Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
************************************************************************
             @RISK: The Consensus Security Vulnerability Alert
Dec 10, 2007                                             Vol. 6. Week 50
************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                         Number of Updates and Vulnerabilities
- ------------------------         -------------------------------------
Windows                                          1
Other Microsoft Products                         2
Third Party Windows Apps                         7 (#1, #2)
Mac Os                                           2
Linux                                            5
Solaris                                          1
Unix                                             1
Novell                                           1
Cross Platform                                  26 (#3, #4, #5, #6, 
                                                    #7, #8, #9, #10)
Web Application - Cross Site Scripting          11
Web Application - SQL Injection                  9
Web Application                                 14
Network Device                                   3

************************ Sponsored By Sourcefire, Inc. ******************

Security 3.0:  Are You Ready? 
Sourcefire Webcast Featuring Gartner 
Security 3.0 is about getting out of reactive mode and into proactive
mode by building network security everywhere it can be.  Learn how to
build up security before, during, and after an attack with this archived
Webcast.
Watch Security 3.0 Webcast now 

http://www.sans.org/info/20601

*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - Washington DC (12/13-12/18): http://www.sans.org/cdi07
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Cisco Security Agent Buffer Overflow
(2) CRITICAL: Skype URI Handling Remote Code Execution
(3) HIGH: HP OpenView Network Node Manager CGI Scripts Remote Code Execution 
(4) HIGH: Avast! Antivirus TAR File Processing Memory Corruption
(5) HIGH: 3ivx MPEG-4 Codec Buffer Overflow
(6) HIGH: Novell NetMail Antivirus Service Integer Overflow
(7) MODERATE: HP Select Identity Undisclosed Authentication Bypass
(8) MODERATE: OpenOffice.org Database File Arbitrary Code Execution
(9) MODERATE: Novell BorderManager Multiple Vulnerabilities
(10) MODERATE: MIT Kerberos Multiple Vulnerabilities

************************  Sponsored Links:  *****************************

1) Utimaco Launches SafeGuard Enterprise 5.2 Raising the Bar on
Cross-platform Data Protection
http://www.sans.org/info/20606

*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
07.50.1  - Microsoft Web Proxy Auto-Discovery Proxy Spoofing
 -- Other Microsoft Products
07.50.2  - Microsoft Optical Desktop Wireless Keyboard Weak Encryption
Information Disclosure
07.50.3  - Microsoft December 2007 Advance Notification Multiple Vulnerabilities
 -- Third Party Windows Apps
07.50.4  - Yahoo Toolbar Helper Class ActiveX Control Remote Buffer Overflow
Denial of Service
07.50.5  - RealPlayer RMOC3260.DLL ActiveX Control Import Denial of Service
07.50.6  - Cisco Security Agent for Microsoft Windows SMB Remote Buffer Overflow
07.50.7  - VideoLan VLC ActiveX Plugin Memory Corruption
07.50.8  - SonicWALL Global VPN Client Remote Format String
07.50.9  - avast! Home/Professional TAR File Handling Unspecified Vulnerability
07.50.10 - HFS HTTP File Server Arbitrary File Upload
 -- Mac Os
07.50.11 - Apple Mac OS X VPND Remote Denial of Service
07.50.12 - Apple Mac OS X Mach_Loader.C Local Denial of Service
 -- Linux
07.50.13 - Red Hat Content Accelerator Memory Leak Local Denial of Service
07.50.14 - Zsh Insecure Temporary File Creation
07.50.15 - Linux Kernel DO_COREDUMP Local Information Disclosure
07.50.16 - PCRE Perl-Compatible Regular Expression Library POSIX Denial of
Service
07.50.17 - PCRE Perl-Compatible Regular Expression Subpattern Memory Allocation
Denial of Service
 -- Solaris
07.50.18 - Sun Solaris LX(5) Branded Zones Unspecified Local Denial of Service
 -- Unix
07.50.19 - IBM AIX chfs Command Denial of Service
 -- Novell
07.50.20 - Novell BorderManager Multiple Vulnerabilities
 -- Cross Platform
07.50.21 - Multiple Vendor Web Browser JavaScript Multiple Fields Key Filtering
07.50.22 - Typespeed Malformed Packet Divide By Zero Denial of Service
07.50.23 - IBM Tivoli Netcool Security Manager Unspecified Cross-Site Scripting
07.50.24 - QEMU Translation Block Local Denial of Service
07.50.25 - Opera Web Browser Bitmap File RLE Remote Denial of Service
07.50.26 - xterm Psuedo Terminal Insecure Permissions Local Insecure Permission
Weakness
07.50.27 - IBM Tivoli Provisioning Manager Express Username User Enumeration
Weakness
07.50.28 - Claws Mail Insecure Temporary File Creation
07.50.29 - Ascential DataStage Multiple Local Vulnerabilities
07.50.30 - SING Log Option Local Privilege Escalation
07.50.31 - Zabbix daemon_start Local Privilege Escalation
07.50.32 - Apple QuickTime Unspecified Remote
07.50.33 - Squid Proxy Cache Update Reply Processing Remote Denial of Service
07.50.34 - HP Select Identity Unspecified Remote Unauthorized Access
07.50.35 - Jetty Cookie Names Session Hijacking
07.50.36 - Jetty Unspecified HTTP Response Splitting
07.50.37 - OpenOffice HSQLDB Database Engine Unspecified Java Code Execution
07.50.38 - Citrix EdgeSight for Endpoints and Presentation Server Database
Credential Disclosure Weakness
07.50.39 - HP OpenVMS Multiple Local Denial of Service Vulnerabilities
07.50.40 - Sun SPARC XSCF Control Package (XCP) Firmware Unspecified Denial of
Service
07.50.41 - Xen mov_to_rr RID Local Security Bypass
07.50.42 - hugin Insecure Temporary File Creation
07.50.43 - HP OpenView Network Node Manager Unspecified Remote Arbitrary Code
Execution
07.50.44 - SERWeb Multiple Remote and Local File Include Vulnerabilities
07.50.45 - Skype Technologies skype4com URI Handler Remote Heap Corruption
07.50.46 - MIT Kerberos Multiple Memory Corruption Vulnerabilities
 -- Web Application - Cross Site Scripting
07.50.47 - F5 FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting
07.50.48 - F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting
07.50.49 - Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting
Weakness
07.50.50 - Hitachi JP1/Cm2/Network Node Manager Unspecified Cross-Site Scripting
07.50.51 - Jetty Dump Servlet Cross Site Scripting
07.50.52 - phpMyChat Multiple Scripts and Parameters Cross-Site Scripting
Vulnerabilities
07.50.53 - Cisco CiscoWorks Login Script Cross-Site Scripting
07.50.54 - IBM Tivoli Provisioning Manager Express Multiple Cross Site Scripting
Vulnerabilities
07.50.55 - IBM Lotus Sametime Server WebRunMenuFrame Cross-Site Scripting
07.50.56 - Kayako SupportSuite PHP_SELF Trigger_Error Function Cross-Site
Scripting
07.50.57 - OpenNewsletter Compose.PHP Cross-Site Scripting
 -- Web Application - SQL Injection
07.50.58 - bcoos Adresses/Ratefile.PHP SQL Injection
07.50.59 - PhpBBGarage Garage.PHP SQL Injection
07.50.60 - Beehive Forum Post.PHP SQL Injection
07.50.61 - Snitz Forums 2000 Active.ASP SQL Injection
07.50.62 - Mambo/Joomla! RSGallery2 CATID Parameter SQL Injection
07.50.63 - Joomla! Index.PHP Multiple SQL Injection Vulnerabilities
07.50.64 - WordPress P Parameter SQL Injection
07.50.65 - Drupal TAXONOMY_SELECT_NODES() SQL Injection
07.50.66 - MWOpen E-Commerce leggi_commenti.asp SQL Injection
 -- Web Application
07.50.67 - FTP Admin Multiple Remote Vulnerabilities
07.50.68 - Gadu-Gadu Remote User Addition unauthorized Access
07.50.69 - Tellmatic tm_includepath Parameter Multiple Remote File Include
Vulnerabilities
07.50.70 - Rayzz Class_HeaderHandler.Lib.PHP Remote File Include
07.50.71 - CRM-CTT CheckCustomerAccess Security Bypass
07.50.72 - Absolute News Manager .NET Multiple Input Validation and Information
Disclosure Vulnerabilities
07.50.73 - Gadu-Gadu Skin Attribute Handling Remote Denial of Service
07.50.74 - Computer Associates eTrust Threat Management Console HTML Injection
07.50.75 - Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
07.50.76 - VisualShapers ezContents File Disclosure
07.50.77 - SineCms Multiple Input Validation Vulnerabilities
07.50.78 - Wordpress PictPress Plugin Resize.PHP Multiple Local File Include
Vulnerabilities
07.50.79 - phpBB .PNG and .RAR Multiple Arbitrary File Upload Vulnerabilities
07.50.80 - Beehive Forum Links.PHP Multiple Unspecified Cross-Site Scripting and
SQL Injection Vulnerabilities
 -- Network Device
07.50.81 - Cisco Unified IP Phone RTP Audio Stream Eavesdropping
07.50.82 - Cisco 7940 SIP Phone INVITE Message Remote Denial of Service
07.50.83 - Nokia N95 Phone SIP Cancelled INVITE Message Remote Denial of Service
______________________________________________________________________

