrcpynA()" function in the "URLMON.DLL" library. This issue was introduced with the re-released patches of Microsoft advisory MS06-042.
  • Ref: http://www.securityfocus.com/bid/19987
  • 06.37.4 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Publisher Remote Code Execution
  • Description: Microsoft Publisher is prone to a code execution vulnerability. This is due to a flaw when handling malformed PUB files. This vulnerability may be exploited through email or by placing the malicious document on the Web and enticing victim users into opening it.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx
  • 06.37.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Paul Smith Computer Services VCAP Calendar Server Directory Traversal
  • Description: vCAP Calendar Server allows users to create network accessible calendars. The application is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. vCAP Calendar Server versions 1.9.0 Beta and prior are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19958
  • 06.37.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: vCAP Calendar Server Remote Denial of Service
  • Description: vCAP Calendar Server allows users to create network accessible calendars. vCAP Calendar Server is prone to a remote denial of service issue when an attacker supplied malformed value consisting of "%d" characters is passed to the "session" parameter of the "StoresAndCalendars List.cgi" script. vCAP Calendar Server versions 1.9.0 Beta and prior are affected.
  • Ref: http://www.securityfocus.com/bid/19959
  • 06.37.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ICQ MCRegEx__Search Remote Heap Buffer Overflow
  • Description: ICQ is prone to a remote heap buffer overflow vulnerability. This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service. This issue affects ICQ Pro 2003b Build #3916.
  • Ref: http://www.securityfocus.com/archive/1/445513
  • 06.37.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ICQ Toolbar Multiple Vulnerabilities
  • Description: ICQ Toolbar is communication software for a web browser. There are multiple vulnerabilities related to the tool bar such as HTML injection and unauthorized access issues. ICQ Toolbar version 1.3 for Internet Explorer is vulnerable. Ref: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
  • 06.37.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multithreaded TFTP Server Remote Denial of Service
  • Description: Multithreaded TFTP Server is affected by a remote denial of service vulnerability due to a failure to handle excessively long FTP "GET" requests. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19925
  • 06.37.10 - CVE: CVE-2006-0401
  • Platform: Third Party Windows Apps
  • Title: Dreameesoft Password Master Local Authentication Bypass
  • Description: Dreameesoft Password Master is a secure password management application available for Windows Mobile Pocket PC. It is exposed to an authentication bypass issue due to a design error. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/19983
  • 06.37.11 - CVE: Not Available
  • Platform: Mac Os
  • Title: Roxio Toast DejaVu Component Insecure Temporary File Handling
  • Description: Roxio Toast is a CD and DVD creator application for the Mac OS X operating system. It is prone to a local insecure temporary file handling vulnerability, due to a race condition between the time the application creates a script in the "/tmp" directory and the time the script is executed. An attacker can replace the script and execute code with elevated privileges. Roxio Toast version 7 Titanium is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19955
  • 06.37.12 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X KExtLoad Format String Weakness
  • Description: The KExtload utility is used to load kernel extensions into the Apple Mac OS X kernel. KExtload is prone to a format string weakness because it fails to sufficiently sanitize user-supplied input to the "fprint()" function call in the "prelink.c" source file. While it is not possible to elevate user privileges through KExtload alone, a malicious user can utilize other software on the system, which uses superuser privileges to call KExtload commands, as an attack vector.
  • Ref: http://www.securityfocus.com/bid/20031
  • 06.37.13 - CVE: CVE-2006-4623
  • Platform: Linux
  • Title: Linux Kernel ULE Packet Handling Remote Denial of Service
  • Description: The Linux kernel is susceptible to a remote denial of service vulnerability. This issue is triggered when the kernel handles a specially crafted Unidirectional Lightweight Encapsulation (ULE) packet. Specifically, a packet containing an SNDU length value of 0 can cause the kernel to crash. Kernel version 2.6.17.8 is reported to be vulnerable to this issue.
