Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
November 12, 2007                                         Vol. 6. Week 46
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                          Number of Updates and Vulnerabilities
- ------------------------          -------------------------------------
Other Microsoft Products                         2
Third Party Windows Apps                         3 (#4)
Linux                                           12
HP-UX                                            1
Solaris                                          1
Unix                                             2 (#5, #7)
Cross Platform                                  19 (#1, #2, #3, #6, #8)
Web Application - Cross Site Scripting          10
Web Application - SQL Injection                 10
Web Application                                 37
Network Device                                   2
******************* Sponsored By Sourcefire, Inc. ***********************

Hackers are keeping up with their training.  Are you? 

Whether you're looking to take a Sourcefire(R) or SNORT(R) class or gain
full certification, Sourcefire offers a wide selection of courses for
your convenience. Learn how to get the most from your Snort or
Sourcefire system.

Contact Sourcefire Training today at 734.743.6550 or go to 
http://www.sans.org/info/19231
*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Security Essentials, Forensics,
Wireless, Auditing, CISSP, and SANS' other top-rated courses?
- - Washington DC (12/13-12/18): http://www.sans.org/cdi07
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - London (11/26 - 12/1): http://www.sans.org/london07/
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software

(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(2) HIGH: Oracle PITRIG_DROPMETADATA_ Buffer Overflow
(3) HIGH: OpenBase Multiple Vulnerabilities
(4) HIGH: AOL AmpX ActiveX Control Multiple Vulnerabilities
(5) MODERATE: Common UNIX Printing System Internet Printing Protocol Buffer
Overflow
(6) MODERATE: Perl-Compatible Regular Expressions Library Multiple
Vulnerabilities
(7) MODERATE: Xpdf Multiple Vulnerabilities
Other Software
(8) MODERATE: Link Grammar Parser Buffer Overflow

************************* SPONSORED LINKS *******************************
1) Hack Your Own Apps! Click the link below to find out what Web
Application penetration testing is all about.
http://www.sans.org/info/19216

2) Secure your 1:1 laptop inititaive with the 8e6 Mobile Client for PC
and Macs.
http://www.sans.org/info/19221

3) Over 450 security professional participated in the 2007 Web Security
Leadership Survey. Get the results at http://www.sans.org/info/19226
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
07.46.1  - Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation
07.46.2  - Microsoft November 2007 Advance Notification Multiple Vulnerabilities

 -- Third Party Windows Apps
07.46.3  - EDraw Flowchart Component ActiveX Control Arbitrary File Overwrite
07.46.4  - Viewpoint Media Player AxMetaStream.DLL ActiveX Control Multiple
Buffer Overflow Vulnerabilities
07.46.5  - Adobe Shockwave Player ActiveX Control ShockwaveVersion Remote Denial
of Service

 -- Linux
07.46.6  - iSCSI Enterprise Target IETD.CONF Local Information Disclosure
07.46.7  - Linux Kernel IEEE80211 HDRLen Remote Denial of Service
07.46.8  - PCRE Regular Expression Library Multiple Security Vulnerabilities
07.46.9  - DAViCal Really Simple CalDAV Store Unspecified Information Disclosure
07.46.10 - Perl Archive::Tar Module Remote Directory Traversal
07.46.11 - Xpdf Multiple Remote Stream.CC Vulnerabilities
07.46.12 - CoolKey PK11IPC1 Insecure Temporary File Creation
07.46.13 - Cypress for BitchX Information Disclosure Backdoor
07.46.14 - Mcstrans Mcstrans.C Local Denial of Service
07.46.15 - Red Hat Certificate System Certificate Revocation List Bypass
Weakness
07.46.16 - Net-SNMP GETBULK Remote Denial of Service
07.46.17 - TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities

 -- HP-UX
07.46.18 - HP-UX Aries PA-RISC Emulator Unspecified Local Unauthorized Access

 -- Solaris
07.46.19 - Sun Solaris Volume Manager Local Denial of Service

 -- Unix
07.46.20 - BitchX E_HOSTNAME Function Insecure Temporary File Creation

 -- Cross Platform
07.46.21 - Firefly Media Server Multiple Null Pointer Dereference
Vulnerabilities
07.46.22 - AdventNet EventLog Analyzer Insecure Default MySQL Password
Unauthorized Access
07.46.23 - Firefly Media Server Webserver.C Multiple Format String
Vulnerabilities
07.46.24 - GNU Emacs Local Variable Handling Code Execution
07.46.25 - Apple QuickTime Color Table Atom Remote Heap Buffer Overflow
07.46.26 - Apple QuickTime for Java Multiple Unspecified Remote Privilege
Escalation Vulnerabilities
07.46.27 - Apple QuickTime Image Description Atom Remote Memory Corruption
07.46.28 - Apple QuickTime STSD Atom Remote Heap Buffer Overflow
07.46.29 - Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow
07.46.30 - Apple QuickTime PICT Image Remote Stack Buffer Overflow
07.46.31 - Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow
Vulnerabilities
07.46.32 - C++ Sockets Library HTTPSocket Class Remote Denial of Service
07.46.33 - OpenBase Buffer Overflow Vulnerability and Multiple Remote Command
Execution Vulnerabilities
07.46.34 - MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial
of Service
07.46.35 - HP OpenView Client Configuration Manager Remote Authentication Bypass
07.46.36 - Hitachi JP1/CM2/Network Node Manager Multiple Unspecified
Vulnerabilities
07.46.37 - IBM Informix Dynamic Server Multiple Vulnerabilities
07.46.38 - Link Grammar SEPARATE_WORD Function Remote Buffer Overflow
07.46.39 - Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow

 -- Web Application - Cross Site Scripting
07.46.40 - phpMyAdmin Server_Status.PHP Cross-Site Scripting
07.46.41 - Helios Calendar Admin/Index.PHP Cross-Site Scripting
07.46.42 - NetCommons Cross-Site Scripting
07.46.43 - JLMForo System Buscado.PHP Cross-Site Scripting
07.46.44 - Coppermine Photo Gallery Displayecard.PHP Cross-Site Scripting
07.46.45 - Cisco Unified MeetingPlace Web Conference Login Multiple Cross-Site
Scripting Vulnerabilities
07.46.46 - ManageEngine OpManager JSP/Login.DO Multiple Cross-Site Scripting
Vulnerabilities
07.46.47 - Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross-Site
Scripting
07.46.48 - Cerberus FTP Server Web Interface Cross-Site Scripting
07.46.49 - Mozilla Firefox Jar URI Cross-Site Scripting

 -- Web Application - SQL Injection
07.46.50 - PHP Helpdesk Login SQL Injection
07.46.51 - E-Vendejo Articles.PHP SQL Injection
07.46.52 - ASP Message Board Printer.ASP SQL Injection
07.46.53 - JPortal Mailer.PHP SQL Injection
07.46.54 - UPublisher Multiple SQL Injection Vulnerabilities
07.46.55 - PHPWind AdminUser Parameter SQL Injection
07.46.56 - UStore/USupport Detail.ASP SQL Injection
07.46.57 - MiNT Haber Sistemi Duyuru.asp SQL Injection
07.46.58 - Wiz-Ad Login Page SQL Injection
07.46.59 - Rapid Classified AgencyCatResult.ASP SQL Injection

