Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
           @RISK: The Consensus Security Vulnerability Alert
Nov 19, 2007                                              Vol. 6. Week 47
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
- ------------------------       -------------------------------------
Windows                                          2 (#3, #4)
Microsoft Office                                 1
Third Party Windows Apps                         6 (#7)
Mac Os                                           4 (#1)
Linux                                            6 (#5, #8)
Unix                                             1
Novell                                           1
Cross Platform                                  15 (#2, #6)
Web Application - Cross Site Scripting           9
Web Application - SQL Injection                 13
Web Application                                 10
Network Device                                   1

******************** Sponsored By Sourcefire, Inc. *********************

Security 3.0:  Are You Ready? 
Sourcefire Webcast Featuring Gartner 

Security 3.0 is about getting out of reactive mode and into proactive
mode by building network security everywhere it can be.  Learn how to
build up security before, during, and after an attack with this archived
Webcast.  Watch Security 3.0 Webcast now
http://www.sans.org/info/19481
*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS'
other top-rated courses?
- - Washington DC (12/13-12/18): http://www.sans.org/cdi07
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - London (11/26 - 12/1): http://www.sans.org/london07/
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-008)
(2) HIGH: Samba Multiple Buffer Overflows
(3) MODERATE: Microsoft Windows Shell URI Handling Vulnerability (MS07-061)
(4) MODERATE: Microsoft DNS Server Spoofing Vulnerability (MS07-062)
(5) MODERATE: Linux CIFS Buffer Overflow
(6) MODERATE: Multiple FLAC Parsers Multiple Vulnerabilities
(7) MODERATE: Apple Safari for Windows Buffer Overflow
(8) LOW: Linux Kernel TCP Processing Denial-of-Service


***********************  Sponsored Links  *******************************

1) Don't let incorrect changes to device configurations bring down your
network. FireMon: keeping networks operational.
http://www.sans.org/info/19486

2) Utimaco Launches SafeGuard Enterprise 5.2 Raising the Bar on
Cross-platform Data Protection
http://www.sans.org/info/19491

3) A review and analysis of complex security threats and their impact
on the SMB.
http://www.sans.org/info/19496
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
07.47.1  - Microsoft Windows Recursive DNS Spoofing
 -- Microsoft Office
07.47.2  - Microsoft Office Web Component Memory Access Violation Denial of
Service
 -- Third Party Windows Apps
07.47.3  - Miranda IM EXT_YAHOO_CONTACT_ADDED Remote Format String
07.47.4  - AOL Radio AmpX.DLL ActiveX Control Multiple Remote Buffer Overflow
Vulnerabilities
07.47.5  - WinPcap NPF.SYS Bpf_Filter_Init Function Local Privilege Escalation
07.47.6  - Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of
Service Vulnerabilities
07.47.7  - RSA Authentication Agent IISWebAgentIF.DLL Remote Stack-Based Buffer
Overflow
07.47.8  - WebEx GPCContainer Memory Access Violation Multiple Denial of Service
Vulnerabilities
 -- Mac Os
07.47.9  - Apple Max OS X Application Firewall Launchd Firewall Bypass Weakness
07.47.10 - Apple Mac OS X Application Firewall Unauthorized Network Access
Weakness
07.47.11 - Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities
07.47.12 - Apple Mac OS X 10.5 Application Firewall Misleading Configuration
Weakness
 -- Linux
07.47.13 - Conga ricci Connection Limit Remote Denial of Service
07.47.14 - Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation
Weaknesses
07.47.15 - Linux Kernel CIFS Transport.C Remote Buffer Overflow
07.47.16 - GNU TAR and CPIO safer_name_suffix Remote Denial of Service
07.47.17 - PCRE Regular Expression Library Multiple Integer and Buffer Overflow
Vulnerabilities
07.47.18 - PADL Nss_ldap Race Condition Security
 -- Unix
07.47.19 - ClamAV Unspecified Remote Code Execution
 -- Novell
07.47.20 - Novell Client for Windows NWFILTER.SYS Local Privilege Escalation
 -- Cross Platform
07.47.21 - Pioneers Session Object Denial of Service
07.47.22 - PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
07.47.23 - Oracle Database Server Installation Security Bypass
07.47.24 - PHP stream_wrapper_register() Function Denial of Service
07.47.25 - Adobe ColdFusion CFID CFTOKEN Session Hijacking
07.47.26 - IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption
Vulnerabilities
07.47.27 - Apple QuickTime Movie Atom Remote Stack-Based Buffer Overflow
07.47.28 - Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow
07.47.29 - IBM WebSphere Application Server WebContainer HTTP Request Header
Security Weakness
07.47.30 - Apple Safari Unspecified Frame Events Same-Origin Policy Bypass
07.47.31 - Apple Safari Tabbed Browsing Information Disclosure
07.47.32 - Apple Safari for Windows Document.Location.Hash Buffer Overflow
07.47.33 - IBM DB2 Multiple Privilege Escalation Vulnerabilities
07.47.34 - Citrix Presentation Server Remote Unauthorized Code Execution
07.47.35 - Samba NMBD Logon Request Remote Buffer Overflow
 -- Web Application - Cross Site Scripting
07.47.36 - Miro Broadcast Machine Login.PHP Cross Site Scripting
07.47.37 - Eggblog Rss.PHP Cross-Site Scripting
07.47.38 - AutoIndex PHP Script PHP_SELF Index.PHP Cross-Site Scripting
07.47.39 - F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting
07.47.40 - X7 Chat Multiple Cross Site Scripting Vulnerabilities
07.47.41 - Grani Search Favorites Cross Site Scripting
07.47.42 - VTLS Web Gateway Searchtype Parameter Cross-Site Scripting
07.47.43 - WP-SlimStat WordPress Plugin Cross-Site Scripting
07.47.44 - Nuked-Klan File Parameter News Module Cross-Site Scripting
 -- Web Application - SQL Injection
07.47.45 - Xoops Mylinks Module Brokenlink.PHP SQL injection
07.47.46 - JPortal Articles.PHP SQL Injection
07.47.47 - TBsource Index.PHP SQL Injection
07.47.48 - Softbiz Online Auctions Script PRODUCT_DESC.PHP SQL Injection
07.47.49 - Softbiz Ad Management PLUS Script ADS.PHP SQL Injection
07.47.50 - Softbiz Banner Exchange Script CAMPAIGN_STATS.PHP SQL Injection
07.47.51 - Softbiz Link Directory Script SEARCHRESULT.PHP SQL Injection
07.47.52 - PHP-Nuke Advertising Module Modules.PHP SQL Injection
07.47.53 - TorrentStrike INDEX.PHP SQL Injection
07.47.54 - Datecomm Social Networking Script Index.PHP SQL Injection
07.47.55 - Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities
07.47.56 - Free Forum Search SQL Injection
07.47.57 - DocuSafe Search Parameter SQL Injection
 -- Web Application
07.47.58 - Updir.net Updir.PHP Cross Site Scripting
07.47.59 - Yappa-NG Check_Noimage.PHP Remote File Include
07.47.60 - AutoIndex PHP Script Index.PHP Denial of Service
07.47.61 - PHP Application Tools patBBCode BBCODESOURCE.PHP Remote File Include
07.47.62 - ExoPHPDesk Index.PHP Multiple Input Validation Vulnerabilities
07.47.63 - CONTENTCustomizer Dialog.PHP Unauthorized Access
07.47.64 - TestLink Unspecified Authentication Bypass
07.47.65 - AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities
07.47.66 - Aruba MC-800 Mobility Controller Screens Directory HTML Injection
07.47.67 - ExoPHPDesk Register.PHP Multiple HTML Injection Vulnerabilities
 -- Network Device
07.47.68 - Lantronix SCS3200 Remote Denial of Service