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Cisco Security Agent Buffer Overflow
Affected:
Cisco Security Agent versions prior to 5.2.0.238

Description: Cisco Security Agent is a software suite providing threat
protection for various operating systems. The version for Microsoft
Windows contains a flaw in its handling of Server Message Block (SMB)
requests. A specially crafted SMB request to a system running Cisco
Security Agent would allow an attacker to trigger a buffer overflow in
kernel-level code. Successfully exploiting this vulnerability would
allow an attacker to execute arbitrary code with kernel-level
privileges. Cisco Security Agent is often installed on both desktop and
server systems. Some technical details for this vulnerability are
publicly available.

Status: Cisco confirmed, updates available.
  
References:
NSFOCUS Security Advisory
http://www.nsfocus.com/english/homepage/research/0702.htm
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
Cisco Security Agent Home Page
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/26723

**********************************************************

(2) CRITICAL: Skype URI Handling Remote Code Execution
Affected:
Skype versions prior to 3.6

Description: Skype, a popular internet telephony and messaging
application, contains a flaw in its handling of user-supplied URLs. Upon
installation on Microsoft Windows systems, Skype registers itself as the
handler for __skype4com__ URLs. A specially crafted __skype4com__ URL
could trigger a memory corruption vulnerability and allow an attacker
to execute arbitrary code with the privileges of the current user. Such
URLs could be embedded in web pages or email messages, or otherwise
delivered to users remotely. Some technical details for this
vulnerability are publicly available.

Status: Skype confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-070.html
Skype Home Page
http://www.skype.com
SecurityFocus BID
http://www.securityfocus.com/bid/26748

**********************************************************

(3) HIGH: HP OpenView Network Node Manager CGI Scripts Remote Code Execution 
Affected:
HP OpenView Network Node Manager versions 7.5.1 and prior

Description: HP OpenView Network Node Manager (NNM) is HP(tm)s network
and system monitoring component for its OpenView suite of applications.
NNM provides several CGI scripts for web-based management of the NNM
server. Several of these scripts contain buffer overflow
vulnerabilities. A specially crafted request to one of these scripts
would allow an attacker to execute arbitrary code with the privileges
of the NNM web server process. NNM configuration often includes SNMP
community strings and passwords, thus exploiting NNM could allow for
easier exploitation of other systems. Full technical details for these
vulnerabilities are publicly available. It is believed that these
vulnerabilities can be leveraged to gain SYSTEM access.

Status: HP confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-071.html
HP Security Bulletin
http://www.securityfocus.com/archive/1/484658
HP OpenView Network Node Manager Home Page
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11
-15-119^1155_4000_100
SecurityFocus BID
http://www.securityfocus.com/bid/26741

**********************************************************

(4) HIGH: Avast! Antivirus TAR File Processing Memory Corruption
Affected:
Avast! Antivirus Home and Professional versions prior to 4.7.1098.

Description: Avast! Antivirus is a popular antivirus solution for
Microsoft Windows. Avast! contains a flaw in its handling of TAR archive
files. TAR is a popular format for archive files, usually associated
with Unix and Unix-like systems. A specially crafted TAR file could
trigger a memory corruption when scanned by the antivirus engine and
allow an attacker to execute arbitrary code with the privileges of the
virus scanning process. Depending upon configuration, TAR files may be
automatically scanned upon download or receipt, without user
interaction. Some technical details are publicly available for this
vulnerability.

Status: Vendor confirmed, updates available.

