Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Dec 24, 2007                                             Vol. 6. Week 52
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                     9 (#6, #7, #8, #10, #11)
Mac Os                                       4 (#5)
Linux                                       11
HP-UX                                        1 (#3)
Solaris                                      2
Unix                                         1
Cross Platform                              28 (#1, #2, #4, #9)
Web Application - Cross Site Scripting       6
Web Application - SQL Injection              7
Web Application                             22
Network Device                               1

*************** Sponsored By Norman Data Defense Systems ****************

Norman Data Defense Systems, Inc is the US subsidiary of leading
European security vendor Norman ASA. Norman offers analysis tools and
solutions for malware, spyware, spam, and phishing.  The Norman SandBox
technology leads the way in the world of proactive anti-virus solutions.
To learn about Norman please visit us at

http://www.sans.org/info/21208
************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
(2) CRITICAL: Trend Micro ServerProtect Insecure Method Exposure
(3) CRITICAL: Hewlett-Packard HP-UX swagentd RPC Buffer Overflow
(4) CRITICAL: ClamAV Multiple Executable Parsing Vulnerabilities
(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
(6) HIGH: Yahoo! Toolbar ActiveX Control Buffer Overflow
(7) HIGH: IBM Lotus Domino Web Access ActiveX Control Buffer Overflow
(8) HIGH: Novell GroupWise HTML Email Buffer Overflow
(9) MODERATE: Opera Multiple Vulnerabilities
Other Software
(10) CRITICAL: St. Bernard Open File Manager Buffer Overflow
(11) HIGH: iMesh ActiveX Control Buffer Overflow


***************************  Sponsored Links:  **************************
1) Hear what major government labs have implemented for Control Systems
security at the Process Control and SCADA Summit January 16-17.
http://www.sans.org/info/21213

2) Come to the Penetration Testing and Ethical Hacking Summit March
17-18 - Las Vegas. Come hear what works.
http://www.sans.org/info/21218
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
07.52.1  - iMesh "IMWebControl" ActiveX Control Code Execution
07.52.2  - Novell GroupWise "img" Tag Buffer Overflow
07.52.3  - IBM Lotus Domino Web Access "dwa7w.dll' ActiveX Control Memory
Corruption
07.52.4  - RavWare RavFLIC ActiveX Control Buffer Overflow
07.52.5  - WFTPD Explorer Remote Buffer Overflow
07.52.6  - HP Software Update "RulesEngine.dll" ActiveX Control Multiple File
Overwrite Vulnerabilities
07.52.7  - Yahoo! Toolbar YShortcut.dl ActiveX Control Remote Buffer Overflow
07.52.8  - Adobe Flash Player ActiveX Control "navigateToURL" API Cross Domain
Scripting
07.52.9  - HP eSupportDiagnostics "dpediag.dll" ActiveX Control Multiple
Information Disclosure Vulnerabilities
 -- Mac Os
07.52.10 - Apple Mac OS X Catalog and Distribution File Arbitrary Command
Execution Weakness
07.52.11 - Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
07.52.12 - Apple Mac OS X Keychain Security Bypass
07.52.13 - Apple Mac OS X SMB Utilities Local Stack-Based Buffer Overflow
 -- Linux
07.52.14 - Perl Net::DNS DNS Response Remote Denial of Service
07.52.15 - rPath Linux KDM Unspecified Local Denial of Service
07.52.16 - libexif Image Tag Remote Denial of Service
07.52.17 - Exiv2 EXIF File Handling Integer Overflow
07.52.18 - Linux Kernel "hrtimers" Local Denial of Service
07.52.19 - scponly Local Arbitrary Command Execution Weakness
07.52.20 - autofs nodev Mount Option Privilege Escalation
07.52.21 - libexif Image Tag Remote Integer Overflow
07.52.22 - Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service
07.52.23 - ClamAV "mspack.c" Off-By-One Buffer Overflow
07.52.24 - Adobe Flash Player JPG Header Remote Heap-Based Buffer Overflow
 -- HP-UX
07.52.25 - HP-UX rpc.yppasswd Unspecified Remote Denial of Service
 -- Solaris
07.52.26 - Sun Solaris NFS "netgroups" Security Bypass
07.52.27 - Sun Ray Device Manager Daemon Multiple Vulnerabilities
 -- Unix
07.52.28 - Common UNIX Printing System SNMP "asn1_get_string()" Remote Buffer
Overflow
 -- Cross Platform
07.52.29 - SurgeMail Malformed Host Header Denial of Service
07.52.30 - Apple Safari Subframe Same Origin Policy Violation
07.52.31 - Appian Business Process Management Suite Remote Denial of Service
07.52.32 - Trend Micro ServerProtect Multiple Remote Insecure Method Exposure
Vulnerabilities
07.52.33 - St. Bernard Open File Manager Remote Heap-Based Buffer Overflow
07.52.34 - Easylon OPC Server Arbitrary Code Execution
07.52.35 - NeoOffice OpenOffice Code Unspecified Security
07.52.36 - Anon Proxy Server Remote Shell Command Execution Vulnerabilities
07.52.37 - exiftags Multiple Unspecified Buffer Overflow and Denial of Service
Vulnerabilities
07.52.38 - Hammer of Thyrion Multiple Remote Buffer Overflow Vulnerabilities
07.52.39 - BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of
Service
07.52.40 - PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
07.52.41 - Adobe Flash Player Policy File Cross Domain Security Bypass
07.52.42 - Rosoft Media Player M3U Denial of Service
07.52.43 - Google Toolbar Dialog Spoofing
07.52.44 - ClamAV "libclamav/pe.c" MEW Packed PE File Integer Overflow
07.52.45 - Asterisk Host-Based Authentication Security Bypass
07.52.46 - Adobe Flash Player Multiple Security Vulnerabilities
07.52.47 - Adobe Flash Player DNS Rebinding
07.52.48 - Opera Web Browser Multiple Security Vulnerabilities
07.52.49 - MySQL Server Unspecified Remote Arbitrary Command Execution
07.52.50 - Adobe Flash Player "asfunction" Cross Site Scripting
07.52.51 - ProWizard 4 PC Multiple Remote Stack Based Buffer Overflow
Vulnerabilities
07.52.52 - Xen "copy_to_user()" Local Security Bypass
07.52.53 - Ingres Flawed In User Authentication Unauthorized Access
07.52.54 - HP Tru64 FFM Unspecified Local Denial of Service
07.52.55 - Adobe Flash Player Unspecified Privilege-Escalation
07.52.56 - Adobe Flash Player HTTP Response Splitting
 -- Web Application - Cross Site Scripting
07.52.57 - Google Web Toolkit Benchmark Reporting System Unspecified Cross-Site
Scripting
07.52.58 - Flyspray Multiple Cross-Site Scripting Vulnerabilities
07.52.59 - Ganglia Web Frontend Multiple Cross-Site Scripting Vulnerabilities
07.52.60 - Mambo Index.PHP Multiple Cross-Site Scripting Vulnerabilities
07.52.61 - Citrix Web Interface On-line Help Cross-Site Scripting
07.52.62 - GAMERFUN EXPLORER GF-3XPLORER Local File Include and Cross-Site
Scripting Vulnerabilities
 -- Web Application - SQL Injection
07.52.63 - Woltlab Burning Board Lite Search.PHP Multiple SQL Injection
Vulnerabilities
07.52.64 - FreeWebshop Multiple SQL Injection Vulnerabilities
07.52.65 - PHP Real Estate Classifieds "fullnews.php" SQL Injection
07.52.66 - my123tkShop e-Commerce-Suite "mainfile.php" SQL Injection
07.52.67 - phpMyRealty Multiple SQL Injection Vulnerabilities
07.52.68 - Plogger "plog-rss.php" SQL Injection
07.52.69 - Aeries Browser Interface "LostPwd.asp" SQL Injection
 -- Web Application
07.52.70 - RaidenHTTPD "workspace.php" Directory Traversal
07.52.71 - LineShout Multiple HTML Injection Vulnerabilities
07.52.72 - Uber-Uploader Multiple Arbitrary File Upload Vulnerabilities
07.52.73 - WebGUI Secondary Admin Security Bypass
07.52.74 - SquirrelMail Unauthorized Source Code Modification Package Compromise
Vulnerability
07.52.75 - phPay Windows Installations Local File Include
07.52.76 - Centreon Multiple Remote File Include Vulnerabilities
07.52.77 - phpRPG Multiple Vulnerabilities
07.52.78 - WordPress Unauthorized Post Access
07.52.79 - Black Sheep Web Software Form Tools Multiple Remote File Include
Vulnerabilities
07.52.80 - FreeWebshop Cookie Security Bypass
07.52.81 - Neuron News Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
07.52.82 - PHP Security Framework Multiple Input Validation Vulnerabilities
07.52.83 - pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File
Creation
07.52.84 - PhpMyDesktop|arcade "RR.php" Remote File Include
07.52.85 - Perforce P4Web Content-Length Header Remote Denial of Service
07.52.86 - Dokeos "My production" Arbitrary File Upload
07.52.87 - id3lib ID3 Tags Buffer Overflow
07.52.88 - Sun Management Center Insecure Default Account Unauthorized Access
07.52.89 - xeCMS "view.php" Local File Include
07.52.90 - iDevSpot iSupport "index.php" Local File Include
07.52.91 - SiteScape Forum "dispatch.cgi" Tcl Command Injection
 -- Network Device
07.52.92 - Cisco Application Inspection in Firewall Services Module Denial of
Service