______________________________________________________________________


PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************


(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-008)
Affected:
Apple Mac OS X versions 10.4.10 and prior
Apple Mac OS X versions 10.5 and prior

Description: Apple Mac OS X contains multiple vulnerabilities.
Vulnerabilities range in severity from remote code execution to
information disclosure and denials-of-service. A large number of the
vulnerabilities are exploitable only by local users or users on the
local network, but several vulnerabilities are exploitable by remote
users. Several file format vulnerabilities are also present. Several
implementation errors also exist in the Mac OS X application firewall.
The firewall flaws affect only Mac OS X 10.5. The other vulnerabilities
affect only Mac OS X 10.4.10 and prior.  Some of these vulnerabilities
have been discussed in previous issues of @RISK. Technical details are
available for some of these vulnerabilities.

Status: Apple confirmed, updates available. 

References:
Apple Security Advisories
http://docs.info.apple.com/article.html?artnum=307004
http://docs.info.apple.com/article.html?artnum=307041
SecurityFocus BID
http://www.securityfocus.com/bid/26444

********************************************************

(2) HIGH: Samba Multiple Buffer Overflows
Affected:
Samba versions prior to 3.0.27

Description: Samba is an open source suite of applications designed to
provide interoperability between clients using Microsoft Windows and
servers running Unix or Unix-like operating systems. Several flaws in
the handling of various requests could lead to a buffer overflow.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the vulnerable process,
often root. Full technical details for these vulnerabilities is
available via source code analysis.

Status: Samba confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2007-90/advisory/
Samba Security Advisories
http://www.securityfocus.com/archive/1/483742
http://www.securityfocus.com/archive/1/483743
SecurityFocus BIDs
http://www.securityfocus.com/bid/26455
http://www.securityfocus.com/bid/26454

********************************************************

(3) MODERATE: Microsoft Windows Shell URI Handling Vulnerability (MS07-061)
Affected:
Microsoft Windows XP
Microsoft Windows Server 2003

Description: The Microsoft Windows Shell, the portion of the operating
system responsible for managing the user interface, contains a flaw in
its handling of URIs passed to it by applications. A malicious URI
passed to an application that is then passed to the shell could exploit
this vulnerability to execute arbitrary commands with the privileges of
the current user. Numerous applications are known to pass URIs to the
Windows Shell in an insecure manner. Technical details and several
proofs-of-concept are available for this vulnerability. This
vulnerability has been discussed in a previous issue of @RISK.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx
Microsoft Security Response Center Blog Posting
http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-
and-background-on-security-advisory-943521.aspx
Proof-of-Concept (PDF file)
http://www.securityfocus.com/bid/25945/exploit
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=6&i=42#widely5
SecurityFocus BID
http://www.securityfocus.com/bid/25945

********************************************************

(4) MODERATE: Microsoft DNS Server Spoofing Vulnerability (MS07-062)
Affected:
Microsoft Windows 2000
Microsoft Windows Server 2003

