Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Jan. 14, 2008                                              Vol. 7. Week 3
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                       3 (#1, #10)
Other Microsoft Products                      1 (#9)
Third Party Windows Apps                     12 (#5, #7, #8)
Aix                                           1
Novell                                        1
Cross Platform                               22 (#2, #3, #4, #6, #11)
Web Application - Cross Site Scripting        6
Web Application - SQL Injection              16
Web Application                              34
Network Device                                3

*********************Sponsored By Hewlett Packard ***********************

In his latest report, ESG security analyst Jon Oltsik comments that,
"This slapdash approach to security management is no longer adequate".
Find out why in this informative HP-sponsored webinar based on research
with hundreds of security professionals.
Discover the latest trends and where your organization ranks in terms
of best practices and compliance.
http://www.sans.org/info/22083
************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - Orlando (SANS2008) (4/18-4/25) http://www.sans.org/sans2008
  (Our biggest training program)
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - Washington DC (VA) (3/24-3/31) http://www.sans.org/tysonscorner08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Windows Multiple Networking Vulnerabilities (MS08-001)
(2) CRITICAL: SAP MaxDB Remote Command Execution
(3) CRITICAL: McAfee E-Business Server Buffer Overflow
(4) CRITICAL: Apple QuickTime Player RTSP/HTTP Response Buffer Overflow
(5) CRITICAL: IBM Tivoli Storage Manager Express Heap Overflow
(6) HIGH: Open Group OpenPegasus Authentication Buffer Overflow
(7) HIGH: AOL Radio AmpX ActiveX Control Buffer Overflow
(8) HIGH: Gateway Web Launch ActiveX Control Multiple Vulnerabilities
(9) HIGH: Microsoft Visual FoxPro Multiple ActiveX Controls Remote Command
Execution
(10) MODERATE: Microsoft Rich Text Box ActiveX Control Arbitrary File Overwrite
Other Software
(11) HIGH: VideoLAN Client Media Player SDP Parsing Buffer Overflow

***************************  SPONSORED LINK  ****************************
1) This winter, train with warm weather and spectacular sunsets as a
backdrop. SANS Phoenix 2008, Feb 11-16.
http://www.sans.org/info/22088