 -- Web Application
07.46.60 - DM Guestbook Multiple Local File Include Vulnerabilities
07.46.61 - Scribe Forum.PHP Remote PHP Code Execution
07.46.62 - IBM Tivoli Service Desk Maximo HTML Injection
07.46.63 - Ax Developer CMS Index.PHP Local File Include
07.46.64 - JLMForo System ModificarPerfil.PHP HTML Injection
07.46.65 - Sun Remote Services Net Connect Software Local Format String
07.46.66 - GuppY Includes.Inc Remote File Include
07.46.67 - scWiki Common.PHP Remote File Include
07.46.68 - Quick And Dirty Blog Categories.PHP Local File Include
07.46.69 - PHP Helpdesk Index.PHP Local File Include
07.46.70 - SF-Shoutbox Main.PHP Multiple HTML Injection Vulnerabilities
07.46.71 - SyndeoCMS MAIN.INC.PHP Remote File Include
07.46.72 - nuBoard Index.PHP Remote File Include
07.46.73 - Vortex Portal Multiple Remote File Include Vulnerabilities
07.46.74 - Galmeta Post Upload_Config.PHP Remote File Include
07.46.75 - JBC Explorer Auth.Inc.PHP Authentication Bypass
07.46.76 - easyGB Index.PHP Local File Include
07.46.77 - awrate.com Message Board 404.PHP and TopBar.PHP Multiple Remote File
Include Vulnerabilities
07.46.78 - PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
07.46.79 - i-Gallery igallery.ASP Remote Information Disclosure
07.46.80 - Perl Unicode Regular Expression Buffer Overflow
07.46.81 - OrangeHRM REDIRECT Function Remote Security Bypass
07.46.82 - Plone Multiple Modules Script Execution Vulnerabilities
07.46.83 - PHPMyChat Languages.Lib.PHP Local File Include
07.46.84 - PHPMyChat Plus Multiple Local File Include Vulnerabilities
07.46.85 - VBlog CFGProgDir Parameter Multiple Remote File Include
Vulnerabilities
07.46.86 - CMSMelborp User_Standard.PHP Remote File Include
07.46.87 - eIQnetworks Enterprise Security Analyzer Multiple Buffer Overflow
Vulnerabilities
07.46.88 - Weblord.it MS TopSites Unauthorized Access Vulnerability and HTML
Injection
07.46.89 - IrayoBlog Irayofuncs.PHP Board Remote File Include
07.46.90 - Ezboxx Multiple Input Validation Vulnerabilities
07.46.91 - InstallFromTheWeb Multiple Unspecified Buffer Overflow
Vulnerabilities
07.46.92 - E107 Mailout.PHP Remote Command Execution
07.46.93 - MyWebFTP Pass.PHP Hashed Password Information Disclosure
07.46.94 - GForge Insecure Temporary File Creation
07.46.95 - PEAR::MDB2 BLOB Field Information Disclosure
07.46.96 - USVN Subversion Repository Information Disclosure

 -- Network Device
07.46.97 - BT Home Hub Login Procedure Authentication Bypass
07.46.98 - Grandstream HandyTone-488 PSTN To VoIP Adapter IP Stack Remote Denial
of Service
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.3

Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. QuickTime contains multiple
vulnerabilities in its handling of various file formats. A specially
crafted PICT image file, QuickTime VR file, or other media file stored
in a QuickTime container file could trigger one of several
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the current user. Note that, in most configurations, QuickTime will
open vulnerable files automatically. QuickTime media may also be
embedded in a web page, allowing attackers to deliver exploits via web
pages. Some technical details are available for these vulnerabilities.
Note that QuickTime for both Mac OS X and Microsoft Windows is affected.
QuickTime is installed as part of iTunes for Microsoft Windows.

Status: Apple confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-07-065.html
http://zerodayinitiative.com/advisories/ZDI-07-066.html
http://zerodayinitiative.com/advisories/ZDI-07-067.html
http://zerodayinitiative.com/advisories/ZDI-07-068.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=306896
QuickTime Home Page
http://www.apple.com/quicktime/
SecurityFocus BIDs
http://www.securityfocus.com/bid/26339
http://www.securityfocus.com/bid/26338
http://www.securityfocus.com/bid/26342
http://www.securityfocus.com/bid/26341
http://www.securityfocus.com/bid/26345
http://www.securityfocus.com/bid/26340
http://www.securityfocus.com/bid/26344

*************************************************************************

(2) HIGH: Oracle PITRIG_DROPMETADATA Buffer Overflow
Affected:
Oracle Database Server version 10g

Description: The Oracle Database Server contains a flaw in its handling
of calls to the PITRIG_DROPMETADATA procedure in the XDB.XDB_PITRIG_PKG
database package. Passing overlong arguments to this procedure could
trigger a buffer overflow and allow an attacker to execute arbitrary
code with the privileges of the database server. An attacker would need
authentication to exploit this vulnerability, however, authentication
may be provided by exploiting an SQL injection vulnerability in an
application connected to the database. Some technical details and a
proof-of-concept are available for this vulnerability.

Status: Oracle confirmed, no updates available. Oracle has stated that
a patch will be released in a future Critical Patch Update.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=622
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/oracle_26374
SecurityFocus BID
http://www.securityfocus.com/bid/26374

*************************************************************************

(3) HIGH: OpenBase Multiple Vulnerabilities
Affected:
OpenBase versions 10.0.5 and prior

Description: OpenBase is a popular relational database engine. The
database server contains multiple vulnerabilities. A command injection
vulnerability exists in several of the stored procedures in the
database, while a buffer overflow vulnerability exists in the parsing
of SQL queries. Successfully exploiting any of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the database server process (often SYSTEM/root). An attacker would
require authorization to exploit these vulnerabilities, however
authentication may be provided by exploiting an SQL injection
vulnerability in an application connected to the database.
Proofs-of-concept and technical details are available for these
vulnerabilities in the advisory.

Status: OpenBase confirmed, updates available.

References:
Netragard Advisory (includes proofs-of-concept)
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt
OpenBase Home Page
http://store.openbase.com/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/26347

*************************************************************************

(4) HIGH: AOL AmpX ActiveX Control Multiple Vulnerabilities
Affected:
AOL AmpX ActiveX Control

Description: The AOL AmpX ActiveX control is an ActiveX control
distributed by AOL for real-time audio streaming. The control is used
by AOL Radio and is commonly used to embed streaming audio in web pages.
This control contains multiple buffer over vulnerabilities. A malicious
web page that instantiates this control could exploit one of these
buffer overflows and execute arbitrary code with the privileges of the
current user. Some technical details are available for this
vulnerability.