Description: Microsoft's DNS server, shipped as part of Microsoft's
server offerings, contain a flaw in its algorithm used to generate
random transaction ID numbers. These numbers are used by the DNS
protocol to identify and pair requests and responses. If the transaction
ID is guessed, an attacker could provide a false reply to a DNS server
or otherwise impersonate actors in other requests, and potentially cause
the vulnerable DNS server to return false responses to its clients. This
would allow an attacker to divert traffic to attacker-controlled or
otherwise malicious locations. The random number generation flaw would
allow an attacker who could observe several transaction IDs to predict
future transaction IDs. This flaw may be related to a flaw in ISC BIND,
the de facto DNS server software for Unix and other systems. The flaw
in ISC BIND was discussed in an earlier edition of @RISK. Multiple
proofs-of-concept are publicly available for this vulnerability.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx
Proofs-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/25919.pl
http://downloads.securityfocus.com/vulnerabilities/exploits/25919-spoofer-ms.pl
Wikipedia Article on DNS Cache Poisoning
http://en.wikipedia.org/wiki/DNS_cache_poisoning
Previous @RISK Entry
https://www.sans.org/newsletters/risk/display.php?v=6&i=31#widely8
SecurityFocus BID
http://www.securityfocus.com/bid/25919

********************************************************

(5) MODERATE: Linux CIFS Buffer Overflow
Affected:
Linux kernel versions 2.6.23.1 and prior

Description: The Linux kernel, the core of operating systems generally
described as Linux, contains a flaw in its handling of the Common
Internet Filesystem (CIFS) protocol. The CIFS protocol is based on the
older Server Message Block (SMB) protocol, used primarily by Microsoft
Windows systems to share filesystems and other resources. A malicious
CIFS server could trigger a buffer overflow in the SendReceive()kernel
function in any Linux clients connected to the server. This would allow
an attacker to execute arbitrary code with kernel level privileges. Full
technical details for this vulnerability are publicly available.

Status: Linux kernel developers have confirmed the flaw. A preliminary
patch is available.

References:
Posting by Przemyslaw Wegrzyn
http://marc.info/?l=linux-kernel&m=119455843205403&w=2
Kernel Patch Log
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=
133672efbc1085f9af990bdc145e1822ea93bcf3
Wikipedia Article on CIFS
http://en.wikipedia.org/wiki/Server_Message_Block
SecurityFocus BID
http://www.securityfocus.com/bid/26438

********************************************************

(6) MODERATE: Multiple FLAC Parsers Multiple Vulnerabilities
Affected:
LibFLAC versions prior to 1.2.1
Other FLAC parsers are reported vulnerable

Description: FLAC is the Free Lossless Audio Codec, used to compress
audio data. It is supported by many popular software and hardware media
players. Several flaws have been found in multiple FLAC parsers. A
specially crafted FLAC file could trigger one of these vulnerabilities.
Several of these vulnerabilities would allow an attacker to execute
arbitrary code with the privileges of the current user. Note that,
depending on the application used and system configuration, FLAC files
may be opened automatically. Some of these vulnerabilities have been
discussed in earlier issues of @RISK. Technical details for these
vulnerabilities is available via source code analysis.

Status: LibFLAC confirmed, updates available.

References:
eEye Security Advisory
http://research.eeye.com/html/advisories/published/AD20071115.html
Previous @RISK Entry
https://www2.sans.org/newsletters/risk/display.php?v=6&i=42#widely10
LibFLAC Home Page
http://flac.sourceforge.net/
Wikipedia Article on FLAC
http://en.wikipedia.org/wiki/FLAC
SecurityFocus BID
http://www.securityfocus.com/bid/26042

********************************************************

(7) MODERATE: Apple Safari for Windows Buffer Overflow
Affected
Apple Safari for Windows versions 3.0.3 and prior

Description: Apple Safari is Apple's web browser product for Apple Mac
OS X and Microsoft Windows. The Microsoft Windows version contains a
buffer overflow vulnerability in its handling of certain JavaScript
constructs. A malicious web page containing a specially crafted
JavaScript script could trigger this vulnerability and execute arbitrary
code with the privileges of the current user. A proof-of-concept for
this vulnerability is publicly available. Note that the version of
Safari for Mac OS X does not appear to be affected. Several other
vulnerabilities, including information disclosure and denial-of-service
vulnerabilities are addressed by this update.

Status: Apple confirmed, updates available.

References:
Posting by Azizov E. (includes proof-of-concept)
http://www.securityfocus.com/archive/1/478802
Apple Security Advisory
http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html
Apple Safari Home Page
http://www.apple.com/safari
SecurityFocus BID
http://www.securityfocus.com/bid/26448

********************************************************

(8) LOW: Linux Kernel TCP Processing Denial-of-Service
Affected:
Linux kernel versions prior to 2.6.23.8

Description: The Linux kernel, the core of operating systems generally
described as Linux, contains a flaw in its handling of Transmission
Control Protocol (TCP) packets. A specially crafted sequence of TCP
packets could trigger a denial-of-service condition, leading to a system
crash. Practically all systems exposed to the internet expose themselves
to TCP packets, making this vulnerability potentially widely
exploitable. It is not believed to be possible to leverage this
vulnerability to lead to remote code execution. Full technical details
are publicly available for this vulnerability.

Status: Linux kernel developers confirmed, updates available.