  • Ref: http://lkml.org/lkml/2006/8/20/278
  • 06.37.14 - CVE: CVE-2006-3739, CVE-2006-3740
  • Platform: Linux
  • Title: X.Org LibXfont CID Font File Multiple Integer Overflow Vulnerabilities
  • Description: LibXfont is a font library for X windows. It is prone to multiple integer overflow vulnerabilities, due to a failure to validate user supplied data when parsing CID encoded Type1 fonts in the "type1" module.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0665.html
  • 06.37.15 - CVE: CVE-2006-4655
  • Platform: Unix
  • Title: X.Org X Window Server LibX11 XKEYBOARD Extension Local Buffer Overflow
  • Description: The X Windows server libX11 library is prone to a local buffer overflow vulnerability. The overflow arises when the "XKEYBOARD" extension has been enabled. An attacker can trigger this issue by supplying an excessive string value through the "_XKB_CHARSET" environment variable to overflow a finite sized buffer in the "Strcmp" function. A string value containing more that 256 bytes may corrupt process memory. X11R6 4.0 and prior versions are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1&searchclause=
  • 06.37.16 - CVE: Not Available
  • Platform: Unix
  • Title: Open Movie Editor Local Buffer Overflow
  • Description: Open Movie Editor is a GNU/GPL application that provides movie making capabilities. Open Movie Editor is prone to a local buffer overflow vulnerability. Open Movie Editor version 0.0.20060901 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19938
  • 06.37.17 - CVE: CVE-2006-3636
  • Platform: Unix
  • Title: Mailman Multiple Input Validation Vulnerabilities
  • Description: Mailman is a mailing list server available for Unix like operating systems. It is prone to multiple input validation vulnerabilities due to insufficient input sanitization. Please see the advisory for further details. Versions between 2.1.0 and 2.1.8 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20021
  • 06.37.18 - CVE: CVE-2006-4681
  • Platform: Cross Platform
  • Title: IBM Director Redirect.bat Directory Traversal
  • Description: IBM Director is a system management application to track and view system configurations of remote systems. It is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "Redirect.bat" script. Versions earlier to 5.10 are affected.
  • Ref: ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_ relnotes.pdf
  • 06.37.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avast! Antivirus Engine Remote LHA Buffer Overflow
  • Description: Avast! antivirus engine is an antivirus application. It is vulnerable to a buffer overflow issue when handling malformed LHA archive files. Avast! antivirus engine less than version 4.7.869 (for desktops), or less than version 4.7.660 (for servers) is vulnerable.
  • Ref: http://www.hustlelabs.com/advisories/04072006_alwil.pdf
  • 06.37.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Director Multiple Remote Input Validation Vulnerabilities
  • Description: IBM Director is a system management application to track and view system configurations of remote systems. It is vulnerable to multiple input validation issues. See the advisory for further details. Ref: ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
  • 06.37.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sage Input Validation
  • Description: Sage is a newsfeed aggregator plugin for the Firefox browser. It is prone to an input validation vulnerability which allows malicious HTML and script code to be injected before using it in dynamically generated content. Sage version 1.3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/19928
  • 06.37.22 - CVE: CVE-2006-2658
  • Platform: Cross Platform
  • Title: Mono XSP Unspecified Directory Traversal
  • Description: XSP is a simple web server designed to serve ASP.NET applications. It is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to unspecified parameters. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19929
  • 06.37.23 - CVE:CVE-2006-4389,CVE-2006-4381,CVE-2006-4382,CVE-2006-4384,CVE-2006-4385,CVE-2006-4386,CVE-2006-4388
  • Platform: Cross Platform
  • Title: QuickTime Multiple Overflow and Exception Vulnerabilities
  • Description: Apple QuickTime is vulnerable to multiple vulnerabilities due to insufficient boundary check and sanitization of user-supplied data. See the advisory for further details. QuickTime version 7.1.3 resolves the issues. Ref: http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html
  • 06.37.24 - CVE:CVE-2006-3014,CVE-2006-3311,CVE-2006-3587,CVE-2006-3588,CVE-2006-4640
  • Platform: Cross Platform
  • Title: Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
  • Description: Adobe Flash Player is prone to multiple remote code execution issues due to a lack of proper sanitization of user-supplied input. Adobe Flash Player versions 8.0.24.0 and prior, Adobe Flash Professional version 8, Flash Basic, Adobe Flash MX and Adobe Flex version 1.5 are affected.
  • Ref: http://www.securityfocus.com/bid/19980
  • 06.37.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Verso NetPerformer Frame Relay Access Device Telnet Buffer Overflow
  • Description: Verso NetPerformer Frame Relay Access Device (FRAD) is a switching and routing device used to interconnect WAN segments over frame relay or ATM. It is affected by a remotely exploitable buffer overflow issue when an overly long username string is sent to the device via the telnet service (TCP/23).
