Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
      @RISK: The Consensus Security Vulnerability Alert
Nov 26, 2007                                              Vol. 6. Week 48
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                               Number of Updates and Vulnerabilities
- ------------------------              -----------------------------------
Windows                                          1
Microsoft Office                                 1
Third Party Windows Apps                         2 (#4)
Mac Os                                           1 (#2)
Linux                                            7
Unix                                             2
Cross Platform                                   8 (#1, #3)
Web Application - Cross Site Scripting           6
Web Application - SQL Injection                 10
Web Application                                 10
Network Device                                   3

********* Sponsored by The Application Penetration Testing Folks ********

Most network and system penetration testers do not have the application
testing knowledge to application penetration testing, the most in-demand
job in security - creating big opportunities for newcomers.  Ed Skoudis
and the team at Intelguardians have developed an important and exciting
new course to prepare these people: Advanced Web Application Penetration
Testing.  The first opportunity to take this four day course is in New
Orleans, January 14-17.
http://www.sans.org/security08/description.php?tid=1722

*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Apple QuickTime Response Handling Buffer Overflow
(2) HIGH: Apple Mail Attachment Spoofing Vulnerability
(3) MODERATE: Wireshark Multiple Vulnerabilities
(4) MODERATE: BitDefender Online Scanner Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
07.48.1  - Microsoft Windows 2000 Insecure Random Number Generator Information
Disclosure Weakness
 -- Microsoft Office
07.48.2  - Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow
 -- Third Party Windows Apps
07.48.3  - ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow
Vulnerabilities
07.48.4  - Invensys Wonderware InTouch Default Universal NetDDE Share Privilege
Escalation
 -- Mac Os
07.48.5  - Apple Mac OS X Mail Arbitrary Code Execution
 -- Linux
07.48.6  - Linux Kernel TCP_Input.C Remote Denial of Service
07.48.7  - Linux Kernel wait_task_stopped Local Denial of Service
07.48.8  - ISPmanager Responder Local Privilege Escalation
07.48.9  - feynmf feynmf.pl Insecure Temporary File Creation
07.48.10 - I Hear U Multiple Remote Denial of Service Vulnerabilities
07.48.11 - IRC Services Password Parsing Remote Denial of Service
07.48.12 - skge Driver Spin_Unlock Remote Denial of Service
 -- Unix
07.48.13 - teTeX DVI File Parsing Multiple Vulnerabilities
07.48.14 - CUPS SSL Negotiation Unspecified Remote Denial of Service
 -- Cross Platform
07.48.15 - LIVE555 Media Server ParseRTSPRequestString Remote Denial of Service
07.48.16 - ngIRCd JOIN Command Parsing Denial of Service
07.48.17 - OmniPCX Enterprise Audio Rerouting Information Disclosure And Denial
of Service
07.48.18 - Multiple Web Browsers SSL Certificate SubjectAltName Validation
Weakness
07.48.19 - Rigs of Rods Long Vehicle Name Buffer Overflow
07.48.20 - SMF Private Forum Messages Information Disclosure
07.48.21 - IBM Director CIM Server Remote Denial of Service
07.48.22 - Code-Crafters Ability Mail Server Multiple Remote Denial of Service
Vulnerabilities
 -- Web Application - Cross Site Scripting
07.48.23 - Liferay Portal Login Script Cross-Site Scripting
07.48.24 - FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
07.48.25 - Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting
07.48.26 - FileMaker Instant Web Publishing Cross-Site Scripting
07.48.27 - Feed to JavaScript (Feed2JS) Feed URI Cross-Site Scripting
07.48.28 - phpMyAdmin Login Page Cross-Site Scripting
 -- Web Application - SQL Injection
07.48.29 - JiRo's Banner System Login.ASP Multiple SQL Injection Vulnerabilities
07.48.30 - IceBB HTTP_X_FORWARDED_FOR SQL Injection
07.48.31 - HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection
07.48.32 - Cacti Unspecified SQL Injection
07.48.33 - ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
07.48.34 - Click&BaneX Details.ASP SQL Injection
07.48.35 - SkyPortal Multiple SQL Injection Vulnerabilities
07.48.36 - AlstraSoft E-Friends Events Module SQL Injection
07.48.37 - VUNET Mass Mailer Default.ASP SQL Injection
07.48.38 - VUNET Case Manager Default.ASP SQL Injection
 -- Web Application
07.48.39 - Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File Include
07.48.40 - meBiblio Index.PHP Remote File Include
07.48.41 - Sciurus Hosting Panel Code Injection
07.48.42 - phpBBViet PHPBB_Root_Path Parameter Remote File Include
07.48.43 - Vigile CMS Multiple Vulnerabilities
07.48.44 - Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File
Include
07.48.45 - SWSoft Confixx Fehler.Inc.PHP Remote File Include
07.48.46 - bcoos Multiple Input Validation Vulnerabilities
07.48.47 - Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote
File Include Vulnerabilities
07.48.48 - phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities
 -- Network Device
07.48.49 - AhnLab V3 Products ZIP File Remote Memory Corruption
07.48.50 - InGate Firewall And SIParator Multiple Vulnerabilities
07.48.51 - Belkin Wireless G Router Remote Syn Flood Denial of Service