References:
Kernel Change Log
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8
Wikipedia Article on TCP
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/26474

****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 47, 2007
This list is compiled by Qualys (www.qualys.com) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.47.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Recursive DNS Spoofing
Description: Microsoft Windows DNS Server is exposed to an issue that
permits an attacker to spoof responses to DNS requests. This issue
occurs because the affected service fails to provide enough entropy
when randomizing transaction values that are used in recursive DNS
requests.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx
______________________________________________________________________

07.47.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Office Web Component Memory Access Violation Denial
of Service
Description: Microsoft Office Component is a collection of Component
Object Model (COM) controls for publishing and viewing spreadsheets,
charts, and databases on websites. The application is exposed to a
memory access violation denial of service issue that occurs when a new
ActiveXObject "OWC.11.DataSourceControl" is instantiated in a
web page. OWC11 for Microsoft Office 2003 is affected.
Ref:
http://www.microsoft.com/downloads/details.aspx?familyid=7287252c-402e-4f72-97a5
-e0fd290d4b76&displaylang=en
______________________________________________________________________

07.47.3 CVE: CVE-2007-5396
Platform: Third Party Windows Apps
Title: Miranda IM EXT_YAHOO_CONTACT_ADDED Remote Format String
Description: Miranda IM is an open-source instant messenger for
Windows. It supports many different protocols, including AIM,
Gadu-Gadu, IAX, ICQ, IRC, Jabber, MSN and Yahoo. The application is
exposed to a remote format string issue because it fails to properly
sanitize user-supplied input before passing it as the format specifier
to a formatted-printing function. Miranda IM version 0.7.1 is
affected.
Ref: http://secunia.com/secunia_research/2007-89/advisory/
______________________________________________________________________

07.47.4 CVE: CVE-2007-5755
Platform: Third Party Windows Apps
Title: AOL Radio AmpX.DLL ActiveX Control Multiple Remote Buffer
Overflow Vulnerabilities
Description: AOL Radio is used for streaming audio files in web
browsers. The application is exposed to multiple stack-based buffer
overflow issues because it fails to perform adequate boundary checks
on user-supplied data. "AmpX.dll" version 2.6.1.11 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=623
______________________________________________________________________

07.47.5 CVE: CVE-2007-5756
Platform: Third Party Windows Apps
Title: WinPcap NPF.SYS Bpf_Filter_Init Function Local Privilege
Escalation
Description: WinPcap provides real time link-level network access on
Windows operating systems. The application is exposed to a local
privilege escalation issue because the software fails to adequately
bounds check user-supplied data. WinPcap version 4.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/483581
______________________________________________________________________

07.47.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Forms 2.0 ActiveX Control Memory Access Violation
Denial of Service Vulnerabilities
Description: Microsoft Forms 2.0 ActiveX Control is a collection of
standard form controls that can be used on websites. It includes
textboxes, different types of buttons, checkboxes, etc. Forms 2.0
ActiveX is distributed with any application that includes Visual Basic
for Applications 5.0. The application is exposed to multiple
memory access violation denial of service issues.
Ref: http://www.securityfocus.com/bid/26414
______________________________________________________________________

07.47.7 CVE: CVE-2005-4734
Platform: Third Party Windows Apps
Title: RSA Authentication Agent IISWebAgentIF.DLL Remote Stack-Based
Buffer Overflow
Description: RSA Authentication Agent is an application that allows
users to authenticate to servers. The application is exposed to a
stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. This issue
occurs in the "IISWebAgentIF.dll" library. RSA WebAgent versions 5.2
and 5.3 for Web for Microsoft IIS are affected.
Ref:
http://www.metasploit.com/projects/Framework/exploits.
html#rsa_iiswebagent_redirect
______________________________________________________________________

07.47.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: WebEx GPCContainer Memory Access Violation Multiple Denial of
Service Vulnerabilities
Description: WebEx is a sharing and conferencing application for
Microsoft Windows. The application is exposed to multiple denial of
service issues due to a memory access violation in the "GpcContainer"
ActiveX Control. Specifically a memory access violation occurs in the
"InitParam()" and "SetParam()" methods.
Ref: http://www.securityfocus.com/bid/26430
______________________________________________________________________

07.47.9 CVE: CVE-2007-4704
Platform: Mac Os
Title: Apple Max OS X Application Firewall Launchd Firewall Bypass
Weakness
Description: Application Firewall is the firewall component
distributed with Mac OS X. The application is exposed to a weakness
regarding firewall settings and processes started by launchd.
Specifically, changes to the firewall settings will not affect
processes started by launchd until the processes are restarted. Mac OS
X version 10.5 is affected.
Ref: http://docs.info.apple.com/article.html?artnum=307004
______________________________________________________________________

07.47.10 CVE: CVE-2007-4703
Platform: Mac Os
Title: Apple Mac OS X Application Firewall Unauthorized Network Access
Weakness
Description: Apple Mac OS X is exposed to a weakness that results in
unauthorized network access to certain applications. This issue
affects the Application Firewall when "Set access for specific
services and applications" is enabled.
Ref: http://docs.info.apple.com/article.html?artnum=307004
______________________________________________________________________

07.47.11 CVE: CVE-2007-4678, CVE-2007-4679, CVE-2007-4680,
CVE-2007-4681, CVE-2007-4682, CVE-2007-4683, CVE-2007-4684,
CVE-2007-4685, CVE-2007-4686, CVE-2007-4687, CVE-2007-4688,
CVE-2007-4689, CVE-2007-3749, CVE-2007-4690, CVE-2007-4691,
CVE-2007-4692, CVE-2007-4693, CVE-2007-4694, CVE-2007-4695,
CVE-2007-4696, CVE-2007-4697, CVE-2007-4698, CVE-2007-4699,
CVE-2007-4268, CVE-2007-4269, CVE-2007-4700, CVE-2007-4701
Platform: Mac Os
Title: Apple Mac OS X v10.4.11 2007-008 Multiple Security
Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues
that affect Mac OS X and various applications, including AppleRAID,
CFFTP, CFNetwork, CoreFoundation, CoreText, kernel, remote_cmds,
networking, NFS, NSURL, SecurityAgent, WebCore and WebKit. Apple Mac
OS X versions 10.4.10 and earlier are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629
______________________________________________________________________