References:
Posting by Sowhat
http://secway.org/advisory/AD20071206.txt
Avast! Update Information
http://www.avast.com/eng/avast-4-home_pro-revision-history.html
Wikipedia Article on the TAR File Format
http://en.wikipedia.org/wiki/Tar_%28file_format%29
SecurityFocus BID
http://www.securityfocus.com/bid/26702

**********************************************************

(5) HIGH: 3ivx MPEG-4 Codec Buffer Overflow
Affected:
3ivx MPEG-4 Codec versions 5.0.1 and prior

Description: 3ivx MPEG-4 Codec is a cross-platform media codec for
MPEG-4 media streams. This codec contains a buffer overflow in its
handling of MPEG-4 data. A specially crafted MPEG-4 stream could trigger
this vulnerability and allow an attacker to execute arbitrary code with
the privileges of the current user. Depending upon configuration, MPEG-4
streams may be opened by the vulnerable codec without further user
interaction. Multiple proofs-of-concept and technical details are
publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Proofs-of-Concept
http://www.milw0rm.com/exploits/4701
http://www.milw0rm.com/exploits/4702
Secunia Advisory
http://secunia.com/advisories/27998/
Vendor Home Page
http://www.3ivx.com/
SecurityFocus BID
Not yet available. 

**********************************************************

(6) HIGH: Novell NetMail Antivirus Service Integer Overflow
Affected:
Novell NetMail versions prior to 3.5.2F
Messaging Architects M+NetMail versions prior to 3.5.2F

Description: Novell NetMail is an enterprise email system originally
from Novell and now maintained by Messaging Architects. NetMail contains
an antivirus service used to scan messages for viruses and other
malware. This service contains an integer overflow in its handling of
messages. The antivirus service runs on a random TCP port; attackers
would need to connect to this port to exploit this vulnerability.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the vulnerable service.
The vulnerability may be exploitable by email messages transiting the
server, but this is unconfirmed. Some technical details for the
vulnerability are publicly available.

Status: Messaging Architects confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-072.html
Novell Security Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.
SAL_Public.html
Messaging Architects NetMail Support Information
http://www.messagingarchitects.com/en/support/mplusnetmail/
SecurityFocus BID
http://www.securityfocus.com/bid/26753

**********************************************************

(7) MODERATE: HP Select Identity Undisclosed Authentication Bypass
Affected:
HP Select Identity versions prior to 4.13.3

Description: HP Select Identity is an identity and permissions
management suite from HP. It contains a flaw in its handling of
authentication requests. A specially crafted request would allow an
attacker to log in without proper credentials. HP Select Identity is
often used to authenticate access to enterprise applications and web
services, therefore any application using this authentication scheme
could be vulnerable. No technical details for this vulnerabilities are
believed to be publicly available.

Status: HP confirmed, updates available.

References:
HP Security Bulletin
http://www.securityfocus.com/archive/1/484566
HP Select Identity Home Page
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11
-85-131^3682_4000_100
SecurityFocus BID
http://www.securityfocus.com/bid/26694

**********************************************************

(8) MODERATE: OpenOffice.org Database File Arbitrary Code Execution
Affected:
OpenOffice.org versions prior to 2.3.1

Description: OpenOffice.org is a popular open source office and
productivity suite. Its Database component embeds a version of the
HSQLDB database engine known to contain a remote code execution
vulnerability. A specially crafted OpenOffice.org Database document
could trigger this vulnerability and execute arbitrary Java code with
the privileges of the current user. Note that, depending upon
configuration, such documents may be opened by OpenOffice.org without
first prompting the user. OpenOffice.org is installed by default on
numerous Unix, Unix-like, and Linux systems and is available for
Microsoft Windows and Apple Mac OS X. Sun StarOffice shares a large
codebase with OpenOffice.org; it may be vulnerable as well. Full
technical details for this vulnerability are available via source code
analysis.

Status: OpenOffice.org confirmed, updates available.

References:
OpenOffice.org Security Advisory
http://www.openoffice.org/security/cves/CVE-2007-4575.html
OpenOffice.org Home Page
http://www.openoffice.org
HSQLDB Home Page
http://hsqldb.org/
SecurityFocus BID
http://www.securityfocus.com/bid/26703

**********************************************************

(9) MODERATE: Novell BorderManager Multiple Vulnerabilities
Affected:
Novell BorderManager versions prior to 3.8 Support Pack 5 Interim Release 1

Description: Novell BorderManager is an integrated security platform
from Novell providing firewall, proxy, and VPN services. BorderManager
contains several flaws in its handling of traffic. Specially crafted
requests could bypass the web proxy authentication or HTTP content
inspection, and a flaw exists in the handling of client trust. Some
technical details are publicly available for these vulnerabilities. The
HTTP bypass vulnerability may be related to a vulnerability discussed
in an earlier edition of @RISK.

Status: Novell confirmed, updates available.

References:
Novell Update Information
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007301.
html
Previous @RISK Issue
http://www.sans.org/newsletters/risk/display.php?v=6&i=21#widely5
Product Home Page
http://www.novell.com/products/bordermanager/
SecurityFocus BID
http://www.securityfocus.com/bid/26733

**********************************************************

(10) MODERATE: MIT Kerberos Multiple Vulnerabilities
Affected:
MIT Kerberos versions 1.5 and prior

Description: MIT Kerberos is MIT(tm)s implementation of the Kerberos
authentication protocol. It forms the basis of numerous vendor(tm)s
Kerberos implementations. Several flaws have been discovered in MIT
Kerberos, including several memory corruption and integer overflow
vulnerabilities. All of these vulnerabilities are of unknown impact,
though they have the potential to lead to remote code execution with the
privileges of the vulnerable Kerberos process (often root/SYSTEM). Full
technical details for these vulnerabilities is publicly available via
source code analysis. Vendor implementations of Kerberos based on
MIT(tm)s implementation are presumed vulnerable as well.

Status: MIT has not confirmed, no updates available.

References:
Posting by VENUSTECH Security Lab
http://seclists.org/fulldisclosure/2007/Dec/0176.html
CVE Vulnerability Notes
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972
Wikipedia Article on the Kerberos Protocol
http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
SecurityFocus BID
http://www.securityfocus.com/bid/26750

****************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.50.1 CVE: CVE-2007-5355
Platform: Windows
Title: Microsoft Web Proxy Auto-Discovery Proxy Spoofing
Description: Microsoft Web Proxy Auto-Discovery (WPAD) enables web
clients to automatically detect proxy settings without
user-interaction. The application is exposed to an issue that may
result in information disclosure. This issue occurs because of the way
the application resolves host names that do not include fully
qualified domain names.
Ref: http://www.microsoft.com/technet/security/advisory/945713.mspx
______________________________________________________________________

07.50.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Optical Desktop Wireless Keyboard Weak Encryption
Information Disclosure
Description: Microsoft Optical Desktop is a wireless keyboard and
mouse developed by Microsoft. The application is exposed to an
information disclosure issue because keyboard events are encrypted
using a weak encryption algorithm. Specifically, when keystrokes are
transmitted to the wireless receiver, they are encrypted using an
8-bit XOR mechanism. Microsoft Optical Desktop versions 1000 and 2000
are affected.
Ref:
http://www.remote-exploit.org/advisories/27_Mhz_keyboard_insecurities.pdf
______________________________________________________________________