______________________________________________________________________

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
Affected:
Adobe Flash Player

Description: Adobe Flash Player is the most popular platform for rich
internet content. The Adobe Flash Player web browser plugin is bundled
with Microsoft Windows, Apple Mac OS X, and various Unix and Linux-based
operating systems. The Flash plugin contains multiple vulnerabilities
in its handling of Flash content and network requests. A specially
crafted web page with embedded Flash content could exploit one of these
vulnerabilities to allow an attacker to execute arbitrary code with the
privileges of the current user, perform cross site scripting attacks,
or execute other attacks. Note that Flash content is generally loaded
automatically upon receipt, therefore no user interaction other than
viewing a malicious web page would be necessary to exploit these
vulnerabilities. Some technical details are publicly available for these
vulnerabilities.

Status: Adobe confirmed, updates available.

References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb07-20.html
TippingPoint DVLabs Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-07-21
Stanford University Security Advisory
http://crypto.stanford.edu/advisories/CVE-2007-6244/
SecurityFocus BIDs
http://www.securityfocus.com/bid/26965
http://www.securityfocus.com/bid/26960
http://www.securityfocus.com/bid/26930
http://www.securityfocus.com/bid/26969
http://www.securityfocus.com/bid/26951
http://www.securityfocus.com/bid/26949
http://www.securityfocus.com/bid/26929

*****************************************************

(2) CRITICAL: Trend Micro ServerProtect Insecure Method Exposure
Affected:
Trend Micro ServerProtect versions 5.58 and prior

Description: ServerProtect is an anti-malware solution from Trend Micro.
ServerProtect exports a Remote Procedure Call (RPC) interface. This
interface provides various filesystem manipulation procedures that may
be called without authentication. Calling these procedures would allow
an attacker to arbitrary modify system files and configuration with the
privileges of the vulnerable process (usually SYSTEM). Full technical
details are publicly available for this vulnerability.

Status: Trend Micro confirmed, updates available.

References:
Trend Micro Security Update Information
http://www.trendmicro.com/ftp/documentation/readme/
spnt_558_win_en_securitypatch4_readme.txt
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-077.html
Product Home Page
http://us.trendmicro.com/us/products/enterprise/serverprotect-for-microsoft-
windows/
SecurityFocus BID
http://www.securityfocus.com/bid/26912

*****************************************************

(3) CRITICAL: Hewlett-Packard HP-UX swagentd RPC Buffer Overflow
Affected:
Hewlett-Packard HP-UX versions 11.11 and prior

Description: HP-UX is Hewlett-Packard's UNIX-derived operating system.
HP-UX's 'swagentd' component is used for software deployment and other
tasks. It exports a Remote Procedure  Call (RPC) interface accessible
to other systems. A specially crafted call to this RPC interface could
trigger a buffer overflow. Successfully exploiting this buffer overflow
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. Some technical details are publicly available
for this vulnerability.

Status: Hewlett-Packard confirmed, updates available. Users can mitigate
the impact of this issue by blocking access to TCP and UDP port 2121 at
the network perimeter, if possible.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-079.html
Wikipedia Article on DCE-RPC
http://en.wikipedia.org/wiki/DCE/RPC
HP-UX Home Page
http://www.hp.com/products1/unix/
SecurityFocus BID
http://www.securityfocus.com/bid/26855

*****************************************************

(4) CRITICAL: ClamAV Multiple Executable Parsing Vulnerabilities
Affected:
ClamAV versions 0.91.2 and prior

Description: ClamAV is a popular multiplatform antivirus solution.
Executable packers are often used to obfuscate malware. ClamAV contains
multiple vulnerabilities in its handling of packed executables. A
specially crafted packed executable could trigger one of these
vulnerabilities, and allow an attacker to execute arbitrary code with
the privileges of the vulnerable process. Note that in situations where
ClamAV is used to scan email or automatically scan files, no user
interaction would be required to exploit this vulnerability. In these
cases, email transiting the server or files otherwise sent to the
vulnerable system would be sufficient to exploit this vulnerability.
Note that full technical details are available for this vulnerability
via source code analysis.

Status: ClamAV confirmed, updates available.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
ClamAV Home Page
http://www.clamav.net/
MEW Packer Home Page
http://northfox.uw.hu/
SecurityFocus BID
http://www.securityfocus.com/bid/26927

*****************************************************

(5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
Affected:
Apple Mac OS X versions 10.4.11 and 10.5.1 and prior

Description: Apple Mac OS X contains multiple vulnerabilities in a
variety of subsystems. Some vulnerabilities stem from known
vulnerabilities in bundled third-party software, while others are
endemic. The severity of these vulnerabilities range from arbitrary code
execution with the privileges of the current user or of a system
process, to arbitrary file overwrites, to cross site scripting attacks.
Some technical details are publicly available for several of these
vulnerabilities.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307179
SecurityFocus BID
http://www.securityfocus.com/bid/26910

*****************************************************

(6) HIGH: Yahoo! Toolbar ActiveX Control Buffer Overflow
Affected:
Yahoo! Toolbar versions 1.4.1 and prior

Description: The Yahoo! Toolbar is a web browser toolbar from Yahoo!
that makes it easier to access certain Yahoo! services. Part of the
toolbar's functionality is provided by an ActiveX control. This control
contains a buffer overflow vulnerability. A specially crafted web page
that instantiates this control could trigger this vulnerability, and
allow an attacker to execute arbitrary code with the privileges of the
current user. The Yahoo! Toolbar is installed as part of some software
packages, and may be installed by default by certain systems
integrators.