07.47.12 CVE: CVE-2007-4702
Platform: Mac Os
Title: Apple Mac OS X 10.5 Application Firewall Misleading
Configuration Weakness
Description: Apple Mac OS X 10.5 includes an Application Firewall that
is designed to filter network traffic at the application level rather
than the port level. It is designed to allow users to select
applications that can and cannot utilize network resources. The
application is exposed to a misleading configuration weakness due to a
flaw in the application's configuration dialog and documentation. Apple
Mac OS X version 10.5 is affected.
Ref: http://docs.info.apple.com/article.html?artnum=307004
______________________________________________________________________

07.47.13 CVE: CVE-2007-4136
Platform: Linux
Title: Conga ricci Connection Limit Remote Denial of Service
Description: Conga is an agent/server architecture for administering a
system remotely. The "ricci" component is the agent portion. The
application is exposed to a denial of service issue because the daemon
limits the number of connection requests.
Ref: https://rhn.redhat.com/errata/RHSA-2007-0640.html
______________________________________________________________________

07.47.14 CVE: CVE-2007-5770
Platform: Linux
Title: Ruby Multiple Libraries SSL Multiple Insecure Certificate
Validation Weaknesses
Description: Ruby includes multiple "net::" libraries that implement a
variety of net-related functionality. The application is exposed to
multiple insecure certificate validation weaknesses because multiple
libraries fail to properly perform validity checks on X.509
certificates.
Ref: https://rhn.redhat.com/errata/RHSA-2007-0965.html
______________________________________________________________________

07.47.15 CVE: CVE-2007-5904
Platform: Linux
Title: Linux Kernel CIFS Transport.C Remote Buffer Overflow
Description: The Linux kernel is exposed to a remote buffer overflow
issue because it fails to properly bounds check user-supplied input
before copying it into an insufficiently sized buffer. The Linux
kernel version 2.6.23.1 is affected.
Ref: http://marc.info/?l=linux-kernel&m=119455843205403&w=2
______________________________________________________________________

07.47.16 CVE: CVE-2007-4476
Platform: Linux
Title: GNU TAR and CPIO safer_name_suffix Remote Denial of Service
Description: GNU's tar and cpio utilities are exposed to a denial of
service issue. This issue is due to inappropriate use of the
"alloca()" function with user-supplied data.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=280961
______________________________________________________________________

07.47.17 CVE: CVE-2005-4872, CVE-2006-7227, CVE-2006-7228
Platform: Linux
Title: PCRE Regular Expression Library Multiple Integer and Buffer
Overflow Vulnerabilities
Description: PCRE is a set of functions that implement regular
expressions using the same syntax and semantics as Perl 5. A buffer
overflow issue affects the library because it fails to properly count
the number of named capturing subpatterns in a regular expression.
PCRE versions prior to 6.2 are affected.
Ref: http://scary.beasts.org/security/CESA-2007-006.html
______________________________________________________________________

07.47.18 CVE: CVE-2007-5794
Platform: Linux
Title: PADL Nss_ldap Race Condition Security
Description: PADL nss_ldap is a C library that allows access to X.500
and LDAP directory servers as sources for entities such as users,
hosts, groups, passwords etc. The application is exposed to a race
condition security issue that presents itself because the library
incorrectly handles calls from applications that use the "pthreads"
library and the "fork" commands. PADL nss_ldap versions prior to 259
are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=367461
______________________________________________________________________

07.47.19 CVE: Not Available
Platform: Unix
Title: ClamAV Unspecified Remote Code Execution
Description: ClamAV is an open source antivirus toolkit for UNIX that
is designed to scan email. The application is exposed to an
unspecified remote code execution issue. ClamAV version 0.91.1 is
affected.
Ref:
http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.
html
______________________________________________________________________

07.47.20 CVE: CVE-2007-5667
Platform: Novell
Title: Novell Client for Windows NWFILTER.SYS Local Privilege
Escalation
Description: Novell Client for Windows allows users to access Novell
services from remote computers. The client is exposed to a local
privilege escalation issue because it fails to adequately handle
user-supplied input. The issue occurs due to an unspecified
input validation error in "NWFILTER.SYS". Novell Client for Windows
version 4.91 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626
______________________________________________________________________

07.47.21 CVE: Not Available
Platform: Cross Platform
Title: Pioneers Session Object Denial of Service
Description: Pioneers is an online board game that was formerly known
as gnocatan. The application is exposed to a denial of service issue
because it allows session objects to be deleted. Pioneers versions
prior to 0.11.3 are affected.
Ref: http://sourceforge.net/forum/forum.php?forum_id=742693
______________________________________________________________________

07.47.22 CVE: CVE-2007-4887
Platform: Cross Platform
Title: PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to multiple security issues. PHP versions
5.2.4 and earlier are affected.
Ref:
http://www.securityfocus.com/archive/1/archive/1/478988/100/0/threaded
______________________________________________________________________