07.50.3 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft December 2007 Advance Notification Multiple
Vulnerabilities
Description: Microsoft has released advance notification that they will
be releasing seven security bulletins on December 11, 2007. The highest
severity rating for these issues is "Critical".
Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx
______________________________________________________________________

07.50.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo Toolbar Helper Class ActiveX Control Remote Buffer
Overflow Denial of Service
Description: Yahoo Toolbar ActiveX Control is exposed to a buffer
overflow denial of service issue because the application fails to
properly bounds check user-supplied data. Yahoo Toolbar version 1.4.1
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.50.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealPlayer RMOC3260.DLL ActiveX Control Import Denial of
Service
Description: RealNetworks RealPlayer is an application that allows
users to play various media formats. The application is exposed to a
denial of service issue because it fails to perform adequate boundary
checks on user-supplied data before copying it to an
insufficiently-sized buffer. RealPlayer version 11 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.50.6 CVE: CVE-2007-5580
Platform: Third Party Windows Apps
Title: Cisco Security Agent for Microsoft Windows SMB Remote Buffer
Overflow
Description: Cisco Security Agent is a software agent used to protect
server and desktop computers. The application is exposed to a remote
buffer overflow issue because it fails to properly bounds check
user-supplied data.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
______________________________________________________________________

07.50.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: VideoLan VLC ActiveX Plugin Memory Corruption
Description: VLC media player is a multimedia application for playing
audio and video files. The application is exposed to a memory
corruption issue that affects the ActiveX plugin component of VLC. VLC
media player versions 0.8.6 to 0.8.6c are affected.
Ref: http://www.videolan.org/sa0703.html
______________________________________________________________________

07.50.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: SonicWALL Global VPN Client Remote Format String
Description: SonicWALL Global VPN Client provides virtual private
networking for mobile users. The application is exposed to a remote
format string issue because it fails to properly sanitize
user-supplied input before passing it as the format specifier to a
formatted-printing function. SonicWALL Global VPN Client versions
prior to 4.0.0.830 are affected.
Ref: http://www.sec-consult.com/305.html
______________________________________________________________________

07.50.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: avast! Home/Professional TAR File Handling Unspecified Vulnerability
Description: avast! is an antivirus application for Microsoft Windows.
The application is exposed to an unspecified issue when the
application handles a TAR file. avast! Home and Professional versions
prior to 4.7.1098 are affected.
Ref: http://www.securityfocus.com/archive/1/484657
______________________________________________________________________

07.50.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: HFS HTTP File Server Arbitrary File Upload
Description: HFS HTTP File Server is a file sharing application for
Microsoft Windows platforms. The application is exposed to an issue
that lets attackers upload files and place them in arbitrary locations
on the server. The issue occurs because the software fails to
adequately sanitize user-supplied input. HTTP File Server versions
prior to 2.2b are affected.
Ref: http://aluigi.altervista.org/adv/hfsup-adv.txt
______________________________________________________________________

07.50.11 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X VPND Remote Denial of Service
Description: Virtual private network daemon (vpnd) is a VPN service
daemon for L2TP over IPSec or PPTP VPNs. The application is exposed to
a remote denial of service issue because the virtual private network
daemon (vpnd) fails to handle malicious network packets. When the
daemon processes a malicious packet an arithmetic exception occurs
in the "accept_connections()" function, causing the daemon to crash.
Apple Mac OS X version 10.5 is affected.
Ref: http://www.securityfocus.com/bid/26699
______________________________________________________________________

07.50.12 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X Mach_Loader.C Local Denial of Service
Description: Apple Mac OS X is exposed to a local denial of service
issue because the kernel fails to properly handle exceptional
conditions. Specifically, the "load_threadstack()" function of the
"/bsd/kern/mach_loader.c" file is exposed to an integer overflow issue
causing the kernel to enter an infinite loop and crash.
Apple Mac OS X versions 10.4 and 10.5.1 are affected.
Ref: http://www.securityfocus.com/bid/26700
______________________________________________________________________

07.50.13 CVE: CVE-2007-5494
Platform: Linux
Title: Red Hat Content Accelerator Memory Leak Local Denial of Service
Description: Red Hat Content Accelerator is a kernel-based HTTP
server. The application is exposed to a local denial of service issue
because of a programming error. Red Hat Enterprise Linux (v. 5 server)
and Red Hat Enterprise Linux Desktop (v. 5 client) are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-0993.html
______________________________________________________________________

07.50.14 CVE: Not Available
Platform: Linux
Title: Zsh Insecure Temporary File Creation
Description: Zsh is a freely available interactive shell for Linux.
The application is exposed to a security issue because it creates
temporary files in an insecure manner. The issue affects the
"difflog.pl" script because it creates insecure temporary files in the
"tmp" directory. Zsh version 4.3.4 is affected.
Ref: https://bugs.gentoo.org/show_bug.cgi?id=201022
______________________________________________________________________

07.50.15 CVE: CVE-2007-6206
Platform: Linux
Title: Linux Kernel DO_COREDUMP Local Information Disclosure
Description: The Linux kernel is exposed to an information disclosure
issue because the "do_coredump" function of the "fs/exec.c" source
file fails to check a coredump file's user ID before dumping the core
into an existing user-owned file. This can allow a local attacker to
gain access to potentially sensitive data if a superuser process dumps
core into the attacker's file. Linux kernel versions prior to
2.6.24-rc4 are affected.
Ref: http://bugzilla.kernel.org/show_bug.cgi?id=3043
______________________________________________________________________

07.50.16 CVE: CVE-2006-7225
Platform: Linux
Title: PCRE Perl-Compatible Regular Expression Library POSIX Denial of
Service
Description: PCRE Perl-Compatible Regular Expression is a library of
functions for reqular expression pattern matching. The library uses
the same syntax and semantics as Perl 5. The library is exposed to a
denial of service issue because it fails to adequately sanitize
user-supplied regular expressions. PCRE versions prior to 6.7 are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2007-1059.html
______________________________________________________________________

07.50.17 CVE: CVE-2006-7226
Platform: Linux
Title: PCRE Perl-Compatible Regular Expression Subpattern Memory
Allocation Denial of Service
Description: PCRE Perl-Compatible Regular Expression is a library of
functions for regular expression pattern matching. The library uses
the same syntax and semantics as Perl 5. The library is exposed to a
denial of service issue because it fails to allocate sufficient memory
for quantified subpatterns that contain a named recursion or
subroutine reference. PCRE versions prior to 6.7 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2007-1059.html
______________________________________________________________________