***********************  Sponsored Links  *******************************

1) Security professionals focus on fighting the most common data threats
- - Encryption Summit, December 3-4.  http://www.sans.org/info/19742

2) Stop data leaks and sanitize your servers before they leave your
premises. Blancco them today.  http://www.sans.org/info/19747

*************************************************************************

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple QuickTime Response Handling Buffer Overflow
Affected:
Apple QuickTime versions 7.3 and prior

Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. QuickTime can stream media from remote
servers using a variety of protocols. It handling of server responses
to Real Time Streaming Protocol (RTSP) requests contains a buffer
overflow vulnerability. A specially crafted response from a QuickTime
server could trigger this buffer overflow and allow the attacker to
execute arbitrary code with the privileges of the current user. Note
that QuickTime is installed by default on all Apple Mac OS X systems,
and is installed as part of the iTunes suite on Microsoft Windows. Full
technical details and multiple proofs-of-concept are available for this
vulnerability. Note that, depending upon configuration, QuickTime
content may be opened automatically when visiting web pages.

Status: Apple has not confirmed, no updates available.

References:
Proofs-of-Concept
http://milw0rm.com/exploits/4651
http://milw0rm.com/exploits/4657
US-CERT  Vulnerability Note
http://www.kb.cert.org/vuls/id/659761
SecurityFocus BID
http://www.securityfocus.com/bid/26549

****************************************************

(2) HIGH: Apple Mail Attachment Spoofing Vulnerability
Affected:
Apple Mac OS X versions 10.5.1 and prior

Description: Apple's Mail.app is the default mail client included with
Mac OS X. It allows extended attributes associated with a file attached
to an email message to be included in the attachment using a special
encoding known as "AppleDouble". This allows for enhanced information
about the file to be accessed by the operating system. These extended
attributes can define the application to be used to open a file, as well
as a file's associated icon. A specially crafted attachment to an email
could appear to be a non-executable file type (such as an image), but
execute arbitrary commands when opened by the user. A user would need
to manually open the attachment to be affected. This vulnerability may
be related to a previously disclosed and patched vulnerability.

Status: Apple has not confirmed, no updates available.

References:
Discussion from Heise Security
http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple
Wikipedia Article on the AppleDouble Encoding
http://en.wikipedia.org/wiki/AppleDouble
SecurityFocus BID
http://www.securityfocus.com/bid/26510

****************************************************

(3) MODERATE: Wireshark Multiple Vulnerabilities
Affected:
Wireshark versions 0.99.6 and prior

Description: Wireshark is a network traffic capture and protocol
analysis tool. It is a continuation of the older Ethereal project.
Wireshark contains multiple vulnerabilities in the parsing of network
traffic, both traffic captured live from a network and traffic read from
an offline packet capture file. A specially crafted packet or packet
capture could exploit one of these vulnerabilities to execute arbitrary
code with the privileges of the vulnerable process. When capturing
traffic live, Wireshark is often run with administrative privileges.
Depending on configuration, packet capture files may be opened
automatically by Wireshark. Wireshark is installed by default on large
numbers of Unix, Unix-like, and Linux systems. Technical details for
these vulnerabilities are available via source code analysis.

