Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
           @RISK: The Consensus Security Vulnerability Alert
Dec 17, 2007                                              Vol. 6. Week 51
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                         Number of Updates and Vulnerabilities
- ------------------------         -------------------------------------
Windows                                     5 (#1, #2, #3, #4, #10)
Microsoft Office                            2
Other Microsoft Products                    5
Third Party Windows Apps                    8 (#5, #6, #11)
Mac Os                                      2 (#8, #9)
Linux                                       8
HP-UX                                       1
Aix                                         1
Novell                                      1
Cross Platform                             22 (#7)
Web Application - Cross Site Scripting     11
Web Application - SQL Injection            18
Web Application                            23
Network Device                              1

************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft DirectX Multiple Vulnerabilities (MS07-064)
(2) CRITICAL: Microsoft Windows Media ASF Parsing Vulnerability (MS07-068)
(3) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS07-069)
(4) HIGH: Microsoft Windows Message Queueing Service Buffer Overflow (MS07-065)
(5) HIGH: Intuit QuickBooks Online Edition ActiveX Controls Multiple
Vulnerabilities
(6) HIGH: HP Info Center ActiveX Control Multiple Vulnerabilities
(7) HIGH: Trend Micro Multiple Products Uuencoded Data Handling Vulnerability
(8) HIGH: Apple QuickTime Multiple Vulnerabilities
(9) HIGH: Java for Apple Mac OS X Multiple Vulnerabilities
(10) MODERATE: Microsoft Windows SMBv2 Signature Validation Vulnerability
(MS07-063)

Other Software
(11) HIGH: Justsystems Ichitaro Buffer Overflow

************************** SPONSORED LINK *******************************
1) Know the truth. Advanced event correlation is vital to analyzing
enterprise data.  Download the whitepaper.
http://www.sans.org/info/20976
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
07.51.1  - Microsoft Windows Vista Kernel ALPC Local Privilege Escalation
07.51.2  - Microsoft Windows Media Format Runtime ASF File Remote Code Execution
07.51.3  - Microsoft Windows SMBv2 Code Signing Remote Code Execution
07.51.4  - Microsoft DirectX SAMI File Parsing Remote Code Execution
07.51.5  - Microsoft DirectX WAV and AVI File Parsing Remote Code Execution
 -- Microsoft Office
07.51.6  - Microsoft Office Insecure Document Signing Weakness
07.51.7  - Microsoft Office Hyperlink Signing Weakness
 -- Other Microsoft Products
07.51.8  - Microsoft Internet Explorer DHTML Object Memory Corruption
07.51.9  - Microsoft Internet Explorer Unspecified Remote Memory Corruption
07.51.10 - Microsoft Message Queuing Service Buffer Overflow
07.51.11 - Microsoft Internet Explorer Variant Unspecified Remote Memory
Corruption
07.51.12 - Microsoft Internet Explorer Second Variant Unspecified Remote Memory
Corruption
 -- Third Party Windows Apps
07.51.13 - Windows Media Player Remote Stack-Based Buffer Overflow
07.51.14 - AVS Media AVSMJPEGFILE.DLL ActiveX Control Remote Buffer Overflow
Denial of Service
07.51.15 - Vantage Linguistics AnswerWorks ActiveX Controls Multiple Unspecified
Vulnerabilities
07.51.16 - Intuit QuickBooks Online Edition ActiveX Controls Multiple
Unspecified Vulnerabilities
07.51.17 - Multiple Trend Micro Products UUE Malformed Zip File Buffer Overflow
07.51.18 - HP Info Center HPInfoDLL.DLL ActiveX Control Multiple Arbitrary Code
Execution Vulnerabilities
07.51.19 - JustSystem Ichitaro JSGCI.DLL Unspecified Stack-Based Buffer Overflow
07.51.20 - QK SMTP Server Malformed Commands Multiple Remote Denial of Service
Vulnerabilities
 -- Mac Os
07.51.21 - Apple Mac OS X ubc_subr.c Local Denial of Service
 -- Linux
07.51.22 - netkit-ftpd dataconn() Uninitialized File Stream Memory Corruption
07.51.23 - netkit-ftp getreply() Uninitialized Output Stream Memory Corruption
07.51.24 - NFSv4 ID Mapper nfsidmap Username Lookup Local Privilege Escalation
07.51.25 - Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple Unspecified
Integer Overflow Vulnerabilities
07.51.26 - SAP MaxDB Unspecified Remote Execution
07.51.27 - Linux Kernel Mmap_min_addr Local Security Bypass
07.51.28 - autofs nosuid Mount Option Local Privilege Escalation
07.51.29 - Portage
 -- HP-UX
07.51.30 - HP-UX Running DCE Unspecified Remote Denial of Service
 -- Aix
07.51.31 - IBM AIX 5300-06 Service Pack 4 and 5300-07 Technology Level Multiple
Unspecified Vulnerabilities
 -- Novell
07.51.32 - Novell Netmail and M+Netmail Unspecified Code Execution
 -- Cross Platform
07.51.33 - Firefly Media Server Multiple Information Disclosure and Denial of
Service Vulnerabilities
07.51.34 - Heimdal FTPD gss_userok() Free Uninitilized Pointer Memory Corruption
07.51.35 - MySQL Server RENAME TABLE System Table Overwrite
07.51.36 - SHTTPD Multiple File Access And Directory Traversal Vulnerabilities
07.51.37 - Easy File Sharing Web Server Directory Traversal and Multiple
Information Disclosure Vulnerabilities
07.51.38 - SquirrelMail G/PGP Encryption Plugin Access Validation And Input
Validation Vulnerabilities
07.51.39 - Samba Send_MailSlot Stack-Based Buffer Overflow
07.51.40 - DOSBox Unauthorized File System Access
07.51.41 - BadBlue Directory Traversal and Buffer Overflow
07.51.42 - BarracudaDrive Web Server Denial of Service and Multiple Input
Validation Vulnerabilities
07.51.43 - Simple HTTPD Aux Remote Denial of Service
07.51.44 - MySQL Server Privilege Escalation And Denial of Service
Vulnerabilities
07.51.45 - Symantec Backup Exec for Windows Unspecified Remote
07.51.46 - BEA WebLogic Mobility Server Image Converter Unspecified Unauthorized
Access
07.51.47 - Websense User-Agent Spoofing Filtering Security Bypass
07.51.48 - Kerio WinRoute Firewall Unspecified Proxy Authentication Bypass
Weakness
07.51.49 - Robocode Unspecified Remote Java Code Execution
07.51.50 - OpenOffice Insecure Document Signing Weakness
07.51.51 - Hosting Controller Multiple Remote Vulnerabilities
07.51.52 - Apple QuickTime QTL File Handling Remote Heap Buffer Overflow
07.51.53 - Apple QuickTime Flash Media Player Multiple Unspecified
Vulnerabilities
07.51.54 - Juniper Networks JUNOS Malformed BGP Remote Denial of Service
 -- Web Application - Cross Site Scripting
07.51.55 - Lxlabs HyperVM Cross-Site Scripting
07.51.56 - webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site
Scripting Vulnerabilities
07.51.57 - Websense Reporting Tools Login Page Cross-Site Scripting
07.51.58 - Thomson Speedtouch 716 URL Parameter Cross-Site Scripting
07.51.59 - KLab HttpLogger Unspecified Cross-Site Scripting
07.51.60 - Rainboard Unspecified Cross-Site Scripting Vulnerabilities
07.51.61 - CubeCart Multiple Cross-Site Scripting Vulnerabilities
07.51.62 - XOOPS register.php Cross-Site Scripting
07.51.63 - Apache mod_imagemap and mod_imap Cross-Site Scripting
07.51.64 - Hitachi Web Server DirectoryIndex Cross-Site Scripting
07.51.65 - Hitachi Web Server "imagemap" Cross-Site Scripting
 -- Web Application - SQL Injection
07.51.66 - XIGLA SOFTWARE Absolute Banner Manager .NET SQL Injection
07.51.67 - PenPal Multiple SQL Injection Vulnerabilities
07.51.68 - TCExam Multiple Unspecified SQL Injection Vulnerabilities
07.51.69 - Apache::AuthCAS Cookie SQL Injection
07.51.70 - WebDoc Multiple SQL Injection Vulnerabilities
07.51.71 - SH-News Comments.PHP SQL Injection
07.51.72 - Dominion Web DWdirectory Search Parameter SQL Injection
07.51.73 - ACE Image Hosting Script Albums.PHP SQL Injection
07.51.74 - p3mbo Content Injector Index.PHP Id Parameter SQL Injection
07.51.75 - WordPress wp-db.php Character Set SQL Injection
07.51.76 - E-Xoops Multiple SQL Injection Vulnerabilities
07.51.77 - GESTDOWN Multiple SQL Injection Vulnerabilities
07.51.78 - aurora framework Db_mysql.LIB SQL Injection
07.51.79 - JBoss Seam "order" Parameter SQL Injection
07.51.80 - Galaxie CMS "category.php" SQL Injection
07.51.81 - MKPortal Gallery Module SQL Injection
07.51.82 - CourseMill Enterprise Learning Management System "userlogin.jsp" SQL
Injection
07.51.83 - Typo3 SQL Injection
 -- Web Application
07.51.84 - JFreeChart Multiple HTML Injection Vulnerabilities
07.51.85 - wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
07.51.86 - Media Player Classic Unspecified Remote Stack Buffer Overflow
07.51.87 - PolDoc Document Management System Download_File.PHP Directory
Traversal
07.51.88 - Flat PHP Board Multiple Remote Vulnerabilities
07.51.89 - Falt4 CMS Multiple Input Validation Vulnerabilities
07.51.90 - bttlxe Forum Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
07.51.91 - Falcon Series One Multiple Input Validation Vulnerabilities
07.51.92 - RoundCube Webmail CSS Expression Input Validation
07.51.93 - Bitweaver 2.0.0 and Prior Multiple Input Validation Vulnerabilities
07.51.94 - PHP-Nuke autohtml.php Local File Include
07.51.95 - Monalbum Multiple Remote Vulnerabilities
07.51.96 - Cybozu Products Multiple Cross-Site Scripting and Denial of Service
Vulnerabilities
07.51.97 - Mcms Easy Web Make Template Parameter Local File Include
07.51.98 - Prolog Manager Insecure Encryption Username and Password Information
Disclosure
07.51.99 - ES Simple Uploader Arbitrary File Upload
07.51.100 - ViArt Shop/CMS/Helpdesk Products Block_site_map.PHP Remote File
Include
07.51.101 - Fastpublish CMS Designconfig.PHP Remote File Include
07.51.102 - City Writer "head.php" Remote File Include
07.51.103 - xml2owl "filedownload.php" Directory Traversal
07.51.104 - DynaWeb Developers MMS Gallery "id" Parameter Multiple Directory
Traversal Vulnerabilities
07.51.105 - AdultScript Security Bypass
07.51.106 - WebGUI Secondary Admin Security Bypass
 -- Network Device
07.51.107 - IBM Hardware Management Console Unspecified Privilege Escalation