07.50.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris LX(5) Branded Zones Unspecified Local Denial of
Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
problem occurs within the Linux branded zone "lx(5)", that may allow
an attacker to cause the kernel to panic. Solaris version 10 x86
running in 64-bit mode is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103153-1
&searchclause=
______________________________________________________________________

07.50.19 CVE: Not Available
Platform: Unix
Title: IBM AIX chfs Command Denial of Service
Description: AIX is UNIX operating system from IBM. The application is
exposed to a denial of service issue when reducing the size of a
concurrent volume group using the "chfs" command. IBM AIX version 5.3
is affected.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=
4032#IZ04953
______________________________________________________________________

07.50.20 CVE: Not Available
Platform: Novell
Title: Novell BorderManager Multiple Vulnerabilities
Description: Novell BorderManager is a security tool providing
firewall and VPN functionality. It is commercially available for
Microsoft Windows. The application is exposed to multiple issues.
Novell BorderManager versions prior to 3.8 SP5 are affected.
Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/
readme_5007301.html
______________________________________________________________________

07.50.21 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor Web Browser JavaScript Multiple Fields Key
Filtering
Description: Multiple web browsers are exposed to a JavaScript key
filtering issue because the browsers fail to securely handle keystroke
input from users. The issue occurs when multiple fields are embedded
within a single label. These fields include: File fields and Text
fields.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058740.html
______________________________________________________________________

07.50.22 CVE: Not Available
Platform: Cross Platform
Title: Typespeed Malformed Packet Divide By Zero Denial of Service
Description: Typespeed is a typing tool and typing game. The
application is exposed to a denial of service issue because the
application fails to handle malformed packets. Specifically, a
divide-by-zero error occurs when handling a malformed packet.
Typespeed versions prior to 0.6.4 are affected.
Ref: http://tobias.eyedacor.org/typespeed/ChangeLog
______________________________________________________________________

07.50.23 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Netcool Security Manager Unspecified Cross-Site
Scripting
Description: IBM Tivoli Netcool Security Manager provides real-time
performance and service management for service providers. It is
available for multiple operating platforms. The application is exposed
to a cross-site scripting issue because it fails to properly sanitize
user-supplied input. IBM Tivoli Netcool Security Manager version 1.3.0
is affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24017385
______________________________________________________________________

07.50.24 CVE: Not Available
Platform: Cross Platform
Title: QEMU Translation Block Local Denial of Service
Description: QEMU is a processor emulator used to virtualize computer
systems and to run guest operating systems within a host. The
application is exposed to a local denial of service issue because it
fails to perform adequate boundary checks when handling user-supplied
input. QEMU version 0.9.0 is affected.
Ref: http://www.securityfocus.com/bid/26666
______________________________________________________________________

07.50.25 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser Bitmap File RLE Remote Denial of Service
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to a remote denial of
service issue when processing the running length encoding (RLE) in a
bitmap (BMP) file. Specifically, the issues is due to implementation
of the 00 02 XX YY feature. The implementation performs XX+YY*width
increments when displaying a BMP file. Opera versions 9.50 beta and
9.24 are affected.
Ref: http://www.securityfocus.com/archive/1/484605
______________________________________________________________________

07.50.26 CVE: CVE-2007-2797
Platform: Cross Platform
Title: xterm Psuedo Terminal Insecure Permissions Local Insecure
Permission Weakness
Description: xterm is a terminal emulator for the X Windows system.
The application is exposed to a local insecure permission weakness
because the application sets insecure permissions on psuedo-terminals.
Ref: http://rhn.redhat.com/errata/RHSA-2007-0701.html
______________________________________________________________________

07.50.27 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Provisioning Manager Express Username User
Enumeration Weakness
Description: IBM Tivoli Provisioning Manager Express is an application
that allows users to deploy software updates. The application is
exposed to a user enumeration weakness because the application returns
certain data when failed login attempts used a valid username.
Ref: http://www.securityfocus.com/archive/1/484607
______________________________________________________________________

07.50.28 CVE: Not Available
Platform: Cross Platform
Title: Claws Mail Insecure Temporary File Creation
Description: Claws Mail is a freely available email client for Linux,
UNIX, and Sun Solaris platforms. The application is exposed to a
security issue because it creates temporary files in an insecure
manner. The issue affects the "sylprint.pl" script because it creates
insecure temporary files. Claws Mail version 3.1.0 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089
______________________________________________________________________

07.50.29 CVE: Not Available
Platform: Cross Platform
Title: Ascential DataStage Multiple Local Vulnerabilities
Description: Ascential DataStage is a tool for collecting,
integrating, and transforming large volumes of data. It is available
for Windows, UNIX, and Linux-based operating systems. The application
is exposed to three security issues that may be exploited by a local
user. Ascential DataStage version 7.5 is affected.
Ref: http://www.securityfocus.com/bid/26677
______________________________________________________________________

07.50.30 CVE: Not Available
Platform: Cross Platform
Title: SING Log Option Local Privilege Escalation
Description: SING (Send ICMP Nasty Garbage) is a tool to send ICMP
packets, customized with spoofed sources and ICMP codes. It is a
replacement for the "ping" utility. The application is exposed to a
local privilege escalation issue that arises because SING's binary is
SUID. SING version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/484472
______________________________________________________________________

07.50.31 CVE: Not Available
Platform: Cross Platform
Title: Zabbix daemon_start Local Privilege Escalation
Description: Zabbix is a network monitoring tool available for Unix,
Linux and other Unix-like operating systems. The application is
exposed to a local privilege escalation issue that occurs in the
"daemon_start()" function of "src/libs/zbxnix/daemon.c". Zabbix
version 1.4.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682
______________________________________________________________________

07.50.32 CVE: Not Available
Platform: Cross Platform
Title: Apple QuickTime Unspecified Remote
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to an unspecified remote
issue. Apple QuickTime version 7.2 for Microsoft Windows XP is
affected.
Ref:
http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.
html
______________________________________________________________________

07.50.33 CVE: Not Available
Platform: Cross Platform
Title: Squid Proxy Cache Update Reply Processing Remote Denial of
Service
Description: Squid is an open-source proxy server available for a
number of platforms. The application is exposed to a remote denial of
service issue because the proxy server fails to perform boundary
checks prior to copying user-supplied data into process buffers. Squid
versions 2.6.STABLE16 and prior are affected.
Ref: http://www.securityfocus.com/bid/26687
______________________________________________________________________

07.50.34 CVE: CVE-2007-6194
Platform: Cross Platform
Title: HP Select Identity Unspecified Remote Unauthorized Access
Description: HP Select Identity is an application used to manage user
identities and access rights. The application is exposed to an
unspecified unauthorized access issue. HP Select Identity versions 4.01
to 4.01.011 and 4.10 to 4.13.002 are affected.
Ref: http://www.securityfocus.com/archive/1/484566
______________________________________________________________________