Status: Wireshark confirmed, updates available.

References:
Wireshark Security Advisory
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Wireshark Home Page
http://www.wireshark.org
SecurityFocus BID
http://www.securityfocus.com/bid/26532

****************************************************

(4) MODERATE: BitDefender Online Scanner Buffer Overflow
Affected:
BitDefender Online Scanner ActiveX Control

Description: BitDefender Online is an online virus scanner for Microsoft
Windows systems. Some of its functionality is provided by an ActiveX
control installed on users' systems. This control contains a flaw in its
"InitX" method. A malicious web page that instantiated this control
could call this method and exploit the resulting buffer overflow.
Successful exploitation would allow an attacker to execute arbitrary
code with the privileges of the current user. Full technical details for
this vulnerability are publicly available.

Status: Vendor confirmed, updates available.

References:
eEye Security Advisory
http://research.eeye.com/html/advisories/published/AD20071120.html
BitDefender Home Page
http://www.bitdefender.com
SecurityFocus BID
http://www.securityfocus.com/bid/26210

****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.48.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows 2000 Insecure Random Number Generator
Information Disclosure Weakness
Description: Microsoft Windows 2000 is exposed to an
information disclosure weakness. The issue occurs in the
"CryptGenRandom()" function. Specifically, if an attacker has
knowledge of certain internal generator values and access to certain
RC4 registers, the attacker can reconstruct the previous states of the
random number generator.
Ref: http://eprint.iacr.org/2007/419.pdf
______________________________________________________________________

07.48.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer
Overflow
Description: Microsoft Jet Database Engine (Jet) provides data access
to various applications such as Microsoft Access, Microsoft Visual
Basic, and third-party applications. Jet is exposed to a
stack-based buffer overflow issue because it fails to properly
bounds check user-supplied data. Specifically, the application fails
to adequately parse data in specially crafted MDB files.
Ref: http://www.securityfocus.com/archive/1/483797
______________________________________________________________________

07.48.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow
Vulnerabilities
Description: ComponentOne FlexGrid is a grid component designed to
display, edit, format and organize tabular data. The application is
exposed to multiple stack-based buffer overflow issues because it
fails to perform adequate boundary checks on user-supplied input.
ComponentOne FlexGrid version 7.1 Light is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.48.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Invensys Wonderware InTouch Default Universal NetDDE Share
Privilege Escalation
Description: Invensys Wondware InTouch is a SCADA control system
interface for Windows. The application is exposed to a privilege
escalation issue. When the application starts, a NetDDE
universal share is created with insecure permissions. Wondware InTouch
version 8.0 is affected.
Ref: http://www.kb.cert.org/vuls/id/138633
______________________________________________________________________

07.48.5 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X Mail Arbitrary Code Execution
Description: Apple Mac OS X is exposed to an issue that results in
arbitrary code execution. This issue affects the Mail application when
handling email attachments. Mac OS X version 10.5 is affected.
Ref:
http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple
______________________________________________________________________

07.48.6 CVE: CVE-2007-5501
Platform: Linux
Title: Linux Kernel TCP_Input.C Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to adequately sanitize specially crafted ACK
responses. Linux kernel versions prior to 2.6.23.8 as well as
2.6.24-rc1 and 2.6.24-rc1 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8
______________________________________________________________________

07.48.7 CVE: CVE-2007-5500
Platform: Linux
Title: Linux Kernel wait_task_stopped Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle certain process-exit
conditions. This issue stems from a fault in the "wait_task_stopped()"
function located in the "kernel/exit.c" source file.  Linux kernel
versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are
affected.
Ref:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.23.y.git;a=commitdiff
;h=36ef66c5d137b9a31fd8c35d236fb9e26ef74f97
______________________________________________________________________