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft DirectX Multiple Vulnerabilities (MS07-064)
Affected:
Microsoft DirectX versions 10.0 and prior

Description: Microsoft DirectX is Microsoft's multimedia framework for
its Windows operating system. DirectX is the subsystem responsible for
decoding and playing back most streaming media formats on Windows. It
contains a flaw in its handling of several media file formats, including
Synchronized Accessible Media Interchange (SAMI), Audio Video Interleave
(AVI), and WAV audio files. A specially crafted file of one of these
types could trigger a buffer overflow vulnerability in the DirectX
subsytem, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that the vulnerable file formats
are opened without first prompting the user in the default configuration
of many applications. Some technical details are publicly available for
these vulnerabilities.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
Wikipedia Articles on the Vulnerable File Formats
http://en.wikipedia.org/wiki/SAMI
http://en.wikipedia.org/wiki/AVI
http://en.wikipedia.org/wiki/WAV
SecurityFocus BIDs
http://www.securityfocus.com/bid/26789
http://www.securityfocus.com/bid/26804

*************************************************************

(2) CRITICAL: Microsoft Windows Media ASF Parsing Vulnerability (MS07-068)
Affected:
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2000 Server

Description: The Advanced Systems Format (ASF) file format is a digital
media container file format developed by Microsoft. The component used
by Microsoft Windows (called variously the Windows Media Format Runtime
and Windows Media Services) contains a flaw in its parsing of ASF files.
A specially crafted ASF file could trigger this vulnerability and allow
an attacker to execute arbitrary code with the privileges of the current
user. In the default configuration of most applications, ASF content is
played automatically upon receipt. Any application that uses the
vulnerable component is itself likely vulnerable. Known vulnerable
applications include Windows Media Player. Some technical details for
this vulnerability are publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
Wikipedia Article on the Advanced Systems Format File Format
http://en.wikipedia.org/wiki/Advanced_Systems_Format
SecurityFocus BID
ttp://www.securityfocus.com/bid/26776

*************************************************************

(3) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS07-069)
Affected:
Microsoft Internet Explorer versions 7 and prior

Description: Microsoft Internet Explorer contains multiple
vulnerabilities in its handling of web content. A specially crafted
script running on a web page could trigger one of these vulnerabilities
and allow an attacker to execute arbitrary code with the privileges of
the current user. No user interaction other than visiting a malicious
page would be necessary to exploit these vulnerabilities. Some technical
details for these vulnerabilities are publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-07-075.html
http://zerodayinitiative.com/advisories/ZDI-07-074.html
http://zerodayinitiative.com/advisories/ZDI-07-073.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
SecurityFocus BIDs
http://www.securityfocus.com/bid/26816
http://www.securityfocus.com/bid/26817
http://www.securityfocus.com/bid/26427
http://www.securityfocus.com/bid/26506

*************************************************************

(4) HIGH: Microsoft Windows Message Queueing Service Buffer Overflow (MS07-065)
Affected:
Microsoft Windows 2000 Server
Microsoft Windows 2000
Microsoft Windows XP

Description: The Microsoft Windows Message Queueing Service (MSMQ)
provides Microsoft Windows systems with a reliable, potentially
asynchronous, messaging service. This service exports a Remote Procedure
Call (RPC) interface, allowing remote systems to access the service on
a server system. A flaw in the handling of certain calls to this RPC
service leads to a buffer overflow vulnerability. A specially crafted
call to this service could trigger this buffer overflow and allow an
attacker to execute arbitrary code with the privileges of the vulnerable
service. On Microsoft Windows 2000 Professional and Windows XP systems,
an attacker would require valid authentication credentials to exploit
this vulnerability. The vulnerable subsystem is not installed or enabled
by default, but is often deployed. A proof-of-concept for this
vulnerability is publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-076.html
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/ms07_065_msmq.rb
Wikipedia Article on Microsoft Message Queueing
http://en.wikipedia.org/wiki/Microsoft_Message_Queuing
SecurityFocus BID
http://www.securityfocus.com/bid/26797

*************************************************************

(5) HIGH: Intuit QuickBooks Online Edition ActiveX Controls Multiple
Vulnerabilities
Affected:
Intuit QuickBooks Online Edition versions 10 and prior

Description: Intuit QuickBooks Online Edition is a web-based version of
Intuit's popular QuickBooks bookkeeping software. Functionality for this
software is provided by a group of ActiveX controls. Several of these
controls contain multiple vulnerabilities. A malicious web page that
instantiates one of these controls could trigger one of these
vulnerabilities and potentially execute arbitrary code with the
privileges of the current user. These vulnerabilities may be related to
a vulnerability discussed in a previous edition of @RISK. Note that
Microsoft Security Bulletin MS07-069, referenced above, contains updates
that disable the vulnerable versions of these controls via Microsoft's
"kill bit" mechanism.

Status: Intuit confirmed, updates available.