Status: Yahoo! has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the control via
Microsoft's __kill bit__ mechanism.

References:
Yahoo! Toolbar Home Page
http://toolbar.yahoo.com/
Microsoft Knowledge Base Article (details the ƒ__kill bitƒ__ mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/26956

*****************************************************

(7) HIGH: IBM Lotus Domino Web Access ActiveX Control Buffer Overflow
Affected:
IBM Lotus Domino versions prior to 7.0.34.1

Description: IBM Lotus Domino is an IBM collaboration solution. Part of
its web-based functionality is provided by an ActiveX control. This
control contains a buffer overflow vulnerability in the handling of its
__General_ServerName__ property. A specially crafted web page that
instantiates this control and sets this property could exploit this
buffer overflow. Successfully exploiting this buffer overflow would
allow an attacker to execute arbitrary code with the privileges of the
current user. Some technical details and a proof-of-concept are publicly
available for this vulnerability.

Status: IBM has not confirmed, no updates available. Users can mitigate
the impact of this vulnerability by disabling the vulnerable control via
Microsoft's __kill bit__ mechanisms for CLSID
__E008A543-CEFB-4559-912F-C27C2B89F13B__. Note that this may affect
normal application functionality.

References:
Posting by Elazar Broad
http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0498.html
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/26972.html
Microsoft Knowledge Base Article (details the ƒ__kill bitƒ__ mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www-306.ibm.com/software/lotus/products/domino/
SecurityFocus BID
http://www.securityfocus.com/bid/26972

*****************************************************

(8) HIGH: Novell GroupWise HTML Email Buffer Overflow
Affected:
Novell GroupWise versions 6.5.6 and prior

Description: Novell GroupWise is Novell's enterprise groupware solution.
GroupWise contains a flaw in its handling of email with embedded HTML.
A specially crafted email message containing and overlong __src__
parameter to an __<img>__ tag could trigger a buffer overflow
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary code with the privileges of the current
user. Full technical details and multiple proofs-of-concept are publicly
available for this vulnerability. This vulnerability is exploitable only
if the user has the __HTML Preview__ option enabled and responds to or
forwards a malicious email; simply reading a malicious message is
insufficient to exploit this vulnerability.

Status: According to reports, Novell has silently patched this vulnerability.

References:
Infobyte Security Research Advisory
http://www.infobyte.com.ar/adv/ISR-16.html
Proofs-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/novell_groupwise.pm
http://downloads.securityfocus.com/vulnerabilities/exploits/novell_groupwise.rb
Secunia Security Advisory
http://secunia.com/advisories/28102/
Product Home Page
http://www.novell.com/products/groupwise/
SecurityFocus BID
http://www.securityfocus.com/bid/26875

*****************************************************

(9) MODERATE: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.25

Description: Opera is a popular cross-platform web browser. It contains
multiple vulnerabilities. Most vulnerabilities are limited to cross site
scripting attacks or information disclosure vulnerabilities, but an
undisclosed error in the handling of Transport Layer Security (TLS,
sometimes known as SSL version 3) certificates could lead to arbitrary
code execution with the privileges of the current user.

Status: Opera confirmed, updates available.

References:
Opera Security Advisory
http://www.opera.com/docs/changelogs/windows/925/#security
Wikipedia Article on Transport Layer Security
http://en.wikipedia.org/wiki/Transport_Layer_Security
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/26937

****************
Other Software
****************

(10) CRITICAL: St. Bernard Open File Manager Buffer Overflow
Affected:
St. Bernard Open File Manager versions 9.5 and prior

Description: Open File Manager (OFM) is a enterprise backup management solution
from St. Bernard. OFM exports a network-accessible service. This service
contains a buffer overflow vulnerability. A specially crafted call to this
service could exploit this buffer overflow and allow an attacker to execute
arbitrary code with the privileges of the vulnerable process (usually SYSTEM).
Some technical details are publicly available for this vulnerability.

Status: St. Bernard confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-078.html
Product Home Page
http://www.stbernard.com/products/ofm/products_ofm.asp
SecurityFocus BID
http://www.securityfocus.com/bid/26914

*****************************************************

(11) HIGH: iMesh ActiveX Control Buffer Overflow
Affected:
iMesh versions 7.1.0.x and prior

Description: iMesh is a popular music and video sharing application.
Part of its functionality is provided by the __IMWebControl__ ActiveX
control. This control contains a buffer overflow vulnerability. A
malicious web page that instantiates this control could trigger this
buffer overflow and allow an attacker to execute arbitrary code with the
privileges of the current user. A proof-of-concept and full technical
details are publicly available for this vulnerability.

Status: iMesh has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the vulnerable
control via Microsoft's __kill bit__ mechanism, using CLSID
__7C3B01BC-53A5-48A0-A43B-0C67731134B9__. Note that this may impact
normal application functionality.

References:
Proof-of-Concept by rgod
http://milw0rm.com/exploits/4752
Microsoft Knowledge Base Article (details the __kill bit__ mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.imesh.com/
SecurityFocus BID
http://www.securityfocus.com/bid/26916

*****************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities

Week 52, 2007
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.52.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: iMesh "IMWebControl" ActiveX Control Code Execution
Description: iMesh is a P2P client for the Microsoft Windows operating
platform. The application is exposed to a code execution issue because
the application fails to sanitize user-supplied data which can lead to
memory corruption. This issue affects the "IMWeb.IMWebControl.1"
ActiveX control of "IMWebControl.dll". iMesh versions 7.1.0.37263 and
earlier are affected.
Ref: http://retrogod.altervista.org/rgod_imesh.html
______________________________________________________________________

07.52.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Novell GroupWise "img" Tag Buffer Overflow
Description: Novell GroupWise client is an Intranet/Internet GroupWare
solution available for Microsoft Windows. The application is exposed
to a buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. GroupWise version 6.5.6 is affected.
Ref: http://www.securityfocus.com/archive/1/485100
______________________________________________________________________

07.52.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: IBM Lotus Domino Web Access "dwa7w.dll' ActiveX Control Memory
Corruption
Description: IBM Lotus Domino is a client/server product designed for
collaborative working environments. Domino Server supports email,
scheduling, instant messaging, and data-driven applications. Web
Access is a web browser-based client for Lotus Domino. The application
is exposed to a memory corruption issue because of an insecure method
in the ActiveX control "dwa7w.dll".
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0498.html
______________________________________________________________________

07.52.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: RavWare RavFLIC ActiveX Control Buffer Overflow
Description: RavFLIC is an ActiveX control for playing Autodesk FLC/FLI
content. The control is exposed to a buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data. This
issue affects the "FileName()" method. RavFLIC version 1.0.0.1 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.52.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: WFTPD Explorer Remote Buffer Overflow
Description: WFTPD Explorer is an FTP client for Microsoft Windows
operating systems. The application is exposed to a remote heap-based
buffer overflow issue because the application fails to perform
boundary checks before copying user-supplied data into sensitive
process buffers. WFTPD Explorer version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26935
______________________________________________________________________