07.47.23 CVE: Not Available
Platform: Cross Platform
Title: Oracle Database Server Installation Security Bypass
Description: The Oracle Database Server is an enterprise database
server system available for multiple operating platforms. The
application is exposed to a security bypass issue because of a design
error. Oracle versions 10g and 11g are affected.
Ref: http://www.davidlitchfield.com/blog/archives/00000030.htm
______________________________________________________________________

07.47.24 CVE: Not Available
Platform: Cross Platform
Title: PHP stream_wrapper_register() Function Denial of Service
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to a denial of service issue that occurs in
the "stream_wrapper_register()" function when handling an excessively
long class name. PHP versions 5.2.5 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/483644
______________________________________________________________________

07.47.25 CVE: CVE-2007-5905
Platform: Cross Platform
Title: Adobe ColdFusion CFID CFTOKEN Session Hijacking
Description: Adobe ColdFusion is an application server and
software development framework used for creating dynamic web-based
content. The application is exposed to an issue that allows attackers
to hijack browser sessions. ColdFusion versions MX 7 and 8 are
affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb07-19.html
______________________________________________________________________

07.47.26 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption
Vulnerabilities
Description: IBM WebSphere MQ is a commercially-available messaging
engine for enterprises. The application is exposed to multiple
unspecified remote memory corruption issues. IBM WebSphere MQ version
6.0 is affected.
Ref: http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM
______________________________________________________________________

07.47.27 CVE: CVE-2007-4674
Platform: Cross Platform
Title: Apple QuickTime Movie Atom Remote Stack-Based Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a stack-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Apple QuickTime running on Microsoft Windows
Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
Ref: http://www.us-cert.gov/cas/techalerts/TA07-310A.html
______________________________________________________________________

07.47.28 CVE: CVE-2007-5398
Platform: Cross Platform
Title: Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer
Overflow
Description: Samba is a suite of software that provides file and print
services for "SMB/CIFS" clients. It is available for multiple
operating platforms. The application is exposed to a remote
stack-based buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized buffer. Samba versions 3.0.0 through 3.0.26a are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1013.html
______________________________________________________________________

07.47.29 CVE: CVE-2007-5944
Platform: Cross Platform
Title: IBM WebSphere Application Server WebContainer HTTP Request
Header Security Weakness
Description: IBM WebSphere Application Server is exposed to a security
weakness regarding an HTTP request header because the application
fails to sanitize specially-crafted HTTP request headers. In
particular, the application fails to sanitize the "Expect" header when
the data is redirected by WebContainer to an error message.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24017314
______________________________________________________________________

07.47.30 CVE: CVE-2007-4698
Platform: Cross Platform
Title: Apple Safari Unspecified Frame Events Same-Origin Policy Bypass
Description: Apple Safari is a web browser available for multiple
operating systems. The application is exposed to an issue that lets an
attacker bypass the same-origin policy by associating unspecified
events with frame data that is hosted in a different domain.
Ref: http://www.securityfocus.com/bid/26446
______________________________________________________________________

07.47.31 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Tabbed Browsing Information Disclosure
Description: Apple Safari is exposed to an information disclosure
issue because of a design issue relating to tabbed browsing.
Ref: http://www.securityfocus.com/bid/26447
______________________________________________________________________

07.47.32 CVE: CVE-2007-4812
Platform: Cross Platform
Title: Apple Safari for Windows Document.Location.Hash Buffer Overflow
Description: Safari is a browser from Apple available for Mac OS X and
Microsoft Windows. The application is exposed to a buffer overflow
issue that is triggered when an attacker entices an unsuspecting user to view a
maliciously crafted webpage.
Ref: http://www.securityfocus.com/archive/1/478802
______________________________________________________________________

07.47.33 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Multiple Privilege Escalation Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms including Linux, AIX, Solaris,
and Microsoft Windows. THe application is exposed to multiple issues.
IBM DB2 version 9.1 and IBM DB2 9.1 with fix pack 1, 2, 3, and 3a are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21255607#r4
______________________________________________________________________

07.47.34 CVE: Not Available
Platform: Cross Platform
Title: Citrix Presentation Server Remote Unauthorized Code Execution
Description: Citrix Presentation Server is a solution that provides
remote application access using the ICA protocol. The application is
exposed to a potential remote unauthorized code execution issue due to
a design error.
Ref: http://support.citrix.com/article/CTX114938
______________________________________________________________________

07.47.35 CVE: CVE-2007-4572
Platform: Cross Platform
Title: Samba NMBD Logon Request Remote Buffer Overflow
Description: Samba is a software suite that provides file and print
services for "SMB/CIFS" clients. It is available for multiple
operating platforms. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. Samba versions 3.0.0 through 3.0.26a are affected.
Ref: http://www.securityfocus.com/archive/1/483742
______________________________________________________________________

07.47.36 CVE: CVE-2007-3694
Platform: Web Application - Cross Site Scripting
Title: Miro Broadcast Machine Login.PHP Cross Site Scripting
Description: Miro Broadcast Machine is a PHP-based application for
managing and publishing video files on web pages. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "username" POST
parameter of the "login.php" script. Broadcast Machine version 0.9.9.9
is affected.
Ref: http://www.securityfocus.com/archive/1/483575
______________________________________________________________________

07.47.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Eggblog Rss.PHP Cross-Site Scripting
Description: Eggblog is a web-log application implemented in PHP. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user input. Specifically, this issue affects the
"home/rss.php" script and dynamically generated URI's constructed from
the contents of the "$_SERVER["PHP_SELF"]" variable. Eggblog version
3.1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/483569
______________________________________________________________________