  • Ref: http://www.securityfocus.com/bid/19989
  • 06.37.26 - CVE: CVE-2006-3454
  • Platform: Cross Platform
  • Title: Symantec AntiVirus Corporate Edition Multiple Local Format String Vulnerabilities
  • Description: Symantec AntiVirus Corporate Edition is prone to a local privilege escalation vulnerability because it fails to properly sanitize user-supplied input prior to using it in the format argument to a formatted printing function located in the alert notification process. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
  • 06.37.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP OpenView Operations Denial of Service and Unauthorized Access
  • Description: HP OpenView provides network and system administration services for managing nodes across multiple network domains. It is affected by a denial of service and unauthorized access vulnerability.
  • Ref: http://www.securityfocus.com/bid/20005
  • 06.37.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FFmpeg Image File Multiple Buffer Overflow Vulnerabilities
  • Description: FFmpeg is a video and audio converter library. It is prone to multiple remote buffer overflow vulnerability because the application fails to properly bounds check user-supplied input. FFmpeg versions prior to 0.4.9_p20060530 are affected.
  • Ref: http://www.securityfocus.com/bid/20009
  • 06.37.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell Identity Manager Fan-Out Linux and UNIX Receiver Script Code Injection
  • Description: Novell Identity Manager is an identity management product that provisions user and password management for the enterprise. It is prone to a code injection vulnerability due to an input validation error to the Fan-Out Linux and UNIX receiver scripts. The vulnerability affects version 3.0.1.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm
  • 06.37.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Iodine Unspecified Security Issue
  • Description: Iodine is an application that establishes IPV4 tunnels through the Domain Name System. It is affected by an unspecified security vulnerability. Please see the attached advisory for details.
  • Ref: http://www.securityfocus.com/bid/20017
  • 06.37.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zope CSV_Table Information Disclosure
  • Description: Zope is prone to an information disclosure vulnerability. This issue is due to a failure in the application to properly secure potentially sensitive information. The problem occurs because the server does not disable the "csv_table" directive in web pages containing "ReST" markup. A remote attacker can exploit this issue to retrieve potentially sensitive information.
  • Ref: http://www.securityfocus.com/bid/20022
  • 06.37.32 - CVE: CVE-2006-4790
  • Platform: Cross Platform
  • Title: GnuTLS RSA Signature Forgery
  • Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. GnuTLS is vulnerable to an issue that may allow an attacker to forge an RSA signature. See the advisory for further details. GnuTLS versions 1.4.2 and earlier are vulnerable. Ref: http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
  • 06.37.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: iSupport Multiple Cross-Site Scripting Vulnerabilities
  • Description: iSupport is a help desk support application. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to various parameters. iSupport version 1.8 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19963
  • 06.37.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Opentools-Board Attachment Mod Cross-Site Scripting Vulnerability
  • Description: Opentools Attachment Mod is an add-on module for phpBB installations. It provides functionality so that users may upload and attach files to phpBB forum posts. The application is prone to a cross-site scripting vulnerability. This issue affects version 2.4.4 of the application.
  • Ref: http://www.opentools.de/board/viewtopic.php?t=5362
  • 06.37.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vikingboard Multiple Cross-Site Scripting Vulnerabilities
  • Description: Vikingboard is a forum board. Insufficient sanitization of the "act" parameter of the "help.php" and "search.php" scripts as well as the "p" parameter of the "report.php" script exposes the application to multiple cross-site scripting issues. Vikingboard version 0.1b is affected.
  • Ref: http://www.securityfocus.com/bid/19916
  • 06.37.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IDevSpot TextAds Multiple Cross-Site Scripting Vulnerabilities
  • Description: TextAds is an automated advertisement system. It is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the "id" parameter of the "delete.php" script and the "error" parameter of the "error.php" script.