07.52.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP Software Update "RulesEngine.dll" ActiveX Control Multiple
File Overwrite Vulnerabilities
Description: HP Software Update is an application installed by default
on multiple HP laptop models. The application is exposed to multiple
issues that attackers can exploit to overwrite arbitrary files. HP
Software Update version 3.0.8.4 with "RulesEngine.dll" ActiveX control
1.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.52.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo! Toolbar YShortcut.dl ActiveX Control Remote Buffer
Overflow
Description: The Yahoo! Toolbar YShortcut ActiveX control allows users
to map shortcuts to URI addresses. The application is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. Yahoo! Toolbar version 1.4.1 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.52.8 CVE: CVE-2007-6244
Platform: Third Party Windows Apps
Title: Adobe Flash Player ActiveX Control "navigateToURL" API Cross
Domain Scripting
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. The application is
exposed to a cross domain scripting issue that exists in the
"navigateToURL" API, which takes a URL and the name of the frame to be
navigated as arguments. Adobe Flash Player versions 9.0.48.0, 8.0.35.0.
7.0.70.0 and earlier are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.52.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP eSupportDiagnostics "dpediag.dll" ActiveX Control Multiple
Information Disclosure Vulnerabilities
Description: HP eSupportDiagnostics is an ActiveX control used to aid
in web-based support. The application is exposed to multiple
information disclosure issues. HP eSupportDiagnostics ActiveX control,
"hpediag.dll" version 1.0.11.0 is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059205.html
______________________________________________________________________

07.52.10 CVE: CVE-2007-5863
Platform: Mac Os
Title: Apple Mac OS X Catalog and Distribution File Arbitrary Command
Execution Weakness
Description: Apple Mac OS X is exposed to an arbitrary command
execution weakness. This issue occurs when Mac OS X checks for new
updates. Specifically, the catalog file and distribution files are
downloaded on the computer using plain HTTP without any form of
verification to certify legitimate client-server communication.
Ref: http://www.securityfocus.com/archive/1/485237
______________________________________________________________________

07.52.11 CVE: CVE-2007-4708, CVE-2007-4709, CVE-2007-4710,
CVE-2007-5847, CVE-2007-5848, CVE-2007-5849, CVE-2007-5850,
CVE-2007-5851, CVE-2007-5852, CVE-2007-5853, CVE-2007-5854,
CVE-2007-5855, CVE-2007-5857, CVE-2007-5859, CVE-2007-5861,
CVE-2007-5860, CVE-2007-5876
Platform: Mac Os
Title: Apple Mac OS X v10.5.1 2007-009 Multiple Security
Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues.
These issues affect Mac OS X and various applications. Attackers may
exploit these issues to execute arbitrary code, trigger denial of
service conditions, escalate privileges, and potentially compromise
vulnerable computers. Apple Mac OS X versions 10.5.1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/26910
______________________________________________________________________

07.52.12 CVE: CVE-2007-5862
Platform: Mac Os
Title: Apple Mac OS X Keychain Security Bypass
Description: Apple Mac OS X Keychain is the password management system
used by the operating system to manage user authentication. The
application is exposed to a security bypass issue because it fails to
properly validate user credentials before performing certain actions.
Mac OS X version 10.4.10 is affected.
Ref: http://docs.info.apple.com/article.html?artnum=307177
______________________________________________________________________

07.52.13 CVE: CVE-2007-3876
Platform: Mac Os
Title: Apple Mac OS X SMB Utilities Local Stack-Based Buffer Overflow
Description: Mac OS X is an operating platform developed by Apple.
"mount_smbfs" is an SMB (Server Message Block protocol) utility used
for locally mounting remote SMB shares. The application is exposed to
a local stack-based buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. Mac OS X and Mac OS X Server versions 10.4.11 and
earlier are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=633
______________________________________________________________________

07.52.14 CVE: CVE-2007-6341
Platform: Linux
Title: Perl Net::DNS DNS Response Remote Denial of Service
Description: The Perl Net::DNS module allows scripts written in Perl
to perform DNS queries. The application is exposed to a remote denial
of service issue due to a failure of the module to properly handle
malformed DNS responses. DNS version 0.60 is affected.
Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316
______________________________________________________________________

07.52.15 CVE: CVE-2007-5963
Platform: Linux
Title: rPath Linux KDM Unspecified Local Denial of Service
Description: rPath Linux KDM is prone to a local denial of service
issue. This issue affects KDM from the "kdebase" package. Version 3.4.2
is affected. More information about this issue can be found at the link below.
Ref: http://www.securityfocus.com/archive/1/485238
______________________________________________________________________

07.52.16 CVE: CVE-2007-6351
Platform: Linux
Title: libexif Image Tag Remote Denial of Service
Description: The libexif library is a freely available library that is
used to read and write EXIF data. It is implemented in C. The library
is exposed to a denial of service issue while parsing image tags
contained in EXIF files and is caused by an infinite recursion.
Ref: http://rhn.redhat.com/errata/RHSA-2007-1165.html
______________________________________________________________________

07.52.17 CVE: Not Available
Platform: Linux
Title: Exiv2 EXIF File Handling Integer Overflow
Description: Exiv2 is a freely available, open-source EXIF and IPTC
image metadata library. The application is exposed to an integer
overflow issue because it fails to properly verify user-supplied data.
Exiv2 version 0.15 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=425921
______________________________________________________________________

07.52.18 CVE: CVE-2007-5966
Platform: Linux
Title: Linux Kernel "hrtimers" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle certain "hrtimers" relative
timeout values. This issue can manifest itself when large relative
timeout values are added to the current time in the "hrtimer_start()"
function. Linux kernel versions prior to 2.6.23.10 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10
______________________________________________________________________

07.52.19 CVE: Not Available
Platform: Linux
Title: scponly Local Arbitrary Command Execution Weakness
Description: scponly is a shell-like application that provides remote
read and write access but does not allow remote execution privileges.
The application is exposed to a weakness that can result in arbitrary
command execution due to certain interaction between scponly and
applications such as svn, svnserve, unison, and rsync. scponly version
4.6 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
______________________________________________________________________

07.52.20 CVE: CVE-2007-6285
Platform: Linux
Title: autofs nodev Mount Option Privilege Escalation
Description: The "autofs" utility controls the operation of the
"automount" daemon for mounting and unmounting filesystems on the
Linux operating system. The utility is exposed to a privilege
escalation issue because of a flaw in its default configuration.
Filesystems mounted under "/net" using the "hosts" automount map do
not have the "nodev" mount option enabled by default.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1176.html
______________________________________________________________________

07.52.21 CVE: CVE-2007-6352
Platform: Linux
Title: libexif Image Tag Remote Integer Overflow
Description: The libexif library is a freely available library that is
used to read and write exif data. It is implemented in C. The library
is expsoed to an integer overflow issue because it fails to properly
ensure that integer values are not overrun. Specifically, this issue
occurs when parsing image tags contained in exif files.
Ref: http://rhn.redhat.com/errata/RHSA-2007-1165.html
______________________________________________________________________

07.52.22 CVE: CVE-2007-4567
Platform: Linux
Title: Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to adequately validate specially-crafted IPv6
"Hop-By-Hop" headers. Computers configured with IPv6 can crash when
processing specially-crafted "Hop-By-Hop" extended headers.
Ref:
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.22-rc1
______________________________________________________________________

07.52.23 CVE: CVE-2007-6336
Platform: Linux
Title: ClamAV "mspack.c" Off-By-One Buffer Overflow
Description: ClamAV is a multi platform anti virus toolkit used to
scan email messages for viruses. The application is exposed to a
buffer overflow issue because it fails to properly bounds check
user-supplied input before copying it to insufficiently sized memory
buffers. ClamAV version 0.91.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485322
______________________________________________________________________