References:
Intuit Security Information
https://sc.accounting.quickbooks.com/Update/index.cfm?id=32
Microsoft Security Bulletin MS07-069
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=6&i=37#widely5
Product Home Page
http://oe.quickbooks.com/index.cfm
SecurityFocus BID
http://www.securityfocus.com/bid/26819

*************************************************************

(6) HIGH: HP Info Center ActiveX Control Multiple Vulnerabilities
Affected:
HP Info Center

Description: HP Info Center is a system information and user assistance
package provided by HP and Compaq for some of its desktop and notebook
computers. It allows support personnel to gather system configuration
information. Part of its functionality is provided by an ActiveX
control. This control contains multiple vulnerabilities. A malicious web
page that instantiated this control could exploit one of these
vulnerabilities to execute arbitrary code with the privileges of the
current user, modify system configuration, or disclose arbitrary file
contents. Full technical details and a proof-of-concept are publicly
available for this vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the vulnerable
control via Microsoft's "kill bit" mechanism for CLSID
"62DDEB79-15B2-41E3-8834-D3B80493887A". Note that this may impact normal
application functionality.

References:
Proof-of-Concept (includes technical details)
http://milw0rm.com/exploits/4720
Microsoft Knowledge Base Article (documents the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/26823

*************************************************************

(7) HIGH: Trend Micro Multiple Products Uuencoded Data Handling Vulnerability
Affected:
Trend Micro Antivirus 2008
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008

Description: Multiple Trend Micro products do not properly handle
malformed uuencoded documents. Uuencoding is an encoding format used to
encode binary data as text, allowing its transmission in text-only
environments. A specially crafted document or message that has been
uuencoded or contains uuencoded data could trigger a vulnerability in
various Trend Micro products. Exploiting these vulnerabilities would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process. Note that it is possible to exploit these
vulnerabilities by having a malicious document or message scanned by the
software; therefore, no user interaction is required to trigger this
vulnerability.

Status: Vendor confirmed, updates available.

References:
Trend Micro Security Advisory
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
Wikipedia Article on the Uuencode Format
http://en.wikipedia.org/wiki/Uuencode
SecurityFocus BID
http://www.securityfocus.com/bid/26818

*************************************************************

(8) HIGH: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.3.1

Description: Apple QuickTime is Apple's streaming media framework for
Apple Mac OS X and Microsoft Windows. QuickTime contains multiple
vulnerabilities in the parsing of several file formats. A specially
crafted QuickTime Link (QTL) file or Flash file could trigger one of
these vulnerabilities and allow an attacker to execute arbitrary code
with the privileges of the current user. QuickTime files are generally
opened without first prompting the user in the default configuration of
most applications. Additionally, a flaw in the handling of Real Time
Streaming Protocol (RTSP) responses could trigger a buffer overflow
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Both QuickTime for Microsoft Windows and
Apple Mac OS X are reportedly vulnerable. Some of these vulnerabilities
may be related to issues discussed in previous editions of @RISK.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307176
Previous Editions of @RISK
http://www.sans.org/newsletters/risk/display.php?v=6&i=48#widely1
QuickTime Home Page
http://www.apple.com/quicktime
SecurityFocus BID
http://www.securityfocus.com/bid/26866
http://www.securityfocus.com/bid/26868


*************************************************************

(9) HIGH: Java for Apple Mac OS X Multiple Vulnerabilities
Affected:
Apple Mac OS X versions prior to 10.5

Description: The version of the Java Runtime Environment used by Apple
Mac OS X contains several vulnerabilities. A specially crafted web page
or Java application could exploit one of these vulnerabilities and allow
an attacker a variety of actions including arbitrary code execution and
modifying the current user's keychain. Keychains are used to store
passwords and other secure information. Java applets embedded in web
pages are automatically loaded without first prompting the user in most
common configurations of web browsers. Some technical details are
publicly available for these vulnerabilities. Some of these
vulnerabilities are present in the Sun Java Runtime Environment as well,
while others are present only in the Apple Java Runtime Environment.
Some of these vulnerabilities were discussed in prior editions of @RISK.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307177
Previous @RISK Entries
http://www.sans.org/newsletters/risk/display.php?v=6&i=44#widely4
http://www.sans.org/newsletters/risk/display.php?v=6&i=41#widely5
SecurityFocus BIDs
http://www.securityfocus.com/bid/26877
http://www.securityfocus.com/bid/25918
http://www.securityfocus.com/bid/21674
http://www.securityfocus.com/bid/24004
http://www.securityfocus.com/bid/24690
http://www.securityfocus.com/bid/25054
http://www.securityfocus.com/bid/22085
http://www.securityfocus.com/bid/24695
http://www.securityfocus.com/bid/24846
http://www.securityfocus.com/bid/24832
http://www.securityfocus.com/bid/25340
http://www.securityfocus.com/bid/21673
http://www.securityfocus.com/bid/23728
http://www.securityfocus.com/bid/21675

*************************************************************

(10) MODERATE: Microsoft Windows SMBv2 Signature Validation Vulnerability
(MS07-063)
Affected:
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: The Server Message Block (SMB) protocol is the default
resource sharing protocol used by Microsoft Windows. SMBv2 is the second
major version of this protocol, and provides users the ability to
cryptographically sign sessions. Microsoft Windows does not properly
implement the signature process. An attacker who could modify SMB
traffic in transit could recompute the cryptographic signature of a
packet after modifying it, allowing arbitrary modification of the SMB
session without loss of perceived trust. Such an attacker would be able
to do anything the legitimate user of the SMB session could do. This
attack vector is an example of an exploitable Man-in-the-Middle attack.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx
Wikipedia Article on SMB
http://en.wikipedia.org/wiki/Server_Message_Block
Wikipedia Article on Man-in-the-Middle Attacks
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
SecurityFocus BID
http://www.securityfocus.com/bid/26777

*************************************************************

****************
Other Software
****************

(11) HIGH: Justsystems Ichitaro Buffer Overflow
Affected:
Justsystems Ichitaro versions 2007 and prior

Description: Justsystems Ichitaro is a popular Japanese-language word
processing suite. It contains a flaw in its handling of certain
documents. A specially crafted document could trigger a buffer overflow
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Depending on configuration, Ichitaro
documents may be opened without first prompting the user. This
vulnerability is currently being actively exploited in the wild by a
virus known as "Trojan.Tarodrop.F". No further technical details are
available for this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Symantec Virus Writeup
http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99
Ichitaro Home Page (Japanese)
http://www.ichitaro.com/
SecurityFocus BID
http://www.securityfocus.com/bid/26846

****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2007
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.51.1 CVE: CVE-2007-5350
Platform: Windows
Title: Microsoft Windows Vista Kernel ALPC Local Privilege Escalation
Description: Microsoft Windows Vista is exposed to a local privilege
escalation issue. The flaw stems from insufficient validation of
requests made through ALPC. Specifically, the operating system fails
to properly validate legacy reply paths.
Ref: http://www.kb.cert.org/vuls/id/601073
______________________________________________________________________

07.51.2 CVE: CVE-2007-0064
Platform: Windows
Title: Microsoft Windows Media Format Runtime ASF File Remote Code
Execution
Description: Windows Media Format Runtime is a library for Microsoft
Windows operating systems. It handles audio and video files for
applications such as Microsoft Media Player. The library is exposed to
a remote code execution issue because it fails to properly handle
malformed ASF (Advanced Systems Format) files.
Ref: http://www.kb.cert.org/vuls/id/319385
______________________________________________________________________

07.51.3 CVE: CVE-2007-5351
Platform: Windows
Title: Microsoft Windows SMBv2 Code Signing Remote Code Execution
Description: Microsoft Windows SMBv2 (Server Message Block, version 2)
is a version of SMB included with Microsoft Windows Vista and Server
2008. It supports digital signatures to enable clients and servers to
validate the authenticity of network packets. The application is
exposed to a remote code execution issue because it fails to properly
validate digital signatures in SMBv2 network traffic.
Ref: http://www.kb.cert.org/vuls/id/520465
______________________________________________________________________

07.51.4 CVE: CVE-2007-3901
Platform: Windows
Title: Microsoft DirectX SAMI File Parsing Remote Code Execution
Description: Microsoft DirectX is a component for Microsoft Windows.
Microsoft DirectShow is an integrated component for DirectX that
allows users to stream media. The application is exposed to a remote
code execution issue when it parses the parameters of malformed
Synchronized Accessible Media Interchange (SAMI) file types.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
______________________________________________________________________

07.51.5 CVE: CVE-2007-3895
Platform: Windows
Title: Microsoft DirectX WAV and AVI File Parsing Remote Code
Execution
Description: Microsoft DirectX is a component for Microsoft Windows.
Microsoft DirectShow is an integrated component for DirectX that
allows users to stream media. The application gets exposed to remote
code execution issue when Microsoft DirectShow fails to perform
sufficient validation of WAV and AVI file parameters.
Ref: http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
______________________________________________________________________

07.51.6 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Office Insecure Document Signing Weakness
Description: Microsoft Office is a suite of applications used to
create and edit office documents and data (such as text documents and
spreadsheets). The application is exposed to securely sign XML-based
documents. Office documents can be digitally signed by the author
using a combination of private and public key data. Microsoft Office
2007 is affected.
Ref: http://www.securityfocus.com/archive/1/484919
______________________________________________________________________

07.51.7 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Office Hyperlink Signing Weakness
Description: Microsoft Office is a suite of applications used to
create and edit office documents and data (such as text documents and
spreadsheets). The "word/_rels_document.xml.rels"  file contains the
target and the ID of URLs contained in an Office file. Microsoft
Office 2007 is affected.
Ref: http://www.securityfocus.com/archive/1/485031
______________________________________________________________________

07.51.8 CVE: CVE- 2007-5347
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer DHTML Object Memory Corruption
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. The application is exposed to a remote memory
corruption issue because it fails to adequately handle user-supplied
input to certain DHTML object methods.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-513.htm
______________________________________________________________________

07.51.9 CVE: CVE-2007-3902
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Unspecified Remote Memory
Corruption
Description: Microsoft Internet Explorer is a web browser for the
Windows operating system. The application is exposed to a remote
memory corruption issue when the application accesses certain
unspecified objects that have not been initialized or have been
deleted.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
______________________________________________________________________

07.51.10 CVE: CVE-2007-3039
Platform: Other Microsoft Products
Title: Microsoft Message Queuing Service Buffer Overflow
Description: Microsoft Message Queuing (MSMQ) is a messaging protocol
that allows applications running on disparate servers to communicate
in a failsafe manner. The application is exposed to buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. The issue occurs when validating input strings
sent to the MSMQ service.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-076.html
______________________________________________________________________

07.51.11 CVE: CVE-2007-3903
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Variant Unspecified Remote Memory
Corruption
Description: Microsoft Internet Explorer is a web browser for the
Windows operating system. The application is exposed to a remote
memory corruption issue. This issue occurs when the application
accesses certain unspecified objects that have not been initialized or
have been deleted.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
______________________________________________________________________

07.51.12 CVE: CVE-2007-5344
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Second Variant Unspecified Remote
Memory Corruption
Description: Microsoft Internet Explorer is a web browser for the
Windows operating system. The application gets exposed to a remote
memory corruption issue when the application accesses certain
unspecified objects that have not been initialized or have been
deleted.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
______________________________________________________________________

07.51.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Windows Media Player Remote Stack-Based Buffer Overflow
Description: Windows Media Player is a media player application that
supports multiple file formats. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. Windows Media Player version
6.4 is affected.
Ref: http://www.securityfocus.com/archive/1/484781
______________________________________________________________________

07.51.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: AVS Media AVSMJPEGFILE.DLL ActiveX Control Remote Buffer
Overflow Denial of Service
Description: AVS Media produces a variety of multimedia related
applications. The application is exposed to a buffer overflow issue.
This issue affects the "CreateStill" method of the "AVSMJPEGFILE.DLL"
ActiveX control library. AVSMJPEGFILE.DLL version 1.1.1.102 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.51.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: Vantage Linguistics AnswerWorks ActiveX Controls Multiple
Unspecified Vulnerabilities
Description: Vantage Linguistics AnswerWorks is a search application
designed for use in help system applications. The application is
exposed to multiple unspecified issues.  AnswerWorks versions 3.0.0.0
- - 4.0.0.100 and 5.0.0.0 - 5.0.0.6 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.51.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: Intuit QuickBooks Online Edition ActiveX Controls Multiple
Unspecified Vulnerabilities
Description: Intuit QuickBooks is an accounting application available
for Microsoft Windows. The application is exposed to multiple
unspecified issues. Intuit QuickBooks versions prior to QuickBooks
Online Edition 10 are affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
______________________________________________________________________

07.51.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple Trend Micro Products UUE Malformed Zip File Buffer
Overflow
Description: Trend Micro AntiVirus plus AntiSpyware, Trend Micro
Internet Security and Internet Security Pro are Internet security
solutions developed by Trend Micro. These applications are exposed to
a buffer overflow issue because they fail to perform
adequate boundary checks on user-supplied data. The issue occurs in
the "sfctlCom.exe" process when the "PCCScan.dll" library copies the
filename of a ZIP into a static buffer using the "wcsncpy_s()"
function.
Ref: http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
______________________________________________________________________

07.51.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP Info Center HPInfoDLL.DLL ActiveX Control Multiple Arbitrary
Code Execution Vulnerabilities
Description: HP Info Center is a component of HP's Quick Launch
Buttons application. It provides one-button system information and
hardware configuration on  multiple HP laptop models. The application
is exposed to multiple arbitrary code execution issues. HP Info Center
1.0.1.1 with HPInfoDLL.dll ActiveX control 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484880
______________________________________________________________________

07.51.19 CVE: Not Available
Platform: Third Party Windows Apps
Title: JustSystem Ichitaro JSGCI.DLL Unspecified Stack-Based Buffer Overflow
Description: Ichitaro is a word processor available for Microsoft
Windows. The application is exposed to an unspecified stack-based
buffer overflow issue because it fails to properly bounds check
user-supplied data before using it in an insufficiently sized buffer.
Ichitaro versions 2005, 2006 and 2007 are affected.
Ref:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99
______________________________________________________________________

07.51.20 CVE: Not Available
Platform: Third Party Windows Apps
Title: QK SMTP Server Malformed Commands Multiple Remote Denial of
Service Vulnerabilities
Description: QK SMTP Server is an SMTP server available for Microsoft
Windows. The application is exposed to multiple remote denial of
service issues because the application fails to handle specially-crafted SMTP
commands. Specifically, the application fails to handle excessively
long "HELO", "MAIL FROM", "RCPT TO" and "data" commands. QK SMTP
Server version 3 is affected.
Ref: http://www.securityfocus.com/bid/26856
______________________________________________________________________

07.51.21 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X ubc_subr.c Local Denial of Service
Description: Apple Mac OS X is exposed to a local denial of service
issue because the kernel fails to properly handle exceptional
conditions. The issue occurs in the "bsd/kern/ubc_subr.c" source file.
Specifically, when the "hashes()" function returns a NULL-character, a
NULL-pointer exception will occur in "cs_validate_page". Apple Mac
OS X version 10.5.1 is affected.
Ref: http://www.securityfocus.com/bid/26840
______________________________________________________________________

07.51.22 CVE: CVE-2007-6263
Platform: Linux
Title: netkit-ftpd dataconn() Uninitialized File Stream Memory
Corruption
Description: netkit-ftpd is a file transfer protocol daemon that
supports SSL. The application is exposed to a memory corruption issue
because the "dataconn()" in "ftpd.c" declares a file stream without
initializing it and later calls "fclose()" on the stream. Netkit ftpd
version 0.17 is affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0174.html
______________________________________________________________________

07.51.23 CVE: CVE-2007-5769
Platform: Linux
Title: netkit-ftp getreply() Uninitialized Output Stream Memory
Corruption
Description: netkit-ftp is a file transfer protocol client
application. The application is exposed to a memory corruption issue
because the "getreply()" function in "ftp.c" calls "fclose()" on an
uninitialized output stream ("cout"). netkit-ftp version 0.17 is
affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0174.html
______________________________________________________________________

07.51.24 CVE: CVE-2007-4135
Platform: Linux
Title: NFSv4 ID Mapper nfsidmap Username Lookup Local Privilege
Escalation
Description: nfsidmap is used for mapping file paths on computer
networks that use the Network File System (NFS) protocol. The
application is exposed to a local privilege escalation issue because
it fails to adequately handle certain files. nfsidmap versions prior
to 0.17 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2007-0951.html
______________________________________________________________________

07.51.25 CVE: CVE-2007-5497
Platform: Linux
Title: Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple
Unspecified Integer Overflow Vulnerabilities
Description: e2fsprogs, or Ext2 Filesystems Utilities, is a set of
utilities used to create, manage, and debug ext2/ext3 filesystems. The
application is exposed to multiple unspecified integer overflow issues
because it fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. e2fsprogs versions 1.38 through
1.40.2 are affected.
Ref: http://www.securityfocus.com/archive/1/484777
______________________________________________________________________

07.51.26 CVE: Not Available
Platform: Linux
Title: SAP MaxDB Unspecified Remote Execution
Description: SAP MaxDB is a database application developed by SAP. The
application is exposed to an unspecified remote code execution issue.
MaxDB versions 7.6.00.37 and 7.4.3.32 are affected.
Ref: http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000166
______________________________________________________________________

07.51.27 CVE: Not Available
Platform: Linux
Title: Linux Kernel Mmap_min_addr Local Security Bypass
Description: The Linux kernel is exposed to a security bypass issue
due to errors in enforcing the "mmap_min_addr" low memory protection.
Local attackers could exploit this issue by running specially crafted
binaries that make use of the "do_brk()" function or by expanding the
stack. Linux kernel versions prior to 2.6.24-rc5 are affected.
Ref:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
______________________________________________________________________

07.51.28 CVE: CVE-2007-5964
Platform: Linux
Title: autofs nosuid Mount Option Local Privilege Escalation
Description: The "autofs" utility controls the operation of the
"automount" daemon for mounting and unmounting filesystems on the
Linux operating system. The utility is exposed to a local privilege
escalation issue because of a flaw in its default configuration.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1128.html
______________________________________________________________________

07.51.29 CVE: CVE-2007-6249
Platform: Linux
Title: Portage
Description: Portage is the default package management system for
Gentoo Linux. The application is exposed to an information disclosure
issue. Specifically, the "etc-update" utility uses an unsuitable umask
value to create temporary files when updating configuration files.
Portage versions prior to 2.1.3.11 are affected.
Ref: http://www.securityfocus.com/bid/26864
______________________________________________________________________

07.51.30 CVE: CVE-2007-6195
Platform: HP-UX
Title: HP-UX Running DCE Unspecified Remote Denial of Service
Description: HP-UX DCE is a set of components used in conjunction with
the operating system to facilitate distributed computing services. The
application is exposed to an unspecified remote denial of service
issue. HP-UX versions B.11.11 and B.11.23 running DCE are affected.
Ref: http://www.securityfocus.com/bid/26855
______________________________________________________________________

07.51.31 CVE: Not Available
Platform: Aix
Title: IBM AIX 5300-06 Service Pack 4 and 5300-07 Technology Level
Multiple Unspecified Vulnerabilities
Description: IBM AIX is exposed to multiple unspecified issues. Please
refer to the link below for further details.
Ref:
http://www-912.ibm.com/eserver/support/fixes/fixcentral/
pseriesfixpackinformation/5300-06-04-0748
______________________________________________________________________

07.51.32 CVE: CVE-2007-6302
Platform: Novell
Title: Novell Netmail and M+Netmail Unspecified Code Execution
Description: Novell Netmail and M+Netmail are commercially available
email and calendar systems. The application is exposed to an
unspecified code execution issue. Novell Netmail and M+Netmail
versions 3.5.2 are affected.
Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/990/3
639135_f.SAL_Public.html
______________________________________________________________________

07.51.33 CVE: Not Available
Platform: Cross Platform
Title: Firefly Media Server Multiple Information Disclosure and Denial
of Service Vulnerabilities
Description: Firefly Media Server is a digital music server designed
to serve music to Roku Soundbridge and Apple iTunes. The application
is exposed to multiple issues because it fails to handle specially
crafted HTTP GET requests. Firefly Media server version 2.4.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/484763
______________________________________________________________________

07.51.34 CVE: CVE-2007-5939
Platform: Cross Platform
Title: Heimdal FTPD gss_userok() Free Uninitilized Pointer Memory
Corruption
Description: Heimdal is an implementation of the Kerberos 5 network
authentication protocol. The application is exposed to a memory
corruption issue that affects its FTP daemon. Heimdal versions 0.7.2
and earlier are affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0175.html
______________________________________________________________________

07.51.35 CVE: CVE-2007-5969
Platform: Cross Platform
Title: MySQL Server RENAME TABLE System Table Overwrite
Description: MySQL is a freely available SQL database for multiple
platforms. The application is exposed to a local denial of service
issue because the database server fails to properly handle unexpected
symbolic links. MySQL versions prior to 5.0.51 are affected.
Ref: http://forums.mysql.com/read.php?3,186931,186931
______________________________________________________________________

07.51.36 CVE: Not Available
Platform: Cross Platform
Title: SHTTPD Multiple File Access And Directory Traversal
Vulnerabilities
Description: SHTTPD is an HTTP webserver application for multiple
operating systems; it is implemented in C/C++. The application is
exposed to multiple file access issues because it fails to adequately
sanitize user input.
Ref: http://www.securityfocus.com/archive/1/484761
______________________________________________________________________

07.51.37 CVE: Not Available
Platform: Cross Platform
Title: Easy File Sharing Web Server Directory Traversal and Multiple
Information Disclosure Vulnerabilities
Description: Easy File Sharing Web Server is a commercially available
webserver software package distributed by EFS Software. It is
available for the Microsoft Windows platform. The application is
exposed to a directory traversal and multiple information disclosure
issues. Easy File Sharing Web Server version 4.5 is affected.
Ref: http://www.securityfocus.com/archive/1/484760
______________________________________________________________________

07.51.38 CVE: Not Available
Platform: Cross Platform
Title: SquirrelMail G/PGP Encryption Plugin Access Validation And
Input Validation Vulnerabilities
Description: The G/PGP encryption plugin for SquirrelMail provides
encryption, decryption, and digital-signature support within the
SquirrelMail webmail system. The application is exposed to multiple
issues. SquirrelMail G/PGP Encryption Plugin versions 2.0, 2.0.1, and
2.1 are affected.
Ref: http://www.securityfocus.com/archive/1/484794
______________________________________________________________________

07.51.39 CVE: CVE-2007-6015
Platform: Cross Platform
Title: Samba Send_MailSlot Stack-Based Buffer Overflow
Description: Samba is a suite of software that provides file and print
services for "SMB/CIFS" clients. It is available for multiple
operating platforms. The application is exposed to a remote
stack-based buffer overflow issue because it fails to properly bounds
check user-supplied data before copying it to an insufficiently sized
buffer. The issue occurs in the "send_mallslot()" function when
handling specially crafted "SAMLOGO" domain packets.
Ref: http://us3.samba.org/samba/security/CVE-2007-6015.html
______________________________________________________________________

07.51.40 CVE: Not Available
Platform: Cross Platform
Title: DOSBox Unauthorized File System Access
Description: DOSBox is a DOS emulator available for multiple
platforms. The application is exposed to an issue that may allow a
client application to access files on the host operating system.
DOSBox versions 0.72 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/484835
______________________________________________________________________

07.51.41 CVE: Not Available
Platform: Cross Platform
Title: BadBlue Directory Traversal and Buffer Overflow
Description: BadBlue is a web server application that allows users to
share files. The application is exposed to multiple remote issues.
BadBlue version 2.72b is affected.
Ref: http://www.securityfocus.com/archive/1/484834
______________________________________________________________________

07.51.42 CVE: Not Available
Platform: Cross Platform
Title: BarracudaDrive Web Server Denial of Service and Multiple Input
Validation Vulnerabilities
Description: BarracudaDrive Web Server is a commercial webserver. The
application is exposed to a denial of service issue and multiple input
validation issues because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.securityfocus.com/archive/1/484833
______________________________________________________________________

07.51.43 CVE: Not Available
Platform: Cross Platform
Title: Simple HTTPD Aux Remote Denial of Service
Description: Simple HTTPD is an HTTP server. The application is
exposed to a denial of service issue because it fails to handle
specially-crafted HTTP requests. Specifically, the application
terminates when requesting the DOS auxiliary port. Simple HTTPD
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/26813
______________________________________________________________________

07.51.44 CVE: CVE-2007-6303, CVE-2007-6304
Platform: Cross Platform
Title: MySQL Server Privilege Escalation And Denial of Service
Vulnerabilities
Description: MySQL is a freely available SQL database for multiple
platforms. The application is exposed to the multiple issues. MySQL
versions prior to 5.0.52, 5.1.23 and 6.0.4 are affected.
Ref: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
______________________________________________________________________

07.51.45 CVE: Not Available
Platform: Cross Platform
Title: Symantec Backup Exec for Windows Unspecified Remote
Description: Symantec Backup Exec is a network-enabled backup solution
from Symantec. It is available for Novell NetWare and Microsoft
Windows platforms. The application is exposed to an unspecified remote
issue. Symantec Backup Exec version 11d for Windows Servers is
affected.
Ref: http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000200
______________________________________________________________________

07.51.46 CVE: Not Available
Platform: Cross Platform
Title: BEA WebLogic Mobility Server Image Converter Unspecified
Unauthorized Access
Description: BEA WebLogic Mobility Server is an enterprise-level
application server for mobile devices. The application is exposed to
an issue that results in unauthorized file access due to an
unspecified error in the "ImageConverter" functionality.
Ref: http://dev2dev.bea.com/pub/advisory/255
______________________________________________________________________

07.51.47 CVE: Not Available
Platform: Cross Platform
Title: Websense User-Agent Spoofing Filtering Security Bypass
Description: Websense is a web filtering software. The application is
exposed to a security bypass issue because it fails to properly
enforce filtering rules. It is possible to bypass content-filtering by
spoofing the "User-Agent" header of the HTTP request. Websense
Enterprise version 6.3.1 is affected.
Ref: http://www.websense.com/SupportPortal/SupportKbs/976.aspx
______________________________________________________________________

07.51.48 CVE: Not Available
Platform: Cross Platform
Title: Kerio WinRoute Firewall Unspecified Proxy Authentication Bypass
Weakness
Description: Kerio WinRoute Firewall is a Windows based firewall
application for corporate environments. The application is exposed to
an unspecified weakness that allows local users to bypass proxy
authentication. Kerio WinRoute Firewall versions prior to 6.4.1  are
affected.
Ref: http://www.kerio.com/kwf_history.html
______________________________________________________________________

07.51.49 CVE: Not Available
Platform: Cross Platform
Title: Robocode Unspecified Remote Java Code Execution
Description: Robocode is a Java programming game. The application is
exposed to an unspecified remote Java code execution issue due to an
error in the Event Dispatch Thread. Attackers can exploit this issue
by specially crafting a robot to execute arbitrary Java code through
the use of the "SwingUtilities.invokeLater()" function. Robocode
versions prior to 1.5.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=37202&release_id=561213
______________________________________________________________________

07.51.50 CVE: Not Available
Platform: Cross Platform
Title: OpenOffice Insecure Document Signing Weakness
Description: OpenOffice is a suite of applications used to create and
edit documents and data, such as text documents and spreadsheets.
OpenOffice is vulnerable to a security weakness because it allows users
to manipulate the "CN" parameter of the "X509issuerName" XML tag
contained in the "META-INFdocumentsignatures.xml" file without needing
to resign the digital certificate. OpenOffice versions 2.3.0 and 2.2.0
are affected.
Ref: http://www.securityfocus.com/archive/1/485034
______________________________________________________________________

07.51.51 CVE: Not Available
Platform: Cross Platform
Title: Hosting Controller Multiple Remote Vulnerabilities
Description: Hosting Controller is a set of hosting automation tools
implemented in ASP. The application is exposed to multiple issues.
Ref: http://www.securityfocus.com/archive/1/485028
______________________________________________________________________

07.51.52 CVE: CVE-2007-4706
Platform: Cross Platform
Title: Apple QuickTime QTL File Handling Remote Heap Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. This issue occurs when the application handles
specially-crafted QTL files. Apple QuickTime running on Microsoft
Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
Ref: http://www.securityfocus.com/bid/26868
______________________________________________________________________

07.51.53 CVE: CVE-2007-4707
Platform: Cross Platform
Title: Apple QuickTime Flash Media Player Multiple Unspecified
Vulnerabilities
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to multiple unspecified
issues in the applications Flash media player. The most serious issue
will allow remote code execution. QuickTime versions prior to 7.3.1
for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or
later, Windows Vista and Microsoft Windows XP SP2 are affected.
Ref: http://www.securityfocus.com/bid/26866
______________________________________________________________________

07.51.54 CVE: Not Available
Platform: Cross Platform
Title: Juniper Networks JUNOS Malformed BGP Remote Denial of Service
Description: Juniper Networks JUNOS is exposed to a remote denial of
service issue when the application handles crafted BGP packets. JUNOS
versions 7.3 to 8.4 are affected.
Ref: http://www.securityfocus.com/bid/26869
______________________________________________________________________

07.51.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Lxlabs HyperVM Cross-Site Scripting
Description: HyperVM is a system management and administration
application for the Linux platform. It facilitates remote
administration over the web. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
HyperVM version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/26751
______________________________________________________________________

07.51.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site
Scripting Vulnerabilities
Description: webSPELL is a web-based forum application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. webSPELL version 4.01.02 is
affected.
Ref: http://www.securityfocus.com/archive/1/484795
______________________________________________________________________

07.51.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Websense Reporting Tools Login Page Cross-Site Scripting
Description: Websense Reporting Tools is a component of the Websense
commercial suite of web filtering products. The application is exposed
to a cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "username" parameter of the login page.
Ref:
http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/
______________________________________________________________________

07.51.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Thomson Speedtouch 716 URL Parameter Cross-Site Scripting
Description: Thomson Speedtouch 716 is a wireless router. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "url" parameter
of the "b/ic/connect/index.php" script. Thomson Speedtouch 716
firmware versions 6.2.17.50 and 5.4.0.14 are affected.
Ref: http://www.securityfocus.com/bid/26808
______________________________________________________________________

07.51.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: KLab HttpLogger Unspecified Cross-Site Scripting
Description: KLab HttpLogger is an application that allows viewing and
searching visited web sites history in the browser. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to an unspecified parameter. HttpLogger
version 0.8.1 is affected.
Ref: http://www.securityfocus.com/bid/26810
______________________________________________________________________

07.51.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Rainboard Unspecified Cross-Site Scripting Vulnerabilities
Description: Rainboard is a bulletin board system. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input to the unspecified parameters of certain
scripts. Rainboard versions prior to 2.10 are affected.
Ref: http://www.securityfocus.com/bid/26830
______________________________________________________________________

07.51.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CubeCart Multiple Cross-Site Scripting Vulnerabilities
Description: CubeCart  is a web-based e-commerce application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "search" and "buscar"
parameters of unspecified scripts.
Ref: http://www.securityfocus.com/bid/26834
______________________________________________________________________

07.51.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XOOPS register.php Cross-Site Scripting
Description: XOOPS is open-source, freely available portal software
written in object-oriented PHP. It is back-ended by a MySQL database
and runs on most Unix and Linux distributions. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to an unspecified parameter of the
"modules/profile/register.php" script. XOOPS version 2.2.5 is
affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-xoops.html
______________________________________________________________________

07.51.63 CVE: CVE-2007-5000
Platform: Web Application - Cross Site Scripting
Title: Apache mod_imagemap and mod_imap Cross-Site Scripting
Description: Apache is an HTTP web server available for multiple
operating platforms. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to unspecified parameters.
Ref: http://httpd.apache.org/security/vulnerabilities_22.html
______________________________________________________________________

07.51.64 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hitachi Web Server DirectoryIndex Cross-Site Scripting
Description: Hitachi Web Server is a web server application available
for multiple platforms. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input used in the "DirectoryIndex()" function.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-041_e/index-e.html
______________________________________________________________________

07.51.65 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hitachi Web Server "imagemap" Cross-Site Scripting
Description: Hitachi Web Server is a web server application available
for multiple platforms. The server is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input used in the "imagemap()" function.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS07-042_e/index-e.html
______________________________________________________________________

07.51.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XIGLA SOFTWARE Absolute Banner Manager .NET SQL Injection
Description: Absolute Banner Manager .NET is an Ad tracking and banner
management web application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize user-supplied
data to the "z" parameter of the "abm.aspx" script. Absolute Banner
Manager .NET version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/26754
______________________________________________________________________

07.51.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PenPal Multiple SQL Injection Vulnerabilities
Description: PenPal is a web-based application implemented in ASP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
SQL queries. Specifically, it fails to sanitize input to the "mcity"
parameter of "search-results.asp" and the "username" and "password"
parameters of "login-verify.asp". PenPal version 2.0 is affected.
Ref: http://aria-security.net/forum/showthread.php?p=1148
______________________________________________________________________

07.51.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TCExam Multiple Unspecified SQL Injection Vulnerabilities
Description: TCExam is a web-based assessment application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to unspecified
parameters and scripts before using it in an SQL query. TCExam
versions prior to 5.1.000 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=559646&group_id=159398
______________________________________________________________________

07.51.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Apache::AuthCAS Cookie SQL Injection
Description: Apache::AuthCAS is a Perl-based Apache authentication
module. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied input passed via HTTP
cookie data before using it in an SQL query. This occurs in the
"AuthCAS.pm" script file. Apache::AuthCAS version 0.4 is affected.
Ref: http://www.securityfocus.com/archive/1/484711
______________________________________________________________________

07.51.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebDoc Multiple SQL Injection Vulnerabilities
Description: WebDoc is a proprietary content management system
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data before using it in SQL queries. These issues occur
in the "document_id" and "cat_id" parameters of the "categories.asp"
and "subcategory.asp" scripts. WebDoc version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484758
______________________________________________________________________

07.51.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SH-News Comments.PHP SQL Injection
Description: SH-News is a web-based news manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"comments.php" script before using it in an SQL query. SH-News version
3.0 is affected.
Ref: http://www.securityfocus.com/bid/26778
______________________________________________________________________

07.51.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dominion Web DWdirectory Search Parameter SQL Injection
Description: Dominion Web DWdirectory is a web-based directory. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "search" parameter of
the "search" script before using it in an SQL query. DWdirectory
versions 2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26779
______________________________________________________________________

07.51.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ACE Image Hosting Script Albums.PHP SQL Injection
Description: ACE Image Hosting Script is a web application that
provides image hosting functionality. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "albums.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26780
______________________________________________________________________

07.51.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: p3mbo Content Injector Index.PHP Id Parameter SQL Injection
Description: p3mbo Content Injector is a web-based content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "index.php" script before using it in an SQL query. p3mbo Content
Injector version 1.53 is affected.
Ref: http://www.securityfocus.com/bid/26781
______________________________________________________________________

07.51.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress wp-db.php Character Set SQL Injection
Description: WordPress is a freely available application for desktop
publishing. The application is exposed to an SQL injection issue
because the application fails to sufficiently sanitize user-supplied
input before using it in an SQL query. The issue occurs in the
"escape()" function of the "wp-includes/wp-db.php" script when
connecting to the database.
Ref: http://www.securityfocus.com/archive/1/484828
______________________________________________________________________

07.51.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Xoops Multiple SQL Injection Vulnerabilities
Description: E-Xoops is a PHP-based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "lid", "bid", and
"gid" parameters of multiple modules and scripts.
Ref: http://www.securityfocus.com/bid/26796
______________________________________________________________________

07.51.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GESTDOWN Multiple SQL Injection Vulnerabilities
Description: GESTDOWN is a web-based application implemented in ASP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. GESTDOWN version 1.00 Beta is affected.
Ref: http://www.securityfocus.com/archive/1/484816
______________________________________________________________________

07.51.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: aurora framework Db_mysql.LIB SQL Injection
Description: aurora framework is a modular framework for rapid
development of web and console applications using MVC pattern. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "value" parameter of
the "pack_var()" function in "module/db.lib/db_mysql.lib" before using
it in an SQL query. aurora framework versions prior to 20071208 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=560073&group_id=203287
______________________________________________________________________

07.51.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JBoss Seam "order" Parameter SQL Injection
Description: JBoss Seam is a framework for development of web 2.0
applications. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"order" parameter of "thegetRenderedEjbql()" method from the
"org.jboss.seam.framework.Query" class before using it in an SQL
query. JBoss Seam versions prior to 2.0.0 GA are affected.
Ref: http://jira.jboss.com/jira/browse/JBSEAM-2084
______________________________________________________________________

07.51.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Galaxie CMS "category.php" SQL Injection
Description: Galaxie CMS is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "scid" parameter of
the "category.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26853
______________________________________________________________________

07.51.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MKPortal Gallery Module SQL Injection
Description: MKPortal is a content management application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "ida" parameter of the
"index.php" script when the "ind" parameter is set to "gallery". MKPortal
version M1.1 RC1 is affected.
Ref: http://www.securityfocus.com/bid/26860
______________________________________________________________________

07.51.82 CVE: CVE-2007-6338
Platform: Web Application - SQL Injection
Title: CourseMill Enterprise Learning Management System
"userlogin.jsp" SQL Injection
Description: CourseMill Enterprise Learning Management System is a
content manager implemented in JSP. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "username" form field parameter of the
"userlogin.jsp" script before using it in an SQL query. CourseMill
Enterprise Learning Management version 4.1 SP4 is affected.
Ref: http://www.securityfocus.com/archive/1/485072
______________________________________________________________________

07.51.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Typo3 SQL Injection
Description: Typo3 is a web based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize unspecified input to the "indexed_search"
extension before using it in an SQL query. Typo3 versions prior to
4.0.8 from the 3.x and 4.x branches as well as version 4.1.4 from the 4.1.x
branch are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/
______________________________________________________________________

07.51.84 CVE: Not Available
Platform: Web Application
Title: JFreeChart Multiple HTML Injection Vulnerabilities
Description: JFreeChart is a Java application that generates charts
and graphs. The application is exposed to multiple HTML injection
issues because it fails to sanitize user-supplied input to the "chart
tool tip text", "chart name", "href", "shape", and "coords" properties
of a chart area. JFreeChart version 1.0.8 is affected.
Ref: http://www.rapid7.com/advisories/R7-0031.jsp
______________________________________________________________________

07.51.85 CVE: Not Available
Platform: Web Application
Title: wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
Description: wwwstats is a web traffic analyzer. The application is
exposed to multiple HTML injection issues because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. These issues affect the "link" parameter and "useragent"
field of the "clickstats.php" script. wwwstats versions prior to 3.22
are affected.
Ref: http://www.securityfocus.com/archive/1/484727
______________________________________________________________________

07.51.86 CVE: Not Available
Platform: Web Application
Title: Media Player Classic Unspecified Remote Stack Buffer Overflow
Description: Media Player Classic is a media player application that
supports multiple file formats. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. Media Player Classic version
6.4.9 is affected.
Ref: http://www.securityfocus.com/bid/26774/references
______________________________________________________________________

07.51.87 CVE: Not Available
Platform: Web Application
Title: PolDoc Document Management System Download_File.PHP Directory
Traversal
Description: PolDoc Document Management System is a web application.
The application is exposed to a directory traversal issue because it
fails to properly sanitize user-supplied input to the "file" parameter
of the "download_file.php" script. PolDoc Document Management System
version 0.96 is affected.
Ref: http://www.securityfocus.com/bid/26775
______________________________________________________________________

07.51.88 CVE: CVE-2007-6232
Platform: Web Application
Title: Flat PHP Board Multiple Remote Vulnerabilities
Description: Flat PHP Board is a bulletin board system. The
application is exposed to multiple issues. Flat PHP Board versions 1.2
and earlier are affected.
Ref: http://www.milw0rm.com/exploits/4705
______________________________________________________________________

07.51.89 CVE: Not Available
Platform: Web Application
Title: Falt4 CMS Multiple Input Validation Vulnerabilities
Description: Falt4 CMS is a web-based content management system. Three
vulnerabilities exist in Falt4 CMS. The application is exposed to
multiple input validation issues because it fails to sufficiently
sanitize user-supplied input. Falt4 version Extreme (RC4) is affected.
Ref: http://www.securityfocus.com/archive/1/484813
______________________________________________________________________

07.51.90 CVE: Not Available
Platform: Web Application
Title: bttlxe Forum Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: bttlxe Forum is a web-based forum application implemented
in ASP. The application is exposed to multiple input validation issues
because it fails to sufficiently sanitize user-supplied data. bttlxe
Forum version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/484804
______________________________________________________________________

07.51.91 CVE: Not Available
Platform: Web Application
Title: Falcon Series One Multiple Input Validation Vulnerabilities
Description: Falcon Series One is a content management system (CMS).
The application is exposed to a remote file include issue and multiple
HTML injection issues because it fails to properly sanitize
user-supplied input. Falcon Series One version 1.4.3 stable is
affected.
Ref: http://www.securityfocus.com/bid/26798
______________________________________________________________________

07.51.92 CVE: Not Available
Platform: Web Application
Title: RoundCube Webmail CSS Expression Input Validation
Description: RoundCube Webmail is a web-based IMAP client. The
application is exposed to an input validation issue because it fails
to sanitize HTML email messages. This issue occurs when processing
email messages that contain script code inside CSS "expression()"
calls (for example, <div style="left:expression(arbitrary script
code)"></div>). RoundCube Webmail version 0.1rc2 is affected.
Ref: http://www.securityfocus.com/archive/1/484802
______________________________________________________________________

07.51.93 CVE: Not Available
Platform: Web Application
Title: Bitweaver 2.0.0 and Prior Multiple Input Validation
Vulnerabilities
Description: Bitweaver is a web application framework and content
manager. The application is exposed to multiple input validation
issues. Bitweaver versions 2.0.0 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/484805
______________________________________________________________________

07.51.94 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke autohtml.php Local File Include
Description: Dance Music is part of the Music Sound PHP-Nuke module.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "filename"
parameter of the "autohtml.php" script. Specifically, the application
fails to properly sanitize directory traversal strings ("../").
Ref: http://www.securityfocus.com/bid/26807
______________________________________________________________________

07.51.95 CVE: Not Available
Platform: Web Application
Title: Monalbum Multiple Remote Vulnerabilities
Description: Monalbum is a web-based photo application. The
application is exposed to multiple remote issues. Monalbum version
0.8.7 is affected.
Ref: http://www.securityfocus.com/bid/26811
______________________________________________________________________

07.51.96 CVE: Not Available
Platform: Web Application
Title: Cybozu Products Multiple Cross-Site Scripting and Denial of
Service Vulnerabilities
Description: Cybozu products are exposed to multiple cross-site
scripting issues because they fail to properly handle user-supplied
input. Cybozu Office versions 6.6 Build 1.3, 6.5 and Garoon 1.5(4.1)
versions are affected.
Ref: http://www.securityfocus.com/bid/26812
______________________________________________________________________

07.51.97 CVE: Not Available
Platform: Web Application
Title: Mcms Easy Web Make Template Parameter Local File Include
Description: Mcms Easy Web Make is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "template" parameter
of the "modules/cms/index.php" script. Specifically, the application
fails to properly sanitize directory traversal strings ("../").
Ref: http://www.securityfocus.com/bid/26821
______________________________________________________________________

07.51.98 CVE: Not Available
Platform: Web Application
Title: Prolog Manager Insecure Encryption Username and Password
Information Disclosure
Description: Prolog Manager is a project management application. The
application is exposed to an information disclosure issue when the
application sends sensitive data through an insecure channel.
Ref: http://www.securityfocus.com/archive/1/484886
______________________________________________________________________

07.51.99 CVE: Not Available
Platform: Web Application
Title: ES Simple Uploader Arbitrary File Upload
Description: ES Simple Uploader is a file upload script. The
application is exposed to an arbitrary file upload issue because it
fails to adequately sanitize user-supplied input. This issue affects
the "index.php" script. ES Simple Uploader version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/26827
______________________________________________________________________

07.51.100 CVE: Not Available
Platform: Web Application
Title: ViArt Shop/CMS/Helpdesk Products Block_site_map.PHP Remote File
Include
Description: ViArt Shop is web-based, shopping cart software. ViArt
CMS is a content management system. ViArt Helpdesk is a web-based
helpdesk solution. The applications are exposed to a remote file
include issue because they fail to sufficiently sanitize user-supplied
input to the "root_folder_path" parameter of the
"blocks/block_site_map.php" script. ViArt Shop version 3.3.2, CMS
version 3.3.2 and HelpDesk version 3.3.2 are affected.
Ref: http://www.securityfocus.com/bid/26828
______________________________________________________________________

07.51.101 CVE: Not Available
Platform: Web Application
Title: Fastpublish CMS Designconfig.PHP Remote File Include
Description: Fastpublish CMS is a PHP-based content manager. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "config[fsBase]"
parameter of the "designconfig.php" script. Fastpublish CMS version
1.9999 is affected.
Ref: http://www.securityfocus.com/bid/26845
______________________________________________________________________

07.51.102 CVE: Not Available
Platform: Web Application
Title: City Writer "head.php" Remote File Include
Description: City Writer is a PHP-based content manager. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "path" parameter
of the "head.php" script. City Writer version 0.9.7 is affected.
Ref: http://www.securityfocus.com/bid/26848
______________________________________________________________________

07.51.103 CVE: Not Available
Platform: Web Application
Title: xml2owl "filedownload.php" Directory Traversal
Description: xml2owl is a PHP-based web application that converts
Extensible Markup Language (XML) files to Web Ontology Language (OWL)
files. The application is exposed to an issue that lets attackers
access arbitrary files because the application fails to sufficiently
sanitize user-supplied input to the "file" parameter of the
"filedownload.php" script when the "mode" parameter is set to
download. xml2owl version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/26849
______________________________________________________________________

07.51.104 CVE: Not Available
Platform: Web Application
Title: DynaWeb Developers MMS Gallery "id" Parameter Multiple
Directory Traversal Vulnerabilities
Description: MMS Gallery is a PHP-based picture gallery. The
application is exposed to multiple directory traversal issues that let
attackers access arbitrary files because the application fails to
sufficiently sanitize user-supplied input to the "id" parameter of the
"get_file.php" and "get_image.php" scripts. MMS Gallery version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/26852
______________________________________________________________________

07.51.105 CVE: Not Available
Platform: Web Application
Title: AdultScript Security Bypass
Description: AdultScript is an adult content video management script.
The application is exposed to a security bypass issue because it fails
to properly validate user credentials before performing certain
actions. Specifically, setting the browser to disallow redirections
while requesting the "admin/administrator.php" script allows an
attacker to bypass authentication and gain access to sensitive
information. The attacker can use this to obtain the username and
password of the administrator account. AdultScript versions 1.6 and
prior are affected.
Ref: http://www.securityfocus.com/bid/26870
______________________________________________________________________

07.51.106 CVE: Not Available
Platform: Web Application
Title: WebGUI Secondary Admin Security Bypass
Description: WebGUI is a web application framework and content
management system (CMS). The application is exposed to a security
bypass issue because the application fails to properly validate user
privileges. Specifically, an unprivileged attacker who is a
"secondary admin" user can create users with administration privileges
which results in privilege escalation. WebGUI versions prior to 7.4.18
are affected.
Ref:
http://www.plainblack.com/getwebgui/advisories/webgui-7_4_18-stable-released
______________________________________________________________________

07.51.107 CVE: Not Available
Platform: Network Device
Title: IBM Hardware Management Console Unspecified Privilege
Escalation
Description: IBM Hardware Management Console enables an administrator
to manage the configuration and operation of partitions in a computer
and to monitor the computer for hardware problems. The application is
exposed to a privilege escalation issue in unspecified HMC commands.
Hardware Management Console version 3 release 3.7 is affected.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4036
______________________________________________________________________
[ terug ]