  • Ref: http://www.securityfocus.com/bid/19932
  • 06.37.37 - CVE: CVE-2006-4752
  • Platform: Web Application - Cross Site Scripting
  • Title: XHP CMS Index.PHP Cross-Site Scripting
  • Description: XHP CMS is a content management system implemented in PHP. The application is vulnerable to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "errcode" parameter of the "index.php" script. Version 0.5.1 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/445727
  • 06.37.38 - CVE: CVE-2006-4726
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Error Page Cross-Site Scripting
  • Description: ColdFusion is web application development software. It is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to unspecified parameters of error pages. Adobe ColdFusion versions MX 7.02, MX 7.01 and MX 6.1 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb06-14.html
  • 06.37.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ForumJBC Haut.PHP Cross-Site Scripting
  • Description: ForumJBC is a web forum. It is vulnerable to cross-site scripting attacks due to insufficient input sanitization of the "nb_connecte" parameter of the "haut.php" script. Version 4.0 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19992
  • 06.37.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: K2News Management Ratings.PHP Cross-Site Scripting
  • Description: k2News Management is a news management system in PHP. The application is vulnerable to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "NewsID" parameter of the "Rating.php" script.
  • Ref: http://www.securityfocus.com/bid/19994
  • 06.37.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Event Calendar Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHP Event Calendar is a web-based calendar application implemented in PHP. It is vulnerable to multiple cross-site scripting attacks, due to insufficient input sanitization of the "ti", "bi", and "cbgi" parameters of the "cl_files/index.php'"script. Versions 1.5.1, 1.5, and 1.4 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20001
  • 06.37.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: e107 CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: e107 CMS is a content management system. It is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-input to various scripts. Version 0.7.5 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19997
  • 06.37.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CJ Tag Board Tag.PHP Cross-Site Scripting
  • Description: CJ Tag Board is a web forum. Insufficient sanitization of the "cjmsg" parameter of the "tag.php" script exposes to the application to a cross-site scripting issue. CJ Tag Board version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/20000
  • 06.37.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Snitz Forums 2000 Forum.ASP Cross-Site Scripting
  • Description: Snitz Forums 2000 is an online forum application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "sortorder" parameter of the "forum.asp" script. Snitz Forums 2000 version 3.4.06 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/445902
  • 06.37.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: emuCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: emuCMS is a content management system. Insufficient sanitization of the "page" and "query" parameters of the "index.php" script exposes the application to multiple cross-site scripting issues. emuCMS versions 0.21 and 0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/20013
  • 06.37.46 - CVE: CVE-2006-4646
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Userreview Module Unspecified Cross-Site Scripting
  • Description: Drupal is a content-management application written in PHP. The Userreview module is a node review posting add-on. Drupal Userreview module is prone to an unspecified cross-site scripting vulnerability. Drupal 4.7 is affected by this issue.
  • Ref: http://drupal.org/node/83954
  • 06.37.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Blojsom Cross-Site Scripting Vulnerability
  • Description: Blojsom is a blog software package. It is exposed to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Blojsom version is 2.31 affected.
  • Ref: http://www.securityfocus.com/bid/20026
  • 06.37.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blog:CMS Pitem Multiple SQL Injection Vulnerabilities
  • Description: Blog:CMS is a web-based publishing application. It is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query. Version 4.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/19909
  • 06.37.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Maincore.PHP SQL Injection
  • Description: PHP-Fusion is a web site management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to unspecified parameters of the "maincore.php" script. PHP-Fusion versions 6.01.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19910
  • 06.37.50 - CVE: CVE-2006-4667
  • Platform: Web Application - SQL Injection
  • Title: RunCms Multiple SQL Injection Vulnerabilities
  • Description: RunCms is a web-based publishing application. The application is prone to multiple SQL injection vulnerabilities in the "uid", "timezone_offset" and "umode" parameters of unspecified scripts. Versions 1.4.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19913
  • 06.37.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vikingboard Topic.PHP SQL Injection
  • Description: Vikingboard is a forum application. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "s" parameter of the "topic.php" script. Version 0.1b is affected.
  • Ref: http://www.securityfocus.com/bid/19919
  • 06.37.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SpoonLabs Vivvo Article Management Pdf_Version.PHP SQL Injection
  • Description: Vivvo Article Management is a content management system. It is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "pdf_version.php" script. Versions 3.2 and prior are reported to be affected.