Status: AOL confirmed, updates available. Users can mitigate the impact
of this vulnerability by disabling the vulnerable control via
Microsoft's kill bit mechanism for CLSID
B49C4597-8721-4789-9250-315DFBD9F525. Note that this will disable normal
application functionality.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=623
AOL Radio Patch (binary file link)
http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/unagi_patch.exe
Microsoft Knowledge Base Article (details the kill bit mechanism)
http://support.microsoft.com/kb/240797
AOL Radio Home Page
http://music.aol.com/radioguide/bb/
SecurityFocus BID
http://www.securityfocus.com/bid/26396

*************************************************************************

(5) MODERATE: Common UNIX Printing System Internet Printing Protocol Buffer
Overflow
Affected:
Common UNIX Printing System versions prior to 1.3.4

Description: The Common UNIX Printing System (CUPS) is a printing system
used by a number of UNIX and UNIX-like systems. CUPS can access and
share printers using the Internet Printing Protocol (IPP). CUPS fails
to properly handle certain malformed IPP requests. A specially crafted
IPP request could trigger a  buffer overflow. Successfully exploiting
this buffer overflow would allow an attacker to execute arbitrary code
with the privileges of the CUPS server process. Technical details for
this vulnerability are available in the CUPS bug report and via source
code analysis. CUPS forms the basis of the printing systems on Apple Mac
OS X and numerous Linux distributions, as well as other UNIX and
UNIX-like systems. Note that, in many common configurations, CUPS is not
remotely vulnerable to this issue. Unconfirmed reports indicate that
this issue may be exploitable only by users on the local network.

Status: CUPS confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2007-76/advisory/
CUPS Home Page
http://www.cups.org
Wikipedia Article on IPP
http://en.wikipedia.org/wiki/Internet_Printing_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/26268

*************************************************************************

(6) MODERATE: Perl-Compatible Regular Expressions Library Multiple
Vulnerabilities
Affected:
Perl-Compatible Regular Expressions Library versions prior to 7.3

Description: The Perl-Compatible Regular Expressions Library (PCRE) is
a popular library implementing regular expression operations compatible
with those implemented in the Perl programming language. Regular
expressions are strings that define matches for other strings and data.
A specially crafted regular expression passed to the library could
trigger one of several vulnerabilities. These vulnerabilities include
several buffer and integer overflow vulnerabilities, the exploitation
of which would allow an attacker to execute arbitrary code with the
privileges of the vulnerable process. Denial-of-service and information
disclosure vulnerabilities are also present. Note that the attacker must
be able to pass regular expressions into the library to successfully
exploit these vulnerabilities; applications that do not accept arbitrary
regular expressions are not vulnerable. This library is widely used by
numerous applications. Technical details are available via source code
analysis.

Status: Vendor confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/advisories/27543/
Posting to the Debian Security Mailing List
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/
msg00177.html
Wikipedia Article on Regular Expressions
http://en.wikipedia.org/wiki/Regular_expression
PCRE Home Page
http://www.pcre.org/
SecurityFocus BID
http://www.securityfocus.com/bid/26346

*************************************************************************

(7) MODERATE: Xpdf Multiple Vulnerabilities
Affected:
Xpdf versions 3.02 and prior

Description: Xpdf is a Portable Document Format (PDF) viewer for the X
Window System, and also forms the basis of other PDF viewers, including
Kpdf for the K Desktop Environment (KDE). A specially crafted PDF file
passed to the application could trigger one of several buffer overflow
or memory corruption vulnerabilities. Successfully exploiting one of
these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user. Note that, depending on the
application and configuration, PDF documents may be opened automatically
upon download. Technical details for these vulnerabilities are available
in the security advisory and via source code analysis.

Status: Vendor confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2007-88/advisory/
Xpdf Home Page
http://www.foolabs.com/xpdf/
SecurityFocus BID
http://www.securityfocus.com/bid/26367

*************************************************************************

****************
Other Software
****************

(8) MODERATE: Link Grammar Parser Buffer Overflow
Affected:
Link Grammar Parser Library versions 4.1b and prior

Description: The Link Grammar Parser Library (LGL) is a natural language
parsing library based on the theory of link grammars. The library
contains a buffer overflow in its handling of sentences. An overlong
word in a sentence can trigger this buffer overflow and allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process. The AbiWord open source word processor uses the LGL to perform
grammar checking; therefore a specially crafted AbiWord document may be
able to exploit this vulnerability. Other applications may use this
library for language parsing. Some technical details are available for
this vulnerability in the advisory and via source code analysis.

Status: Vendor has not confirmed, no updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2007-79/advisory/
Link Grammar Parser Library Home Page
http://www.link.cs.cmu.edu/link/
AbiWord Word Processor Link Grammar Home Page
http://www.abisource.com/projects/link-grammar/
Wikiped Article on Link Grammars
http://en.wikipedia.org/wiki/Link_grammar
SecurityFocus BID
http://www.securityfocus.com/bid/26365

****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

07.46.1 CVE: CVE-2007-4223
Platform: Other Microsoft Products
Title: Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation
Description: Microsoft DebugView is an analysis tool for displaying
debug output. The application is exposed to a local privilege
escalation issue because unspecified functionality within the
application allows user-supplied data to be copied into kernel memory
space. The kernel module "Dbgv.sys" is loaded when an administrator
runs DebugView; the module remains accessible by all users until a
reboot. Microsoft DebugView version 4.64 is affected.
Ref: http://www.securityfocus.com/archive/1/483358
______________________________________________________________________

