The SANS Institute <ConsensusSecurityVulnerabilityAlert@sans.org> wrote:
Date: Tue, 13 Mar 2007 0:30:17 +0000
From: The SANS Institute <ConsensusSecurityVulnerabilityAlert@sans.org>
Subject: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 11
To: <jain.suyash@yahoo.co.in>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apple QuickTime, for both Windows and Mac/OS provides a new vector for
attackers to use - because once installed, it opens QuickTime content
in web pages (malicious or not) without even asking the user for
permission. Novell NetMail also has a newly discovered root compromise
vulnerability.
************************************************************
@RISK: The Consensus Security Vulnerability Alert
March 12, 2007 Vol. 6. Week 11
************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1
Third Party Windows Apps 4 (#4)
Mac Os 4
Linux 4
BSD 1
Solaris 1
Unix 5
Novell 1
Cross Platform 31 (#1, #2, #3, #5)
Web Application - Cross Site Scripting 5
Web Application - SQL Injection 6
Web Application 24
Network Device 1
************************** Sponsored Link: *****************************
1) Two Summits, one on Log Management and one on Laptop Encryption -
What to buy, how to avoid the career damaging mistakes - featuring users
sharing lessons learned and vendors of the products that should be on
your short list.
Encryption: http://www.sans.org/encryptionsummit07/
Log Management: http://www.sans.org/logmgtsummit07/
2) SANS Tool Talk Webcast "If I'd Only Known: Benefits of Advanced
Correlation" sponsored by ArcSight. Register Today and Listen to the
archive!
http://www.sans.org/info/4441
*************************************************************************
Table of Contents
Part I - Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(2) HIGH: Novell Netmail WebAdmin Buffer Overflow
(3) MODERATE: Asterisk SIP Channel Handler Denial-of-Service
(4) MODERATE: Ipswitch Collaboration Suite and IMail Multiple ActiveX Component Vulnerabilities
(5) LOW: Mozilla-based Browser Arbitrary JavaScript Code Execution
Part II - Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
-- Windows
07.11.1 - Microsoft Windows ole32.dll Word Document Handling Denial of Service
-- Third Party Windows Apps
07.11.2 - Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service
07.11.3 - Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
07.11.4 - RealMedia RealPlayer Ierpplug.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
07.11.5 - MailEnable Append Remote Buffer Overflow
-- Mac Os
07.11.6 - Apple QuickTime MOV File Heap Overflow
07.11.7 - Apple Quicktime UDTA ATOM Integer Overflow
07.11.8 - Apple QuickTime Color Table ID Heap Overflow
07.11.9 - Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
-- Linux
07.11.10 - Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow
07.11.11 - Util-Linux Umount Filesystem NULL Pointer Dereference
07.11.12 - Linux Kernel Sys_Tee Local Privilege Escalation
07.11.13 - GnuPG Signed Message Arbitrary Content Injection
-- BSD
07.11.14 - NetBSD KTRUser Integer Overflow
-- Solaris
07.11.15 - Sun Ipmitool Interface Remote Unauthorized Access
-- Unix
07.11.16 - Radscan Conquest Multiple Remote Vulnerabilities
07.11.17 - Mutt GnuPG Arbitrary Content Injection
07.11.18 - Sylpheed GnuPG Arbitrary Content Injection
07.11.19 - KMail GnuPG Arbitrary Content Injection
07.11.20 - Gnome Evolution GnuPG Arbitrary Content Injection
-- Novell
07.11.21 - Novell NetMail Multiple Buffer Overflow Vulnerabilities
-- Cross Platform
07.11.22 - Fish Multiple Remote Buffer Overflow Vulnerabilities
07.11.23 - PHP Zip URL Wrapper Stack Buffer Overflow
07.11.24 - PHP Import_Request_Variables Arbitrary Variable Overwrite
07.11.25 - Mozilla Firefox Document.Cookie Path Argument Denial of Service
07.11.26 - Snort Inline Fragmentation Denial of Service
07.11.27 - Avaya System Products Shell Command Injection Vulnerabilities
07.11.28 - Avaya Communications Manager Javascript Remote Code Execution
07.11.29 - PHP Shared Memory Functions Resource Verification Arbitrary Code Execution
07.11.30 - PHP 5 Substr_Compare Integer Overflow
07.11.31 - Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow
07.11.32 - Silc Server New Channel Remote Denial of Service
07.11.33 - Apache mod_python Output Filter Mode Information Disclosure
07.11.34 - Asterisk SIP Channel Driver Remote Denial of Service
07.11.35 - Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
07.11.36 - PHP4 Ovrimos Extension Code Execution
07.11.37 - Mod_Security ASCIIZ Byte POST Bypass
07.11.38 - PHP MySQL_Connect Local Buffer Overflow
07.11.39 - Mozilla Firefox Javascript URI Remote Code Execution
07.11.40 - GNUMail.App GnuPG Arbitrary Content Injection
07.11.41 - Enigmail GnuPG Arbitrary Content Injection
07.11.42 - PuTTY Puttygen Insecure Private Key File Permissions
07.11.43 - KDE Konqueror JavaScript IFrame Denial of Service
07.11.44 - Zend Platform PHP.INI File Modification
07.11.45 - PHP PHPInfo Cross-Site Scripting Variant
07.11.46 - PHP PHP_Binary Heap Information Leak
07.11.47 - PHP WDDX Session Deserialization Information Leak
07.11.48 - PHP WDDX_Deserialize Buffer Overflow
07.11.49 - Kaspersky AntiVirus UPX File Decompression Remote Denial of Service
07.11.50 - WebMod Content Length Stack Buffer Overflow
07.11.51 - EMC NetWorker Management Console Remote Authentication Bypass
07.11.52 - Apache Tomcat Mod_JK.SO Arbitrary Code Execution
-- Web Application - Cross Site Scripting
07.11.53 - Trac Download Function Cross-Site Scripting
07.11.54 - dynaliens Multiple Cross-Site Scripting Vulnerabilities
07.11.55 - Lazarus Guestbook Multiple Unspecified Cross-Site Scripting Vulnerabilities
07.11.56 - vCard Pro create.php Cross-Site Scripting
07.11.57 - VirtueMart Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
07.11.58 - GaziYapBoz Game Portal kategori.asp SQL Injection
07.11.59 - SQL-Ledger/LedgerSMB Remote Code Execution
07.11.60 - Monitor-Line Links Management index.php SQL Injection
07.11.61 - LI-Guestbook guestbook.php SQL injection
07.11.62 - Rigter Portal System Categoria index.php SQL Injection
07.11.63 - Multiple AJ Square Products SQL Injection Vulnerabilities
-- Web Application
07.11.64 - Computer Associates eTrust Admin GINA Module Unspecified Privilege Escalation
07.11.65 - LedgerSMB Unspecified Password Check
07.11.66 - Dynaliens validlien.php3 Remote Authentication Bypass
07.11.67 - netForo down.php Local File Include
07.11.68 - Webo foldertree.php Remote File Include
07.11.69 - Flat Chat startsession.php Remote PHP Code Execution
07.11.70 - Drupal Project Issue Tracking Parameter Handling Security Bypass