07.48.8 CVE: Not Available
Platform: Linux
Title: ISPmanager Responder Local Privilege Escalation
Description: ISPmanager is a control panel for shared, virtual and
dedicated web hosting. The application is exposed to a local privilege
escalation issue. ISPmanager version 4.2.15.1 is affected.
Ref: http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf
______________________________________________________________________

07.48.9 CVE: CVE-2007-5940
Platform: Linux
Title: feynmf feynmf.pl Insecure Temporary File Creation
Description: The "feynmf" tool is a LaTeX/MetaFont interface used for
producing complex Feynman diagrams. The application is exposed to a
security issue because it creates temporary files in an insecure
manner. feynmf version 1.08 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=198231
______________________________________________________________________

07.48.10 CVE: Not Available
Platform: Linux
Title: I Hear U Multiple Remote Denial of Service Vulnerabilities
Description: I Hear U is a Voice over IP (VoIP) application for Linux.
Multiple denial of service issues affect the application due to a
failure of the application to handle specially crafted packets. I Hear
U versions prior to 0.5.7 are affected.
Ref: http://aluigi.altervista.org/adv/ihudos-adv.txt
______________________________________________________________________

07.48.11 CVE: Not Available
Platform: Linux
Title: IRC Services Password Parsing Remote Denial of Service
Description: IRC Services is a system of services for IRC channel
operators, implemented in C language. The application is exposed to a
denial of service issue because it fails to properly handle certain
passwords. IRC Services versions prior to 5.0.63 and 5.1.9 are
affected.
Ref: http://www.ircservices.za.net/Changes.txt
______________________________________________________________________

07.48.12 CVE: CVE-2006-7229
Platform: Linux
Title: skge Driver Spin_Unlock Remote Denial of Service
Description: skge driver is a network driver for the Linux operating
system. The application is exposed to a remote denial of service issue
because the driver calls the "spin_unlock()" function and the
"hw_lock()" function but does not call the "spin_lock()" function.
Ref:
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/65631
______________________________________________________________________

07.48.13 CVE: CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
Platform: Unix
Title: teTeX DVI File Parsing Multiple Vulnerabilities
Description: teTeX is a TeX distribution for UNIX-compatible systems.
The application is exposed to multiple issues.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081
______________________________________________________________________

07.48.14 CVE: CVE-2007-4045
Platform: Unix
Title: CUPS SSL Negotiation Unspecified Remote Denial of Service
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. The application is
exposed to an unspecified remote denial of service issue in the SSL
negotiation when handling specially crafted data.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1022.html
______________________________________________________________________

07.48.15 CVE: Not Available
Platform: Cross Platform
Title: LIVE555 Media Server ParseRTSPRequestString Remote Denial of
Service
Description: LIVE555 Media Server is an open source RTSP (Real Time
Streaming Protocol) server. The application is exposed to a remote
denial of service issue because it fails to adequately sanitize
user-supplied input. LIVE555 Media Server version 2007.11.01 is
affected.
Ref: http://www.securityfocus.com/archive/1/483910
______________________________________________________________________

07.48.16 CVE: Not Available
Platform: Cross Platform
Title: ngIRCd JOIN Command Parsing Denial of Service
Description: ngIRCd is an IRC daemon available for various platforms
including Windows and UNIX. The application is exposed to a denial of
service issue because it fails to handle certain JOIN commands in a
proper manner. ngIRCd versions prior to 0.10.3 are affected.
Ref: http://ngircd.barton.de/doc/ChangeLog
______________________________________________________________________

07.48.17 CVE: CVE-2007-5361
Platform: Cross Platform
Title: OmniPCX Enterprise Audio Rerouting Information Disclosure And
Denial of Service
Description: OmniPCX Enterprise is a communication server for VOIP
communication and other media. The application is exposed to an issue
that can cause information disclosure and a denial of service. OmniPCX
Enterprise versions 7.1 and earlier are affected.
Ref:
http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf
______________________________________________________________________

07.48.18 CVE: Not Available
Platform: Cross Platform
Title: Multiple Web Browsers SSL Certificate SubjectAltName Validation
Weakness
Description: Multiple web browsers are exposed to an SSL certificate
validation weakness. This issue is due to the failure of the
applications to properly handle subjectAltName extensions to X.509
certificates. The following web browsers are affected: Mozilla
Firefox, browsers based on the Gecko rendering engine, Opera,
Konqueror, and browsers based on the KHTML rendering engine such as
Apple's Safari.
Ref: http://nils.toedtmann.net/pub/subjectAltName.txt
______________________________________________________________________

07.48.19 CVE: Not Available
Platform: Cross Platform
Title: Rigs of Rods Long Vehicle Name Buffer Overflow
Description: Rigs Of Rods is a game for multiple operating systems.
The application is exposed to a remote buffer overflow issue because
it fails to bounds check user-supplied data before copying it into an
insufficiently sized buffer. Rigs Of Rods versions 0.33d and earlier
are affected.
Ref: http://aluigi.altervista.org/adv/rorbof-adv.txt
______________________________________________________________________

07.48.20 CVE: CVE-2007-5943
Platform: Cross Platform
Title: SMF Private Forum Messages Information Disclosure
Description: Simple Machines Forum (SMF) is an open-source web forum.
It will run on most UNIX and Linux variants as well as Microsoft
Windows. The application is exposed to an information disclosure
issue. SMF version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/26508
______________________________________________________________________

07.48.21 CVE: Not Available
Platform: Cross Platform
Title: IBM Director CIM Server Remote Denial of Service
Description: IBM Director is a system management application to track
and view system configurations of remote systems. It is available for
Linux, AIX, and Windows servers. The application is exposed to a
remote denial of service issue due to a failure of the application to
properly handle multiple simultaneous network connections. IBM
Director versions 5.20.1 and prior on the Linux and Microsoft Windows
platforms are affected.
Ref: http://www.kb.cert.org/vuls/id/512193
______________________________________________________________________

07.48.22 CVE: Not Available
Platform: Cross Platform
Title: Code-Crafters Ability Mail Server Multiple Remote Denial of
Service Vulnerabilities
Description: Code-Crafters Ability Mail Server is a mail server for
Windows 98, Me, NT, 2000, XP and 2003. The application is exposed to
multiple remote denial of service issues because it fails to
adequately sanitize user-supplied input. Ability Mail Server versions
prior to 2.61 are affected.
Ref: http://www.code-crafters.com/abilitymailserver/updatelog.html
______________________________________________________________________

07.48.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Liferay Portal Login Script Cross-Site Scripting
Description: Liferay Portal is an enterprise web portal application
implemented in Java. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the "login" parameter of the "login" script. Liferay Portal
versions 4.1.0 and 4.1.1 are affected.
Ref: http://www.securityfocus.com/bid/26470
______________________________________________________________________

07.48.24 CVE: CVE-2007-5932
Platform: Web Application - Cross Site Scripting
Title: FatWire Content Server Multiple Cross-Site Scripting
Vulnerabilities
Description: FatWire Content Server is a content manager. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. These issues affect the
"search" and "advanced search" functionality. FatWire Content Server
version 6.3 is affected.
Ref: http://www.portcullis-security.com/223.php
______________________________________________________________________

07.48.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting
Description: Citrix NetScaler is an appliance that accelerates
application performance. The application is exposed to a cross-site
scripting issue that occurs in the web management interface.
Specifically, the application fails to sufficiently sanitize
user-supplied data to the "/ws/generic_api_call.pl" script. Citrix
NetScaler version 8.0 build 47.8 is affected.
Ref: http://www.securityfocus.com/archive/1/483920
______________________________________________________________________

07.48.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FileMaker Instant Web Publishing Cross-Site Scripting
Description: FileMaker is a database application available for Windows
and Mac OS operating systems. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to an unspecified parameter when publishing shared
databases with the web publishing feature.
Ref: http://www.securityfocus.com/bid/26515
______________________________________________________________________

07.48.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Feed to JavaScript (Feed2JS) Feed URI Cross-Site Scripting
Description: Feed to JavaScript (Feed2JS) is an application that
generates feed displays based on user-specified URIs. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to feed URIs in unspecified
scripts. Feed2JS version 1.91 is affected.
Ref: http://eduforge.org/forum/forum.php?forum_id=1227
______________________________________________________________________

07.48.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Login Page Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
mySQL databases. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"convcharset" parameter of the login page ("auth_type cookie").
phpMyAdmin versions prior to 2.11.2.2 are affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8
______________________________________________________________________

07.48.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JiRo's Banner System Login.ASP Multiple SQL Injection
Vulnerabilities
Description: JiRo's Banner System is web application implemented in
ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
login and password parameters of the "login.asp" script before using
it in an SQL query. JiRo's Banner System version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/26479
______________________________________________________________________

07.48.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IceBB HTTP_X_FORWARDED_FOR SQL Injection
Description: IceBB is a bulletin-board system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data in the "X-Forwarded-For" variable of the http
request. IceBB versions 1.0-rc6 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/483916
______________________________________________________________________

07.48.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection
Description: HotScripts Clone is a web-based software management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "software-description.php" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/26485
______________________________________________________________________

07.48.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Cacti Unspecified SQL Injection
Description: Cacti is a complete front end to RRDTool. It is
implemented in PHP and employs an SQL back-end database. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to an unknown parameter and
script before using it in an SQL query. Cacti versions 0.8.7 and
earlier are affected.
Ref: http://www.cacti.net/release_notes_0_8_7a.php
______________________________________________________________________

07.48.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
Description: ProfileCMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameters of the following modules: "profiles-codes", "video-codes"
and "arcade-games". ProfileCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/483889
______________________________________________________________________

07.48.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Click&BaneX Details.ASP SQL Injection
Description: Click&BaneX is a web-based banner exchange system
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "Username" and "Password" parameters of "details.asp" before using
it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/483922
______________________________________________________________________

07.48.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SkyPortal Multiple SQL Injection Vulnerabilities
Description: SkyPortal is an ASP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. SkyPortal version RC6 is affected.
Ref: http://www.securityfocus.com/bid/26504/info
______________________________________________________________________

07.48.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AlstraSoft E-Friends Events Module SQL Injection
Description: AlstraSoft E-Friends is a web-based social networking
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"seid" parameter of the "Events" module before using it in an SQL
query. AlstraSoft E-Friends version 4.98 is affected.
Ref: http://www.securityfocus.com/bid/26519
______________________________________________________________________

07.48.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VUNET Mass Mailer Default.ASP SQL Injection
Description: Mass Mailer is a mail client application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "Password"
parameter of "Default.asp" before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/484021
______________________________________________________________________

07.48.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VUNET Case Manager Default.ASP SQL Injection
Description: VUNET Case Manager is a web application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "Password"
parameter of the "Default.asp" script before using it in an SQL query.
VUNET Case Manager version 3.4 is affected.
Ref: http://www.securityfocus.com/archive/1/484019
______________________________________________________________________

07.48.39 CVE: Not Available
Platform: Web Application
Title: Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File
Include
Description: Carousel Flash Image Gallery is a component for the
Joomla! content management system. The application is exposed to a
remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "mosConfig_absolute_path" parameter of the
"admin.jjgallery.php" script.
Ref: http://www.securityfocus.com/bid/26471
______________________________________________________________________

07.48.40 CVE: Not Available
Platform: Web Application
Title: meBiblio Index.PHP Remote File Include
Description: meBiblio is a web application. The application is exposed
to a remote file include issue because it fails to sufficiently
sanitize user-supplied input to the "action" parameter of the
"index.php" script. meBiblio version 0.4.5 is affected.
Ref: http://www.securityfocus.com/bid/26480
______________________________________________________________________

07.48.41 CVE: Not Available
Platform: Web Application
Title: Sciurus Hosting Panel Code Injection
Description: Sciurus Hosting Panel is a freely available web-based
virtual host administrative interface. The application is exposed to
an arbitrary PHP code injection issue because it fails to properly
sanitize user-supplied input to the "filecontents" parameter of the
"acp/savenews.php" script. Sciurus Hosting Panel version 2.0.3 is
affected.
Ref: http://www.securityfocus.com/bid/26481
______________________________________________________________________

07.48.42 CVE: Not Available
Platform: Web Application
Title: phpBBViet PHPBB_Root_Path Parameter Remote File Include
Description: phpBBViet is a Vietnamese language module for phpBB. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "phpbb_root_path"
parameter of the "includes/functions_mod_user.php" script. phpBBViet
version 2.0.22 is affected.
Ref: http://www.securityfocus.com/bid/26482
______________________________________________________________________

07.48.43 CVE: Not Available
Platform: Web Application
Title: Vigile CMS Multiple Vulnerabilities
Description: Vigile CMS is a content manager. The application is
exposed to multiple issues because it fails to sanitize user-supplied
input. Vigile CMS version 1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/483907
______________________________________________________________________

07.48.44 CVE: Not Available
Platform: Web Application
Title: Joomla Equipment JUser Component MosConfig_Absolute_Path Remote
File Include
Description: JUser is a user registration component for the Joomla!
content management system. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "mosConfig_absolute_path" parameter of the
"com_juser/xajax_functions.php" script. JUser version 1.0.14 is
affected.
Ref: http://www.securityfocus.com/bid/26499
______________________________________________________________________

07.48.45 CVE: Not Available
Platform: Web Application
Title: SWSoft Confixx Fehler.Inc.PHP Remote File Include
Description: SWSoft Confixx is a web-based control panel application.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the "url"
parameter of the "html/include/fehler.inc.php" script. SWSoft Confixx
version 3.2.1 is affected.
Ref: http://www.securityfocus.com/bid/26500
______________________________________________________________________

07.48.46 CVE: Not Available
Platform: Web Application
Title: bcoos Multiple Input Validation Vulnerabilities
Description: The "bcoos" program is a content manager based on the
E-Xoops CMS. The application is exposed to multiple input validation
issues because it fails to sanitize user-supplied input. bcoos version
1.0.10 is affected.
Ref: http://www.securityfocus.com/bid/26505
______________________________________________________________________

07.48.47 CVE: Not Available
Platform: Web Application
Title: Old Guy's Scripts TalkBack Comments and Guestbook Multiple
Remote File Include Vulnerabilities
Description: TalkBack Comments and Guestbook is a web application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. Talkback
Comments and Guestbook version 2.2.7 is affected.
Ref: http://www.securityfocus.com/bid/26520
______________________________________________________________________

07.48.48 CVE: CVE-2007-5976, CVE-2007-5977
Platform: Web Application
Title: phpMyAdmin DB_Create.PHP Multiple Input Validation
Vulnerabilities
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to multiple
input validation issues because it fails to sufficiently sanitize
user-supplied input. phpMyAdmin versions prior to 2.11.2.1 are
affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7
______________________________________________________________________

07.48.49 CVE: Not Available
Platform: Network Device
Title: AhnLab V3 Products ZIP File Remote Memory Corruption
Description: AhnLab V3 Pro 2004 and V3 Internet Security 2007 are
commercially available antivirus and network security applications.
The products are exposed to a remote memory corruption issue when they
try to handle specially-crafted ZIP files.
Ref: http://www.securityfocus.com/archive/1/483799
______________________________________________________________________

07.48.50 CVE: Not Available
Platform: Network Device
Title: InGate Firewall And SIParator Multiple Vulnerabilities
Description: Ingate Firewalls are hardware firewall devices that
support Session Initiation Protocol (SIP) via SIParator SIP-based
communication devices. The application is exposed to multiple issues.
Ingate Firewalls versions prior to 4.6.0 are affected.
Ref: http://www.ingate.com/relnote-460.php
______________________________________________________________________

07.48.51 CVE: Not Available
Platform: Network Device
Title: Belkin Wireless G Router Remote Syn Flood Denial of Service
Description: Belkin Wireless G devices are wireless 802.11g routers
with integrated 4-port ethernet switches. The application is exposed
to a remote denial of service issue due to a failure of the devices to
properly handle certain network traffic. Belkin Wireless G routers
with model number F5D7230-4 are affected.
Ref: http://www.securityfocus.com/archive/1/483890
______________________________________________________________________
[ terug ]