07.52.24 CVE: CVE-2007-6242
Platform: Linux
Title: Adobe Flash Player JPG Header Remote Heap-Based Buffer Overflow
Description: Adobe Flash Player is an application that plays Flash
media (.SWF). The application is exposed to a remote heap-based buffer
overflow issue because the application fails to handle user-supplied
input using consistent signedness. Adobe Flash Player versions
9.0.48.0, 8.0.35.0, 7.0.70.0, and earlier are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html
______________________________________________________________________

07.52.25 CVE: CVE-2007-6419
Platform: HP-UX
Title: HP-UX rpc.yppasswd Unspecified Remote Denial of Service
Description: HP-UX rpc.yppasswd is exposed to a remote denial of
service issue.  The cause of this issue is currently unknown.  HP-UX
versions B.11.31, B.11.23 and B.11.11 are affected.
Ref: http://www.securityfocus.com/bid/26971
______________________________________________________________________

07.52.26 CVE: Not Available
Platform: Solaris
Title: Sun Solaris NFS "netgroups" Security Bypass
Description: Sun Solaris is exposed to a security bypass issue due to
an unspecified error affecting servers that are configured as NFS
servers and have superuser access granted for some "netgroups". Sun
Solaris version 10 for SPARC and x86 platforms is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1
______________________________________________________________________

07.52.27 CVE: Not Available
Platform: Solaris
Title: Sun Ray Device Manager Daemon Multiple Vulnerabilities
Description: Sun Ray Server Software includes the Ray Device Manager
daemon (utdevmgrd(1M)) used to manage peripheral devices. The daemon
is exposed to multiple issues due to unspecified errors.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1&searchclause=
______________________________________________________________________

07.52.28 CVE: CVE-2007-5849
Platform: Unix
Title: Common UNIX Printing System SNMP "asn1_get_string()" Remote
Buffer Overflow
Description: Common UNIX printing System (CUPS) is a cross platform
printing server for UNIX type systems. The application is exposed to
a remote buffer overflow issue because the software fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized buffer. CUPS versions 1.2, 1.3 and prior to 1.3.5 are affected.
Ref: http://www.securityfocus.com/bid/26917
______________________________________________________________________

07.52.29 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail Malformed Host Header Denial of Service
Description: SurgeMail is a mailserver available for various
platforms. The application is exposed to a remote denial of service
issue because the application fails to handle specially-crafted HTTP
POST requests. Specifically, the application fails to handle POST
requests containing a malformed "Host" header. SurgeMail version 38k4
for Microsoft Windows is affected.
Ref: http://www.securityfocus.com/archive/1/485224
______________________________________________________________________

07.52.30 CVE: CVE-2007-5858
Platform: Cross Platform
Title: Apple Safari Subframe Same Origin Policy Violation
Description: Apple Safari is exposed to an issue that allows an attacker
to violate the same-origin policy. This issue occurs because the
application fails to properly enforce the same-origin policy for
subframe access. This issue is due to a failure of the application to
implement a properly secure frame navigation policy. Safari 3 for both
Microsoft Windows and Apple Mac OS X platforms is affected.
Ref: http://docs.info.apple.com/article.html?artnum=307178
______________________________________________________________________

07.52.31 CVE: Not Available
Platform: Cross Platform
Title: Appian Business Process Management Suite Remote Denial of
Service
Description: Appian Business Process Management Suite (BPMS) is a web
based business process management application. It is available for
various platforms. The application is exposed to a remote denial of
service issue because it fails to handle specially-crafted packets.
Appian BPMS version 5.6 SP1 is affected.
Ref: http://www.securityfocus.com/bid/26913
______________________________________________________________________

07.52.32 CVE: Not Available
Platform: Cross Platform
Title: Trend Micro ServerProtect Multiple Remote Insecure Method
Exposure Vulnerabilities
Description: Trend Micro ServerProtect is an antivirus application
designed specifically for servers. The application is exposed to
multiple remote insecure method exposure issues because the
application does not properly restrict access to certain DCE/RPC
methods. ServerProtect version 5.58 (Security Patch 3) is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-077.html
______________________________________________________________________

07.52.33 CVE: CVE-2007-6281
Platform: Cross Platform
Title: St. Bernard Open File Manager Remote Heap-Based Buffer Overflow
Description: St. Bernard Open File Manager is an enterprise data
backup solution. The application is exposed to a remote heap-based
buffer overflow issue because it fails to properly check boundaries on
user-supplied data before copying it to an insufficiently-sized memory
buffer. Open File Manager version 9.5 is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-07-078.html
______________________________________________________________________

07.52.34 CVE: CVE-2007-4473
Platform: Cross Platform
Title: Easylon OPC Server Arbitrary Code Execution
Description: Easylon OPC Server provides OPC (OLE for Process Control)
services used in control systems to consolidate field and network
device information. The application is exposed to an arbitrary code
execution issue. Easylon OPC Server versions prior to 2.3.44 are
affected.
Ref: http://www.kb.cert.org/vuls/id/205073
______________________________________________________________________

07.52.35 CVE: Not Available
Platform: Cross Platform
Title: NeoOffice OpenOffice Code Unspecified Security
Description: NeoOffice is a set of Office applications based on the
OpenOffice source code and is available for Mac OS X. The application
is exposed to an unspecified issue.
Ref: http://neowiki.neooffice.org/index.php/NeoOffice_Release_Notes
______________________________________________________________________

07.52.36 CVE: Not Available
Platform: Cross Platform
Title: Anon Proxy Server Remote Shell Command Execution
Vulnerabilities
Description: Anon Proxy Server is a web-based anonymous proxy server.
The application is exposed to two issues that allow arbitrary shell
commands to run because the software fails to adequately escape
user-supplied input.
Ref: http://www.securityfocus.com/archive/1/485151
______________________________________________________________________

07.52.37 CVE: CVE-2007-6031, CVE-2007-6354, CVE-2007-6355,
CVE-2007-6356
Platform: Cross Platform
Title: exiftags Multiple Unspecified Buffer Overflow and Denial of
Service Vulnerabilities
Description: exiftags is an application for extracting Exif
(Exchangeable Image File) image metadata from image files. The
application is exposed to multiple issues due to unspecified errors in
the way application processes Exif data. exiftags versions prior to
1.01 are affected.
Ref: http://johnst.org/sw/exiftags/CHANGES
______________________________________________________________________

07.52.38 CVE: Not Available
Platform: Cross Platform
Title: Hammer of Thyrion Multiple Remote Buffer Overflow
Vulnerabilities
Description: Hammer of Thyrion is a source port of the Hexen II game
for Linux, FreeBSD and Mac OS X. The application is exposed to
multiple remote buffer overflow issues because it fails to bounds
check user-supplied data before copying it into insufficiently sized
buffers. Hammer of Thyrion version 1.4.2 is affected.
Ref: http://uhexen2.sourceforge.net/
______________________________________________________________________

07.52.39 CVE: Not Available
Platform: Cross Platform
Title: BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial
of Service
Description: BalaBit IT Security syslog-ng is an enterprise level
system logging application for multiple operating platforms. The
application is exposed to a denial of service issue because it fails
to adequately sanitize user-supplied input. syslog-ng and
syslog-ng-premium-edition prior to versions 2.0.6 and 2.1.8 are
affected.
Ref: http://www.securityfocus.com/archive/1/485180
______________________________________________________________________