07.47.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AutoIndex PHP Script PHP_SELF Index.PHP Cross-Site Scripting
Description: AutoIndex PHP Script is a PHP-based indexing tool and
file manager for web sites. The application is exposed to cross-site
scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "index.php" script. AutoIndex PHP Script
version 2.2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/483592
______________________________________________________________________

07.47.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site
Scripting
Description: FirePass 4100 SSL VPN is a secure Virtual Private Network
device that uses SSL connections to encapsulate network traffic. The
application is exposed to a cross-site scripting issue because it 
fails to properly sanitize user-supplied input. F5 FirePass 4100 SSL
VPNs running firmware versions 5.4 through 5.5.2 and 6.0 and 6.0.1 are
affected.
Ref: http://www.securityfocus.com/archive/1/483601
______________________________________________________________________

07.47.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: X7 Chat Multiple Cross-Site Scripting Vulnerabilities
Description: X7 Chat is a free, open source, web-based chat
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input. X7 Chat version 2.0.4 is affected.
Ref: http://www.securityfocus.com/bid/26417
______________________________________________________________________

07.47.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Grani Search Favorites Cross-Site Scripting
Description: Grani is an add-on for Internet Explorer. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input. Specifically, this issue
affects the "Search" field when used in conjunction with URIs
designated as "Favorites". Grani version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/26418
______________________________________________________________________

07.47.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VTLS Web Gateway Searchtype Parameter Cross-Site Scripting
Description: Web Gateway is a web-based application that utilizes CGI.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user input to the "searchtype" parameter of the
"vtls.web.gateway" script. Web Gateway versions prior to 48.1.1 are
affected.
Ref: http://www.securityfocus.com/archive/1/483622
______________________________________________________________________

07.47.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WP-SlimStat WordPress Plugin Cross-Site Scripting
Description: WP-SlimStat is a plugin for WordPress that adds
statistics functionality to a blog. WordPress allows users to generate
news pages and web-logs dynamically. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "ft" parameter of the "wp-slimstat.php"
script. WP-SlimStat Plugin version 0.9.2 is affected.
Ref: http://www.securityfocus.com/bid/26432
______________________________________________________________________

07.47.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Nuked-Klan File Parameter News Module Cross-Site Scripting
Description: Nuked-Klan is a content management system (CMS). The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "file" parameter
of the "index.php" script. Nuked-Klan version 1.7.5 is affected.
Ref: http://www.securityfocus.com/bid/26458
______________________________________________________________________

07.47.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Xoops Mylinks Module Brokenlink.PHP SQL Injection
Description: Xoops is a PHP-based, open source content manager. Mylinks
is a module included with the base package. The application is exposed
to an SQL injection issue because it fails to properly sanitize
user-supplied input to the "lid" parameter of the
"modules/mylinks/brokenlink.php" script before using it in an SQL
query. Xoops version 2.0.17.1 is affected.
Ref: http://www.securityfocus.com/archive/1/483525
______________________________________________________________________

07.47.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JPortal Articles.PHP SQL Injection
Description: JPortal is a PHP-based web forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "topic" parameter of
the "articles.php" script before using it in an SQL query. JPortal
version 2.3.1 is affected.
Ref: http://www.securityfocus.com/bid/26395
______________________________________________________________________

07.47.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TBsource Index.PHP SQL Injection
Description: TBsource is a PHP-based set of components that can be
used to build a BitTorrent tracker. The application is exposed to an
SQL injection issue because it fails to properly sanitize
user-supplied input to the "choice" parameter of the "index.php"
script before using it in an SQL query. TBsource version 7 alpha1.01
is affected.
Ref: http://www.securityfocus.com/archive/1/483552
______________________________________________________________________

07.47.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Online Auctions Script PRODUCT_DESC.PHP SQL Injection
Description: Softbiz Online Auctions Script is a web-based auction
application implemented in PHP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "product_desc.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26399
______________________________________________________________________

07.47.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Ad Management PLUS Script ADS.PHP SQL Injection
Description: Softbiz Ad Management PLUS Script is a web-based
application for automating the advertising interface. It is
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "package" parameter of the "ads.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/26400
______________________________________________________________________

07.47.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Banner Exchange Script CAMPAIGN_STATS.PHP SQL Injection
Description: Softbiz Banner Exchange Script is a web-based application
for banner exchange networks. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "campaign_stats.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26401
______________________________________________________________________

07.47.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Link Directory Script SEARCHRESULT.PHP SQL Injection
Description: Softbiz Link Directory Script is a web-based directory
application for exchanging links. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "sbcat_id" parameter of the
"searchresult.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26402
______________________________________________________________________

07.47.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Advertising Module Modules.PHP SQL Injection
Description: The Advertising Module is an ecommerce add-on for
PHP-Nuke; it is implemented in PHP. The application is exposed to an
SQL injection issue because it fails to properly sanitize
user-supplied input to the "login" POST parameter of the "modules.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26406
______________________________________________________________________

07.47.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TorrentStrike INDEX.PHP SQL Injection
Description: TorrentStrike is a web-based BitTorrent tracker. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "choice" parameter of
the "index.php" script before using it in an SQL query. TorrentStrike
version 0.4 is affected.
Ref: http://www.securityfocus.com/bid/26415
______________________________________________________________________