07.50.35 CVE: CVE-2007-5614
Platform: Cross Platform
Title: Jetty Cookie Names Session Hijacking
Description: Mortbay Jetty is an open source webserver implemented in
Java. The application is exposed to an issue that allows attackers to
hijack browser sessions because the server fails to adequately handle
single quotes in cookie names. Jetty versions prior to 6.1.6 are
affected.
Ref: http://www.kb.cert.org/vuls/id/438616
______________________________________________________________________

07.50.36 CVE: CVE-2007-5615
Platform: Cross Platform
Title: Jetty Unspecified HTTP Response Splitting
Description: Jetty is a Java-based web server available for multiple
platforms. The application is exposed to an HTTP-response-splitting
issue because it fails to sanitize user-supplied input. This issue
affects HTTP headers with CRLF sequences, which can allow an attacker
to inject unspecified HTTP headers into server responses. Jetty
versions prior to 6.1.6 are affected.
Ref: http://www.kb.cert.org/vuls/id/212984
______________________________________________________________________

07.50.37 CVE: CVE-2007-4575
Platform: Cross Platform
Title: OpenOffice HSQLDB Database Engine Unspecified Java Code
Execution
Description: OpenOffice is a multiplatform office suite. The
application is exposed to a code execution issue that affects HSQLDB
database engine supplies with the application. OpenOffice versions
prior to 2.3.1 are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1048.html
______________________________________________________________________

07.50.38 CVE: Not Available
Platform: Cross Platform
Title: Citrix EdgeSight for Endpoints and Presentation Server Database
Credential Disclosure Weakness
Description: Citrix EdgeSight is a performance management suite
comprised of EdgeSight for Endpoints and EdgeSight for Presentation
Server. The application is exposed to a database credential disclosure
weakness. Specifically, database credentials are stored in an insecure
manner in unspecified configuration files.
Ref: http://support.citrix.com/article/CTX115281
______________________________________________________________________

07.50.39 CVE: Not Available
Platform: Cross Platform
Title: HP OpenVMS Multiple Local Denial of Service Vulnerabilities
Description: OpenVMS is a mainframe-like operating system originally
developed by Digital. It is maintained and distributed by HP. The
application is exposed to multiple local denial of service issues.
OpenVMS for Integrity Servers version V8.3 is affected.
Ref:
ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_GRAPHICS-V0100.txt
______________________________________________________________________

07.50.40 CVE: Not Available
Platform: Cross Platform
Title: Sun SPARC XSCF Control Package (XCP) Firmware Unspecified
Denial of Service
Description: Sun XSCF (eXtended System Control Facility) Control
Package (XCP) firmware for SPARC Enterprise M4000/M5000/M8000/M9000
systems is exposed to a denial of service issue that causes
degradation of a XSCF response during telnet, SSH, and httpd
communication. XCP versions prior to 1050 are vulnerable.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103159-1
______________________________________________________________________

07.50.41 CVE: CVE-2007-6207
Platform: Cross Platform
Title: Xen mov_to_rr RID Local Security Bypass
Description: Xen is an open-source hypervisor or virtual machine
monitor. The application is exposed to a local security bypass issue
because it fails to validate user-supplied input. The application
fails to check the Region Identifier (RID) value during "mov_to_rr"
calls. Xen versions prior to 3.1.2 on IA64 platforms are affected.
Ref:
http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html
______________________________________________________________________

07.50.42 CVE: CVE-2007-5200
Platform: Cross Platform
Title: hugin Insecure Temporary File Creation
Description: hugin is a freely-available panoramic stitching tool for
manipulating digital images. It is available for multiple platforms.
The application is exposed to an insecure temporary file creation
issue that affects the "hugin_debug_optim_results.txt" file. hugin
versions 0.6.1 and 0.7_beta4 are affected.
Ref: http://www.novell.com/linux/security/advisories/2007_20_sr.html
______________________________________________________________________

07.50.43 CVE: CVE-2007-6204
Platform: Cross Platform
Title: HP OpenView Network Node Manager Unspecified Remote Arbitrary
Code Execution
Description: HP OpenView Network Node Manager is a fault-management
application for IP networks. The application is exposed to an
unspecified remote code execution issue. HP OpenView Network Node
Manager versions 6.41, 7.01, and 7.51 are affected when running on
HP-UX, Solaris, Windows, and Linux platforms.
Ref: http://www.securityfocus.com/archive/1/484658
______________________________________________________________________

07.50.44 CVE: Not Available
Platform: Cross Platform
Title: SERWeb Multiple Remote and Local File Include Vulnerabilities
Description: SERWeb is a self-provisioning web interface for SER-based
SIP servers. The application is exposed to multiple remote and local
file include issues because it fails to properly sanitize
user-supplied input. SERWeb version 2.0.0 dev 1 is affected.
Ref: http://www.securityfocus.com/bid/26747
______________________________________________________________________

07.50.45 CVE: CVE-2007-5989
Platform: Cross Platform
Title: Skype Technologies skype4com URI Handler Remote Heap Corruption
Description: Skype is peer-to-peer communications software that
supports internet-based voice communications. The application is
exposed to a remote heap-based memory corruption issue. Skype versions
prior to 3.6.0.216 for Windows are affected.
Ref: http://www.securityfocus.com/archive/1/484703
______________________________________________________________________

07.50.46 CVE: CVE-2007-5894, CVE-2007-5901, CVE-2007-5902,
CVE-2007-5971, CVE-2007-5972
Platform: Cross Platform
Title: MIT Kerberos Multiple Memory Corruption Vulnerabilities
Description: MIT Kerberos 5 is a suite of applications and libraries
designed to implement the Kerberos network authentication protocol. It
is freely available and operates on numerous platforms. The
application is exposed to multiple memory corruption issues.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=199205
______________________________________________________________________

07.50.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting
Description: FirePass 4100 SSL VPN is a secure Virtual Private Network
device that uses SSL connections to encapsulate network traffic. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input.
F5 FirePass 4100 SSL VPNs running versions 5.4.1 through 5.5.2, 6.0
and 6.0.1 are affected.
Ref: http://www.procheckup.com/Vulnerability_PR07-15.php
______________________________________________________________________

07.50.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site
Scripting
Description: FirePass 4100 SSL VPN is a secure Virtual Private Network
device that uses SSL connections to encapsulate network traffic. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input. This issue affects the
"my.activation.php3" script. F5 FirePass 4100 SSL VPNs running
firmware versions 5.4.1 through 5.5.2 and 6.0 through 6.0.1 are
affected.
Ref: http://www.procheckup.com/Vulnerability_PR07-14.php
______________________________________________________________________