*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.3.1 - Microsoft Windows LSASS LPC Request Local Privilege Escalation
08.3.2 - Microsoft Windows TCP/IP IGMP MLD Remote Code Execution
08.3.3 - Microsoft Windows TCP/IP ICMP Remote Denial of Service
 -- Third Party Windows Apps
08.3.4 - Foxit WAC Server Denial of Service
08.3.5 - Pragma Systems FortressSSH
08.3.6 - Pragma TelnetServer NULL-Pointer Dereference Denial of Service
08.3.7 - Novell ZENworks ESM Security Client
08.3.8 - JustSystem Multiple Products "JSFC.DLL" Buffer Overflow
08.3.9 - Sun Java Runtime Environment "jpiexp32.dll" Object Name NULL-Pointer
Denial of Service
08.3.10  - Gateway CWebLaunchCtl ActiveX Control Remote Buffer Overflow
08.3.11  - Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution
08.3.12  - Mircrosoft Rich TextBox Control "richtx32.ocx" ActiveX Insecure
Method
08.3.13  - Microsoft Visual FoxPro "vfp6r.dll" ActiveX Control Arbitrary Command
Execution
08.3.14  - SAP MaxDB "cons.exe" Remote Command Injection
08.3.15  - AOL Radio "MediaPlaybackControl.exe" AmpX ActiveX Control Stack
Buffer Overflow
 -- Aix
08.3.16  - IBM AIX Trusted Execution Unspecified
 -- Novell
08.3.17  - Novell Client for Windows "nicm.sys" Local Privilege Escalation
 -- Cross Platform
08.3.18  - yaSSL Multiple Remote Buffer Overflow Vulnerabilities
08.3.19  - Aruba Mobility Controller LDAP Authentication Bypass
08.3.20  - Xen DR7 and CR4 Registers Multiple Local Denial of Service
Vulnerabilities
08.3.21  - VLC Media Player "sdpplin_parse()" RTSP and Unspecified Heap Based
Buffer Overflow Vulnerabilities
08.3.22  - Half-Life Counter-Strike Login Denial of Service
08.3.23  - PostgreSQL Multiple Privilege Escalation and Denial of Service
Vulnerabilities
08.3.24  - Shareaza Update Notification Spoofing
08.3.25  - OpenPegasus WBEM CIM Management Server PAM Authentication Remote
Buffer Overflow
08.3.26  - Motorola netOctopus Agent "nantsys.sys" Local Privilege Escalation
08.3.27  - SynCE "vdccm" Daemon Remote Command Injection
08.3.28  - unp File Name Remote Arbitrary Shell Command Injection
08.3.29  - SSH Tectia Client and Server ssh-signer Local Privilege Escalation
08.3.30  - McAfee E-Business Server Authentication Remote Code Execution
08.3.31  - xine-lib "rmff_dump_cont()" Remote Heap Buffer Overflow
08.3.32  - Sun Java System Identity Manager Multiple Input Validation
Vulnerabilities
08.3.33  - IBM Lotus Domino Unspecified Denial of Service
08.3.34  - Horde Products Multiple Unspecified Security Bypass Vulnerabilities
08.3.35  - Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow
08.3.36  - Oracle January 2008 Advance Announcement Multiple Vulnerabilities
08.3.37  - IBM Tivoli Storage Manager Express Remote Heap Overflow
08.3.38  - Apache "mod_proxy_balancer" Multiple Vulnerabilities
08.3.39  - Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
 -- Web Application - Cross Site Scripting
08.3.40  - RotaBanner Local Multiple Cross-Site Scripting Vulnerabilities
08.3.41  - Joomla-SMF Forum Multiple Cross-Site Scripting Vulnerabilities
08.3.42  - Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
08.3.43  - IceWarp Mail Server "admin/index.html" Cross-Site Scripting
08.3.44  - Apache "mod_proxy_ftp" Undefined Charset UTF-7 Cross-Site Scripting
08.3.45  - Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 "mod_status" Cross-Site
Scripting
 -- Web Application - SQL Injection
08.3.46  - ID-Commerce "liste.php" SQL Injection
08.3.47  - SAM Broadcaster samPHPweb
08.3.48  - Tribisur Multiple SQL Injection Vulnerabilities
08.3.49  - RunCMS Newbb_plus Module Client-IP SQL Injection
08.3.50  - OneCMS Arbitrary File Upload Vulnerability and Multiple SQL Injection
Vulnerabilities
08.3.51  - FlexBB "flexbb_temp_id" SQL Injection
08.3.52  - DCP-Portal "index.php" SQL Injection
08.3.53  - Eggblog "eggblogpassword" SQL Injection
08.3.54  - SmallNuke "index.php" Multiple SQL Injection Vulnerabilities
08.3.55  - Zero CMS Arbitrary File Upload Vulnerability and Multiple SQL
Injection Vulnerabilities
08.3.56  - PHP Webquest "soporte_horizontal_w.php" SQL Injection
08.3.57  - DomPHP "inscription.php" SQL Injection
08.3.58  - MTCMS Index.PHP Multiple SQL Injection Vulnerabilities
08.3.59  - iGaming CMS "archive.php" SQL Injection
08.3.60  - DigitalHive "gestion_membre.php" SQL Injection
08.3.61  - DomPHP "agenda/index.php" SQL Injection
 -- Web Application
08.3.62  - XOOPS Information Disclosure
08.3.63  - netRisk Remote File Include
08.3.64  - SAM Broadcaster samPHPweb Remote File Include
08.3.65  - WebPortal CMS Unauthorized Access
08.3.66  - ClipShare Information Disclosure
08.3.67  - netRisk Information Disclosure
08.3.68  - WordPress Plugin Wp-FileManager "ajaxfilemanager.php" Arbitrary File
Upload
08.3.69  - UebiMiau "error.php" Local File Include
08.3.70  - Xoops XoopsGallery Module "init_basic.php" Remote File Include
08.3.71  - SineCms "index.php" File Include
08.3.72  - Loudblog "parse_old.php" Remote File Include
08.3.73  - netRisk "patch/index.php" Multiple Input Validation Vulnerabilities
08.3.74  - Shop-Script "index.php" Local Information Disclosure
08.3.75  - ekinboard Multiple Authentication Bypass and Arbitrary File Upload
Vulnerabilities
08.3.76  - PortalApp "forums.asp" and "content.asp" Multiple Input Validation
Vulnerabilities
08.3.77  - eTicket Multiple Scripts Multiple Input Validation Vulnerabilities
08.3.78  - Million Dollar Script "index.php" Local File Include
08.3.79  - CherryPy Cookie Session Id Information Disclosure
08.3.80  - SysHotel On Line System "index.php" Local File Include
08.3.81  - HelpBox Multiple Security Vulnerabilities
08.3.82  - OpenPegasus Management Server PAM Authentication "cimservera.pp"
Buffer Overflow
08.3.83  - EvilBoard Cross-Site Scripting and SQL Injection
08.3.84  - Tune Studios Multiple Web Page Templates "index.php" Remote File
Include
08.3.85  - PHP Webquest MySQL Credentials Information Disclosure
08.3.86  - UploadScript and UploadImage "admin.php" Unauthorized Access
08.3.87  - osDate "php121db.php" Remote File Include
08.3.88  - Omegasoft Insel Authentication Bypass Vulnerability and User
Enumeration Weakness
08.3.89  - Docebo SQL Injection Vulnerability and Multiple Information
Disclosure Vulnerabilities
08.3.90  - Horde IMP and Groupware Webmail Edition Multiple Input Validation
Vulnerabilities
08.3.91  - DomPHP "index.php" Remote File Include
08.3.92  - Evilsentinel Multiple Remote Vulnerabilities
08.3.93  - vtiger CRM File Information Disclosure
08.3.94  - VisionBurst vcart "abs_path" Parameter Multiple Remote File Include
Vulnerabilities
08.3.95  - Mambo Search Remote Denial of Service
 -- Network Device
08.3.96  - Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation
08.3.97  - Level One WBR-3460A 4-Port ADSL 2/2+ Wireless Modem Router
Unauthorized Access
08.3.98  - Ingate Firewall and SIParator Remote Denial of Service