07.46.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
Description: Microsoft has released advance notification that the vendor
will be releasing two security bulletins on November 13, 2007.  The
highest severity rating for these issues is "Critical". Please refer to
the link below for further details.
Ref: http://www.microsoft.com/technet/security/bulletin/rating.mspx
______________________________________________________________________
07.46.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: EDraw Flowchart Component ActiveX Control Arbitrary File Overwrite
Description: The EDraw Flowchart Component is an ActiveX control to
create business and technical diagrams. The application is exposed to
an issue that lets attackers overwrite files. The EDraw Flowchart
Component version 3.1 of the control is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.46.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Viewpoint Media Player AxMetaStream.DLL ActiveX Control
Multiple Buffer Overflow Vulnerabilities
Description: Viewpoint Media Player is a browser plug-in for viewing
various types of digitial media. The application is exposed to
multiple stack-based buffer overflow issues because it fails to
perform adequate boundary checks on user-supplied input. Viewpoint
Media Player version 3.2 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.46.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Adobe Shockwave Player ActiveX Control ShockwaveVersion Remote
Denial of Service
Description: Adobe Shockwave Player ActiveX Control is exposed to a
denial of service issue because the application fails to properly
bounds check user-supplied data. Adobe Shockwave Player version 10 is
affected.
Ref: http://www.securityfocus.com/bid/26388
______________________________________________________________________
07.46.6 CVE: Not Available
Platform: Linux
Title: iSCSI Enterprise Target IETD.CONF Local Information Disclosure
Description: iSCSI Enterprise Target is an enterprise open-source
iSCSI target implementation. The application is exposed to a local
information disclosure issue because the "/etc/ietd.conf" file has
incorrect permissions. iSCSI Enterprise Target version 0.4.15 is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873
______________________________________________________________________
07.46.7 CVE: Not Available
Platform: Linux
Title: Linux Kernel IEEE80211 HDRLen Remote Denial of Service
Description: The Linux kernel ieee80211 driver is exposed to a remote
denial of service issue because it fails to perform adequate boundary
checks on user-supplied data. Linux kernel versions prior to 2.6.22.11
are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.11
______________________________________________________________________
07.46.8 CVE: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661,
CVE-2007-1662, CVE-2007-1667, CVE-2007-1668, CVE-2007-1666
Platform: Linux
Title: PCRE Regular Expression Library Multiple Security
Vulnerabilities
Description: PCRE is a set of functions that implement
regular expression pattern matching using the same syntax and
semantics as Perl 5. The application is exposed to multiple
issues.
Ref: https://rhn.redhat.com/errata/RHSA-2007-0967.html
______________________________________________________________________
07.46.9 CVE: Not Available
Platform: Linux
Title: DAViCal Really Simple CalDAV Store Unspecified Information
Disclosure
Description: Really Simple CalDAV Store (RSCDS) is a CalDAV compatible
repository calendar and notes entries. CalDAV is a client-server
protocol for managing calendar resources. The application is exposed
to an information disclosure issue that stems from an unspecified
error. RSCDS versions prior to 0.9.1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=549414&gr
oup_id=179845
______________________________________________________________________
07.46.10 CVE: CVE-2007-4829
Platform: Linux
Title: Perl Archive::Tar Module Remote Directory Traversal
Description: Perl Archive::Tar is a Perl module for handling tar
archives. The application is exposed to a directory traversal issue
because it fails to sufficiently validate user-supplied data.
Specifically, the module fails to validate the name of a directory
symbolic link.
Ref:
https://issues.rpath.com/browse/RPL-1716?page=com.atlassian.jira.plugin.system.
issuetabpanels:all-tabpanel
______________________________________________________________________
07.46.11 CVE: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
Platform: Linux
Title: Xpdf Multiple Remote Stream.CC Vulnerabilities
Description: Xpdf is an open-source implementation of a PDF viewer for
the X window system. The application is exposed to multiple remote
issues due to flaws in various functions in the "Stream.cc" source
file. Xpdf version 3.02pl1 is affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1021.html
______________________________________________________________________
07.46.12 CVE: CVE-2007-4129
Platform: Linux
Title: CoolKey PK11IPC1 Insecure Temporary File Creation
Description: CoolKey is an application that provides smart card login,
single sign-on, secure messaging, and secure email access. The
application is exposed to temporary files in an insecure manner when
it creates the word writable file "/tmp//pk11ipc1".
Ref: https://rhn.redhat.com/errata/RHSA-2007-0631.html
______________________________________________________________________
07.46.13 CVE: Not Available
Platform: Linux
Title: Cypress for BitchX Information Disclosure Backdoor
Description: An attacker compromised the source code for Cypress for
BitchX and altered it to include a malicious backdoor. This backdoor
introduces an information disclosure issue that let remote users gain
access to potentially sensitive information. Cypress version 1.0k is
affected.
Ref: http://www.securityfocus.com/archive/1/483350
______________________________________________________________________
07.46.14 CVE: CVE-2007-4570
Platform: Linux
Title: Mcstrans Mcstrans.C Local Denial of Service
Description: Mcstrans is the translation daemon used on computers with
SELinux enabled to translate program context into human-readable form.
The application is exposed to a local denial of service issue because
of an algorithmic flaw. The daemon fails to adequately check
user-supplied data.
Ref: https://rhn.redhat.com/errata/RHSA-2007-0542.html
______________________________________________________________________
07.46.15 CVE: CVE-2007-4994
Platform: Linux
Title: Red Hat Certificate System Certificate Revocation List Bypass
Weakness
Description: Red Hat Certificate System (RHCS) in an enterprise
solution designed to manage Public Key Infrastructure deployments.
The application is exposed to a weakness which may allow users with
certain revoked certificates to bypass the revocation list. Red Hat
Certificate System version 7.2 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2007-0934.html
______________________________________________________________________
07.46.16 CVE: CVE-2007-5846
Platform: Linux
Title: Net-SNMP GETBULK Remote Denial of Service
Description: Net-SNMP is an SNMP (Simple Network Management Protocol)
package that supplies users with a server as well as client utilities
to support SNMP. The application is exposed to a remote denial of
service issue when the SNMP agent tries to process an SNMP "GETBULK"
request with an overly large "max-repetitions" value. Net-SNMP
versions prior to 5.4.1 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&
atid=112694
______________________________________________________________________
07.46.17 CVE: Not Available
Platform: Linux
Title: TorK Multiple Privoxy Insecure Default Configuration
Vulnerabilities
Description: TorK is an anonymity manager made for the KDE Desktop on
Linux and Unix systems. It manages Tor network configuration. The
application is exposed to multiple insecure configuration issues
because of several default configuration options used by the Privoxy
web proxy server. TorK versions prior to 0.22 are affected.
Ref: http://www.usvn.info/news/
______________________________________________________________________
07.46.18 CVE: Not Available
Platform: HP-UX
Title: HP-UX Aries PA-RISC Emulator Unspecified Local Unauthorized
Access
Description: HP-UX Aries PA-RISC emulator is a dynamic binary
translator that transparently executes applications compiled for
PA-RISC/HP-UX. The application is exposed to a local
unauthorized access issue. HP-UX Aries PA-RISC emulator software
running on HP-UX IA-64 platforms is affected.
Ref: http://www.securityfocus.com/archive/1/483460
______________________________________________________________________
07.46.19 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Volume Manager Local Denial of Service
Description: Sun Solaris is an enterprise-grade Unix distribution. The
application is exposed to an unspecified denial of service issue. The
problem occurs in the Solaris Volume Manager (SVM) ioctl(2) interface.
A local unprivileged attacker can exploit this issue to cause a system
panic on an affected computer, resulting in a denial of service
condition. Solaris versions 9 and 10 for SPARC and x86 architectures
are affected.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103143-1&searchclause=
______________________________________________________________________
07.46.20 CVE: Not Available
Platform: Unix
Title: BitchX E_HOSTNAME Function Insecure Temporary File Creation
Description: BitchX is a freely available, open-source IRC client. It