07.47.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Datecomm Social Networking Script Index.PHP SQL Injection
Description: Datecomm is a PHP-based, social networking application
similar to MySpace. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. Specifically, the "seid" parameter of
the "index.php" script can be used to harvest administrator
credentials.
Ref: http://www.securityfocus.com/bid/26422
______________________________________________________________________

07.47.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities
Description: Toko Instan is a web application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "id" and "katid"
parameters of the "index.php" script before using it in an SQL query.
Toko Instan version 7.6 is affected.
Ref: http://www.securityfocus.com/bid/26433
______________________________________________________________________

07.47.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Free Forum Search SQL Injection
Description: Free Forum is a web forum application implemented in ASP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "search" parameter
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/483697
______________________________________________________________________

07.47.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DocuSafe Search Parameter SQL Injection
Description: DocuSafe is a web-based application implemented in ASP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "search" parameter
of the "/includes/common.asp" script.
Ref: http://www.securityfocus.com/archive/1/483694
______________________________________________________________________

07.47.58 CVE: Not Available
Platform: Web Application
Title: Updir.net Updir.PHP Cross Site Scripting
Description: Updir.net is a PHP-based application for uploading and
managing digital photographs to web sites. The application is exposed
to a cross-site scripting issue because it fails to properly sanitize
user-supplied input to an unspecified parameter of the "updir.php"
script. Updir.net versions prior to 2.04 are affected.
Ref: http://www.securityfocus.com/bid/26394
______________________________________________________________________

07.47.59 CVE: Not Available
Platform: Web Application
Title: Yappa-NG Check_Noimage.PHP Remote File Include
Description: Yappa-NG is a web-based photo album. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the
"config[path_src_include]" parameter of the "check_noimage.php"
script. Yappa-NG version 2.3.2 is affected.
Ref: http://www.securityfocus.com/bid/26398
______________________________________________________________________

07.47.60 CVE: Not Available
Platform: Web Application
Title: AutoIndex PHP Script Index.PHP Denial of Service
Description: AutoIndex PHP Script is a PHP-based indexing tool and
file manager for web sites.
The application is exposed to a remote denial of service issue due to
the failure of the application to properly handle unexpected input.
AutoIndex PHP Script version2 2.2.2 and 2.2.3 are affected.
Ref: http://www.securityfocus.com/archive/1/483592
______________________________________________________________________

07.47.61 CVE: Not Available
Platform: Web Application
Title: PHP Application Tools patBBCode BBCODESOURCE.PHP Remote File
Include
Description: PHP Application Tools patBBCode is a parser and renderer
for BBCode syntax. The application is exposed to a remote file include
issue because it fails to sufficiently sanitize user-supplied input to
the "example" parameter of the
"examples/patExampleGen/bbcodeSource.php" script. patBBCode version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/26416
______________________________________________________________________

07.47.62 CVE: Not Available
Platform: Web Application
Title: ExoPHPDesk Index.PHP Multiple Input Validation Vulnerabilities
Description: ExoPHPDesk is a web-based helpdesk application. The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/archive/1/483673
______________________________________________________________________

07.47.63 CVE: CVE-2007-5817
Platform: Web Application
Title: CONTENTCustomizer Dialog.PHP Unauthorized Access
Description: CONTENTCustomizer is a PHP-based web site editor. The
application is exposed to an unauthorized access issue because the
application fails to sufficiently sanitize user-supplied input to the
"doc" parameter of the "dialog.php" script. CONTENTCustomizer version
3.1mp is affected.
Ref: http://www.securityfocus.com/bid/26437
______________________________________________________________________

07.47.64 CVE: Not Available
Platform: Web Application
Title: TestLink Unspecified Authentication Bypass
Description: TestLink is an application testing suite. The application
is exposed to an unspecified authentication bypass issue. TestLink
versions prior to 1.7.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=548619&group_id=90976
______________________________________________________________________

07.47.65 CVE: Not Available
Platform: Web Application
Title: AIDA Web Frame.HTML Multiple Unauthorized Access
Vulnerabilities
Description: AIDA Web is a web-based workflow application. The
application is exposed to multiple unauthorized access vulnerabilities
because it fails to restrict access to posts.
Ref: http://www.securityfocus.com/archive/1/483749
______________________________________________________________________

07.47.66 CVE: Not Available
Platform: Web Application
Title: Aruba MC-800 Mobility Controller Screens Directory HTML
Injection
Description: Aruba MC-800 Mobility Controller is used to scale ArubaOS
and other software module capabilities on enterprise networks. The
device is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. This input will be stored persistently on the
affected site and may be rendered by a victim user when the page is
viewed. Arbua-800 is affected.
Ref: http://www.securityfocus.com/archive/1/483778
______________________________________________________________________

07.47.67 CVE: Not Available
Platform: Web Application
Title: ExoPHPDesk Register.PHP Multiple HTML Injection Vulnerabilities
Description: ExoPHPDesk is a web-based helpdesk application. The
application is exposed to multiple HTML injection issues because it
fails to properly sanitize user-supplied input before using it in
dynamically generated content. ExoPHPDesk version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/26453
______________________________________________________________________

07.47.68 CVE: Not Available
Platform: Network Device
Title: Lantronix SCS3200 Remote Denial of Service
Description: Lantronix SCS3200 is a secure console server device. The
application is exposed to a remote denial of service issue. The exact
cause of this issue is unknown.
Ref: http://www.securityfocus.com/bid/26404
______________________________________________________________________
[ terug ]