07.50.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Apache HTTP Server 413 Error HTTP Request Method Cross-Site
Scripting Weakness
Description: Apache HTTP servers are prone to a cross-site scripting
weakness. The issue occurs when the application fails to sanitize a
specially-crafted HTTP request method that results in a 413 HTTP
error. Apache versions 2.0.46 through 2.2.4 are affected.
Ref: http://www.securityfocus.com/archive/1/484410
______________________________________________________________________

07.50.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hitachi JP1/Cm2/Network Node Manager Unspecified Cross-Site
Scripting
Description: Hitachi JP1/Cm2/Network Node Manager are application
servers available for multiple operating platforms. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-040_e/index-e.html
______________________________________________________________________

07.50.51 CVE: CVE-2007-5613
Platform: Web Application - Cross Site Scripting
Title: Jetty Dump Servlet Cross-Site Scripting
Description: Jetty is a Java server available for various operating
systems. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input. This
issue occurs in the Jetty Dump Servlet. Jetty versions prior to 6.1.6
are affected.
Ref: http://www.kb.cert.org/vuls/id/237888
______________________________________________________________________

07.50.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyChat Multiple Scripts and Parameters Cross-Site Scripting
Vulnerabilities
Description: phpMyChat is a web-based chat application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. phpMyChat version 0.14.5 is
affected.
Ref: http://www.securityfocus.com/archive/1/484575
______________________________________________________________________

07.50.53 CVE: CVE-2007-5582
Platform: Web Application - Cross Site Scripting
Title: Cisco CiscoWorks Login Script Cross-Site Scripting
Description: CiscoWorks is a device management and network monitoring
tool for Cisco networks. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the login script. CiscoWorks version 2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/484609
______________________________________________________________________

07.50.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Tivoli Provisioning Manager Express Multiple Cross-Site
Scripting Vulnerabilities
Description: IBM Tivoli Provisioning Manager Express is an application
that allows administrators to deploy software updates. The application
is exposed to multiple cross-site scripting issues because the
application fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/484607
______________________________________________________________________

07.50.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Sametime Server WebRunMenuFrame Cross-Site Scripting
Description: IBM Lotus Sametime Server is a commercially available
instant-messaging and web-conferencing application. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. Sametime Server versions prior to 8.0 are affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007301.
html
______________________________________________________________________

07.50.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kayako SupportSuite PHP_SELF Trigger_Error Function Cross-Site
Scripting
Description: SupportSuite is a web-based customer service application.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "PHP_SELF" parameter of
the "trigger_error()" function. This function is called from many
files (over 300), so several attack vectors exist. See the references
section for a complete list of affected files. SupportSuite version
3.00.32 is affected.
Ref: http://www.securityfocus.com/bid/26744
______________________________________________________________________

07.50.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OpenNewsletter Compose.PHP Cross-Site Scripting
Description: OpenNewsletter is a web-based application for publishing
newsletters. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"type" parameter of the "compose.php" script. OpenNewsletter version
2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/484680
______________________________________________________________________

07.50.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: bcoos Adresses/Ratefile.PHP SQL Injection
Description: bcoos is a content management system (CMS). The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input before using it in an SQL
query. This issue affects the "lid" parameter of the
"adresses/ratefile.php" script. bcoos version 1.0.10 is affected.
Ref: http://www.securityfocus.com/bid/26664
______________________________________________________________________

07.50.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpBBGarage Garage.PHP SQL Injection
Description: PhpBBGarage is a modification to phpBB that allows users
to store information about their vehicle. PhpBB is an open-source
forum application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "make_id" parameter of the "garage.php" script before using it in
an SQL query. PhpBBGarage version 1.2.0 Beta 3 is affected.
Ref: http://www.securityfocus.com/bid/26683
______________________________________________________________________

07.50.60 CVE: CVE-2007-6014
Platform: Web Application - SQL Injection
Title: Beehive Forum Post.PHP SQL Injection
Description: Beehive Forum is web-based forum software that has a MySQL
backend. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "t_dedupe"
parameter of the "post.php" script before using it in an SQL query.
Beehive Forum versions 0.7.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/484501
______________________________________________________________________

07.50.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Snitz Forums 2000 Active.ASP SQL Injection
Description: Snitz Forums 2000 is a web forum implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "active.asp" script.
All versions of Snitz Forums 2000 are affected.
Ref: http://www.securityfocus.com/bid/26688
______________________________________________________________________

07.50.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo/Joomla! RSGallery2 CATID Parameter SQL Injection
Description: RSGallery2 is a gallery plugin for Mambo/Joomla!. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "catid" parameter of
"index.php" before using it in an SQL query. RSGallery2 version 2.0
beta 5 is affected.
Ref: http://www.securityfocus.com/bid/26704
______________________________________________________________________

07.50.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Index.PHP Multiple SQL Injection Vulnerabilities
Description: Joomla! is a content management system (CMS). The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "view",
"task" and "option" parameters of the "index.php" script before using
it in an SQL query. Joomla! version 1.5 RC3 is affected.
Ref: http://www.securityfocus.com/archive/1/484603
______________________________________________________________________

07.50.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress P Parameter SQL Injection
Description: WordPress is a PHP-based personal publishing application.
The application is exposed to an SQL injection issue because it fails
to properly sanitize user-supplied input before using it in an SQL
query. Specifically, the "p" parameter is affected when accessing an
RSS feed. WordPress version 2.3.1 is affected.
Ref: http://www.securityfocus.com/bid/26709
______________________________________________________________________

07.50.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal TAXONOMY_SELECT_NODES() SQL Injection
Description: Drupal is an open-source content manager that is
available for a number of platforms, including Microsoft Windows and
Unix/Linux variants. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "taxonomy_select_nodes()" function before using it in an SQL
query. Drupal versions prior to 4.7.9 and 5.4 are affected.
Ref: http://drupal.org/node/198162
______________________________________________________________________

07.50.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MWOpen E-Commerce leggi_commenti.asp SQL Injection
Description: MWOpen E-Commerce is a web-based shopping application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "leggi_commenti.asp" before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/26746
______________________________________________________________________

07.50.67 CVE: Not Available
Platform: Web Application
Title: FTP Admin Multiple Remote Vulnerabilities
Description: FTP Admin is a web-based user management tool for vsFTPd
FTP server. The application is exposed to multiple remote issues. FTP
Admin version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/26658
______________________________________________________________________