  • Ref: http://www.securityfocus.com/bid/19934
  • 06.37.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Invision Power Board Index.PHP ST Parameter SQL Injection
  • Description: Invision Power Board is web-forum software. Invision Power Board is prone to an SQL injection vulnerability. The application fails to properly sanitize user-supplied input to the "st" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/19946
  • 06.37.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TikiWiki Tiki-g-admin_processes.PHP Multiple SQL Injection Vulnerabilities
  • Description: TikiWiki is a web-based wiki application implemented in PHP. It is prone to multiple SQL injection vulnerabilities due to insufficient input sanitization of the "pid" and "where" parameters of "tiki-g-admin_processes.php". Version 1.9.4 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19947
  • 06.37.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TualBLOG Icerik.ASP SQL Injection
  • Description: TualBLOG is a web-based personal blog application implemented in ASP. The application is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input to the "icerikno" parameter of the "icerik.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/445918
  • 06.37.56 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyDirectory Multiple Input Validation Vulnerabilities
  • Description: PHPMyDirectory is a web-based business directory script implemented in PHP. It is prone to multiple input validation vulnerabilities due to insufficient input sanitization of the "letter" parameter of "alpha.php". Versions 10.4.6, 10.4.5 and 10.1.3 are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19969
  • 06.37.57 - CVE: CVE-2006-4769
  • Platform: Web Application
  • Title: p4CMS ABF_JS.PHP Remote File Include
  • Description: p4CMS is a content manager implemented in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "abs_pfad" parameter of the "abf_js.php" script. p4CMS version 1.05 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19971
  • 06.37.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Ractive Popper Childwindow.Inc.PHP Remote File Include
  • Description: Ractive Popper is a webmail client. It is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "form" parameter of the "childwindow.inc.php" script. Versions 1.41-r2 and prior are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/19972
  • 06.37.59 - CVE: Not Available
  • Platform: Web Application
  • Title: WTools Common.PHP Remote File Include
  • Description: WTools is an integrated web log and link indexing system. It is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "include_path" variable of the "common.php" script. Version 0.0.1-ALPHA is affected.
  • Ref: http://www.securityfocus.com/bid/19962
  • 06.37.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Lotus Domino Web Access Session Hijacking
  • Description: IBM Lotus Domino Web Access is a web messaging and personal information management tool. It is vulnerable to a session hijacking issue because the application fails to invalidate a user session on the server. IBM Lotus Domino Web Access version 7.0.1 is vulnerable. Ref: http://www.fishnetsecurity.com/csirt/disclosure/ibm/IBM_LotusDWA.aspx
  • 06.37.61 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB XS Functions.PHP Remote File Include
  • Description: phpBB XS is a modification of the phpBB online bulletin board system. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/functions.php" script. Versions 0.58 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19961
  • 06.37.62 - CVE: Not Available
  • Platform: Web Application
  • Title: TWiki Viewfile Directory Traversal
  • Description: Twiki is an enterprise collaboration and knowledge management system. It is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input to the "filename" parameter of the "viewfile" script. Twiki versions 4.00 to 4.04 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19907
  • 06.37.63 - CVE: Not Available
  • Platform: Web Application
  • Title: DokuWiki Multiple Input Validation Vulnerabilities
  • Description: DokuWiki is a Wiki application. The application is prone to multiple input validation vulnerabilities because input to various scripts is not properly sanitized.
  • Ref: http://www.securityfocus.com/bid/19911
  • 06.37.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Photokorn Multiple Remote File Include Vulnerabilities
  • Description: Photokorn is a photo album application. It is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "dir_path" parameter of various scripts. Photokorn 1.52 is vulnerable to these issues.
  • Ref: http://www.securityfocus.com/bid/19914
  • 06.37.65 - CVE: Not Available
  • Platform: Web Application
  • Title: RaidenHTTPD Check.PHP Remote File Include
  • Description: RaidenHTTPD is a webserver for Windows. The administrative interface of RaidenHTTPD is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "SoftParserFileXml" parameter of "raidenhttpd-admin/slice/check.php". This issue affects version 1.1.49.