07.52.40 CVE: Not Available
Platform: Cross Platform
Title: PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
Description: PeerCast is a peer-to-peer (P2P) radio streaming
application implemented in C++. The application is exposed to multiple
buffer overflow issues because it fails to perform adequate boundary
checks on user-supplied data. These issues occur in the
"handShakeHTTP()" function of the "servhs.cpp" source file. PeerCast
versions 0.12.17, SVN 334 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/485199
______________________________________________________________________

07.52.41 CVE: CVE-2007-6243
Platform: Cross Platform
Title: Adobe Flash Player Policy File Cross Domain Security Bypass
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. The application is
exposed to a cross-domain security bypass issue that will allow an
attacker to bypass the same-origin policy file. Specifically, certain
SWF files can bypass the browser's same-origin policy. 
Adobe Flash Player versions 9.0.48.0, 8.0.35.0. 7.0.70.0 and earlier
are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
______________________________________________________________________

07.52.42 CVE: Not Available
Platform: Cross Platform
Title: Rosoft Media Player M3U Denial of Service
Description: Rosoft Media Player is an application that plays various media
supported by ACM Codecs that are installed on the same computer. The
application is exposed to a denial of service issue because it fails
to adequately handle malformed .M3U files. Rosoft Media Player version
4.1.7 is affected.
Ref: http://www.securityfocus.com/archive/1/485253
______________________________________________________________________

07.52.43 CVE: Not Available
Platform: Cross Platform
Title: Google Toolbar Dialog Spoofing
Description: Google Toolbar is a customizable toolbar designed for web
browsers. The application is exposed to a dialog-spoofing issue that
occurs when installing a custom button onto Google Toolbar. Google
Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet
Explorer and Google Toolbar 4 for Firefox are affected.
Ref: http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVuln
erability.aspx
______________________________________________________________________

07.52.44 CVE: CVE-2007-6335
Platform: Cross Platform
Title: ClamAV "libclamav/pe.c" MEW Packed PE File Integer Overflow
Description: ClamAV is a multi-platform anti-virus toolkit used to
scan email messages for viruses. The application is exposed to an
integer overflow issue because it fails to properly verify
user-supplied data. ClamAV version 0.91.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485285
______________________________________________________________________

07.52.45 CVE: CVE-2007-6430
Platform: Cross Platform
Title: Asterisk Host-Based Authentication Security Bypass
Description: Asterisk is an open-source PBX application available for
multiple operating platforms. The application is exposed to a security
bypass issue that affects the SIP and IAX protocols due to the way
database-based registrations ("realtime") are processed. Specifically,
the application fails to validate IP addresses when logging into the
application with a correct username and no password. Asterisk Open
Source versions prior to 1.2.26 and 1.4.16 are affected, Asterisk Business
Edition
versions prior to B.2.3.6 are affected, and Asterisk Business Edition versions
prior
to C.1.0-beta8 are affected.
Ref: http://www.securityfocus.com/archive/1/485287
______________________________________________________________________

07.52.46 CVE: Not Available
Platform: Cross Platform
Title: Adobe Flash Player Multiple Security Vulnerabilities
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. The application is
exposed to multiple security issues. Adobe Flash Player versions prior
to 9.0.48.0, 8.0.35.0, and 7.0.70.0 are affected.
Ref: http://www.securityfocus.com/bid/26929/references
______________________________________________________________________

07.52.47 CVE: CVE-2007-5275
Platform: Cross Platform
Title: Adobe Flash Player DNS Rebinding
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. The application is
exposed to a DNS rebinding issue that allows remote attackers to
establish arbitrary TCP sessions. The application allows Flash movies
to open TCP sockets to arbitrary hosts that serve an XML policy file
authorizing the origin of the movie. The issue occurs because Flash
player checks the policy file against domain names and not IP
addresses, and for this reason it is possible to authorize a domain and then
rebind
the domain to a different IP address.
Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
______________________________________________________________________

07.52.48 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser Multiple Security Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to multiple issues.
Opera versions prior to 9.25 are affected.
Ref: http://www.opera.com/docs/changelogs/windows/925/#security
______________________________________________________________________

07.52.49 CVE: Not Available
Platform: Cross Platform
Title: MySQL Server Unspecified Remote Arbitrary Command Execution
Description: MySQL is a freely available SQL database for multiple
platforms. The application is exposed to an unspecified issue that
allows remote attackers to execute arbitrary commands on the database.
MySQL versions 5.0.45 and 5.0.51 are affected.
Ref:
http://blog.wslabi.com/2007/12/focus-on-mysql-remote-code-execution.html
______________________________________________________________________

07.52.50 CVE: CVE-2007-6244
Platform: Cross Platform
Title: Adobe Flash Player "asfunction" Cross-Site Scripting
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. ActionScript is a
language used to develop media processed by Adobe Flash Player. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied data. The issue exists in the
"asfunction" protocol when handling certain SWF files.
Ref: https://rhn.redhat.com/errata/RHSA-2007-1126.html
______________________________________________________________________

07.52.51 CVE: Not Available
Platform: Cross Platform
Title: ProWizard 4 PC Multiple Remote Stack-Based Buffer Overflow
Vulnerabilities
Description: ProWizard 4 PC is a music ripper for various MOD packed
formats. The application is exposed to multiple stack-based buffer
overflow issues because it fails to perform adequate boundary checks
on user-supplied data. ProWizard 4 PC versions 1.62 and earlier are
affected.
Ref: http://aluigi.altervista.org/adv/prowizbof-adv.txt
______________________________________________________________________

07.52.52 CVE: CVE-2007-6416
Platform: Cross Platform
Title: Xen "copy_to_user()" Local Security Bypass
Description: Xen is an open-source hypervisor or virtual machine
monitor. The application is exposed to a local security bypass issue
due to an error in PAL emulation. Specifically, the issue resides in
the "copy_to_user()" function. Xen version 3.1.2 on IA64 platforms is
affected.
Ref:
http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7
______________________________________________________________________

07.52.53 CVE: CVE-2007-6334
Platform: Cross Platform
Title: Ingres Flawed In User Authentication Unauthorized Access
Description: Ingres is an enterprise-level database server. It is
included in several Computer Associates applications. The application
is exposed to an unauthorized access issue due to a flaw in user
authentication. When connecting to the database, a user will be
authenticated using the previous user's credentials. Ingres versions
2.5 and 2.6 when running on Windows are affected.
Ref: http://www.ingres.com/support/security-alertDec17.php
______________________________________________________________________

07.52.54 CVE: Not Available
Platform: Cross Platform
Title: HP Tru64 FFM Unspecified Local Denial of Service
Description: HP Tru64 running FFM (File-on-File Mounting Filesystem)
is exposed to a local denial of service issue. The FFM filesystem
allows regular, character, or block special files to be mounted over
regular files, and is generally used by a FIFO-based pipe. HP Tru64
versions v5.1B-3 and v5.1B-4 running FFM are exposed.
Ref: http://www.securityfocus.com/archive/1/485395
______________________________________________________________________

07.52.55 CVE: CVE-2007-6246
Platform: Cross Platform
Title: Adobe Flash Player Unspecified Privilege Escalation
Description: Adobe Flash Player is an application that plays Flash
media files (SWF). The application is exposed to an issue that allows
attackers to gain elevated privileges on affected computers. The issue
is caused due to an unspecified memory permission error. Adobe Flash
Player versions prior to 9.0.115.0 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
______________________________________________________________________