is available for Unix, Linux, and other Unix-like operating systems.
The application is expsoed to a security issue because it creates
temporary files in an insecure manner. BitchX version 1.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149
______________________________________________________________________
07.46.21 CVE: Not Available
Platform: Cross Platform
Title: Firefly Media Server Multiple Null Pointer Dereference Vulnerabilities
Description: Firefly Media Server is a music server application. The
project was formerly known as mt-daapd. The application is exposed to
multiple NULL-pointer dereference issues. Firefly Media Server version
0.2.4 is affected.
Ref: http://www.securityfocus.com/archive/1/483210
______________________________________________________________________
07.46.22 CVE: CVE-2007-2987
Platform: Cross Platform
Title: AdventNet EventLog Analyzer Insecure Default MySQL Password
Unauthorized Access
Description: AdventNet EventLog Analyzer is a web-based system log
management application. The application is exposed to an issue that
can result in unauthorized access to the application's SQL database.
EventLog Analyzer Build version 4030 is affected.
Ref: http://forums.adventnet.com/viewtopic.php?t=247521
______________________________________________________________________
07.46.23 CVE: Not Available
Platform: Cross Platform
Title: Firefly Media Server Webserver.C Multiple Format String
Vulnerabilities
Description: Firefly Media Server (formerly known as mt-daapd) is a
multi-platform digital music server. The application is affected by
multiple format string issues because of incorrect usage of
"printf()"-type functions, allowing format specifiers to be supplied
directly to vulnerable functions from external data. Firefly Media
Server versions prior to 0.2.4.1 are affected.
Ref: http://www.securityfocus.com/archive/1/483209
______________________________________________________________________
07.46.24 CVE: CVE-2007-5795
Platform: Cross Platform
Title: GNU Emacs Local Variable Handling Code Execution
Description: Emacs is a freely available text editor. The application
is exposed to an arbitrary code execution issue which results due to a
design error. Emacs version 22.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
______________________________________________________________________
07.46.25 CVE: CVE-2007-4677
Platform: Cross Platform
Title: Apple QuickTime Color Table Atom Remote Heap Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Specifically, this issue occurs when parsing color
table atoms in a movie file. Apple QuickTime running on Microsoft
Windows Vista, Microsoft Windows XP SP2, and Mac OSX are affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html
______________________________________________________________________
07.46.26 CVE: CVE-2007-3751
Platform: Cross Platform
Title: Apple QuickTime for Java Multiple Unspecified Remote Privilege
Escalation Vulnerabilities
Description: Apple QuickTime for Java is exposed to multiple
unspecified privilege escalation issues. QuickTime for Java for both
Apple Mac OS X and Microsoft Windows platforms is affected.
Ref: http://docs.info.apple.com/article.html?artnum=306896
______________________________________________________________________
07.46.27 CVE: CVE-2007-2395
Platform: Cross Platform
Title: Apple QuickTime Image Description Atom Remote Memory Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption
issue when parsing image description atoms in a malicious movie file.
Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows
XP SP2, and Mac OS X are affected.
Ref: http://docs.info.apple.com/article.html?artnum=306896
______________________________________________________________________
07.46.28 CVE: CVE-2007-3750
Platform: Cross Platform
Title: Apple QuickTime STSD Atom Remote Heap Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Specifically, this issue occurs when parsing
Sample Table Sample Descriptor (STSD) atoms in a movie file. Apple
QuickTime running on Microsoft Windows Vista, Microsoft Windows XP
SP2, and Mac OS X are affected.
Ref: http://docs.info.apple.com/article.html?artnum=306896
______________________________________________________________________
07.46.29 CVE: CVE-2007-4675
Platform: Cross Platform
Title: Apple QuickTime Panorama Sample Atoms Remote Heap Buffer
Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The issue occurs when handling panorama sample
atoms in QTVR (QuickTime Virtual Reality) movie files. Apple QuickTime
running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac
OS X are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620
______________________________________________________________________
07.46.30 CVE: CVE-2007-4672
Platform: Cross Platform
Title: Apple QuickTime PICT Image Remote Stack Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a stack-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Apple QuickTime running on Microsoft Windows
Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-068.html
______________________________________________________________________
07.46.31 CVE: CVE-2007-4676
Platform: Cross Platform
Title: Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow
Vulnerabilities
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Apple QuickTime running on Microsoft Windows
Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
Ref: http://docs.info.apple.com/article.html?artnum=306896
______________________________________________________________________
07.46.32 CVE: Not Available
Platform: Cross Platform
Title: C++ Sockets Library HTTPSocket Class Remote Denial of Service
Description: C++ Sockets Library is a cross-platform open-source class
library that implements a number of protocols including TCP, UDP, ICMP,
HTTP/HTTPS. HTTPSocket is one of the classes in C++ Sockets Library.
The library is exposed to a remote denial of service issue that stems
from an error in processing of invalid HTTP requests in the HTTPSocket
class. C++ Sockets Library versions prior to 2.2.5 are affected.
Ref: http://www.alhem.net/Sockets/Changelog
______________________________________________________________________
07.46.33 CVE: Not Available
Platform: Cross Platform
Title: OpenBase Buffer Overflow Vulnerability and Multiple Remote
Command Execution Vulnerabilities
Description: OpenBase is an relational database application available
for various operating systems. The application is exposed to multiple
remote issues. Kindly, refer to the link below for further details.
Ref:
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt
______________________________________________________________________
07.46.34 CVE: Not Available
Platform: Cross Platform
Title: MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function
Denial of Service
Description: MySQL is a freely available SQL database for multiple
platforms. The application is exposed to a remote denial of service
issue because the database server fails to properly handle unexpected
conditions. MySQL versions 5.1.23 and earlier are affected.
Ref: http://bugs.mysql.com/bug.php?id=32125
______________________________________________________________________
07.46.35 CVE: CVE-2006-5782
Platform: Cross Platform
Title: HP OpenView Client Configuration Manager Remote Authentication
Bypass
Description: The HP OpenView Client Configuration Manager is exposed
to a remote authentication bypass issue due to a design error in the
Radia Notify Daemon; the error results in a lack of authentication.
Specifically, a valid username and password are not required when
remotely issuing arbitrary commands to "radexecd.exe".
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00795552
______________________________________________________________________
07.46.36 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/CM2/Network Node Manager Multiple Unspecified
Vulnerabilities
Description: Hitachi JP1/Cm2/Network Node Manger software is used to
monitor and manage network nodes. The application is exposed to
multiple unspecified issues that can result in denial of service
conditions or arbitrary code execution as well as a vulnerability
arising from invalid behavior of the software's web utility function.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-002_e/index-e.html
______________________________________________________________________
07.46.37 CVE: Not Available
Platform: Cross Platform
Title: IBM Informix Dynamic Server Multiple Vulnerabilities
Description: IBM Informix Dynamic Server is an application server that
runs on various platforms. The application is exposed to multiple
issues.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27011082
______________________________________________________________________
07.46.38 CVE: CVE-2007-5395
Platform: Cross Platform
Title: Link Grammar SEPARATE_WORD Function Remote Buffer Overflow
Description: Link Grammar is an English language parser implemented in
C language. AbiSource Link Grammar is a version of the parser used by
AbiWord and maintained by AbiSource Community. The application is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data.
Link Grammar version 4.1b and Abiword Link Grammar 4.2.4 are affected.
Ref: http://secunia.com/secunia_research/2007-79/advisory/
______________________________________________________________________
07.46.39 CVE: CVE-2007-4517
Platform: Cross Platform
Title: Oracle Database Server PITRIG_DROPMETADATA Remote Buffer
Overflow