  • Ref: http://www.securityfocus.com/bid/19918
  • 06.37.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Pubcookie.Module Authentication Bypass
  • Description: The Pubcookie module for Drupal is an external user authentication module for Drupal. It is prone to an authentication bypass vulnerability because it fails to check unspecified, user-supplied input to the "pubcookie.module" file when authenticating a user. Version 4.6 CVS ID 1.2.2.4 2006/09/07 and version 4.7 CVS ID 1.2.2.4 2006/09/07 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/19920
  • 06.37.67 - CVE: Not Available
  • Platform: Web Application
  • Title: MKPortal Query String HTML Injection
  • Description: MKPortal is a content management system for the vBulletin package. The application is prone to an HTML injection vulnerability. Malicious input can be supplied through the query string of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/19923
  • 06.37.68 - CVE: CVE-2006-4625
  • Platform: Web Application
  • Title: PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development. It is prone to a "safe_mode" and "open_basedir" restriction bypass vulnerability that could allow an attacker to access sensitive information or write files in unauthorized locations. Versions 5.1.6, 4.4.4 and prior are reported to be vulnerable. Please see the advisory for further information.
  • Ref: http://www.securityfocus.com/bid/19933
  • 06.37.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Socketwiz Bookmarks Smarty_Config.PHP Remote File Include
  • Description: Socketwiz Bookmarks is affected by a remote file include issue due to insufficient sanitization of the "root_dir" parameter of the "smarty_config.php" script. Socketwiz Bookmarks versions 2.0 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/19935
  • 06.37.70 - CVE: Not Available
  • Platform: Web Application
  • Title: MCGalleryPRO Random2.PHP Remote File Include
  • Description: mcGalleryPRO is a web-based gallery script. It is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path_to_folder" variable of the "random2.php" script. Versions 2006 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/19936
  • 06.37.71 - CVE: CVE-2006-2216
  • Platform: Web Application
  • Title: Devsyn Open Bulletin Board Index.PHP Remote File Include
  • Description: Open Bulletin Board is a web-based bulletin board. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "root_path" parameter of the "index.php" script. Open Bulletin Board version 1.0.8 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19937
  • 06.37.72 - CVE: Not Available
  • Platform: Web Application
  • Title: PSYWERX PHP PUMA Remote File Include
  • Description: PSYWERX PHP PUMA is a web-based forum and content management system, implemented in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "$fpath" variable in "config.php". Version 1.0 RC2 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19940
  • 06.37.73 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPProg Multiple Input Validation Vulnerabilities
  • Description: PHPProg is a web-based photo album. It is affected by multiple local file include and cross-site scripting issues. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/19942
  • 06.37.74 - CVE: Not Available
  • Platform: Web Application
  • Title: SIPS Box.Inc.PHP Remote File Include
  • Description: SIPS is an integrated "weblog" and link indexing system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "config["sipssys"]" variable of the "box.inc.php" script. SIPS version 0.2.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/445770
  • 06.37.75 - CVE: Not Available
  • Platform: Web Application
  • Title: OPENi-CMS Fileloader.PHP Remote File Include
  • Description: OPENi-CMS is a web-based content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "config[openi_dir]" parameter of the "fileloader.php" script. OPENi-CMS version 1.0.1 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/19952
  • 06.37.76 - CVE: CVE-2006-4788
  • Platform: Web Application
  • Title: Telekorn Signkorn Guestbook Log.Inc.PHP Remote File Include
  • Description: SignKorn Guestbook is a website guestbook application implemented in PHP. The application is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input to the "dir_path" parameter in the "log.inc.php" script. Versions 1.3 and prior are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/19977
  • 06.37.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Vitrax Premodded Functions_Portal.PHP Remote File Include
  • Description: Vitrax Premodded is a preconfigured version of phpBB. It is prone to a remote file include vulnerability because it fails to properly sanitize user-supplied input to the "phpbb_root_path" variable of "functions_portal.php".