07.52.56 CVE: CVE-2007-6245
Platform: Cross Platform
Title: Adobe Flash Player HTTP Response Splitting
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. The application is
exposed to an HTTP response splitting issue because it fails to
adequately sanitize user-supplied input. Adobe Flash Player versions
9.0.48.0, 8.0.35.0, and 7.0.70.0 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb07-20.html
______________________________________________________________________

07.52.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Google Web Toolkit Benchmark Reporting System Unspecified
Cross-Site Scripting
Description: Google Web Toolkit is a Java software development
framework for writing AJAX applications. The application is exposed to
a cross-site scripting issue because it fails to sanitize an
unspecified input parameter to the benchmark reporting system. Google
Web Toolkit versions prior to 1.4.61 are affected.
Ref:
http://code.google.com/webtoolkit/releases/release-notes-1.4.61.html
______________________________________________________________________

07.52.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Flyspray Multiple Cross-Site Scripting Vulnerabilities
Description: FlySpray is a bug tracking system. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input to the "$_SERVER["QUERY_STRING"]"
parameter of the "savesearch" JavaScript function and the "details"
parameter of the "index.php" script. Flyspray versions 0.9.9 through 0.9.9.3
are affected.
Ref: http://www.securityfocus.com/bid/26891
______________________________________________________________________

07.52.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ganglia Web Frontend Multiple Cross-Site Scripting
Vulnerabilities
Description: Ganglia is a distributed monitoring system. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. Ganglia versions prior to
3.0.6 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=562168&group_id=43021
______________________________________________________________________

07.52.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mambo Index.PHP Multiple Cross-Site Scripting Vulnerabilities
Description: Mambo is a PHP-based content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input to the "option" parameter of the
"index.php" script and the "Itemid" parameter of the "index.php"
script when the "option" parameter is set to "com_frontpage". Mambo
version 4.6.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485257
______________________________________________________________________

07.52.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Citrix Web Interface On-line Help Cross-Site Scripting
Description: Citrix NetScaler is an appliance that accelerates the
performance of applications. The application is exposed to a
cross-site scripting issue because the application fails to properly
sanitize user-supplied input. Citrix Web Interface versions 2.0 and
earlier are affected.
Ref: http://support.citrix.com/article/CTX115283
______________________________________________________________________

07.52.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GAMERFUN EXPLORER GF-3XPLORER Local File Include and Cross-Site
Scripting Vulnerabilities
Description: GAMERFUN EXPLORER GF-3XPLORER is a PHP script for
managing files of a web server. The application is exposed to multiple
issues. GF-3XPLORER version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/26936
______________________________________________________________________

07.52.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Woltlab Burning Board Lite Search.PHP Multiple SQL Injection
Vulnerabilities
Description: Woltlab Burning Board Lite is a bulletin board
application. The application is exposed to multiple SQL injection
issues because it fails to properly sanitize user-supplied input before
using it in SQL queries. Specifically, this issue occurs in the
"showposts", "sortby" and "sortorder" parameters of the "search.php"
script. Woltlab Burning Board Lite version 1.0.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485408
______________________________________________________________________

07.52.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FreeWebshop Multiple SQL Injection Vulnerabilities
Description: FreeWebshop is a shopping cart application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the following
scripts and parameters before using it in an SQL query. FreeWebshop
version 2.2.1 is affected.
Ref: http://newhack.org/advisories/FreeWebShop-2.2.1.txt
______________________________________________________________________

07.52.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Real Estate Classifieds "fullnews.php" SQL Injection
Description: PHP Real Estate Classifieds is a web-based package for
real estate ads. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "fullnews.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/26888
______________________________________________________________________

07.52.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: my123tkShop e-Commerce-Suite "mainfile.php" SQL Injection
Description: my123tkShop e-Commerce-Suite is a web-based shop
application. The application is expsoed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data before
using it in an SQL query. my123tkShop version 0.9.1 is affected.
Ref: http://www.securityfocus.com/bid/26890
______________________________________________________________________

07.52.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMyRealty Multiple SQL Injection Vulnerabilities
Description: phpMyRealty is a PHP-based real estate listings
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the following scripts and parameters before using it in an SQL query:
"search.php" script through the "type" parameter, and the
"findlistings.php" script through the "listing_updated_days"
parameter. phpMyRealty versions 1.0.9 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26932
______________________________________________________________________

07.52.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Plogger "plog-rss.php" SQL Injection
Description: Plogger is a photo gallery application implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "plog-rss.php" script before using it in an SQL
query. Plogger version 1.0 Beta 3 is affected.
Ref:
http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-
injection-vulnerability_2007-12-17.pdf
______________________________________________________________________

07.52.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Aeries Browser Interface "LostPwd.asp" SQL Injection
Description: Aeries Browser Interface is a web portal for student
information. It is a component of the Aeries Student Information
System, implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data used in the Forgot Password section of the
"LostPwd.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/26962
______________________________________________________________________

07.52.70 CVE: Not Available
Platform: Web Application
Title: RaidenHTTPD "workspace.php" Directory Traversal
Description: RaidenHTTPD is a web server application for the Windows
operating platform. It features a PHP-based web administration
(WebAdmin) tool that is disabled by default. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "ulang" parameter of
the "raidenhttpd-admin/workspace.php" script. The issue only occurs
when the "WebAdmin" feature is enabled. RaidenHTTPD version 2.0.19 is
affected.
Ref: http://www.securityfocus.com/archive/1/485221
______________________________________________________________________

07.52.71 CVE: Not Available
Platform: Web Application
Title: LineShout Multiple HTML Injection Vulnerabilities
Description: LineShout is a PHP-based shoutbox application. The
application is exposed to multiple HTML injection issues because it
fails to properly sanitize user-supplied input before using it in
dynamically generated content. These issues affect "nickname" and
"message" form field parameters. LineShout version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26906
______________________________________________________________________

07.52.72 CVE: Not Available
Platform: Web Application
Title: Uber-Uploader Multiple Arbitrary File Upload Vulnerabilities
Description: Uber-Uploader is a file-uploader application that
displays a progress bar to the user. The application is exposed to
multiple issues that allow attackers to upload arbitrary files because
it fails to properly verify user-supplied input. Uber-Uploader version
5.3.6 is affected.
Ref: http://www.securityfocus.com/archive/1/485235
______________________________________________________________________

07.52.73 CVE: Not Available
Platform: Web Application
Title: WebGUI Secondary Admin Security Bypass
Description: WebGUI is a web application framework and content
management system (CMS). The application is exposed to a security
bypass issue because the application fails to properly validate user
privileges. Specifically, an unprivileged attacker who is a
"secondary admin" user can create users with administration privileges
which results in privilege escalation. WebGUI versions prior to 7.4.18
are affected.
Ref:
http://www.plainblack.com/getwebgui/advisories/webgui-7_4_18-stable-released
______________________________________________________________________

07.52.74 CVE: Not Available
Platform: Web Application
Title: SquirrelMail Unauthorized Source Code Modification Package
Compromise Vulnerability
Description: SquirrelMail is a web mail application. The application
is exposed to a compromise of the source code. In some source code
repositories, the affected versions of the application were modified
with malicious content. Specifically, a vulnerability was created that
allows a remote attacker to execute arbitrary code in the context of
the web server process. SquirrelMail versions 1.4.11 and 1.4.12 are
affected.
Ref: http://www.squirrelmail.org/index.php
______________________________________________________________________

07.52.75 CVE: Not Available
Platform: Web Application
Title: phPay Windows Installations Local File Include
Description: phPay is a web-based commerce and shop application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/485149
______________________________________________________________________

07.52.76 CVE: Not Available
Platform: Web Application
Title: Centreon Multiple Remote File Include Vulnerabilities
Description: Centreon (formerly Oreon) is a network and system
monitoring application. The application is exposed to multiple remote
file include issues because it fails to sufficiently sanitize
user-supplied input. Centreon versions 1.4 and 1.4.1 are affected.
Ref: http://www.securityfocus.com/archive/1/485152
______________________________________________________________________

07.52.77 CVE: Not Available
Platform: Web Application
Title: phpRPG Multiple Vulnerabilities
Description: phpRPG is a web-based role playing game engine. The
application is exposed to two issues: an SQL injection issue
affecting the "username" and "password" fields of the login script, 
and an issue that lets attackers steal sessions from other users.
phpRPG version 0.8.0 is affected.
Ref: http://www.securityfocus.com/archive/1/485158
______________________________________________________________________

07.52.78 CVE: Not Available
Platform: Web Application
Title: WordPress Unauthorized Post Access
Description: WordPress allows users to generate news pages and
web logs dynamically. The application is exposed to an issue that lets
unauthorized users read posts before they have been published. The
issue is caused by a flaw in the "is_admin" function in the
"query.php" script. WordPress version 2.3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/485160
______________________________________________________________________

07.52.79 CVE: Not Available
Platform: Web Application
Title: Black Sheep Web Software Form Tools Multiple Remote File
Include Vulnerabilities
Description: Black Sheep Web Software Form Tools is a web-based
application for form processing. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "g_root_dir" parameter of the
"global/templates/admin_page_open.php" and
"global/templates/client_page_open.php" scripts. Form Tools version
1.5.0b is affected.
Ref: http://www.securityfocus.com/bid/26889
______________________________________________________________________

07.52.80 CVE: Not Available
Platform: Web Application
Title: FreeWebshop Cookie Security Bypass
Description: FreeWebshop is a shopping cart application implemented in
PHP. The application is prone to a security bypass issue because it
fails to properly validate user credentials before performing certain
actions. FreeWebshop versions prior to 2.2.7 are affected.
Ref: http://newhack.org/advisories/freewebshop.2.2.7.txt
______________________________________________________________________

07.52.81 CVE: Not Available
Platform: Web Application
Title: Neuron News Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Neuron News is a web-based news reader. The application
is exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. Neuron News version 1.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/485176
______________________________________________________________________

07.52.82 CVE: Not Available
Platform: Web Application
Title: PHP Security Framework Multiple Input Validation
Vulnerabilities
Description: PHP Security Framework is a framework that protects
applications against various PHP-based issues. The application is
exposed to multiple input validation issues. PHP Security Framework
version Beta 1 is affected.
Ref: http://www.securityfocus.com/archive/1/485175
______________________________________________________________________

07.52.83 CVE: CVE-2007-6358
Platform: Web Application
Title: pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary
File Creation
Description: pdftops.pl alternate pdftops filter for CUPS is a Perl
script that wraps xpdf's pdftops utility to act as a CUPS filter. The
application is exposed to a security issue because it creates
temporary files in an insecure manner. The issue presents itself
because the "files/pdftops.pl" script creates insecure temporary files
with predictable names according to the pattern
"$TMPDIR/pdfin.$$.tmp". pdftops.pl alternate pdftops filter for CUPS
versions prior to 1.20 are affected.
Ref: http://www.cups.org/articles.php?L515
______________________________________________________________________

07.52.84 CVE: Not Available
Platform: Web Application
Title: PhpMyDesktop|arcade "RR.php" Remote File Include
Description: PhpMyDesktop|arcade is a PHP-based application that
provides games, bulletin board services, and chat functionality. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "phpdns_basedir"
parameter of the "RR.php" script. PhpMyDesktop|arcade version 1.0
final is affected.
Ref: http://www.securityfocus.com/bid/26931
______________________________________________________________________

07.52.85 CVE: CVE-2007-6349
Platform: Web Application
Title: Perforce P4Web Content-Length Header Remote Denial of Service
Description: Perforce P4Web is a web-based revision control system
available for Mac OS X, Unix, and Windows platforms. The
application is exposed to a remote denial of service issue because it
fails to handle specially crafted HTTP requests. P4Web versions 2006.2
and earlier running on Windows are affected.
Ref: http://www.securityfocus.com/archive/1/485321
______________________________________________________________________

07.52.86 CVE: Not Available
Platform: Web Application
Title: Dokeos "My production" Arbitrary File Upload
Description: Dokeos is a content manager. The application is exposed
to an arbitrary file upload issue because the application fails to
sufficiently sanitize user-supplied data. The issue exists in the "My
Production" form field parameter of the "My Profile" page. Dokeos
version 1.8.4 is affected.
Ref: http://www.securityfocus.com/bid/26940
______________________________________________________________________

07.52.87 CVE: Not Available
Platform: Web Application
Title: id3lib ID3 Tags Buffer Overflow
Description: The id3lib library is an open-source library for reading
and manipulating ID3v1 and ID3v2 tags. The application is exposed to a
buffer overflow issue because the it fails to perform adequate
boundary checks on user-supplied data. This issue affects the
"ParseExtend()" function of the "header_tag.cpp" source file. id3lib
versions committed to the CVS repository are affected.
Ref: http://www.securityfocus.com/archive/1/485323
______________________________________________________________________

07.52.88 CVE: Not Available
Platform: Web Application
Title: Sun Management Center Insecure Default Account Unauthorized
Access
Description: Sun Management Center (MC) is a web-based system
management interface for Sun Solaris. The application is exposed to an
insecure default account issue in its Oracle database component. The
Oracle database component runs under the unprivileged user "smcorau".
Sun MC versions 3.5 Update 1, 3.6, and 3.6.1 for the Solaris platform
are affected.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1&searchclause=
______________________________________________________________________

07.52.89 CVE: Not Available
Platform: Web Application
Title: xeCMS "view.php" Local File Include
Description: xeCMS a web-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "list" parameter of the "view.php"
script.
Ref: http://www.securityfocus.com/archive/1/485335
______________________________________________________________________

07.52.90 CVE: Not Available
Platform: Web Application
Title: iDevSpot iSupport "index.php" Local File Include
Description: iSupport is a Help Desk application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "include_file" parameter of the
"index.php" script. iSupport version 1.8 is affected.
Ref: http://www.securityfocus.com/archive/1/485392
______________________________________________________________________

07.52.91 CVE: Not Available
Platform: Web Application
Title: SiteScape Forum "dispatch.cgi" Tcl Command Injection
Description: SiteScape Forum is a web-based forum application
available for multiple operating platforms. The application is exposed
to a command execution issue because it fails to adequately sanitize
user-supplied input.
Ref: http://www.securityfocus.com/archive/1/485398
______________________________________________________________________

07.52.92 CVE: CVE-2007-5584
Platform: Network Device
Title: Cisco Application Inspection in Firewall Services Module Denial
of Service
Description: Cisco Firewall Services Module (FWSM) is an integrated
firewall module for some models of Cisco networking equipment. The
application is exposed to a denial of service issue because it fails
to handle specially crafted network packets. This issue occurs when
processing data streams in the control-plane path with Layer 7
Application Inspections.
Ref: http://www.securityfocus.com/archive/1/485320
______________________________________________________________________
[ terug ]