07.50.68 CVE: Not Available
Platform: Web Application
Title: Gadu-Gadu Remote User Addition Unauthorized Access
Description: Gadu-Gadu (Polish for "chit-chat") is a Polish
instant-messaging client. The application is exposed to an issue that
allows unauthorized users to add additional users. This issue occurs
because of improper protocol handling by its default registered
protocol handler "gg". Gadu-Gadu version 7.7 is affected.
Ref: http://www.securityfocus.com/archive/1/484607
______________________________________________________________________

07.50.69 CVE: Not Available
Platform: Web Application
Title: Tellmatic tm_includepath Parameter Multiple Remote File Include
Vulnerabilities
Description: Tellmatic is an application that allows users to create and
manage newsletters. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input to the "ccms_library_path" parameter. Tellmatic versions 1.0.7
and 1.0.7.1 are affected.
Ref: http://www.securityfocus.com/bid/26678
______________________________________________________________________

07.50.70 CVE: Not Available
Platform: Web Application
Title: Rayzz Class_HeaderHandler.Lib.PHP Remote File Include
Description: Rayzz is a web-based social networking application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the
"CFG[site][project_path]" parameter of the
"/common/classes/class_HeaderHandler.lib.php" script. Rayzz version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/26681
______________________________________________________________________

07.50.71 CVE: Not Available
Platform: Web Application
Title: CRM-CTT CheckCustomerAccess Security Bypass
Description: CRM-CTT is a PHP-based process-automation application.
The application is exposed to a security bypass issue because it fails
to properly validate user credentials before performing certain
actions. CRM-CTT version prior to 4.2.0 are affected.
Ref: http://www.securityfocus.com/bid/26685
______________________________________________________________________

07.50.72 CVE: Not Available
Platform: Web Application
Title: Absolute News Manager .NET Multiple Input Validation and
Information Disclosure Vulnerabilities
Description: Absolute News Manager .NET is a content manager
implemented in ASP.NET. The application is exposed to multiple remote
issues. Absolute News Manager .NET version 5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/484560
______________________________________________________________________

07.50.73 CVE: Not Available
Platform: Web Application
Title: Gadu-Gadu Skin Attribute Handling Remote Denial of Service
Description: Gadu-Gadu (Polish for "chit-chat") is a Polish
instant-messaging client. The application is exposed to a remote
denial of service issue. The application fails to properly launch,
causing denial of service conditions. Gadu-Gadu version 7.7 is
affected.
Ref: http://www.securityfocus.com/archive/1/484607
______________________________________________________________________

07.50.74 CVE: Not Available
Platform: Web Application
Title: Computer Associates eTrust Threat Management Console HTML
Injection
Description: Computer Associates eTrust Threat Management Console is a
web-based management application for the CA Integrated Threat
Management product. The application is exposed to an HTML injection
issue because it fails to properly sanitize user-supplied input before
using it in dynamically generated content.
Ref: http://www.securityfocus.com/archive/1/484607
______________________________________________________________________

07.50.75 CVE: Not Available
Platform: Web Application
Title: Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms, including Microsoft Windows and
Unix/Linux variants. The application is exposed to multiple HTML
injection issues because the application fails to sufficiently
sanitize user-supplied input data before using it in dynamically
generated content. Shoutbox module versions prior to 5.x-1.1 are
affected.
Ref: http://drupal.org/node/198163
______________________________________________________________________

07.50.76 CVE: Not Available
Platform: Web Application
Title: VisualShapers ezContents File Disclosure
Description: VisualShapers ezContents is a web-based content
management system. The application is exposed to an issue that allows
remote attackers to display the contents of arbitrary local files in
the context of the web server process. ezContents version 1.4.5 is
affected.
Ref: http://www.securityfocus.com/bid/26737
______________________________________________________________________

07.50.77 CVE: Not Available
Platform: Web Application
Title: SineCms Multiple Input Validation Vulnerabilities
Description: SineCms is a web-based content management system. The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data. The issues consist
of five SQL injection and two HTML injection vulnerabilities.
Ref: http://www.securityfocus.com/bid/26738
______________________________________________________________________

07.50.78 CVE: Not Available
Platform: Web Application
Title: Wordpress PictPress Plugin Resize.PHP Multiple Local File
Include Vulnerabilities
Description: Wordpress PictPress plugin is a tool for generating
thumbnail-sized images for Wordpress web-log entries. Wordpress
allows users to generate news pages and web logs dynamically. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "size" and
"path" parameters of the "resize.php" script. Wordpress PictPress
plugin version 0.91 is affected.
Ref: http://www.securityfocus.com/bid/26743
______________________________________________________________________

07.50.79 CVE: Not Available
Platform: Web Application
Title: phpBB .PNG and .RAR Multiple Arbitrary File Upload
Vulnerabilities
Description: phpBB is a web-based bulletin board application.
The application is exposed to multiple arbitrary file upload issues
because it fails to properly verify the content of attachments posted
to web-log entries. phpBB version 2.0.22 is affected.
Ref: http://www.securityfocus.com/bid/26740
______________________________________________________________________

07.50.80 CVE: CVE-2007-6241
Platform: Web Application
Title: Beehive Forum Links.PHP Multiple Unspecified Cross-Site
Scripting and SQL Injection Vulnerabilities
Description: Beehive Forum is web-based forum software, which is
implemented in PHP and has a MySQL backend. The application is exposed
to multiple unspecified cross-site scripting and SQL injection issues
because it fails to properly sanitize user-supplied input. Beehive
Forum version 0.7.1 is affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=50772&release_id=551758
______________________________________________________________________

07.50.81 CVE: CVE-2007-6190
Platform: Network Device
Title: Cisco Unified IP Phone RTP Audio Stream Eavesdropping
Description: Cisco Unified IP Phone is a Voice over IP (VoIP) phone.
The application is exposed to an issue that allows eavesdropping. This
issue occurs in Cisco Unified IP phones that are configured to use the
Extension Mobility feature when receiving or transmitting RTP
(Real-Time Transport Protocol) data.
Ref:
http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.
html
______________________________________________________________________

07.50.82 CVE: Not Available
Platform: Network Device
Title: Cisco 7940 SIP Phone INVITE Message Remote Denial of Service
Description: Cisco 7940 devices are voice-over-IP (VoIP) phones. The
application is exposed to a denial of service issue because the device
fails to handle specially crafted SIP INVITE messages. Cisco IP phone
7940 is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html
______________________________________________________________________

07.50.83 CVE: Not Available
Platform: Network Device
Title: Nokia N95 Phone SIP Cancelled INVITE Message Remote Denial of
Service
Description: Nokia N95 devices are cell phones that include the
ability to operate as SIP voice-over-IP (VoIP) devices. The
application is exposed to a denial of service issue because the device
fails to handle specially crafted SIP INVITE messages. RM-159 version
V 12.0.013 of Nokia N95 phones is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058839.html
______________________________________________________________________
[ terug ]