07.11.71 - Snitz Forums 2000 pop_profile.asp HTML Injection
07.11.72 - Ipswitch IMail Server/Collaboration Suite Multiple Unspecified Buffer Overflow Vulnerabilities
07.11.73 - Drupal Nodefamily Module Security Bypass
07.11.74 - PostGuestbook header.php Remote File Include
07.11.75 - WebCalendar Certain Variable Overwrite
07.11.76 - SnapGear Unspecified Denial of Service
07.11.77 - phpMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service
07.11.78 - ePortfolio Client Side Input Validation
07.11.79 - Sava's Guestbook Multiple Input Validation Vulnerabilities
07.11.80 - Simple Invoices PDF Print Preview Security Bypass
07.11.81 - RRDBrowse File Parameter Directory Traversal
07.11.82 - News-Letterman Sqllog Remote File Include
07.11.83 - Woltlab Burning Board Multiple HTML Injection Vulnerabilities
07.11.84 - webSPELL Multiple Input Validation Vulnerabilities
07.11.85 - Tyger Bug Tracking System Multiple Input Validation Vulnerabilities
07.11.86 - Bernard Joly Webring HTML Injection
07.11.87 - Mani Stats Reader Index.PHP Remote File Include
-- Network Device
07.11.88 - IBM ThinkPad Intel PRO/1000 LAN Adapter Software Unspecified
***********************************************************************
PART I - Critical Vulnerabilities
Part I for this issue has been compiled by Rob King and Rohit Dhamankar
at TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.1.5
Description: Apple QuickTime, Apple's streaming media framework,
contains multiple vulnerabilities in handling various file formats.
Certain specially-crafted image and movie files could exploit these
vulnerabilities, and execute arbitrary code with the privileges of the
QuickTime user. Note that QuickTime content in web pages is opened by
default if the QuickTime player is installed, allowing malicious web
pages to exploit this vulnerability. Some technical details for these
vulnerabilities are publicly available. These issues affect both the
Microsoft Windows and Mac OS X versions of QuickTime.
Status: Apple confirmed, updates available. The updates are
automatically available via Apple's Software Update facility.
Council Site Actions: Two of the responding council sites are using the
affected software. One site has already deployed the updates. The other
site does not install this software by default, but said that the
automatic update feature should update systems for those who have
installed the software on their own.
References:
Apple Security Advisories
http://docs.info.apple.com/article.html?artnum=61798
http://docs.info.apple.com/article.html?artnum=305149
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-010.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Nevis Labs Security Advisory
http://www.securityfocus.com/archive/1/461999
Piotr Bania Advisory
http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
QuickTime Developer Documentation (contains technical information about various QuickTime file and stream formats)
http://developer.apple.com/quicktime/
Product Home Page
http://www.apple.com/quicktime/
SecurityFocus BIDs
http://www.securityfocus.com/bid/22844
****************************************************************
(2) HIGH: Novell Netmail WebAdmin Buffer Overflow
Affected:
Novell NetMail version 3.5.2 and possibly prior
Description: Novell Netmail, a popular enterprise mail solution,
contains a stack-based buffer overflow in its web-based administration
interface. The overflow can be triggered by an overlong username (longer
than 213 bytes), and successfully exploited to execute arbitrary code
with the privileges of the web administration process. Note that the web
interface runs on TCP port 89 and is enabled by default. Technical
details for this vulnerability are publicly available. Users are advised
to block access to TCP port 89 at the network perimeter, if possible.
Status: Novell confirmed, updates available.
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Novell Advisory and Update
http://download.novell.com/Download?buildid=sMYRODW09pw
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-009.html
Product Home Page
http://www.novell.com/products/netmail
SecurityFocus BID
http://www.securityfocus.com/bid/22857
****************************************************************
(3) MODERATE: Asterisk SIP Channel Handler Denial-of-Service
Affected:
Asterisk versions prior to 1.2.16 and 1.4.1
Description: Asterisk, a popular open source Voice-over-IP (VoIP)
solution, contains a denial-of-service condition. A specially-crafted
Session Initiation Protocol (SIP) request to a vulnerable Asterisk
server could trigger this condition. Successfully exploiting this
condition could lead to phone system outages or other phone system
instabilities. A working exploit and technical details for this
vulnerability are publicly available.
Status: Asterisk confirmed, updates available.
References:
Asterisk Release Announcements
http://asterisk.org/node/48319
http://asterisk.org/node/48320
Mu Security Advisory
http://labs.musecurity.com/advisories/MU-200703-01.txt
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/Asterisk-sip-DoS_rexp.c
Asterisk Home Page
http://www.asterisk.org
SecurityFocus BID
http://www.securityfocus.com/bid/22838
****************************************************************
(4) MODERATE: Ipswitch Collaboration Suite and IMail Multiple ActiveX
Component Vulnerabilities
Affected:
Ipswitch IMail 2006, including the Premium and Plus versions
Ipswitch Collaboration Suite Standard 2006
Description: Ipswitch Collaboration Suite and Ipswitch IMail, two
popular mail and groupware products for Microsoft Windows, contain
multiple vulnerabilities. These vulnerabilities exist in three ActiveX
components utilized by the software: "IMAILAPILib.IMailServer",
"IMAILAPILib.IMailLDAPService", and "IMAILAPILib.IMailUserCollection".
A malicious web page that instantiates these components could exploit
buffer overflows to execute arbitrary code with the privileges of the
current user. These components will likely be installed only on the
system running the mail or collaboration server. Note that some
technical details about these vulnerabilities are publicly available,
and that reusable exploit code for ActiveX components exists.
Status: Ipswitch confirmed, updates available. Users can mitigate the
impact of these vulnerabilities by disabling the vulnerable controls via
Microsoft's "kill bit" mechanism for the following CLSIDs:
"302397C2-8501-11D4-8D29-00010245C51E",
"302397D6-8501-11D4-8D29-00010245C51E",
"889558D4-CE9A-4A1B-B88A-AF7774A80E25".
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Ipswitch Knowledge Base Article
http://support.ipswitch.com/kb/IM-20070305-JH01.htm
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/22852
****************************************************************
(5) LOW: Mozilla-based Browser Arbitrary JavaScript Code Execution
Affected:
Mozilla Firefox versions 1.5.0.9 and 2.0.0.1
Mozilla SeaMonkey version 1.0.7
Description: Browsers based on the Mozilla code base, including Mozilla
Firefox and the browser component of Mozilla SeaMonkey, contain an
arbitrary JavaScript execution vulnerability. A malicious web page
containing a specially-crafted "IMG" tag with a "javascript:" URL in its
"SRC" attribute could execute arbitrary JavaScript without the user's
knowledge. Note that the script code is executed even if the user has
disabled JavaScript in the browser's settings. Note that this
vulnerability was introduced as a side effect of the fix for Mozilla
vulnerability MFSA 2006-72; only browsers that have been patched against
that vulnerability are vulnerable.
Status: Mozilla confirmed, updates available.
Council Site Actions: Two if the responding council sites are using the
affected software. One site has already deployed the updates. The other
site does not install this software by default, but said that automatic
update feature should update for those who have installed it on their
own.
References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
SecurityFocus BID
http://www.securityfocus.com/bid/22826
***********************************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 11 2007
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5397 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
07.11.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows ole32.dll Word Document Handling Denial of
Service
Description: The Microsoft ole32.dll library is exposed to a denial
of service issue. The issue manifests when the library handles
document (.doc) files containing malformed pointer values. Software
that is linked to the ole32.dll versions that reside on Microsoft
Windows 2000 SP4 FR and XP SP2 FR platforms are affected.
Ref: http://www.securityfocus.com/bid/22847
______________________________________________________________________
07.11.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service
Description: Acrobat Reader is exposed to a denial of service issue
because the application fails to handle exceptional condition when the
"search" parameter is supplied with an excessively large argument.
Acrobat Reader version 8.0 is affected.
Ref: http://www.securityfocus.com/bid/22856
______________________________________________________________________
07.11.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control
Remote Denial of Service Vulnerabilities
Description: Macromedia Shockwave is exposed to multiple denial of
service issues when certain variables of the vulnerable control are
assigned an excessively long string. Macromedia Shockwave 10.1.4.20 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.11.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealMedia RealPlayer Ierpplug.DLL ActiveX Control Multiple
Buffer Overflow Vulnerabilities
Description: RealPlayer ActiveX control allows users to stream various
media files through their web browser. The application is exposed to
multiple buffer overflow issues because it fails to properly bounds
check user-supplied data before copying it to an insufficiently
sized buffer. RealPlayer ActiveX control version 10.5 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.11.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailEnable Append Remote Buffer Overflow
Description: MailEnable is a commercially available mail server. The
application is exposed to a buffer overflow issue in the IMAP service
because the application fails to properly bounds check user-supplied
input and fails to handle excessively long APPEND commands. MailEnable
Professional versions 2.37, 2.35, 2.33, 2.32 are affected.
Ref: http://www.securityfocus.com/bid/22792
______________________________________________________________________
07.11.6 CVE: CVE-2007-0713
Platform: Mac Os
Title: Apple QuickTime MOV File Heap Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is prone to a heap overflow issue
because it fails to properly check boundaries on user-supplied data.
QuickTime 7.1 is affected.
Ref: http://docs.info.apple.com/article.html?artnum=305149
______________________________________________________________________
07.11.7 CVE: CVE-2007-0714
Platform: Mac Os
Title: Apple Quicktime UDTA ATOM Integer Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. The application is exposed to an
integer overflow issue when processing specially crafted MOV files.
Specifying a large "udta" (user data atom) Atom size can
result in an insufficiently-sized heap buffer allocation. This can be
leveraged to overwrite heap memory during a RtlAllocateHeap()
routine. Versions prior to 7.1.5 are affected.
Ref: http://docs.info.apple.com/article.html?artnum=305149
______________________________________________________________________
07.11.8 CVE: CVE-2007-0718
Platform: Mac Os
Title: Apple QuickTime Color Table ID Heap Overflow
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. QuickTime is exposed to a heap
overflow issue because it fails to perform adequate bounds checking on
user-supplied data. QuickTime 7.1.3 is affected.
Ref: http://www.kb.cert.org/vuls/id/313225
______________________________________________________________________
07.11.9 CVE: CVE-2007-0711, CVE-2007-0712, CVE-2007-0713,
CVE-2007-0714, CVE-2007-0715, CVE-2007-0716, CVE-2007-0717,
CVE-2007-0718
Platform: Mac Os
Title: Apple QuickTime Multiple Unspecified Code Execution
Vulnerabilities
Description: QuickTime Player is the media player distributed by Apple
for QuickTime and other media files. The application is exposed to
multiple unspecified remote code execution issues because it fails to perform
boundary checks prior to copying user-supplied data into sensitive
process buffers. QuickTime versions prior to 7.1.5 are vulnerable.
Ref: http://www.securityfocus.com/bid/22827
______________________________________________________________________
07.11.10 CVE: CVE-2007-0005
Platform: Linux
Title: Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow
Description: The Omnikey CardMan 4040 is a PCMCIA smart card reader.
The application is exposed to a local buffer overflow issue because it
fails to properly bounds check user-supplied input before using it in
a memory copy operation that affects the "cm4040_write()" and
"cm4040_read()" functions of the "drivers/char/pcmcia/cm4040_cs.c"
source file. Linux kernel versions prior to 2.6.21-rc3 are affected.
Ref: http://www.securityfocus.com/bid/22870/info
______________________________________________________________________
07.11.11 CVE: CVE-2007-0822
Platform: Linux
Title: Util-Linux Umount Filesystem NULL Pointer Dereference
Description: Util-Linux is a freely available, open source software
package that provides implementations of standard UNIX utilities, such
as mount and umount. The application is exposed to a NULL pointer
dereference that results in a denial of service condition due to
segmentation fault and may potentially lead to the disclosure of
sensitive information. Util-Linux Umount implemented on Linux kernel
2.6.15 is affected.
Ref: http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0012.html
______________________________________________________________________
07.11.12 CVE: Not Available
Platform: Linux
Title: Linux Kernel Sys_Tee Local Privilege Escalation
Description: The Linux kernel is susceptible to a local privilege
escalation issue. This issue occurs due to a race condition in the
"sys_tee()" function in the "fs/splice.c" source file. Linux kernel
2.6.17.6 and prior versions are affected.
Ref: http://www.securityfocus.com/bid/22823
______________________________________________________________________
07.11.13 CVE: CVE-2007-1263
Platform: Linux
Title: GnuPG Signed Message Arbitrary Content Injection
Description: GNU Privacy Guard (GnuPG) is an open-source encryption
application available for numerous platforms. GnuPG is prone to a
weakness that may allow an attacker to add arbitrary content into a
message without the end user knowing. RedHat Enterprise Linux WS 4 and
earlier versions are affected.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.14 CVE: CVE-2007-1273
Platform: BSD
Title: NetBSD KTRUser Integer Overflow
Description: NetBSD is exposed to a local integer overflow issue
because it fails to properly bounds check the length of an
unspecifiecd parameter of the "ktruser()" function, which is used in
code for FreeBSD and Darwin compatibility. NetBSD 4.0-current and
prior versions are affected.
Ref: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc
______________________________________________________________________
07.11.15 CVE: Not Available
Platform: Solaris
Title: Sun Ipmitool Interface Remote Unauthorized Access
Description: Sun Ipmitool is prone to a remote unauthorized access
vulnerability. Sun Fire X2100M2 and Sun Fire X2200M2 without BMC/SP
Firmware 2.9 are affected. Please refer to the advisory for further
details.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102828-1&searchclause=
______________________________________________________________________
07.11.16 CVE: Not Available
Platform: Unix
Title: Radscan Conquest Multiple Remote Vulnerabilities
Description: Conquest is a multi-player space warfare game available
for Unix-like operating systems. The application is exposed to
multiple remote issues because the application fails to bounds check
user-supplied data before copying it into an insufficiently-sized
buffer. Conquest version 8.2a is affected.
Ref: http://www.securityfocus.com/archive/1/462184
______________________________________________________________________
07.11.17 CVE: CVE-2007-1268
Platform: Unix
Title: Mutt GnuPG Arbitrary Content Injection
Description: Mutt is an open-source text-based email client. The
application is exposed to an issue that may allow an attacker to add
arbitrary content into a message without the end user knowing. This
issue affects Mutt versions prior to and including 1.5.13.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.18 CVE: CVE-2007-1267
Platform: Unix
Title: Sylpheed GnuPG Arbitrary Content Injection
Description: Sylpheed is an email client based on GTK+. The
application is exposed to an issue that may allow an attacker to add
arbitrary content into a message without the end user knowing. This
issue affects Sylpheed versions prior to and including 2.2.7.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.19 CVE: CVE-2007-1265
Platform: Unix
Title: KMail GnuPG Arbitrary Content Injection
Description: KMail is a mail client for the KDE desktop environment.
The application is exposed to an issue that may allow an attacker to
add arbitrary content into a message without the end user knowing.
This issue affects KMail versions prior to and including 1.9.5.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.20 CVE: CVE-2007-1266
Platform: Unix
Title: Gnome Evolution GnuPG Arbitrary Content Injection
Description: GNOME Evolution is an email client for the GNOME desktop.
Evolution is prone to a vulnerability that may allow an attacker to
add arbitrary content into a message without the end user knowing.
This issue affects KMail versions prior to and including 2.8.1.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.21 CVE: CVE-2007-1350
Platform: Novell
Title: Novell NetMail Multiple Buffer Overflow Vulnerabilities
Description: Novell NetMail is a commercially available email and
calendar system. The application is exposed to multiple remotely
exploitable buffer overflow issues because it fails to do proper
bounds checking on user-supplied input. Novell NetMail version 3.52
A, B, C, C1, D, e-ftfl are affected.
Ref: http://www.kb.cert.org/vuls/id/919369
______________________________________________________________________
07.11.22 CVE: Not Available
Platform: Cross Platform
Title: Fish Multiple Remote Buffer Overflow Vulnerabilities
Description: FiSH is a plugin for Internet Relay Chat (IRC) clients
that implements secure communication. The application is exposed to
multiple remote buffer overflow issues because it fails to bounds
check "decrypt_topic_332()", "nick_changed()", "notice_received()",
and "ExtractRnick()", when copying user-supplied data from the "word"
parameter into an inadequately sized buffer. FiSH for XChat version
0.98, for mIRC version 1.29, and for irssi version 0.99 are affected.
Ref: http://www.securityfocus.com/bid/22880
______________________________________________________________________
07.11.23 CVE: Not Available
Platform: Cross Platform
Title: PHP Zip URL Wrapper Stack Buffer Overflow
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is prone to a remote stack-based buffer overflow issue
because the "zip://" URL wrapper fails to properly bounds check
user-supplied input before copying it to an insufficiently-sized
memory buffer. PHP version 5.2.0 and PHP with PECL ZIP 1.8.3 are
affected.
Ref: http://www.php-security.org/MOPB/MOPB-16-2007.html#notes
______________________________________________________________________
07.11.24 CVE: Not Available
Platform: Cross Platform
Title: PHP Import_Request_Variables Arbitrary Variable Overwrite
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to an issue that permits an attacker to
overwrite arbitrary variables due to a design flaw in the
"import_request_variables()" function. PHP versions 4.0.7 to 5.2.1 are affected.
Ref: http://www.wisec.it/vulns.php?id=10
______________________________________________________________________
07.11.25 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Document.Cookie Path Argument Denial of Service
Description: Mozilla Firefox is exposed to a remote denial of service
issue. Mozilla Firefox version 2.0.0.2 is affected. Please refer to
the advisory for further details.
Ref: http://www.securityfocus.com/bid/22879
______________________________________________________________________
07.11.26 CVE: Not Available
Platform: Cross Platform
Title: Snort Inline Fragmentation Denial of Service
Description: Snort is a freely available, open-source NID system. The
application is exposed to a denial of service issue because the
network intrusion detection (NID) system fails to handle specially
crafted network packets. Snort versions 2.6.1.1, 2.6.1.2 and
2.7.0(beta) are affected.
Ref: http://www.securityfocus.com/bid/22872
______________________________________________________________________
07.11.27 CVE: Not Available
Platform: Cross Platform
Title: Avaya System Products Shell Command Injection Vulnerabilities
Description: Avaya System Products are prone to unspecified shell
command injection issues. Specific Avaya products that contain
maintenance web pages may allow authenticated users to issue shell
commands through their HTTP interface. Avaya SES devices (all
versions), and all versions of Avaya S8700, S8500, and S8300 products
prior to CM 3.1.3 are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm
______________________________________________________________________
07.11.28 CVE: Not Available
Platform: Cross Platform
Title: Avaya Communications Manager Javascript Remote Code Execution
Description: Avaya Communications Manager is exposed to a remote
Javascript code execution issue due to a design error which occurs
because of a regression that allows web content to execute arbitrary
Javascript code. All versions of Avaya S8700, S8500, and S8300 products
prior to CM 3.1.3 are affected.
Ref: http://www.securityfocus.com/bid/22866
______________________________________________________________________
07.11.29 CVE: Not Available
Platform: Cross Platform
Title: PHP Shared Memory Functions Resource Verification Arbitrary
Code Execution
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP shared memory functions (shmop) are prone to an arbitrary code
execution issue because the shared memory functions fail to verify the
type of resources that are being used. Therefore it is possible for
the functions to call wrong resource types containing user-supplied
data. PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1
are affected.
Ref: http://www.php-security.org/MOPB/MOPB-15-2007.html
______________________________________________________________________
07.11.30 CVE: Not Available
Platform: Cross Platform
Title: PHP 5 Substr_Compare Integer Overflow
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The PHP 5 "substr_compare()" function is exposed to an integer overflow
issue because it fails to ensure that integer values are not overrun.
Versions of PHP 5 up to version 5.2.1 are affected.
Ref: http://www.php-security.org/MOPB/MOPB-14-2007.html
______________________________________________________________________
07.11.31 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow
Description: Thunderbird is an email application and Seamonkey is a
suite of applications including email. Thunderbird and Seamonkey are
exposed to an integer overflow issue because they fail to handle
excessively large, specially formatted email messages. This issue
affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions
prior to 1.0.8.
Ref: http://www.mozilla.org/security/announce/2007/mfsa2007-10.html
______________________________________________________________________
07.11.32 CVE: Not Available
Platform: Cross Platform
Title: Silc Server New Channel Remote Denial of Service
Description: Silc server provides system administrators the ability to
easily and quickly set up a new SILC network. The application is exposed
to a denial of service issue because the application fails to handle
exceptional conditions. Version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/22846
______________________________________________________________________
07.11.33 CVE: CVE-2004-2680
Platform: Cross Platform
Title: Apache mod_python Output Filter Mode Information Disclosure
Description: Apache's mod_python is a module that allows the webserver
to interpret Python scripts. The application is exposed to an
information disclosure issue because the module fails to handle output
filter data containing more than 16384 bytes. Apache mod_python versions 3.1.3, 3.1.4, 3.0.3 and 3.0.4 are affected.
Ref: http://www.securityfocus.com/bid/22849/info
______________________________________________________________________
07.11.34 CVE: Not Available
Platform: Cross Platform
Title: Asterisk SIP Channel Driver Remote Denial of Service
Description: Asterisk is a private branch exchange (PBX) application.
The application is exposed to a remote denial of service issue. The
problem occurs in the "channels/chan_sip.c" SIP channel driver when
handling malformed requests sent through UDP port 5060. Asterisk
versions prior to 1.2.16 and 1.4.1 are affected.
Ref: http://www.kb.cert.org/vuls/id/228032
______________________________________________________________________
07.11.35 CVE: Not Available
Platform: Cross Platform
Title: Ezstream XML Config File Multiple Buffer Overflow
Vulnerabilities
Description: Ezstream is an open-source command line client
application for Icecast media streaming servers. It is exposed to
multiple buffer overflow issues because it fails to properly bounds
check user-supplied data before copying it to an insufficiently-sized
memory buffer. Versions prior to 0.3.0 are affected.
Ref: http://www.securityfocus.com/bid/22840/info
______________________________________________________________________
07.11.36 CVE: Not Available
Platform: Cross Platform
Title: PHP4 Ovrimos Extension Code Execution
Description: PHP4 is exposed to a code execution issue due to a design
error in a vulnerable extension. PHP versions prior to 4.4.5 with a
compiled "Ovrimos SQL Server Extension" are vulnerable to this issue.
Ref: http://www.php-security.org/MOPB/MOPB-13-2007.html
______________________________________________________________________
07.11.37 CVE: Not Available
Platform: Cross Platform
Title: Mod_Security ASCIIZ Byte POST Bypass
Description: Mod_security is a web application firewall implemented as
an Apache HTTP server module. The application is exposed to a POST
parsing bypass issue which allows an attacker to bypass mod_security
restrictions and successfully submit malicious input to mod_security
protected sites. All iterations of mod_security below 2.1.0 are
affected.
Ref: http://www.php-security.org/MOPB/BONUS-12-2007.html
______________________________________________________________________
07.11.38 CVE: Not Available
Platform: Cross Platform
Title: PHP MySQL_Connect Local Buffer Overflow
Description: PHP is a free and widely used Web page development
language. The application is exposed to a local buffer overflow issue
due to a failure in the application to perform proper bounds checks on
user-supplied data before using it in a finite-sized buffer. PHP for
Microsoft Windows versions prior to 4.4.6 are affected.
Ref: http://www.securityfocus.com/bid/22832
______________________________________________________________________
07.11.39 CVE: CVE-2007-0994
Platform: Cross Platform
Title: Mozilla Firefox Javascript URI Remote Code Execution
Description: Mozilla Firefox is prone to a remote code execution issue
due to a design error. The vulnerability exists because of a
regression which allows web content to execute arbitrary code. It can
be exploited by setting the "SRC" attribute of an "IMG" tag to a
specific javascript URI. Mozilla SeaMonkey 1.0.7, Mozilla Firefox 2.0
.1 and 1.5.0.9 are affected.
Ref: http://www.securityfocus.com/bid/22826
______________________________________________________________________
07.11.40 CVE: CVE-2007-1269
Platform: Cross Platform
Title: GNUMail.App GnuPG Arbitrary Content Injection
Description: GNUMail.app is a clone of the NeXT Mail.app application. It
uses the GNUstep development framework. The appplication is exposed to
an issue that may allow an attacker to add arbitrary content into a
message without the end user knowing. GNUMail.app versions prior to
and including 1.1.2 are affected.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.41 CVE: Not Available
Platform: Cross Platform
Title: Enigmail GnuPG Arbitrary Content Injection
Description: Enigmail is an extension to the mail client of
Mozilla/Netscape and of Mozilla Thunderbird. The application is
exposed to an issue that may allow an attacker to add arbitrary
content into a message without the end user knowing. This issue
affects Enigmail versions prior to and including 0.94.2.
Ref: http://www.securityfocus.com/archive/1/461958
______________________________________________________________________
07.11.42 CVE: Not Available
Platform: Cross Platform
Title: PuTTY Puttygen Insecure Private Key File Permissions
Description: PuTTY is an xterm terminal and SSH implementation. The
application is exposed to an insecure file permission issue due to a
design flaw in the affected application. PuTTY version 0.58-5 on Debian
Linux is affected.
Ref: http://www.securityfocus.com/bid/22809
______________________________________________________________________
07.11.43 CVE: Not Available
Platform: Cross Platform
Title: KDE Konqueror JavaScript IFrame Denial of Service
Description: Konqueror is a web browser included with the KDE desktop
manager. The application is prone to a remote denial of service issue
because of an error in the KDE JavaScript implementation. Specifically,
the browser will crash when the browser runs a JavaScript routine which
reads a child iframe "src" parameter containing an FTP URI. The version
of Konqueror included with KDE version 3.5.5 is affected.
Ref: http://www.securityfocus.com/archive/1/461897
______________________________________________________________________
07.11.44 CVE: Not Available
Platform: Cross Platform
Title: Zend Platform PHP.INI File Modification
Description: The Zend Platform is a PHP application server. The
application is exposed to an issue that may allow local attackers to modify
the PHP configuration file (php.ini). This issue occurs because the
application is installed with an ini_modifier program that may be
executed by local users to change the configuration file. The Zend
Platform versions 2.2.1 and 2.2.1(a) are affected.
Ref: http://www.php-security.org/MOPB/BONUS-07-2007.html
______________________________________________________________________
07.11.45 CVE: Not Available
Platform: Cross Platform
Title: PHP PHPInfo Cross-Site Scripting Variant
Description: PHP is a freely available, open-source web scripting
language package. The application is prone to a cross-site scripting issue
as it fails to properly sanitize user-supplied input to scripts
containing the "phpinfo()" function. PHP versions 4.4.3, 4.4.4, 4.4.5
and 4.4.6 are affected.
Ref: http://www.php-security.org/MOPB/MOPB-08-2007.html
______________________________________________________________________
07.11.46 CVE: Not Available
Platform: Cross Platform
Title: PHP PHP_Binary Heap Information Leak
Description: PHP contains a serialization handler called "php_binary"
as part of its session extension. The "php_binary" serialization
handler is prone to a heap information leak because of a missing
boundary check in the extraction of variable names. PHP4 versions
prior to 4.4.5 and PHP5 versions prior to 5.2.1 are affected.
Ref: http://www.securityfocus.com/bid/22805
______________________________________________________________________
07.11.47 CVE: CVE-2007-0908
Platform: Cross Platform
Title: PHP WDDX Session Deserialization Information Leak
Description: PHP WDDX extension contains a serialization handler that
provides support for the WDDX data format. The serialization handler
of the WDDX extension is exposed to a stack information leak. The
vulnerability arises because of an improper initialization of a
"key_length" variable. PHP4 versions prior to 4.4.5 and PHP5 versions
prior to 5.2.1 are affected.
Ref: http://www.php-security.org/MOPB/MOPB-11-2007.html
______________________________________________________________________
07.11.48 CVE: Not Available
Platform: Cross Platform
Title: PHP WDDX_Deserialize Buffer Overflow
Description: PHP is a freely available, open-source web scripting
language package. The application is exposed to a remotely exploitable
buffer overflow issue because it fails to do proper bounds checking
when processing client supplied WDDX packets. PHP versions 6.0, 5.2,
and 4.4.0 through 4.4.6 are affected.
Ref: http://www.php-security.org/MOPB/MOPB-09-2007.html
______________________________________________________________________
07.11.49 CVE: Not Available
Platform: Cross Platform
Title: Kaspersky AntiVirus UPX File Decompression Remote Denial of
Service
Description: Kaspersky AntiVirus is an antivirus application for
desktop and small business computers. The application is exposed to a
denial of service issue because it fails to properly handle compressed
UPX data. Kaspersky Labs Antivirus Engine version 6.0.1.411 for
Windows and 5.5-10 for Linux are affected.
Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485
______________________________________________________________________
07.11.50 CVE: Not Available
Platform: Cross Platform
Title: WebMod Content Length Stack Buffer Overflow
Description: WebMod is a multi-threaded HTTP server available for
Windows and Linux operating systems. The application is exposed to a
remote stack-based buffer overflow issue because it fails to properly
bounds check user-supplied "Content-Length" field before copying it
into an insufficiently sized buffer. WebMod version 0.48 is affected.
Ref: http://www.securityfocus.com/bid/22788
______________________________________________________________________
07.11.51 CVE: CVE-2006-3892
Platform: Cross Platform
Title: EMC NetWorker Management Console Remote Authentication Bypass
Description: The EMC NetWorker Management Console is an administrative
Java based interface for EMC NetWorker installations. The application
is prone to an issue that allows remote attackers to bypass
authentication. EMC Legato Networker 7.3.2 is affected.
Ref: http://www.securityfocus.com/bid/22789
______________________________________________________________________
07.11.52 CVE: CVE-2007-0774
Platform: Cross Platform
Title: Apache Tomcat Mod_JK.SO Arbitrary Code Execution
Description: Apache Tomcat is a popular web server application for
multiple platforms. The application is exposed to an arbitrary code
execution issue due to insufficient sanitization of user-supplied
input which results in a stack-based buffer overflow. Apache Software
Foundation Tomcat versions 5.5.20 and earlier are affected.
Ref: http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
______________________________________________________________________
07.11.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Trac Download Function Cross-Site Scripting
Description: Trac is a wiki and issue tracking system. The application
is exposed to a cross-site scripting issue because the application
fails to properly sanitize user-supplied input due to a flaw in the
"download wiki page as text" function. Trac versions prior to 0.10.3.1
are affected.
Ref: http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1
______________________________________________________________________
07.11.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: dynaliens Multiple Cross-Site Scripting Vulnerabilities
Description: The "dynaliens" program is a guestbook application. The
application is prone to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. Unspecified
parameters to the "recherche.php3" and "ajouter.php3" scripts are
affected. dynaliens versions 2.1 and 2.0 are affected.
Ref: http://www.securityfocus.com/archive/1/462221
______________________________________________________________________
07.11.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Lazarus Guestbook Multiple Unspecified Cross-Site Scripting
Vulnerabilities
Description: Lazarus Guestbook is a web-based guestbook application.
It is based on "Advanced Guestbook" by Proxy2. The application is
exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input. Lazarus Guestbook versions
prior to 1.7.3 are affected.
Ref: http://www.securityfocus.com/bid/22868
______________________________________________________________________
07.11.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: vCard Pro create.php Cross-Site Scripting
Description: vCard Pro is a virtual greeting card application. The
application is exposed to a cross-site scripting issue because it fails
to properly sanitize user-supplied input to the "uploaded" parameter
of the "create.php" script. vCard Pro version 2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/461922
______________________________________________________________________
07.11.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VirtueMart Multiple Cross-Site Scripting Vulnerabilities
Description: VirtueMart is an ecommerce application. The application
is prone to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. Unspecified parameters to the
"ps_cart.php" and "virtuemart_parser.php" scripts are vulnerable.
VirtueMart versions prior to 1.0.10 are affected.
Ref: http://www.securityfocus.com/bid/22816
______________________________________________________________________
07.11.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GaziYapBoz Game Portal kategori.asp SQL Injection
Description: GaziYapBoz Game Portal is a web-based game tracking
application. The application is exposed to an SQL injection isue
because it fails to properly sanitize user-supplied input to the
"kategori" parameter of the "kategori.asp" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/22871
______________________________________________________________________
07.11.59 CVE: CVE-2007-0667
Platform: Web Application - SQL Injection
Title: SQL-Ledger/LedgerSMB Remote Code Execution
Description: SQL-Ledger/LedgerSMB are double-entry accounting systems
implemented in Perl. The application is exposed to an arbitrary code
execution issue when a custom function, created by an authenticated
user, is allowed to run on an error condition. SQL-Ledger versions
prior to 2.6.25 and LedgerSMB versions prior to 1.1.5 are vulnerable.
Ref: http://www.securityfocus.com/bid/22828
______________________________________________________________________
07.11.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Monitor-Line Links Management index.php SQL Injection
Description: Links Management Application is web-based link manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "lcnt" parameter of
the "index.php" script before using it in an SQL query. Version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/22825
______________________________________________________________________
07.11.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LI-Guestbook guestbook.php SQL injection
Description: LI-Guestbook is a web-based guestbook application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "country" parameter of
the "guestbook.php" script before using it in an SQL query.
LI-Guestbook version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/461912
______________________________________________________________________
07.11.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rigter Portal System Categoria index.php SQL Injection
Description: Rigter Portal System is a web-portal application. Rigter
Portal System is affected by an SQL injection issue because it fails
to properly sanitize user-supplied input to the "categoria" parameter
of the "index.php" script before using it in an SQL query. Rigter
Portal System version 6.2 is affected.
Ref: http://www.securityfocus.com/archive/1/462146
______________________________________________________________________
07.11.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple AJ Square Products SQL Injection Vulnerabilities
Description: AJ Dating is a web-based dating software script. AJ
Auction is web-based auction software. AJ Classifieds is a web-based
classifieds site package. AJ Forum is web-based forum software. The
applications are prone to SQL injection vulnerabilities because
they fail to properly sanitize user-supplied input before using it in
SQL queries. Version 1.0 of each application is affected.
Ref: http://www.securityfocus.com/bid/22808
______________________________________________________________________
07.11.64 CVE: CVE-2007-1345
Platform: Web Application
Title: Computer Associates eTrust Admin GINA Module Unspecified
Privilege Escalation
Description: Computer Assiociates eTrust Admin is an application to
administer eTrust applications. The application is exposed to an
unspecified privilege escalation issue. Computer Associates eTrust
Admin versions 8.1 SP2 ver 8.1.2, 8.1.1 and 8.1.0 are affected.
Please refer to the advisory for further details.
Ref: http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101038
______________________________________________________________________
07.11.65 CVE: Not Available
Platform: Web Application
Title: LedgerSMB Unspecified Password Check
Description: LedgerSMB is a double-entry accounting system implemented
in Perl. The application is exposed to an unspecified password check
issue due to an unknown error or design flaw in the "admin.pl" script
and the way in which it performs password checks. LedgerSMB versions
prior to 1.1.9 are affected.
Ref: http://www.securityfocus.com/bid/22889
______________________________________________________________________
07.11.66 CVE: Not Available
Platform: Web Application
Title: Dynaliens validlien.php3 Remote Authentication Bypass
Description: dynaliens is a guestbook application. The application is
exposed to an issue that allows remote attackers to bypass
authentication by simply navigating to the "admin/validlien.php3"
script. dynaliens versions 2.0 and 2.1 are affected.
Ref: http://www.securityfocus.com/archive/1/462221
______________________________________________________________________
07.11.67 CVE: Not Available
Platform: Web Application
Title: netForo down.php Local File Include
Description: netForo is a webforum application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "file_to_download" parameter of
the "down.php" script. TnetForo version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/22875
______________________________________________________________________
07.11.68 CVE: Not Available
Platform: Web Application
Title: Webo foldertree.php Remote File Include
Description: WEBO is a web-based organizer. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "baseDir" parameter
of the "modules/abook/foldertree.php" script. WEBO version 1.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/462294
______________________________________________________________________
07.11.69 CVE: Not Available
Platform: Web Application
Title: Flat Chat startsession.php Remote PHP Code Execution
Description: Flat Chat is a chat application. The application is
exposed to an arbitrary PHP code execution issue because it fails to
properly sanitize user-supplied input to the "chat name" variable of
"startsession.php" before using it in the "passthru()" function. Flat
Chat version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/22865
______________________________________________________________________
07.11.70 CVE: Not Available
Platform: Web Application
Title: Drupal Project Issue Tracking Parameter Handling Security
Bypass
Description: The Drupal Project issue tracking module is a third party
module to track various projects. The module is available for the
Drupal content manager. The application is exposed to a security
bypass issue because of an access validation error in the affected
module. Drupal Project issue tracking versions 4.7 2.2 and earlier
are affected.
Ref: http://drupal.org/node/102614
______________________________________________________________________
07.11.71 CVE: Not Available
Platform: Web Application
Title: Snitz Forums 2000 pop_profile.asp HTML Injection
Description: Snitz Forums 2000 is a web-based forum. The application
is exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content which affects the "MSN" input field of the "pop_profile.asp"
script. Snitz Forums 2000 version 3.4.06 is affected.
Ref: http://www.securityfocus.com/bid/22869
______________________________________________________________________
07.11.72 CVE: Not Available
Platform: Web Application
Title: Ipswitch IMail Server/Collaboration Suite Multiple Unspecified
Buffer Overflow Vulnerabilities
Description: Ipswitch IMail is an email server that serves clients
their mail via a web interface. Ipswitch Collaboration Suite (ICS) is
an application suite that includes IMail Server and IMail Anti-Virus.
The application is exposed to multiple buffer overflow issues because
it fails to perform adequate boundary checks on user-supplied data
before copying it to insufficiently sized buffers. Ipswitch
Collaboration 2006 Suite Premium, IMail and IMail Plus are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.11.73 CVE: Not Available
Platform: Web Application
Title: Drupal Nodefamily Module Security Bypass
Description: Drupal is a content manager written in PHP. Drupal
Nodefamily module is exposed to a security bypass issue because the
application allows attackers to browse and change user profiles.
Nodefamily module versions prior to Drupal 5.x-1.0 is affected.
Ref: http://www.securityfocus.com/bid/22853
______________________________________________________________________
07.11.74 CVE: Not Available
Platform: Web Application
Title: PostGuestbook header.php Remote File Include
Description: PostGuestbook is a guest book module for the PHP-Nuke
content mangement system.
The application is exposed to a remote file include issue because the
application fails to properly sanitize user-supplied input to the
"tpl_pgb_moddir" of the "header.php" script. PostGuestbook version
0.6.1 is affected.
Ref: http://www.securityfocus.com/bid/22858
______________________________________________________________________
07.11.75 CVE: Not Available
Platform: Web Application
Title: WebCalendar Certain Variable Overwrite
Description: WebCalendar is a web-based calendar application.
WebCalendar is prone to a variable overwrite issue because the
application fails to sanitize user-supplied input. Version 1.0.4 is
affected.
Ref: http://www.securityfocus.com/bid/22834
______________________________________________________________________
07.11.76 CVE: Not Available
Platform: Web Application
Title: SnapGear Unspecified Denial of Service
Description: SnapGear is an internet security appliance for small
businesses, manufactured by Secure Computing Corporation. The
application is exposed to an unspecified remote denial of service
issue because the device fails to handle excessive amounts of packets.
The flood of packets will cause an error, which will result in all
packets being dropped. Snapgear OS 3.1.4 u2 and earlier versions are
affected.
Ref: http://www.securityfocus.com/bid/22835/info
______________________________________________________________________
07.11.77 CVE: Not Available
Platform: Web Application
Title: phpMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of
Service
Description: phpMyAdmin is a web-based administrative interface for
managing mySQL databases.
The application is exposed to a remote denial of service issue because
it fails to properly sanitize user-supplied input to parameters of the
"PMA_arrayWalkRecursive()" function in the "libraries/common.lib.php"
file. phpMyAdmin 2.10.0.1 and earlier versions are affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
______________________________________________________________________
07.11.78 CVE: Not Available
Platform: Web Application
Title: ePortfolio Client Side Input Validation
Description: ePortfolio is a banking application. The application is
exposed to a client side input validation issue because the
application fails to sufficiently sanitize user-supplied data.
TKS-Banking Solutions ePortfolio version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/461895
______________________________________________________________________
07.11.79 CVE: Not Available
Platform: Web Application
Title: Sava's Guestbook Multiple Input Validation Vulnerabilities
Description: Sava's Guestbook is a web-based guestbook. The
application is prone to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data. Sava's Guestbook
version 23.11.2006 is affected.
Ref: http://www.securityfocus.com/archive/1/461910
______________________________________________________________________
07.11.80 CVE: Not Available
Platform: Web Application
Title: Simple Invoices PDF Print Preview Security Bypass
Description: Simple Invoices is a web-based invoicing system. Simple
Invoices is exposed to a security bypass issue because the
application fails to protect sensitive information from unauthorized
users. Simple Invoices version 20070202, 20070125 and 20061211 are affected.
Ref: http://www.securityfocus.com/bid/22818
______________________________________________________________________
07.11.81 CVE: Not Available
Platform: Web Application
Title: RRDBrowse File Parameter Directory Traversal
Description: RRDBrowse is an rrd utility for polling and researching.
The application is prone to a directory traversal issue because it
fails to properly sanitize user-supplied input. The issue occurs when
specially crafted HTTP GET requests containing a directory traversal
string are sent to the "file" parameter. RDBrowse version 1.6 is
affected.
Ref: http://www.securityfocus.com/archive/1/461911
______________________________________________________________________
07.11.82 CVE: Not Available
Platform: Web Application
Title: News-Letterman Sqllog Remote File Include
Description: News-Letterman is a newsletter application. The
application is prone to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "sqllog" parameter
of the "eintrag.php" script. News-Letterman version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/22807
______________________________________________________________________
07.11.83 CVE: Not Available
Platform: Web Application
Title: Woltlab Burning Board Multiple HTML Injection Vulnerabilities
Description: Woltlab Burning Board is a bulletin board application.
The application is exposed to multiple HTML injection issues because
it fails to properly sanitize user-supplied input before using it in
dynamically generated content. Woltlab Burning Board version 2.3.6 is
affected.
Ref: http://www.securityfocus.com/archive/1/461737
______________________________________________________________________
07.11.84 CVE: Not Available
Platform: Web Application
Title: webSPELL Multiple Input Validation Vulnerabilities
Description: webSPELL is a clan and gaming content management system
implemented in PHP.
The application is prone to an SQL injection vulnerability and an
unauthorized file upload vulnerability. webSPELL versions 4.1.2, 4.1.1,
4.1 and 4.0 are affected.
Ref: http://www.securityfocus.com/archive/1/461796
______________________________________________________________________
07.11.85 CVE: Not Available
Platform: Web Application
Title: Tyger Bug Tracking System Multiple Input Validation
Vulnerabilities
Description: Tyger Bug Tracking System is a web-based bug tracker that
is implemented in PHP. The application is prone to multiple input
validation vulnerabilities because it fails to sufficiently sanitize
user-supplied input. Tyger Bug Tracking System version 1.1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/461801
______________________________________________________________________
07.11.86 CVE: Not Available
Platform: Web Application
Title: Bernard Joly Webring HTML Injection
Description: Bernard Joly Webring, also known as BJ Webring, is a web
ring implementation. The application is prone to an HTML injection
vulnerability because it fails to properly sanitize user-supplied
input before using it in dynamically generated content. The specific
issue is that links that are added to the web ring are not sanitized
of HTML and script code. Bernard Joly Webring versions 1.5 and 1.6 are
affected.
Ref: http://www.securityfocus.com/bid/22800
______________________________________________________________________
07.11.87 CVE: Not Available
Platform: Web Application
Title: Mani Stats Reader index.php Remote File Include
Description: Mani Stats Reader is a web-based application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "ipath" parameter
of the "index.php" script. Mani Stats Reader version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/22794
______________________________________________________________________
07.11.88 CVE: Not Available
Platform: Network Device
Title: IBM ThinkPad Intel PRO/1000 LAN Adapter Software Unspecified
Description: IBM ThinkPad Intel PRO/1000 LAN Adapter Software provides
Ethernet drivers for IBM ThinkPad computers. Versions prior to build
135400 are vulnerable.
Ref:
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922
______________________________________________________________________
(c) 2007. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
ubscriptions: @RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFF9cpR+LUG5KFpTkYRApoxAKChTARK6cy6YDL17v3jKcM+Zx8KdgCfb8hm
9sff+bENyTSLnH+hTfQEZgk=
=spyg
-----END PGP SIGNATURE-----
Here's a new way to find what you're looking for - Yahoo! Answers
No comments:
Post a Comment