Description: Oracle Database Server is an enterprise database server
system available for multiple operating platforms. The application is
exposed to a remote buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. The issue affects the
"OWNER" and "NAME" parameters of the
"XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA" procedure.
Ref: http://www.securityfocus.com/archive/1/483416
______________________________________________________________________
07.46.40 CVE: CVE-2007-5589
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Server_Status.PHP Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
mySQL databases. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"server_status.php" script. phpMyAdmin version 2.11.1.2 is affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
______________________________________________________________________
07.46.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Helios Calendar Admin/Index.PHP Cross-Site Scripting
Description: Helios Calendar is a PHP-based application for managing
and publishing event information. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "username" parameter of the
"admin/index.php" script. Helios Calendar version 1.2.1 Beta is
affected.
Ref: http://www.securityfocus.com/bid/26312
______________________________________________________________________
07.46.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NetCommons Cross-Site Scripting
Description: NetCommons is a web-based portal. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to unspecified parameters and scripts.
NetCommons versions of the 1.0.x branch prior to 1.0.11 and versions
of the 1.1.x branch prior to 1.1.2 are affected.
Ref: http://www.securityfocus.com/bid/26328
______________________________________________________________________
07.46.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JLMForo System Buscado.PHP Cross-Site Scripting
Description: JLMForo System is a web application. The application is
exposed to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input to the "clave" parameter of the
"buscador.php" script.
Ref: http://www.securityfocus.com/bid/26331
______________________________________________________________________
07.46.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Coppermine Photo Gallery Displayecard.PHP Cross-Site Scripting
Description: Coppermine Photo Gallery is a PHP-based image gallery.
The application is exposed to a cross-site scripting issue because it
fails to properly handle user-supplied input to the "data" parameter
of the "displayecard.php" script. Coppermine Photo Gallery versions
prior to 1.4.14 are affected.
Ref: http://coppermine-gallery.net/forum/index.php?topic=48106.0
______________________________________________________________________
07.46.45 CVE: CVE-2007-5581
Platform: Web Application - Cross Site Scripting
Title: Cisco Unified MeetingPlace Web Conference Login Multiple Cross-Site
Scripting Vulnerabilities
Description: Cisco Unified MeetingPlace Web Conference is a
web conferencing application that allows users to schedule and attend
online meetings and to access meeting materials. The application is
exposed to multiple cross-site scripting issues because the software
fails to sufficiently sanitize user-supplied input to the "FirstName"
and "LastName" parameters of the login page. Unified MeetingPlace
versions 6.0, 5.4, 5.3 and earlier are affected.
Ref: http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml
______________________________________________________________________
07.46.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine OpManager JSP/Login.DO Multiple Cross-Site
Scripting Vulnerabilities
Description: ManageEngine OpManager is a network monitoring/management
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/26368
______________________________________________________________________
07.46.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross
Site Scripting
Description: Computer Associates SiteMinder (formerly Netegrity
SiteMinder) is an access management solution. The web agent is a
component that controls access to resources that can be identified
with a URI. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize input to the "SMAUTHREASON"
parameter of the "forms/smpwservices.fcc" script.
Ref: http://www.securityfocus.com/archive/1/483367
______________________________________________________________________
07.46.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cerberus FTP Server Web Interface Cross-Site Scripting
Description: Cerberus FTP Server is an FTP server that runs on
Microsoft Windows platforms. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to an unknown parameter used by the web interface.
Cerberus FTP Server versions prior to 2.46 are affected.
Ref: http://www.cerberusftp.com/cerberus-releasenotes.htm#ReleaseNotes
______________________________________________________________________
07.46.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mozilla Firefox Jar URI Cross-Site Scripting
Description: Mozilla Firefox is a browser available for multiple
platforms. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input. The
problem occurs in the implementation of the "jar" protocol.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=369814
______________________________________________________________________
07.46.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Helpdesk Login SQL Injection
Description: PHP Helpdesk is a web-based, help desk task management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
login page before using it in an SQL query. PHP Helpdesk version
0.6.16 is affected.
Ref: http://www.securityfocus.com/archive/1/483256
______________________________________________________________________
07.46.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Vendejo Articles.PHP SQL Injection
Description: E-Vendejo is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"articles.php" script before using it in an SQL query. E-Vendejo
version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/26330
______________________________________________________________________
07.46.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP Message Board Printer.ASP SQL Injection
Description: ASP Message Board is a web application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "boards/printer.asp" script before using it in an SQL
query. ASP Message Board version 2.2.1c is affected.
Ref: http://www.securityfocus.com/bid/26334
______________________________________________________________________
07.46.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JPortal Mailer.PHP SQL Injection
Description: JPortal is a PHP-based, web-forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "to" parameter of the
"mailer.php" script before using it in an SQL query. JPortal version 2
is affected.
Ref: http://www.milw0rm.com/exploits/4611
______________________________________________________________________
07.46.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UPublisher Multiple SQL Injection Vulnerabilities
Description: UPublisher is an automated news publishing system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input before using it in
an SQL query. UPublisher version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/453462
______________________________________________________________________
07.46.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPWind AdminUser Parameter SQL Injection
Description: PHPWind Board is a web-based bulletin board. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "AdminUser" parameter.
PHPWind versions 5.0.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/21011
______________________________________________________________________
07.46.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UStore/USupport Detail.ASP SQL Injection
Description: UStore is a web-based ecommerce application implemented
in ASP. USupport is a web-based support forum implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "ID" parameter of the
"detail.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/451307
______________________________________________________________________
07.46.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MiNT Haber Sistemi Duyuru.asp SQL Injection
Description: MiNT Haber Sistemi is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "duyuru.asp" script before using it in an
SQL query. MiNT Haber Sistemi version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/22030
______________________________________________________________________
07.46.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wiz-Ad Login Page SQL Injection
Description: Wiz-Ad is an ASP-based application for managing and
serving advertisements. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data.
Specifically, the issue occurs in the password field when the username
is set to "Administrator" or "Client". Wiz-Ad version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/25819
______________________________________________________________________
07.46.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rapid Classified AgencyCatResult.ASP SQL Injection
Description: Rapid Classified is an ASP-based advertisement
application. Rapid Classified is exposed to an SQL injection issue.
The application fails to properly sanitize user-supplied input to the
"cmbCat" parameter of the "agencyCatResult.asp" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/archive/1/483436