  • Ref: http://www.securityfocus.com/bid/19979
  • 06.37.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Quicksilver Forums Activeutil.PHP Remote File Include
  • Description: Quicksilver Forums is a web forum application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "set[include_path]" parameter of the "activeutil.php" script. Quicksilver Forums versions 1.2.0 and 1.2.1 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/19991
  • 06.37.79 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPUnity.Postcard PHPUnity-Postcard.PHP Remote File Include
  • Description: PHPUnity.Postcard is an integrated web log and link indexing system implemented in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "gallery_path" variable of "phpunity-postcard.php". All known versions are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/19993
  • 06.37.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Multiple Input Validation and Information Disclosure Vulnerabilities
  • Description: Moodle is a course management system (CMS) for online courseware and e-learning. It is affected by multiple cross-site scripting, SQL injection and information disclosure issues. Moodle version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/19995
  • 06.37.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Shadowed Portal Bottom.PHP Remote File Include
  • Description: Shadowed Portal is a content management system implemented in PHP. It is prone to a remote file include vulnerability due to insufficient input sanitization of the "root" parameter of "bottom.php". Versions 5.599 and prior are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20006
  • 06.37.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Vmist Downstat Remote File Include Vulnerabilities
  • Description: Vmist Downstat is a download counter application implemented in PHP. It is prone to remote file include vulnerabilities. Versions 1.8 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/20007
  • 06.37.83 - CVE: Not Available
  • Platform: Web Application
  • Title: NX5Linkx Link.PHP Directory Traversal
  • Description: NX5Linkx is a web-based indexing and categorizing application. It is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input to the "logo" parameter of the "link.php" script.
  • Ref: http://www.securityfocus.com/bid/20008
  • 06.37.84 - CVE: CVE-2006-4503 CVE-2006-4504 CVE-2006-4505
  • Platform: Web Application
  • Title: NX5Linkx Links.PHP HTTP Response Splitting
  • Description: NX5Linkx is a web-based indexing and categorizing application. It is vulnerable to an HTTP response splitting issue due to insufficient sanitization of user-supplied input to the "url" parameter of the "links.php" script before using it to create dynamic content. NX5Linkx version 1.0 is vulnerable.
  • Ref: http://evuln.com/vulns/138/summary.html
  • 06.37.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Reamday Enterprises Magic News Pro News_page.PHP Remote File Include
  • Description: Magic News Pro is a web-based news management application implemented in PHP. It is prone to a remote file include vulnerability due to insufficient sanitization of the "script_path" parameter of "scripts/news_page.php". Version 1.0.3 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/20014
  • 06.37.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Serverstat Component Install.Serverstat.PHP Remote File Include
  • Description: Serverstat is a component for Mambo CMS that allows you to view how many servers are online. It is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "install.serverstat.php" script. Versions 0.4.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/20018
  • 06.37.87 - CVE: Not Available
  • Platform: Web Application
  • Title: ActiveCampaign KnowledgeBuilder Remote File Include
  • Description: KnowledgeBuilder is a web-based application for managing articles and FAQs. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "visEdit_root" parameter of the "admin/e_data/visEdit_control.class.php" script. ActiveCampaign KnowledgeBuilder version 2.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/20020
  • 06.37.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Tagger LE Multiple PHP Code Injection Vulnerabilities
  • Description: Tagger LE is a web chat application. It is prone to multiple vulnerabilities that may allow remote attackers to inject arbitrary PHP code through the query string of the "tags.php", "sign.php" and "admin/index.php" scripts.
  • Ref: http://www.securityfocus.com/bid/20023
  • 06.37.89 - CVE: Not Available
  • Platform: Web Application
  • Title: DCP-Portal Multiple Input Validation Vulnerabilities
  • Description: DCP-Portal is a content management system. It is affected by multiple cross-site scripting, SQL injection and remote file includes vulnerabilities. DCP-Portal version 6.0 standard edition is affected.
  • Ref: http://www.securityfocus.com/bid/20024
  • 06.37.90 - CVE: CVE-2006-4263
  • Platform: Network Device
  • Title: VirtueMart MosConfig_Absolute_Path Parameter Remote File Include
  • Description: VirtueMart is an e-commerce tool for the Mambo content management system, implemented in PHP. The application is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "mosConfig_absolute_path" variable of the "worldpay_notify.php" script.
  • Ref: http://www.securityfocus.com/archive/1/445739
  • 06.37.91 - CVE: Not Available
  • Platform: Hardware
  • Title: Verso NetPerformer Frame Relay Access Device ICMP Denial of Service
  • Description: Verso NetPerformer Frame Relay Access Device (FRAD) is a switching and routing device used to interconnect WAN segments over frame relay or ATM. It is exposed to a denial of service issue. Please refer to the link below for further details.
  • Ref: http://www.cert.org/advisories/CA-1997-28.html

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

It was, overall, the most in-depth training on securing Windows I've attended!
-Matt Hurst, Madison City Schools

vLive! SEC560 February 16-April 1

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT