Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
           @RISK: The Consensus Security Vulnerability Alert
Dec 3, 2007                                               Vol. 6. Week 49
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                          Number of Updates and Vulnerabilities
- ------------------------          -------------------------------------

Windows                                          1
Other Microsoft Products                         1
Third Party Windows Apps                        11 (#1, #4)
Mac Os                                           2
Linux                                           10
Solaris                                          2
Unix                                             3
Cross Platform                                  20 (#2, #3)
Web Application - Cross Site Scripting          13
Web Application - SQL Injection                 20
Web Application                                 37
Network Device                                   1

*************** Sponsored By Core Security Technologies *****************

Check-off PCI requirements! Learn how to get the low-hanging fruit with
a free, on-demand webcast: "Security Testing: The Easiest Part of PCI
Certification." You'll see how security testing with CORE IMPACT
provides compliance with Requirement 11.3 and validates multiple other
PCI mandates for successful compliance audits. View the webcast now:
http://www.sans.org/info/20311
*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS'
other top-rated courses?
- - Washington DC (12/13-12/18): http://www.sans.org/cdi07
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Computer Associates BrightStor ARCserve Backup Insecure Method
Exposure
(2) HIGH: Mozilla-based Browsers Multiple Memory Corruption Vulnerabilities
(3) HIGH: IBM Lotus Notes Attachment Parsing Multiple Buffer Overflows
Other Software
(4) HIGH: VideoLAN Client ActiveX Control Memory Corruption

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
07.49.1  - Microsoft Windows Media Digital Rights Management ActiveX Control
Buffer Overflow
 -- Other Microsoft Products
07.49.2  - Microsoft Windows Media Player AIFF Parsing Divide-By-Zero Denial of
Service
 -- Third Party Windows Apps
07.49.3  - Lhaplus LZH Archive Processing Unspecified Remote Buffer Overflow
07.49.4  - Xunlei Thunder PPLAYER.DLL_1_WORK ActiveX Control Buffer Overflow
07.49.5  - Aurigma Image Uploader ActiveX Control Multiple Remote Stack-Based
Buffer Overflow Vulnerabilities
07.49.6  - ACDSee Products Plugins ID_X.APL and IDE_ACDSTD.APL Multiple Remote
Buffer Overflow Vulnerabilities
07.49.7  - RichFX Basic Player ActiveX Control Multiple Buffer Overflow
Vulnerabilities
07.49.8  - PPStream PowerList.OCX SetBkImage ActiveX Control Buffer Overflow
07.49.9  - RealMedia RealPlayer Ierpplug.DLL PlayerProperty ActiveX Control
Buffer Overflow
07.49.10 - Symantec Backup Exec Job Engine Multiple Integer Overflow
Vulnerabilities
07.49.11 - Skype Technologies Skype Voicemail URI Handler Remote Denial of
Service
07.49.12 - RealPlayer ierpplug.dll ActiveX Control Import Denial of Service
07.49.13 - Tencent QQ LaunchP2PShare Multiple Stack-Based Buffer Overflow
Vulnerabilities
 -- Mac Os
07.49.14 - Apple QuickTime RTSP Response Header Content-Length Remote Buffer
Overflow
07.49.15 - Eskape Labs MyTV/x Driver Privilege Escalation
 -- Linux
07.49.16 - nss-mdns NSS.C Remote Denial of Service
07.49.17 - amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote Shell
Command Execution Vulnerabilities
07.49.18 - Audacity Insecure Temporary File Creation
07.49.19 - wpa_supplicant TSF-Reporting Drivers Stack-Based Buffer Overflow
07.49.20 - Linux Kernel ISDN_Net.C Local Buffer Overflow
07.49.21 - scanbuttond Insecure Temporary File Creation
07.49.22 - vlock Plugin Name Local Privilege Escalation
07.49.23 - SuSE YaST Module Search Path Local Privilege Escalation
07.49.24 - Rsync Use Chroot Insecure File Creation
07.49.25 - Cairo PNG Image Processing Remote Integer Overflow
 -- Solaris
07.49.26 - Sun Solaris RPC Module Unspecified Local Denial of Service
07.49.27 - Sun Solaris 10 FCP(7D) and DEVFS(7FS) Local Denial of Service
 -- Unix
07.49.28 - Rsync Daemon Excludes Multiple File Access Vulnerabilities
07.49.29 - FreeBSD Insecure Random Number Generator Information Disclosure
Weakness
07.49.30 - OpenSSL FIPS Object Module PRNG Seed
 -- Cross Platform
07.49.31 - Wireshark 0.99.6 Multiple Remote Vulnerabilities
07.49.32 - Hitachi JP1/File Transmission Server/FTP Authentication Bypass
07.49.33 - Hitachi JP1/File Transmission Server/FTP Denial of Service
07.49.34 - Gadu-Gadu Emots.TXT Handler Multiple Remote Stack-Based Buffer
Overflow Vulnerabilities
07.49.35 - Apple QuickTime RTSP Response Header Remote Stack-Based Based Buffer
Overflow
07.49.36 - PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial
of Service Vulnerabilities
07.49.37 - VMware Tools HGFS.Sys Local Privilege Escalation
07.49.38 - Cygwin Filename Filename Buffer Overflow
07.49.39 - Sentinel Protection Server Unspecified Directory Traversal
07.49.40 - Symantec Backup Exec Job Engine Null Pointer Dereference Denial of
Service
07.49.41 - Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer
Header Spoofing Weakness
07.49.42 - Mozilla Firefox Multiple Remote Unspecified Memory Corruption
Vulnerabilities
07.49.43 - Samhain Labs Samhain Insecure Random Number Generator Information
Disclosure Weakness
07.49.44 - Weird Solutions BOOTP Turbo Unspecified Remote Vulnerability
07.49.45 - VanDyke VShell Unspecified Denial of Service
07.49.46 - Ruby-GNOME2 Gtk::MessageDialog.new Function Format String
07.49.47 - GNUMP3d Password Protection Security Bypass
07.49.48 - BEA AquaLogic Interaction Plumtree Portal Multiple Information
Disclosure Vulnerabilities
07.49.49 - Battle for Wesnoth turn_cmd Remote Denial of Service
07.49.50 - Battle for Wesnoth WML Preprocessor Directory Traversal
 -- Web Application - Cross Site Scripting
07.49.51 - E-vanced Solutions Room Rese-rve Unspecified Cross-Site Scripting
07.49.52 - Bandersnatch Index.PHP Multiple Cross-Site Scripting Vulnerabilities
07.49.53 - Project Alumni Multiple Cross-Site Scripting Vulnerabilities
07.49.54 - VBTube Search Cross-Site Scripting
07.49.55 - JAF CMS Multiple Cross-Site Scripting Vulnerabilities
07.49.56 - FMDeluxe Index.PHP Cross-Site Scripting
07.49.57 - SimpleGallery Index.PHP Cross-Site Scripting
07.49.58 - Tilde Aarstal Parameter Cross-Site Scripting
07.49.59 - BASE Basic Analysis And Security Engine Multiple Cross-Site Scripting
Vulnerabilities
07.49.60 - Liferay Portal Forgot-Password Cross-Site Scripting
07.49.61 - bcoos Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
07.49.62 - @Mail Util.PHP Cross-Site Scripting
07.49.63 - HP OpenView Network Node Manager Unspecified Cross-Site Scripting
 -- Web Application - SQL Injection
07.49.64 - NetAuctionHelp Search.ASP SQL Injection
07.49.65 - PHPKIT Article.PHP SQL Injection
07.49.66 - p3mbo Content Injector Index.PHP SQL Injection
07.49.67 - Irola My-Time UserID and Password Multiple SQL Injection
Vulnerabilities
07.49.68 - FooSun Api_Response.ASP SQL Injection
07.49.69 - wpQuiz Viewimage.PHP SQL Injection
07.49.70 - CoolShot E-Lite POS Login SQL Injection
07.49.71 - WorkingOnWeb Events.PHP SQL Injection
07.49.72 - NetAuctionHelp Admin Login SQL Injection
07.49.73 - NetAuctionHelp Classified Ads Multiple SQL Injection Vulnerabilities
07.49.74 - Dora Emlak Script Multiple SQL Injection Vulnerabilities
07.49.75 - GOUAE DWD Realty Password Parameters SQL Injection
07.49.76 - Proverbs Web Calendar Password Parameter SQL Injection
07.49.77 - Tilde Aarstal Parameter SQL Injection
07.49.78 - Eurologon CMS ID Parameter Multiple SQL Injection Vulnerabilities
07.49.79 - wpQuiz Comments.PHP SQL Injection
07.49.80 - eBASEWeb Unspecified SQL Injection
07.49.81 - VUNET Case Manager Default.ASP Username Parameter SQL Injection
07.49.82 - Asterisk res_config_pgsql SQL Injection
07.49.83 - Asterisk CDR_PGSQL SQL Injection
 -- Web Application
07.49.84 - GWExtranet Multiple Directory Traversal Vulnerabilities
07.49.85 - E-vanced Solutions E-vents Multiple Input Validation Vulnerabilities
07.49.86 - E-vanced Solutions Summer Re-ader Multiple Input Validation
Vulnerabilities
07.49.87 - DevMass Cart Initialise.PHP Remote File Include
07.49.88 - VigileCMS Multiple Remote Vulnerabilities
07.49.89 - MySpace Scripts Poll Creator Index.PHP HTML Injection
07.49.90 - BtiTracker Multiple Input Validation and Authentication Bypass
Vulnerabilities
07.49.91 - ht://Dig Htsearch Cross Site Scripting
07.49.92 - Project Alumni Index.PHP Act Parameter Local File Include
07.49.93 - PBLang NTopic.PHP Arbitrary File Upload
07.49.94 - Amber Script Show_Content.PHP Local File Include
07.49.95 - RunCMS Common.PHP Local File Include
07.49.96 - Project Alumni View and News Multiple SQL Injection Vulnerabilities
07.49.97 - Softbiz Freelancers Script Multiple Vulnerabilities
07.49.98 - IAPR COMMENCE Multiple Remote File Include Vulnerabilities
07.49.99 - RunCMS Newbb_plus Module Disclaimer.PHP Remote Script Execution
07.49.100 - DeluxeBB CP.PHP Security Bypass
07.49.101 - ByteHoard Username Parameter Multiple Remote Privilege Escalation
Vulnerabilities
07.49.102 - GWExtranet Scp.DLL Multiple HTML Injection Vulnerabilities
07.49.103 - PHP-Nuke NSN Script Depository Source Code Information Disclosure
07.49.104 - Subdreamer CMS Comments Function Security Bypass
07.49.105 - Ruby on Rails Session Fixation
07.49.106 - Eurologon CMS files.php Arbitrary File Download
07.49.107 - datecomm Social Networking Software Index.PHP Remote File Include
07.49.108 - p.mapper Multiple Remote File Include Vulnerabilities
07.49.109 - PHPDevShell Remote Privilege Escalation
07.49.110 - Charray's CMS ccms_library_path Parameter Multiple Remote File
Include Vulnerabilities
07.49.111 - PHP-CON Include.PHP Remote File Include
07.49.112 - ehcp easy hosting control panel Multiple Remote File Include
Vulnerabilities
07.49.113 - TuMusika Evolution Multiple Local File Include Vulnerabilities
07.49.114 - TuMusika Evolution Remote File Include
07.49.115 - NoAh PHP Content Architect Multiple Remote File Include
Vulnerabilities
07.49.116 - WebED Multiple Index.PHP Local File Include Vulnerabilities
07.49.117 - Web-MeetMe Play.PHP Multiple Local File Include Vulnerabilities
07.49.118 - Ossigeno CMS Multiple Remote File Include Vulnerabilities
07.49.119 - KML share Region.PHP Remote File Include
07.49.120 - LearnLoop File_download.PHP Remote File Include
 -- Network Device
07.49.121 - APC Switched Rack PDU Authentication Bypass
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process


************************  Sponsored Links:  *****************************

1) Don't let incorrect changes to device configurations bring down your
network. FireMon: keeping networks operational.
http://www.sans.org/info/20316

2) Utimaco Launches SafeGuard Enterprise 5.2 Raising the Bar on
Cross-platform Data Protection http://www.sans.org/info/20321

3) A review and analysis of complex security threats and their impact
on the SMB.  http://www.sans.org/info/20326
*************************************************************************


*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Computer Associates BrightStor ARCserve Backup Insecure Method
Exposure
Affected:
Computer Associates BrightStor ARCserve Backup versions r11.5 and prior
Computer Associates BrightStor Enterprise Backup versions r10.5 and prior

Description: Computer Associates BrightStor ARCserve is a popular suite
of enterprise backup software. It exposes several Remote Procedure Call
(RPC) interfaces. One of these interfaces exposes several operations
that can manipulate arbitrary files and Microsoft WIndows Registry keys.
No authentication is required to call these operations. An attacker who
called these functions could execute arbitrary code or otherwise
manipulate the system with the privileges of the vulnerable process
(often SYSTEM). Technical details for this vulnerability are available
in the advisory.

Status: Computer Associates confirmed, updates available. Users can
mitigate the impact of this vulnerability by blocking TCP port 6504 at
the network perimeter, if possible.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-069.html
Computer Associates Home Page
http://www.ca.com
SecurityFocus BID
http://www.securityfocus.com/bid/26015

****************************************************************

(2) HIGH: Mozilla-based Browsers Multiple Memory Corruption Vulnerabilities
Affected:
Mozilla Firefox versions prior to 2.0.0.10
Mozilla SeaMonkey versions priot to 1.1.7
Netscape Navigator versions prior to 9.0.4

Description: Web browsers based on the Mozilla suite, including Firefox,
contain multiple vulnerabilities in their handling of web content. A
specially crafted web page or script could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the current user. Note that other browsers or applications based on
the Mozilla framework could be vulnerable. Details for these
vulnerabilities are available via source code analysis.

Status: Mozilla confirmed, updates available.

References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-38.html
Netscape Release Notes
http://browser.netscape.com/releasenotes/#whatsnew
SecurityFocus BID
http://www.securityfocus.com/bid/26593

****************************************************************

(3) HIGH: IBM Lotus Notes Attachment Parsing Multiple Buffer Overflows
Affected:
Lotus Notes versions 8.0 and prior

Description: Autonomy KeyView is a media viewing component distributed
with IBM's Lotus Notes groupware suite. This component contains several
buffer overflows in the processing of various file formats. A specially
crafted file attached to a message could trigger one of these overflows,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Note that Lotus Notes determines what icon to display
for an attachment and what application to open it using different data;
it is therefore possible to spoof malicious attachments as more
innocuous formats. A proof-of-concept and full technical details for
these vulnerabilities are publicly available. Note that other products
using Autonomy KeyView may be vulnerable.

Status: IBM confirmed, updates available.

References:
IBM Security Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21285600
CORE Security Advisory
http://www.coresecurity.com/index.php5?action=item&id=2008
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/26604.py
SecurityFocus BID
http://www.securityfocus.com/bid/26604

****************************************************************

****************
Other Software
****************

(4) HIGH: VideoLAN Client ActiveX Control Memory Corruption
Affected:
VideoLAN Client Media Plaer versions prior to 0.8.6d

Description: The VideoLAN Client Media Player (VLC) is a popular
cross-platform media player. The version for Microsoft Windows provides
an ActiveX control, allowing developers to embed VLC functionality in
their applications. This control can be instantiated by web pages. This
control contains a vulnerability in its handling of certain calls. A
malicious web page that instantiates this control could exploit these
vulnerabilities to execute arbitrary code with the privileges of the
current user. Technical details for these vulnerabilities is available
via source code analysis.

Status: VideoLAN confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism.

References:
VideoLAN Security Advisory
http://www.videolan.org/sa0703.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.videolan.org
SecurityFocus BID
http://www.securityfocus.com/bid/26675


****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________
______________________________________________________________________

07.49.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Media Digital Rights Management ActiveX
Control Buffer Overflow
Description: Microsoft Windows Media DRM is a copy protection and
access control platform for controlling digital media. The Windows
Media DRM "DRMSTOR.DLL" ActiveX control library is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Windows Media Player AIFF Parsing Divide-By-Zero
Denial of Service
Description: Microsoft Windows Media Player is a multimedia
application available for the Microsoft Windows operating system. The
application is exposed to a denial of service issue when processing a
malformed AIFF file, a divide-by-zero exception can occur, causing the
affected application to crash. Microsoft Windows Media Player version
11 is affected.
Ref: http://www.securityfocus.com/bid/26648
______________________________________________________________________

07.49.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Lhaplus LZH Archive Processing Unspecified Remote Buffer
Overflow
Description: Lhaplus is a file-compression utility for the Windows
platform. It handles most industry-standard compression formats,
including b64 (base64), bh, bz, cab, gz, lzh, tar, tbz, tgz, zip (jar),
uue, xxe, and exe. The application is exposed to an unspecified remote
buffer overflow issue because it fails to properly bounds check
user-supplied data before copying it to an insufficiently sized buffer
while processing LZH archives. Lhaplus versions 1.55 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/26531
______________________________________________________________________

07.49.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Xunlei Thunder PPLAYER.DLL_1_WORK ActiveX Control Buffer
Overflow
Description: Xunlei Thunder PPlayer ActiveX Control is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. This issue affects the "FlvPlayerUrl"
method of the "PPlayer.XPPlayer" class. Thunder version 5.7.4.401 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aurigma Image Uploader ActiveX Control Multiple Remote
Stack-Based Buffer Overflow Vulnerabilities
Description: Aurigma Image Uploader is an ActiveX control that allows
website developers to provide their users with an uploading interface
for multiple files. The  application is exposed to multiple
stack-based buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data. Aurigma Image Uploader
version 4.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.6 CVE: CVE-2007-6009
Platform: Third Party Windows Apps
Title: ACDSee Products Plugins ID_X.APL and IDE_ACDSTD.APL Multiple
Remote Buffer Overflow Vulnerabilities
Description: ACDSee Products are applications designed to manage and
edit digital photographs. The application is exposed to multiple
buffer overflow issues because it fails to bounds check
user-supplied data before copying it into insufficiently sized
buffers. ACDSee Photo Manager 9.0, ACDSee Pro Photo Manager
8.1 and ACDSee Photo Editor 4.0 are affected.
Ref: http://www.acdsee.com/support/knowledgebase/article?id=2800
______________________________________________________________________

07.49.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: RichFX Basic Player ActiveX Control Multiple Buffer Overflow
Vulnerabilities
Description: RichFX Basic Player is a third party plug-in for
RealPlayer. RichFX is used to play VPG and WPEG file formats. The
application is exposed to multiple buffer overflow issues because it
fails to perform adequate boundary checks on user-supplied data. These
issues affect the "DoInstall" and "QueryComponents" methods of the
"RFXInstMgr.RFXInstMgr" class. RichFX Basic Player version 1.1 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: PPStream PowerList.OCX SetBkImage ActiveX Control Buffer
Overflow
Description: PPStream PowerList.ocx is a freely available ActiveX
control. The application is exposed to a buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied data.
This issue affects the "SetBkImage" function of "PowerPlayer.dll".
PPStream PowerList.ocx ActiveX control version 2.1.6.2916 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealMedia RealPlayer Ierpplug.DLL PlayerProperty ActiveX
Control Buffer Overflow
Description: RealPlayer ActiveX control allows users to stream various
media files through their browser. The application is exposed to a
buffer overflow issue because it fails to properly bounds check
user-supplied data before copying it to an insufficiently sized
buffer. RealPlayer version 10.5 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.10 CVE: CVE-2007-4347
Platform: Third Party Windows Apps
Title: Symantec Backup Exec Job Engine Multiple Integer Overflow
Vulnerabilities
Description: Symantec Backup Exec is a data recovery application for
protecting, managing and recovering sensitive data. The application is
exposed to two remote integer overflow issues because it fails to
bounds check user-supplied data before copying it into an
insufficiently sized buffer. Symantec Backup Exec for Windows Server
versions 11.0.6235 and 11.0.7170 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2007.11.27.html
______________________________________________________________________

07.49.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Skype Technologies Skype Voicemail URI Handler Remote Denial of
Service
Description: Skype is a peer-to-peer communications software that
supports internet-based voice communications. The application is
exposed to a remote denial of service issue because of a NULL-pointer
dereference flaw. Skype version 3.6.0.216 for Microsoft Windows is
affected.
Ref: http://www.securityfocus.com/archive/1/484190
______________________________________________________________________

07.49.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealPlayer ierpplug.dll ActiveX Control Import Denial of
Service
Description: RealNetworks RealPlayer is an application that allows
users to play various media formats. The application is exposed to a
denial of service issue because the control attempts to reserve more
memory than there is present on the stack.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.49.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Tencent QQ LaunchP2PShare Multiple Stack-Based Buffer Overflow
Vulnerabilities
Description: Tencent QQ is an instant messaging application available
for Microsoft Windows. The application is exposed to multiple
stack-based buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data. Tencent QQ versions
2006 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26613
______________________________________________________________________

07.49.14 CVE: Not Available
Platform: Mac Os
Title: Apple QuickTime RTSP Response Header Content-Length Remote
Buffer Overflow
Description: Apple QuickTime is a media player for Mac OS X and
Microsoft Windows operating platforms. The application is exposed to a
remote buffer overflow issue because it fails to properly bounds check
user-supplied input before copying it to an insufficiently sized
stack-based memory buffer. QuickTime versions 7.2 and 7.3 are
affected.
Ref: http://www.securityfocus.com/bid/26560
______________________________________________________________________

07.49.15 CVE: Not Available
Platform: Mac Os
Title: Eskape Labs MyTV/x Driver Privilege Escalation
Description: MyTV/x is a Mac OS X driver for MyTV.PVR (Personal Video
Recorder) devices. The application is exposed to a privilege escalation
issue while powering on a MyTV.PVR device under certain conditions.
MyTV/x Versions 3.6.6 and 4.0.8 are affected.
Ref: http://www.securityfocus.com/bid/26577
______________________________________________________________________

07.49.16 CVE: Not Available
Platform: Linux
Title: nss-mdns NSS.C Remote Denial of Service
Description: nss-mdns is a plugin for the GNU C Library that provides
host name resolution through Multicast DNS. The application is exposed
to a remote denial of service issue when the library fails to handle
misaligned data structures included in the
"_nss_mdns_gethostbyname2_r()" function of the "nss.c" source file.
Specifically the issue affects the "h_addr_list in gethostbyname_r"
parameter of the "hp" data structure. nss-mdns versions prior to 0.10
are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451428
______________________________________________________________________

07.49.17 CVE: Not Available
Platform: Linux
Title: amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote
Shell Command Execution Vulnerabilities
Description: K+B-Bestellsystem is a domain ordering system implemented
in Perl and utilizes CGI. The application is exposed to multiple issues
that allow attackers to execute arbitrary shell commands because the
software fails to sanitize user-supplied input. Specifically the
application fails to filter shell meta-characters from the "tld" and
"domain" parameters of the "kb_whois.cgi" script.
Ref: http://www.securityfocus.com/archive/1/484062
______________________________________________________________________

07.49.18 CVE: CVE-2007-6061
Platform: Linux
Title: Audacity Insecure Temporary File Creation
Description: Audacity is a freely-available audio editor and recording
package. The application is exposed to a security issue because it
creates temporary files in an insecure manner. Audacity version 1.3.2
is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=199751
______________________________________________________________________

07.49.19 CVE: CVE-2007-6025
Platform: Linux
Title: wpa_supplicant TSF-Reporting Drivers Stack-Based Based Buffer
Overflow
Description: wpa_supplicant is a freely available package designed to
allow WPA and WPA2 wireless communications on many different operating
systems. The application is exposed to a stack-based buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. wpa_supplicant version 0.6.0 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=292991
______________________________________________________________________

07.49.20 CVE: CVE-2007-6063
Platform: Linux
Title: Linux Kernel ISDN_Net.C Local Buffer Overflow
Description: The Linux kernel is exposed to a local buffer overflow
issue because it fails to properly bounds check user-supplied input
before copying it into an insufficiently sized buffer. The Linux
kernel version 2.6.23 is affected.
Ref: http://bugzilla.kernel.org/show_bug.cgi?id=9416
______________________________________________________________________

07.49.21 CVE: CVE-2007-6131
Platform: Linux
Title: scanbuttond Insecure Temporary File Creation
Description: scanbuttond is a freely-available scanner button daemon
for Linux platforms. The application is exposed to a security issue
because it creates temporary files in an insecure manner. The issue
affects the "buttonpressed.sh" script. scanbuttond version 0.2.3 is
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=383131
______________________________________________________________________

07.49.22 CVE: Not Available
Platform: Linux
Title: vlock Plugin Name Local Privilege Escalation
Description: vlock is an application that allows users to lock one or more
sessions on a Linux console. The application is exposed to a local
privilege escalation issue because the application fails to sanitize
directory traversal strings "(../)" from plugin names. vlock versions
prior to 2.2-rc3 are affected.
Ref: http://cthulhu.c3d2.de/~toidinamai/vlock/ChangeLog
______________________________________________________________________

07.49.23 CVE: Not Available
Platform: Linux
Title: SuSE YaST Module Search Path Local Privilege Escalation
Description: SuSE YaST is a software update utility that facilitates
the installation of software updates from an online repository. The
application is exposed to a local privilege escalation issue because
it includes the current working directory in a module search path when
executing.
Ref: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6167
______________________________________________________________________

07.49.24 CVE: Not Available
Platform: Linux
Title: Rsync Use Chroot Insecure File Creation
Description: The rsync utility is used to synchronize files and
directory structures across a network. It is commonly used to maintain
mirrors of FTP sites, often through anonymous access to the rsync
server. It is available for UNIX, Linux, and other UNIX-like operating
systems. The application is exposed to an insecure file creation issue
when "user chroot" parameter is set to no. rsync versions prior to
3.0.0pre6 are affected.
Ref: http://rsync.samba.org/security.html
______________________________________________________________________

07.49.25 CVE: CVE-2007-5503
Platform: Linux
Title: Cairo PNG Image Processing Remote Integer Overflow
Description: Cairo is a library that provides a vector graphics based
API for software development. The application is exposed to an integer
overflow issue because it fails to ensure that integer values aren't
overrun. Cairo versions prior to 1.4.12 are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1078.html
______________________________________________________________________

07.49.26 CVE: Not Available
Platform: Solaris
Title: Sun Solaris RPC Module Unspecified Local Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to an unspecified denial of service issue
caused by a race condition. The problem occurs in the Remote Procedure
Call (RPC) Module. Solaris version 8, 9, and 10 for SPARC and x86
architectures are affected.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103083-1&searchclause=
______________________________________________________________________

07.49.27 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 FCP (7D) and DEVFS (7FS) Local Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to a local denial of service issue. Solaris
version 10 for SPARC and x86 architecture are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102947-1
______________________________________________________________________

07.49.28 CVE: Not Available
Platform: Unix
Title: Rsync Daemon Excludes Multiple File Access Vulnerabilities
Description: Rsync is an open source utility that provides fast
incremental file transfer for Unix-like operating systems. The
application is exposed to multiple file access issues because it fails
to properly validate "exclude"-type options set in the daemon's
configuration file "rsyncd.conf".
Ref: http://rsync.samba.org/security.html
______________________________________________________________________

07.49.29 CVE: CVE-2007-6150
Platform: Unix
Title: FreeBSD Insecure Random Number Generator Information Disclosure
Weakness
Description: FreeBSD is exposed to an information disclosure weakness.
This issue is due to a flaw in the state-tracking logic in the
"sys/dev/random/yarrow.c" source file, which is responsible for the
"random(4)" and "urandom(4)" pseudo-random number generator devices.
Ref: http://www.freebsd.org/security/
______________________________________________________________________

07.49.30 CVE: CVE-2007-5502
Platform: Unix
Title: OpenSSL FIPS Object Module PRNG Seed
Description: OpenSSL is exposed to an issue that results in
significantly weakened cryptographic security. The OpenSSL FIPS Object
Module PRNG implementation contains a serious flaw in the way the key
and seed are determined. This results in a  predictable PRNG output.
OpenSSL FIPS Object Module version 1.1.1 is affected.
Ref: http://www.openssl.org/news/secadv_20071129.txt
______________________________________________________________________

07.49.31 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 0.99.6 Multiple Remote Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic. It is available for Microsoft Windows and
UNIX-like operating systems. The application is exposed to multiple
denial of service issues and buffer overflow issues when handling
certain types of packets and protocols in varying conditions. Wireshark
versions prior to 0.99.7 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2007-03.html
______________________________________________________________________

07.49.32 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP Authentication Bypass
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise
FTP application. The application is exposed to an authentication
bypass issue due to an unspecified error.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-037_e/index-e.html
______________________________________________________________________

07.49.33 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP Denial of Service
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise
FTP application. The application is exposed to a denial of service
issue when a certain file is specified when an unspecified FTP command
is executed.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-038_e/index-e.html
______________________________________________________________________

07.49.34 CVE: Not Available
Platform: Cross Platform
Title: Gadu-Gadu Emots.TXT Handler Multiple Remote Stack-Based Buffer
Overflow Vulnerabilities
Description: Gadu-Gadu (Polish for "chit-chat") is a Polish instant
messaging client. The application is exposed to multiple stack-based
buffer overflow issues because it fails to perform adequate boundary
checks on user-supplied data. Gadu-Gadu version 7.7 build 3669 is
affected.
Ref: http://www.securityfocus.com/archive/1/484077
______________________________________________________________________

07.49.35 CVE: Not Available
Platform: Cross Platform
Title: Apple QuickTime RTSP Response Header Remote Stack-Based Buffer
Overflow
Description: Apple QuickTime is a media player for Mac OS X and
Microsoft Windows operating platforms. The application is exposed to a
remote buffer overflow issue because it fails to properly bounds check
user-supplied input before copying it to an insufficiently sized
stack-based memory buffer. QuickTime version 7.3 is affected.
Ref: http://www.kb.cert.org/vuls/id/659761
______________________________________________________________________

07.49.36 CVE: CVE-2006-7230
Platform: Cross Platform
Title: PCRE Regular Expression Library UTF-8 Options Multiple Remote
Denial of Service Vulnerabilities
Description: PCRE is a set of functions that implement regular
expressions using the same syntax and semantics as Perl 5. The library
is exposed to multiple remote denial of service issues because it
fails to calculate adequate memory requirements for certain regular
expressions. PCRE versions prior to 7.0 are affected.
Ref: http://www.pcre.org/changelog.txt
______________________________________________________________________

07.49.37 CVE: Not Available
Platform: Cross Platform
Title: VMware Tools HGFS.Sys Local Privilege Escalation
Description: VMware Tools is a suite of applications that can be
installed in a guest operating system. The "hgfs.sys" (host-guest file
system) driver, included in VMware Tools, is used to handle shared
folders. The application is exposed to a privilege escalation issue
because the driver fails to properly drop privileges before performing
certain functions.
Ref: http://www.securityfocus.com/bid/26556
______________________________________________________________________

07.49.38 CVE: Not Available
Platform: Cross Platform
Title: Cygwin Filename Filename Buffer Overflow
Description: Cygwin is a Linux-like environment for Windows. The
application is exposed to a buffer overflow issue because the
application fails to properly bounds check the filename of a file in
the Linux environment. Cygwin versions 1.5.7 and earlier are affected
Ref: http://www.securityfocus.com/archive/1/484153
______________________________________________________________________

07.49.39 CVE: Not Available
Platform: Cross Platform
Title: Sentinel Protection Server Unspecified Directory Traversal
Description: Sentinel Protection Server is the server component
required to protect web applications with Sentinel SuperPro or
Sentinel UltraPro Keys. The application is exposed to an unspecified
directory traversal issue because it fails to sufficiently sanitize
user-supplied data. Sentinel Protection Server version 7.1 is affected.
Ref: http://www.securityfocus.com/archive/1/484224
______________________________________________________________________

07.49.40 CVE: CVE-2007-4346
Platform: Cross Platform
Title: Symantec Backup Exec Job Engine Null Pointer Dereference Denial
of Service
Description: Symantec Backup Exec for Windows Server is a
network-enabled backup solution from Symantec. The application is
exposed to a remote denial of service issue which exists in the
Backup Exec Job Engine, which is listening on TCP 5633 by default.
Specifically, a NULL-pointer dereference error occurs when handling
specially crafted TCP packets. Symantec Backup Exec for Windows Server
versions 11.0.6235 and 11.0.7170 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2007.11.27.html
______________________________________________________________________

07.49.41 CVE: CVE-2007-5960
Platform: Cross Platform
Title: Mozilla Firefox and SeaMonkey Windows.Location Property HTTP
Referer Header Spoofing Weakness
Description: Mozilla Firefox and SeaMonkey are exposed to a weakness
that will allow an attacker to spoof HTTP Referer headers. This issue
is due to a race condition when setting the value of
"window.location". The weakness arises due to a small timing
difference when using a modal "alert()" dialog, which allows users to
generate fake HTTP Referer headers. Mozilla FireFox versions prior to
2.0.0.10 and Mozilla SeaMonkey versions prior to 1.1.7 are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-492.htm
______________________________________________________________________

07.49.42 CVE: CVE-2007-5959
Platform: Cross Platform
Title: Mozilla Firefox Multiple Remote Unspecified Memory Corruption
Vulnerabilities
Description: The Mozilla Foundation has released a security advisory
disclosing 3 unspecified memory corruption issues. Mozilla Firefox
versions prior to 2.0.0.10 and Mozilla SeaMonkey versions prior to
1.1.7 are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-492.htm
______________________________________________________________________

07.49.43 CVE: Not Available
Platform: Cross Platform
Title: Samhain Labs Samhain Insecure Random Number Generator
Information Disclosure Weakness
Description: Samhain is a file integrity checker and host-based
intrusion detection system. It is available for UNIX/Linux systems and
may also run under Microsoft Windows through Cygwin. The application
is exposed to an information disclosure issue because the application
fails to properly seed the random number generator. Samhain versions
2.4.0 and 2.4.0a are affected.
Ref:
http://www.la-samhna.de/forum/cgi-bin/wolfbbs_index.cgi?board=samhain&action=
read&id=2764
______________________________________________________________________

07.49.44 CVE: CVE-2007-6030
Platform: Cross Platform
Title: Weird Solutions BOOTP Turbo Unspecified Remote Vulnerability
Description: Weird Solutions BOOTP Turbo is a BOOTP server for booting
the operating systems of networked clients and embedded devices. The
application is exposed to an unspecified remote issue. Weird Solutions
BOOTP Turbo version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/26601
______________________________________________________________________

07.49.45 CVE: CVE-2007-6031
Platform: Cross Platform
Title: VanDyke VShell Unspecified Denial of Service
Description: VShell is a secure shell server for Windows and Unix-like
operating systems. The application is exposed to an unspecified denial
of service issue. VShell version 3.0.1 is affected.
Ref: http://www.securityfocus.com/bid/26602
______________________________________________________________________

07.49.46 CVE: Not Available
Platform: Cross Platform
Title: Ruby-GNOME2 Gtk::MessageDialog.new Function Format String
Description: Ruby-GNOME2 implements Ruby language bindings for the
GNOME environment. The library is exposed to a format string issue
because it fails to properly sanitize user-supplied input before
passing it as the format specifier to a formatted-printing function.
Ruby-GNOME2 version 0.16.0 is affected.
Ref:
http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html
______________________________________________________________________

07.49.47 CVE: CVE-2007-6130
Platform: Cross Platform
Title: GNUMP3d Password Protection Security Bypass
Description: GNUMP3d is a streaming server for various media
implemented in Perl. The application is exposed to a security bypass
issue because it fails to properly validate user credentials before
performing certain actions. The issue presents itself in the password
protection functionality. GNUMP3d versions prior to 3.0 are affected.
Ref: http://www.gnu.org/software/gnump3d/
______________________________________________________________________

07.49.48 CVE: Not Available
Platform: Cross Platform
Title: BEA AquaLogic Interaction Plumtree Portal Multiple Information
Disclosure Vulnerabilities
Description: BEA AquaLogic Interaction is an enterprise-level
application server. The application is exposed to multiple
information disclosure issues. BEA AquaLogic Interaction version 6.0
is affected.
Ref: http://www.securityfocus.com/bid/26620
______________________________________________________________________

07.49.49 CVE: CVE-2007-5742
Platform: Cross Platform
Title: Battle for Wesnoth turn_cmd Remote Denial of Service
Description: Battle for Wesnoth is a free, open-source strategy game.
The application is exposed to a remote denial of service issue because
it fails to handle unexpected input. Specifically, this issue is due
to an unspecified error in the "turn_cmd" preference option. Battle
for Wesnoth versions prior to 1.2.8 are affected.
Ref:
http://svn.gna.org/viewcvs/wesnoth/tags/1.2.8/changelog?rev=21944&view=download
______________________________________________________________________

07.49.50 CVE: CVE-2007-5742
Platform: Cross Platform
Title: Battle for Wesnoth WML Preprocessor Directory Traversal
Description: Battle for Wesnoth is a free, open-source strategy game.
The application is exposed to a directory traversal issue because it
fails to sufficiently sanitize user-supplied input data. Battle for
Wesnoth versions prior to 1.2.8 are affected.
Ref: http://www.securityfocus.com/bid/26626
______________________________________________________________________

07.49.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: E-vanced Solutions Room Rese-rve Unspecified Cross-Site
Scripting
Description: E-vanced Solutions Room Rese-rve is a web-based
application that is designed to help librarians manage bookings for
equipment and meeting rooms at public libraries. It is implemented in
ASP. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. This
issue occurs in an unspecified script of the room-reservation section.
Ref: http://www.securityfocus.com/archive/1/484038
______________________________________________________________________

07.49.52 CVE: CVE-2007-6001
Platform: Web Application - Cross Site Scripting
Title: Bandersnatch Index.PHP Multiple Cross-Site Scripting
Vulnerabilities
Description: Bandersnatch is a PHP-based application that logs Jabber
instant-messaging traffic. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input. Bandersnatch version 0.4 is affected.
Ref: http://www.securityfocus.com/bid/26553
______________________________________________________________________

07.49.53 CVE: CVE-2007-6126
Platform: Web Application - Cross Site Scripting
Title: Project Alumni Multiple Cross-Site Scripting Vulnerabilities
Description: Project Alumni is a web-based application to track and
display school alumni. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input to the "year" parameter of the "index.php" and
"view.page.inc.php" scripts.
Ref: http://www.securityfocus.com/bid/26565
______________________________________________________________________

07.49.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VBTube Search Cross-Site Scripting
Description: VBTube is a plugin module for VBulletin that enables
syndication of YouTube videos. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "search" parameter of "vBTube.php". VBTube
version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/484155
______________________________________________________________________

07.49.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JAF CMS Multiple Cross-Site Scripting Vulnerabilities
Description: JAF CMS is a PHP-based content manager. The application
is exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input to the following scripts and
parameters: "index.php: show" and "print.php: print". JAF CMS version
4.0 RC2 is affected.
Ref: http://www.securityfocus.com/bid/26581
______________________________________________________________________

07.49.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FMDeluxe Index.PHP Cross-Site Scripting
Description: FMDeluxe is a PHP-based application for managing and
downloading files. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "id" parameter of the "index.php" script.
FMDeluxe version 2.1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484191
______________________________________________________________________

07.49.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SimpleGallery Index.PHP Cross-Site Scripting
Description: SimpleGallery is a web-based gallery application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "album"
parameter of "index.php". SimpleGallery version 0.1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/484202
______________________________________________________________________

07.49.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tilde Aarstal Parameter Cross-Site Scripting
Description: Tilde is a PHP-based content manager. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "aarstal" parameter of the
"index.php" script when running in "yeardetail" mode. Tilde version
4.0 is affected.
Ref: http://www.securityfocus.com/bid/26592
______________________________________________________________________

07.49.59 CVE: CVE-2007-6156
Platform: Web Application - Cross Site Scripting
Title: BASE Basic Analysis And Security Engine Multiple Cross-Site
Scripting Vulnerabilities
Description: Basic Analysis And Security Engine (BASE) provides a web
frontend to queries and analyzes alerts coming from a SNORT IDS. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "sig[0]" and "sig[1]"
parameters of the "base_qry_main.php" script. BASE versions prior to
1.3.9 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=103348&release_id=555614
______________________________________________________________________

07.49.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Liferay Portal Forgot-Password Cross-Site Scripting
Description: Liferay Portal is an enterprise web portal implemented in
Java. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input.
Specifically, this issue affects the "emailAddress" form field in the
"Forgot Password" section of the "login" script. Liferay Portal
version 4.3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/484286
______________________________________________________________________

07.49.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: bcoos Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: bcoos is a content management system (CMS). The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data. bcoos version
1.0.10 is affected.
Ref: http://www.securityfocus.com/bid/26629
______________________________________________________________________

07.49.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: @Mail Util.PHP Cross-Site Scripting
Description: @Mail is a web mail application implemented in PHP. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "func" parameter
of the "util.php" script. @Mail versions prior to 5.2 are affected.
Ref: http://terra.calacode.com/mail/docs/changelog.html
______________________________________________________________________

07.49.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: HP OpenView Network Node Manager Unspecified Cross-Site
Scripting
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. The application is exposed to an
unspecified cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input. HP OpenView Network Node
Manager versions 6.41, 7.01, and 7.51 are affected.
Ref: http://www.securityfocus.com/archive/1/484350
______________________________________________________________________

07.49.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetAuctionHelp Search.ASP SQL Injection
Description: NetAuctionHelp is a content management system for
creating internet auction web sites. It is implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. Specifically, this issue affects the "nsearch" parameter of the
"search.asp" script. NetAuctionHelp version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/26540
______________________________________________________________________

07.49.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPKIT Article.PHP SQL Injection
Description: PHPKIT is a web portal application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input before using it in an SQL query.
Specifically, it fails to properly sanitize the "contentid" parameter
of the "pkinc/public/article.php" script. PHPKIT version 1.6.4 pl1 is
affected.
Ref: http://www.securityfocus.com/bid/26546
______________________________________________________________________

07.49.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: p3mbo Content Injector Index.PHP SQL Injection
Description: p3mbo Content Injector is a web-based, content management
system. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "index.php" script before using it in an SQL query.
Content Injector version 1.52 is affected.
Ref: http://www.securityfocus.com/bid/26547
______________________________________________________________________

07.49.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Irola My-Time UserID and Password Multiple SQL Injection
Vulnerabilities
Description: Irola My-Time is a web-based timesheet application
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "UserID" and "Password" parameters before
using it in an SQL query. My-Time version 3.5 is affected.
Ref: http://www.securityfocus.com/archive/1/484107
______________________________________________________________________

07.49.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FooSun Api_Response.ASP SQL Injection
Description: FooSun is a ASP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "UserName" parameter of the
"/api/Api_response.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26552
______________________________________________________________________

07.49.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: wpQuiz Viewimage.PHP SQL Injection
Description: wpQuiz is a quiz script. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "viewimage.php" script
before using it in an SQL query. wpQuiz version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/26611
______________________________________________________________________

07.49.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CoolShot E-Lite POS Login SQL Injection
Description: E-Lite POS is a web-based point-of-sale system
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the login script before using it in an SQL query. E-Lite POS version
1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484151
______________________________________________________________________

07.49.71 CVE: CVE-2007-6128
Platform: Web Application - SQL Injection
Title: WorkingOnWeb Events.PHP SQL Injection
Description: WorkingOnWeb is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "idevent" parameter of
the "events.php" script before using it in an SQL query. WorkingOnWeb
version 2.0.1400 is affected.
Ref: http://www.securityfocus.com/bid/26563
______________________________________________________________________

07.49.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetAuctionHelp Admin Login SQL Injection
Description: NetAuctionHelp is a content management system for
creating internet auction sites. It is implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the administrator login
page before using it in an SQL query. NetAuctionHelp version 4.1 is
affected.
Ref: http://www.securityfocus.com/bid/26567
______________________________________________________________________

07.49.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetAuctionHelp Classified Ads Multiple SQL Injection
Vulnerabilities
Description: NetAuctionHelp Classified Ads is a web-based
classified ads application implemented in ASP. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data before using it in SQL
queries. Specifically, input to the username and password fields of
the "Login.asp" script, and the "nsearch" parameter of the "search.asp" script.
NetAuctionHelp Classified Ads version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26567
______________________________________________________________________

07.49.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dora Emlak Script Multiple SQL Injection Vulnerabilities
Description: Dora Emlak Script is a web application implemented in
ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data before
using it in SQL queries. Dora Emlak Script version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/26574
______________________________________________________________________

07.49.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GOUAE DWD Realty Password Parameters SQL Injection
Description: DWD Realty is a web-based, real estate application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "password" parameter
when logging into the application.
Ref: http://www.securityfocus.com/archive/1/484181
______________________________________________________________________

07.49.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Proverbs Web Calendar Password Parameter SQL Injection
Description: Proverbs Web Calendar is a web-based event calendar. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "loginpass" parameter
of the "caladmin.php" script. Proverbs Web Calendar version 1.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/484193
______________________________________________________________________

07.49.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tilde Aarstal Parameter SQL Injection
Description: Tilde is a content management system (CMS). The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "aarstal" parameter of
the "index.php" script when in "yeardetail" mode before using it in an
SQL query. Tilde version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/26591
______________________________________________________________________

07.49.78 CVE: CVE-2007-6164
Platform: Web Application - SQL Injection
Title: Eurologon CMS ID Parameter Multiple SQL Injection
Vulnerabilities
Description: Eurologon CMS is a content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the following scripts before using it in an SQL query:
"reviews.php", "links.php" and "articles.php".
Ref: http://www.securityfocus.com/bid/26599
______________________________________________________________________

07.49.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: wpQuiz Comments.PHP SQL Injection
Description: wpQuiz is a quiz script. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "comments.php" script
before using it in an SQL query. wpQuiz version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/26621
______________________________________________________________________

07.49.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eBASEWeb Unspecified SQL Injection
Description: eBASEWeb is a web-based, e-commerce application. The
application is exposed to an unspecified SQL injection issue because
it fails to sufficiently sanitize user-supplied data before using it
in an SQL query. eBASEWeb version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/26628
______________________________________________________________________

07.49.81 CVE: CVE-2007-6168
Platform: Web Application - SQL Injection
Title: VUNET Case Manager Default.ASP Username Parameter SQL Injection
Description: VUNET Case Manager is a web application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "Username"
parameter of the "Default.asp" script before using it in an SQL query.
VUNET Case Manager version 3.4 is affected.
Ref: http://www.securityfocus.com/bid/26643
______________________________________________________________________

07.49.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Asterisk res_config_pgsql SQL Injection
Description: Asterisk is a private branch exchange (PBX) application
available for Linux, BSD, and Mac OS X platforms. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input before using it in an SQL query. Asterisk
versions prior to 1.4.15 are affected.
Ref: http://downloads.digium.com/pub/security/AST-2007-025.html
______________________________________________________________________

07.49.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Asterisk CDR_PGSQL SQL Injection
Description: Asterisk is an open source telephony engine and tool kit
available for Linux, BSD, and Mac OS X platforms. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Asterisk
Open Source versions prior to 1.2.25 and 1.4.15 as well as Asterisk
Business Edition versions prior to B.2.3.4 are affected.
Ref: http://downloads.digium.com/pub/security/AST-2007-026.html
______________________________________________________________________

07.49.84 CVE: Not Available
Platform: Web Application
Title: GWExtranet Multiple Directory Traversal Vulnerabilities
Description: GWExtranet is a web-based application that allows users
to publish native GroupWise calendars, folders, and other address book
information. The application is exposed to multiple directory
traversal issues because it fails to properly sanitize user-supplied
input.
Ref: http://www.securityfocus.com/archive/1/484039
______________________________________________________________________

07.49.85 CVE: Not Available
Platform: Web Application
Title: E-vanced Solutions E-vents Multiple Input Validation
Vulnerabilities
Description: E-vanced Solutions E-vents is a web-based event
management application, implemented in ASP. It is designed to assist
librarians with managing events held at public libraries. The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/archive/1/484038
______________________________________________________________________

07.49.86 CVE: Not Available
Platform: Web Application
Title: E-vanced Solutions Summer Re-ader Multiple Input Validation
Vulnerabilities
Description: E-vanced Solutions Summer Re-ader is a web-based
application that is designed to help librarians manage reading
programs held at public libraries. It is implemented in ASP. The
application is exposed to multiple input validation issue because it
fails to sanitize user-supplied data.
Ref: http://www.securityfocus.com/archive/1/484038
______________________________________________________________________

07.49.87 CVE: Not Available
Platform: Web Application
Title: DevMass Cart Initialise.PHP Remote File Include
Description: DevMass Cart is a web-based, shopping cart application.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the
"kfm_base_path" parameter of the "admin/kfm/initialise.php" script.
DevMass Cart version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26538
______________________________________________________________________

07.49.88 CVE: Not Available
Platform: Web Application
Title: VigileCMS Multiple Remote Vulnerabilities
Description: VigileCMS is a PHP-based content manager. The application
is exposed to multiple remote issues. VigileCMS version 1.8 is
affected.
Ref: http://www.securityfocus.com/bid/26543
______________________________________________________________________

07.49.89 CVE: Not Available
Platform: Web Application
Title: MySpace Scripts Poll Creator Index.PHP HTML Injection
Description: MySpace Scripts Poll Creator creates polls for use on
MySpace user pages. The application is exposed to an HTML injection
issue because it fails to properly sanitize user-supplied input to the
"Raw From" input field of the "index.php" script, when used with the
"action=create_new" POST request.
Ref: http://www.securityfocus.com/archive/1/484073
______________________________________________________________________

07.49.90 CVE: CVE-2007-5985, CVE-2007-5986, CVE-2007-5987,
CVE-2007-5988
Platform: Web Application
Title: BtiTracker Multiple Input Validation and Authentication Bypass
Vulnerabilities
Description: BtiTracker is a PHP-based bit torrent tracking
application. BtiTracker versions prior to 1.4.5 are affected.
Ref: https://sourceforge.net/project/shownotes.php?release_id=552477
______________________________________________________________________

07.49.91 CVE: CVE-2007-6110
Platform: Web Application
Title: ht://Dig Htsearch Cross-Site Scripting
Description: ht://Dig is an open-source search engine for Unix and
Linux operating systems. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "sort" parameter of the "htsearch" page.
ht://Dig version 3.2.0b6 is affected.
Ref: http://www.securityfocus.com/bid/26610
______________________________________________________________________

07.49.92 CVE: Not Available
Platform: Web Application
Title: Project Alumni Index.PHP Act Parameter Local File Include
Description: Project Alumni is a web-based application for schools to
manage their alumni contacts. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "act" parameter of the "index.php" script. Project Alumni
version 1.0.9 is affected.
Ref: http://www.securityfocus.com/bid/26612
______________________________________________________________________

07.49.93 CVE: Not Available
Platform: Web Application
Title: PBLang NTopic.PHP Arbitrary File Upload
Description: PBLang is a web-based forum application. The application
is exposed to an arbitrary file upload issue because it fails to
adequately sanitize user-supplied input. This issue affects the
"topicicon" parameter of the "ntopic.php" script when it handles
specially crafted filenames. PBLang version 4.99.17.q is affected.
Ref: http://www.securityfocus.com/bid/26559
______________________________________________________________________

07.49.94 CVE: CVE-2007-6129
Platform: Web Application
Title: Amber Script Show_Content.PHP Local File Include
Description: Amber Script is a web-based advertising and customer
tracking application. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "id" parameter of the "include/show_content.php" script.
Amber Script version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26561
______________________________________________________________________

07.49.95 CVE: Not Available
Platform: Web Application
Title: RunCMS Common.PHP Local File Include
Description: RunCMS is a web-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the
"xoopsOption[pagetype]" parameter of the "include/common.php" script.
RunCMS versions 1.6 and 1.5.x are affected.
Ref: http://www.securityfocus.com/bid/26562
______________________________________________________________________

07.49.96 CVE: CVE-2007-6127
Platform: Web Application
Title: Project Alumni View and News Multiple SQL Injection
Vulnerabilities
Description: Project Alumni is a web-based application to track and
display school alumni. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "year" parameter of the "view.page.inc.php"
and "news.page.inc.php" scripts before using it in SQL queries.
Ref: http://www.securityfocus.com/bid/26564
______________________________________________________________________

07.49.97 CVE: CVE-2007-6124, CVE-2007-6125
Platform: Web Application
Title: Softbiz Freelancers Script Multiple Vulnerabilities
Description: Softbiz Freelancers Script is a web-based reverse auction
application for Freelancers web sites. The application is exposed to
multiple issues because it fails to sufficiently sanitize
user-supplied data.
Ref: http://www.securityfocus.com/bid/26569
______________________________________________________________________

07.49.98 CVE: Not Available
Platform: Web Application
Title: IAPR COMMENCE Multiple Remote File Include Vulnerabilities
Description: IAPR COMMENCE is a PHP-based application for managing
meetings and conferences. The application is exposed to multiple
remote file include issues because it fails to sufficiently sanitize
user-supplied input. IAPR COMMENCE version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/26570
______________________________________________________________________

07.49.99 CVE: Not Available
Platform: Web Application
Title: RunCMS Newbb_plus Module Disclaimer.PHP Remote Script Execution
Description: RunCMS is a web-based content management system. The
application is exposed to a remote script execution issue due to a
design error in the module authorization mechanism. When a module is
not activated by a site administrator, unprivileged users can access
the module's admin scripts. RunCMS versions 1.6, 1.5.3, and 1.5.2 are
affected.
Ref: http://www.securityfocus.com/bid/26571
______________________________________________________________________

07.49.100 CVE: Not Available
Platform: Web Application
Title: DeluxeBB CP.PHP Security Bypass
Description: DeluxeBB is a web-based bulletin board. The application
is prone to a security bypass vulnerability because it fails
to properly validate user credentials before performing certain
actions. DeluxeBB versions 1.09 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26572
______________________________________________________________________

07.49.101 CVE: Not Available
Platform: Web Application
Title: ByteHoard Username Parameter Multiple Remote Privilege
Escalation Vulnerabilities
Description: ByteHoard is a web-based, file upload/download
application. The application is exposed to multiple remote privilege
escalation issues because the application fails to properly sanitize
user-supplied input before saving it to a session variable.
Ref: http://www.securityfocus.com/archive/1/484189
______________________________________________________________________

07.49.102 CVE: Not Available
Platform: Web Application
Title: GWExtranet Scp.DLL Multiple HTML Injection Vulnerabilities
Description: GWExtranet is a web-based application that allows users
to publish native GroupWise calendars, folders, and other address book
information. The application is exposed to multiple HTML injection
issues because it fails to properly sanitize user-supplied input
before using it in dynamically generated content. GWExtranet version
3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484188
______________________________________________________________________

07.49.103 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke NSN Script Depository Source Code Information
Disclosure
Description: NSN Script Depository is a module for the PHP-Nuke CMS
that allows scripts to be displayed to users. The application is
exposed to an issue that allows attackers to access source code
because it fails to properly sanitize user-supplied input. 
Specifically, this issue affects the combination of the "file" and
"targ" parameters of the "31337.php" script. NSN Script Depository
version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/26590
______________________________________________________________________

07.49.104 CVE: Not Available
Platform: Web Application
Title: Subdreamer CMS Comments Function Security Bypass
Description: Subdreamer CMS is a content management system. The
application is exposed to a security bypass issue because it fails to
properly validate user credentials before performing certain actions.
The issue presents itself in the "Comments" function in the
"includes/functions.php" script. Subdreamer CMS versions 2.4.3.1 and
earlier are affected.
Ref: http://www.subdreamer.com/forum/project.php?issueid=79
______________________________________________________________________

07.49.105 CVE: CVE-2007-6077
Platform: Web Application
Title: Ruby on Rails Session Fixation
Description: Ruby on Rails is a freely available web application
framework implemented in the Ruby programming language. The
application is exposed to a session fixation issue because the
"lib/action_controller/cgi_process.rb" script removes the
":cookie_only" attribute from "DEFAULT_SESSION_OPTIONS". Ruby on Rails
versions prior to 1.2.6 are affected.
Ref: http://dev.rubyonrails.org/ticket/10048
______________________________________________________________________

07.49.106 CVE: Not Available
Platform: Web Application
Title: Eurologon CMS files.php Arbitrary File Download
Description: Eurologon CMS is a PHP-based content manager. The
application is exposed to an issue that lets attackers upload
arbitrary files because it fails to sufficiently sanitize
user-supplied input to the "file" parameter of the "/users/files.php"
script when the "mode" parameter is set to download.
Ref: http://www.securityfocus.com/bid/26600
______________________________________________________________________

07.49.107 CVE: Not Available
Platform: Web Application
Title: datecomm Social Networking Software Index.PHP Remote File
Include
Description: datecomm Social Networking Software is a web-based
application designed to be a clone of sites such as YouTube and
MySpace. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"pg" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/26607
______________________________________________________________________

07.49.108 CVE: Not Available
Platform: Web Application
Title: p.mapper Multiple Remote File Include Vulnerabilities
Description: p.mapper is a web-based mapping framework for MapServer.
It is implemented in PHP and JavaScript. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "_SESSION[PM_INCPHP]" parameter of
the "incphp/globals.php" and "plugins/export/mc_table.php" scripts.
p.mapper version 3.2.0 beta3 is affected.
Ref: http://www.securityfocus.com/bid/26614
______________________________________________________________________

07.49.109 CVE: Not Available
Platform: Web Application
Title: PHPDevShell Remote Privilege Escalation
Description: PHPDevShell is an open source, web-based application
development framework. The application is exposed to a remote
privilege escalation issue because due to an unspecified error in the
way users' profiles are updated. PHPDevShell versions prior to 0.7.0
are affected.
Ref: http://www.phpdevshell.org/changelog
______________________________________________________________________

07.49.110 CVE: Not Available
Platform: Web Application
Title: Charray's CMS ccms_library_path Parameter Multiple Remote File
Include Vulnerabilities
Description: Charray's CMS is a PHP-based content manager. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"ccms_library_path" parameter of the following scripts:
"/decoder/markdown.php" and "/decoder/gallery.php". Charray's CMS
version 0.9.3 is affected.
Ref: http://www.securityfocus.com/bid/26619
______________________________________________________________________

07.49.111 CVE: Not Available
Platform: Web Application
Title: PHP-CON Include.PHP Remote File Include
Description: PHP-CON is a PHP development framework. The application
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "webappcfg[APPPATH]"
parameter of the "PHP_CON/Exchange/include.php" script. PHP-CON
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/26622
______________________________________________________________________

07.49.112 CVE: Not Available
Platform: Web Application
Title: ehcp easy hosting control panel Multiple Remote File Include
Vulnerabilities
Description: easy hosting control panel (ehcp) is a web-based
application designed for managing multiple domains on a single
computer. The application is exposed to multiple remote file include
issues because it fails to sufficiently sanitize user-supplied input
to the "confdir" parameter of the "/config/dbutil.bck.php" and
"/config/dbutil.php" scripts. ehcp version 0.22.8 is affected.
Ref: http://www.securityfocus.com/bid/26623
______________________________________________________________________

07.49.113 CVE: Not Available
Platform: Web Application
Title: TuMusika Evolution Multiple Local File Include Vulnerabilities
Description: TuMusika Evolution is an application for organizing music
playlists. The application is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input to
the "language" parameter of the following scripts:
"inc/languages_n.php", "inc/languages_f.php" and "inc/languages.php".
TuMusika Evolution version 1.7R5 is affected.
Ref: http://www.securityfocus.com/bid/26631
______________________________________________________________________

07.49.114 CVE: Not Available
Platform: Web Application
Title: TuMusika Evolution Remote File Include
Description: TuMusika Evolution is an application for organizing music
playlists. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"uri" parameter of the "frames/nogui/sc_download.php" script. TuMusika
Evolution version 1.7R5 is affected.
Ref: http://www.securityfocus.com/bid/26632
______________________________________________________________________

07.49.115 CVE: Not Available
Platform: Web Application
Title: NoAh PHP Content Architect Multiple Remote File Include
Vulnerabilities
Description: NoAh PHP Content Architect is a web-based application for
managing site architecture and content. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "filepath" parameter. NoAh
versions 0.9 pre 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26633
______________________________________________________________________

07.49.116 CVE: Not Available
Platform: Web Application
Title: WebED Multiple Index.PHP Local File Include Vulnerabilities
Description: WebED is a web-based application implemented in PHP. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "Root" and
"Path" parameters of the "mod/chat/index.php" script. WebED version 0.0.9 is
affected.
Ref: http://www.securityfocus.com/bid/26640
______________________________________________________________________

07.49.117 CVE: Not Available
Platform: Web Application
Title: Web-MeetMe Play.PHP Multiple Local File Include Vulnerabilities
Description: Web-MeetMe is a PHP-based application that allows users
to setup schedules and manage conferences on an Asterisk PBX. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "roomNo" and
"bookid" parameters of the "play.php" script. Web-MeetMe version 3.0.3
is affected.
Ref: http://www.securityfocus.com/bid/26641
______________________________________________________________________

07.49.118 CVE: Not Available
Platform: Web Application
Title: Ossigeno CMS Multiple Remote File Include Vulnerabilities
Description: Ossigeno CMS is a web-based content manager. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"ossigeno" parameter of the
"ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php"
script. Ossigeno CMS version 2.2_pre1 is affected.
Ref: http://www.securityfocus.com/bid/26654
______________________________________________________________________

07.49.119 CVE: Not Available
Platform: Web Application
Title: KML share Region.PHP Remote File Include
Description: KML share is a website-based application that uses the
Google maps API. The application is exposed to a remote file include
issue because it fails to sufficiently sanitize user-supplied input to
the "layer" parameter of the "region.php" script. KML share version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/26649
______________________________________________________________________

07.49.120 CVE: Not Available
Platform: Web Application
Title: LearnLoop File_download.PHP Remote File Include
Description: LearnLoop is an open source, groupware solution that
supports education. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "sFilePath" parameter of the "include/file_download.php"
script. LearnLoop version 2.0 beta 7 is affected.
Ref: http://www.securityfocus.com/bid/26651
______________________________________________________________________

07.49.121 CVE: Not Available
Platform: Network Device
Title: APC Switched Rack PDU Authentication Bypass
Description: APC Switched Rack Power Distribution Units (PDU) are used
to monitor and manage power distribution for rack mounted computer
equipment. The application is exposed to an authentication bypass
issue. rpdu firmware version 3.5.5 and aos firmware version 3.5.6
running on PDU part number AP9732 are affected.
Ref: http://www.securityfocus.com/archive/1/484363
______________________________________________________________________
[ terug ]