______________________________________________________________________
07.46.60 CVE: Not Available
Platform: Web Application
Title: DM Guestbook Multiple Local File Include Vulnerabilities
Description: DM Guestbook is a PHP-based guestbook application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. DM Guestbook
version 0.4.1 is affected.
Ref: http://www.securityfocus.com/bid/26300
______________________________________________________________________
07.46.61 CVE: Not Available
Platform: Web Application
Title: Scribe Forum.PHP Remote PHP Code Execution
Description: Scribe is a flat-file, bulletin board application
implemented in PHP. The application is exposed to an arbitrary PHP
code execution issue because it fails to properly sanitize
user-supplied input. Specifically, when a new user is registered, the
application creates a file named "/regged/[username].php". Malicious
PHP script code may be injected into this file when it is created via
the "Register" parameter of the "forum.php" script. Scribe version 0.2
is affected.
Ref: http://www.securityfocus.com/archive/1/483183
______________________________________________________________________
07.46.62 CVE: Not Available
Platform: Web Application
Title: IBM Tivoli Service Desk Maximo HTML Injection
Description: IBM Tivoli Service Desk Maximo is a
commercially available, web-based service desk application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. IBM Tivoli Service Desk Maximo version 6.2 is
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06387
______________________________________________________________________
07.46.63 CVE: Not Available
Platform: Web Application
Title: Ax Developer CMS Index.PHP Local File Include
Description: Ax Developer CMS is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "module" parameter of
the "index.php" script. Ax Developer CMS version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/26306
______________________________________________________________________
07.46.64 CVE: Not Available
Platform: Web Application
Title: JLMForo System ModificarPerfil.PHP HTML Injection
Description: JLMForo System is a web application. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. This issue affects the signature form field of the
"modifcarPerfil.php" script.
Ref: http://www.securityfocus.com/bid/26311
______________________________________________________________________
07.46.65 CVE: Not Available
Platform: Web Application
Title: Sun Remote Services Net Connect Software Local Format String
Description: Sun Remote Services (SRS) Net Connect Software is a
web-based asset configuration and patch reporting application used to
manage Sun server and storage systems. The application is exposed to a
local format string issue because it fails to properly sanitize
user-supplied input before passing it as the format specifier to a
formatted printing function.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
______________________________________________________________________
07.46.66 CVE: Not Available
Platform: Web Application
Title: GuppY Includes.Inc Remote File Include
Description: GuppY is a content management system. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "selskin" parameter
used by the "/inc/includes.inc" script. GuppY version 4.6.3 is
affected.
Ref: http://www.securityfocus.com/bid/26315
______________________________________________________________________
07.46.67 CVE: Not Available
Platform: Web Application
Title: scWiki Common.PHP Remote File Include
Description: scWiki is a wiki application. The application is exposed
to a remote file include issue because it fails to sufficiently
sanitize user-supplied input to the "pathdo" parameter of the
"includes/common.php" script. scWiki version 1.0 Beta 2 is affected.
Ref: http://www.securityfocus.com/bid/26316
______________________________________________________________________
07.46.68 CVE: Not Available
Platform: Web Application
Title: Quick And Dirty Blog Categories.PHP Local File Include
Description: Quick And Dirty Blog is a blogging application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "theme" parameter of
the "categories.php" script. Quick And Dirty Blog version 0.4 is
affected.
Ref: http://www.securityfocus.com/bid/26317
______________________________________________________________________
07.46.69 CVE: Not Available
Platform: Web Application
Title: PHP Helpdesk Index.PHP Local File Include
Description: PHP Helpdesk is a web-based, help desk and task management
application implemented in PHP. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "whattodo" parameter of the "index.php" script. PHP
Helpdesk version 06.16 is affected.
Ref: http://www.securityfocus.com/archive/1/483256
______________________________________________________________________
07.46.70 CVE: Not Available
Platform: Web Application
Title: SF-Shoutbox Main.PHP Multiple HTML Injection Vulnerabilities
Description: SF-Shoutbox is a web application. The application is
exposed to multiple HTML injection issues because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. SF-Shoutbox versions 1.2.1 to 1.4 are affected.
Ref: http://www.securityfocus.com/bid/26320
______________________________________________________________________
07.46.71 CVE: Not Available
Platform: Web Application
Title: SyndeoCMS MAIN.INC.PHP Remote File Include
Description: SyndeoCMS is a fork of the Site@School content management
system. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"cmsdir" parameter of the "main.inc.php" script. SyndeoCMS version
2.5.01 is affected.
Ref: http://www.securityfocus.com/bid/26321
______________________________________________________________________
07.46.72 CVE: Not Available
Platform: Web Application
Title: nuBoard Index.PHP Remote File Include
Description: nuBoard is a forum application. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "site" parameter of
the "index.php" script. nuBoard version 0.5 is affected.
Ref: http://www.securityfocus.com/bid/26322
______________________________________________________________________
07.46.73 CVE: Not Available
Platform: Web Application
Title: Vortex Portal Multiple Remote File Include Vulnerabilities
Description: Vortex Portal is a content management application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"cfgProgDir" parameter of the following scripts:
"admincp/auth/secure.php" and "admincp/auth/checklogin.php". Vortex
Portal version 1.0.42 is affected.
Ref: http://www.securityfocus.com/bid/26325
______________________________________________________________________
07.46.74 CVE: CVE-2007-5567
Platform: Web Application
Title: Galmeta Post Upload_Config.PHP Remote File Include
Description: Galmeta Post is a content management system (CMS). The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "DDS" parameter of
the "/tmp/post_static_0-11/_lib/fckeditor/upload_config.php" script.
Galmeta Post version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/26329
______________________________________________________________________
07.46.75 CVE: Not Available
Platform: Web Application
Title: JBC Explorer Auth.Inc.PHP Authentication Bypass
Description: JBC Explorer PHP-based application that allows users to
view files on the web server. The application is exposed to an
authentication bypass issue. The issue exists in the
"dirsys/modules/auth/index_auth.php" script when "sccr=1" is passed to
"dirsys/modules/auth.php" via an HTTP POST request. JBC Explorer
version 7.20 RC1 is affected.
Ref: http://www.securityfocus.com/archive/1/483268
______________________________________________________________________
07.46.76 CVE: Not Available
Platform: Web Application
Title: easyGB Index.PHP Local File Include
Description: easyGB is a web-based, guest book application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "DatabaseType"
parameter of the "index.php" script. easyGB version 2.1.1 is affected.
Ref: http://www.securityfocus.com/bid/26335
______________________________________________________________________
07.46.77 CVE: CVE-2007-5599
Platform: Web Application
Title: awrate.com Message Board 404.PHP and TopBar.PHP Multiple Remote
File Include Vulnerabilities
Description: awrate.com message board is a web application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the "toroot"
parameter of the "404.php" and "topbar.php" scripts. awrate.com
message board version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26336
______________________________________________________________________
07.46.78 CVE: Not Available
Platform: Web Application
Title: PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
Description: PicoFlat CMS is a web-based content manager. The
application is exposed to multiple security bypass issues because it
fails to properly validate user privileges. PioFlat CMS versions prior
to 0.4.18 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=549287&group_id=195156
______________________________________________________________________
07.46.79 CVE: CVE-2007-5776
Platform: Web Application
Title: i-Gallery igallery.ASP Remote Information Disclosure
Description: i-Gallery is a web-based photo gallery application
implemented in ASP. The application is exposed to a remote information
disclosure issue because it fails to properly sanitize user-supplied
input. Specifically, the application does not properly sanitize the
"d" parameter of the "igallery.asp" script of a combination of encoded
backslash characters ("%5c") and directory traversal strings ("../").
i-Gallery version 3.4 is affected.
Ref:
http://www.securityfocus.com/archive/1/archive/1/482788/100/0/threaded
______________________________________________________________________
07.46.80 CVE: CVE-2007-5116
Platform: Web Application
Title: Perl Unicode Regular Expression Buffer Overflow
Description: Perl is exposed to a buffer overflow issue due to a
failure of the application to sufficiently bounds check user-supplied
input. Perl version 5.8 is affected.
Ref: http://www.securityfocus.com/bid/26350
______________________________________________________________________
07.46.81 CVE: Not Available
Platform: Web Application
Title: OrangeHRM REDIRECT Function Remote Security Bypass
Description: OrangeHRM is a PHP-based application for managing human
resources. The application is exposed to a security bypass issue
because it fails to properly validate user privileges. Specifically,
this issue affects the "reDirect" function in the 
"php/orangehrm/lib/controllers/RepViewController.php" script.
OrangeHRM versions prior to 2.2.2 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=550550&group_id=156477
______________________________________________________________________
07.46.82 CVE: CVE-2007-5741
Platform: Web Application
Title: Plone Multiple Modules Script Execution Vulnerabilities
Description: Plone is a web-based content management system (CMS)
implemented in Python. The application is exposed to multiple
script execution issues that affect the "statusmessages" and
"linkintegrity" modules. Plone versions 2.5.4 and earlier of
the 2.5 branch and Plone versions 3.0.2 and earlier of the 3.0 branch
are affected.
Ref: http://www.securityfocus.com/archive/1/483343
______________________________________________________________________
07.46.83 CVE: Not Available
Platform: Web Application
Title: PHPMyChat Languages.Lib.PHP Local File Include
Description: phpMyChat is a web chat application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "ChatPath" parameter of the
"languages.lib.php" script. phpMyChat versions 0.15.0 and earlier
are affected.
Ref: http://www.securityfocus.com/archive/1/450923
______________________________________________________________________
07.46.84 CVE: Not Available
Platform: Web Application
Title: PHPMyChat Plus Multiple Local File Include Vulnerabilities
Description: phpMyChat Plus is a chat application. The application is
exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the "ChatPath" parameter.
phpMyChat Plus versions 1.9 and earlier are affected.
Ref: http://www.securityfocus.com/bid/20972
______________________________________________________________________
07.46.85 CVE: Not Available
Platform: Web Application
Title: VBlog CFGProgDir Parameter Multiple Remote File Include
Vulnerabilities
Description: vBlog is a web-log implemented in PHP. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "cfgProgDir"
parameter.
Ref: http://www.securityfocus.com/bid/20977
______________________________________________________________________
07.46.86 CVE: Not Available
Platform: Web Application
Title: CMSMelborp User_Standard.PHP Remote File Include
Description: CMSmelborp is a content manager. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "relative_root"
parameter of "user_standard.php".
Ref: http://www.securityfocus.com/bid/21022
______________________________________________________________________
07.46.87 CVE: Not Available
Platform: Web Application
Title: eIQnetworks Enterprise Security Analyzer Multiple Buffer
Overflow Vulnerabilities
Description: eIQnetworks Enterprise Security Analyzer is a distributed
application for enterprise security. The application is exposed to
multiple buffer overflow issues because it fails to properly bounds
check user-supplied data before copying it into an insufficiently
sized memory buffer. Enterprise Security Analyzer version 2.5 is
affected.
Ref: http://www.securityfocus.com/archive/1/465488
______________________________________________________________________
07.46.88 CVE: Not Available
Platform: Web Application
Title: Weblord.it MS TopSites Unauthorized Access Vulnerability and
HTML Injection
Description: MS TopSites is a PHP-based site rating module for
PHP-Nuke. The application is exposed to multiple input validation
issues.
Ref: http://www.securityfocus.com/archive/1/483353
______________________________________________________________________
07.46.89 CVE: Not Available
Platform: Web Application
Title: IrayoBlog Irayofuncs.PHP Board Remote File Include
Description: IrayoBlog is a web-log application. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "irayodirhack"
parameter of the "irayofuncs.php" script. IrayoBlog versions 0.2.4 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/20968
______________________________________________________________________
07.46.90 CVE: Not Available
Platform: Web Application
Title: Ezboxx Multiple Input Validation Vulnerabilities
Description: Ezboxx is a web-based portal application implemented in
ASP. The application is exposed to multiple input validation issues
because it fails to sufficiently sanitize user-supplied input. Ezboxx
Portal System Beta versions 0.7.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/22029
______________________________________________________________________
07.46.91 CVE: CVE-2007-0320
Platform: Web Application
Title: InstallFromTheWeb Multiple Unspecified Buffer Overflow
Vulnerabilities
Description: Macrovision/InstallShield InstallFromTheWeb is a
web-based software installer. The application is exposed to multiple
unspecified buffer overflow issues because it fails to properly check
boundaries on user-supplied data before copying it to an
insufficiently sized buffer.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
07.46.92 CVE: Not Available
Platform: Web Application
Title: E107 Mailout.PHP Remote Command Execution
Description: e107 is a content manager implemented in PHP. The
application is exposed to a command execution issue because it fails
to sanitize user-supplied input in the "mailer" parameter, which is
passed to "popen()" call when sending a test email. This issue resides
in the "mailout.php" script. e107 version 0.7.8 is affected.
Ref: http://www.securityfocus.com/archive/1/465483
______________________________________________________________________
07.46.93 CVE: Not Available
Platform: Web Application
Title: MyWebFTP Pass.PHP Hashed Password Information Disclosure
Description: MyWebFTP is a PHP-based FTP client. The application is
exposed to an information disclosure issue because unauthorized users
can access the "mwftp5/free/_files/conf/pass.php" script. The script
contains the administrator's password hash.
Ref: http://www.securityfocus.com/bid/26366
______________________________________________________________________
07.46.94 CVE: CVE-2007-3921
Platform: Web Application
Title: GForge Insecure Temporary File Creation
Description: GForge is a PHP-based application for managing source
code. The application creates temporary files in an insecure manner.
Local users could truncate system files with the privileges of the
GForge user.
Ref: http://www.securityfocus.com/bid/26373
______________________________________________________________________
07.46.95 CVE: Not Available
Platform: Web Application
Title: PEAR::MDB2 BLOB Field Information Disclosure
Description: MDB2 is a PEAR (PHP Extension and Application Repository)
module that implements a database abstraction layer for PHP
applications. It is the result of merging the PEAR DB and Metabase
modules. The application is exposed to an information disclosure issue
because the library fails to securely handle URIs in BLOB and CLOB
database fields. MDB2 version 2.5.0a1 is affected.
Ref: http://pear.php.net/bugs/bug.php?id=10024
______________________________________________________________________
07.46.96 CVE: Not Available
Platform: Web Application
Title: USVN Subversion Repository Information Disclosure
Description: USVN is a web-based application for administering
software repositories. The application is exposed to an information
disclosure issue that occurs because it allows unauthorized users to
view the list of files in a subversion repository. USVN version 6.5 is
affected.
Ref: http://www.usvn.info/news/
______________________________________________________________________
07.46.97 CVE: Not Available
Platform: Network Device
Title: BT Home Hub Login Procedure Authentication Bypass
Description: BT Home Hub is a wireless router developed by BT. The
application is exposed to a authentication bypass issue because the
devices allow users to bypass the login procedure when attempting to
view and change router configurations. BT Home Hub firmware version
6.2.2.6 is affected.
Ref: http://www.securityfocus.com/bid/26333
______________________________________________________________________
07.46.98 CVE: CVE-2007-5789
Platform: Network Device
Title: Grandstream HandyTone-488 PSTN To VoIP Adapter IP Stack Remote
Denial of Service
Description: Grandstream HandyTone-488 is a Voice over IP (VoIP)
phone. The application is exposed to a denial of service issue that
resides in the implementation of its IP stack. Specifically, the
device fails to handle fragmented IP packets over port 5060. This port
is used to communicate with the device's public IP address.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=362
______________________________________________________________________
[ terug ]