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Windows Multiple Networking Vulnerabilities (MS08-001)
Affected;
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista

Description: Microsoft Windows contains multiple flaws in its handling
of certain network protocols. Flaws exist in the handling of Internet
Control Message Protocol (ICMP), Internet Group Management Protocol
(IGMP), and Multicast Listener Discovery (MLD). A specially crafted
message in one of these protocols could trigger a memory corruption
condition in the Windows kernel. Successfully exploiting one of these
vulnerabilities would allow an attacker to execute arbitrary code with
kernel-level privileges. Note that Router Discovery Protocol (RDP) must
be active for systems to be vulnerable to the ICMP processing flaw. This
protocol is disabled by default on all versions of Microsoft Windows.
Some technical details are publicly available for these vulnerabilities.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Wikipedia Article on ICMP
http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
Wikipedia Article on IGMP
http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol
Wikipedia Article on MLD
http://en.wikipedia.org/wiki/Multicast_Listener_Discovery
Wikipedia Article on RDP
http://en.wikipedia.org/wiki/ICMP_Router_Discovery_Protocol
SecurityFocus BIDs
http://www.securityfocus.com/bid/27100
http://www.securityfocus.com/bid/27139

*******************************

(2) CRITICAL: SAP MaxDB Remote Command Execution
Affected:
SAP MaxDB versions 7.6.03 and prior

Description: SAP MaxDB is a popular enterprise database system. It fails
to sanitize arguments to certain internal functions. A specially crafted
call containing shell characters to one of these functions would allow
an attacker to execute arbitrary commands with the privileges of the
vulnerable process. Some of these functions are callable without
authentication. Full technical details and a proof-of-concept are
publicly available for this vulnerability.

Status: SAP has not confirmed, no updates available.

References:
Advisory by Luigi Auriemma
http://milw0rm.com/exploits/4877
Proof-of-Concept (binary file link)
http://aluigi.org/poc/sapone.zip
Product Home Page
https://www.sdn.sap.com/irj/sdn/maxdb
SecurityFocus BID
http://www.securityfocus.com/bid/27206

*******************************

(3) CRITICAL: McAfee E-Business Server Buffer Overflow
Affected:
McAfee E-Business Server versions prior to 8.5.3

Description: McAfee E-Business Server provides encryption services to
enterprise clients. It contains a buffer overflow vulnerability in its
administrative interface. A specially crafted call to this interface
would trigger this buffer overflow and allow an attacker to execute
arbitrary code with root-level privileges. No authentication is
necessary to exploit this vulnerability. Full technical details and a
proof-of-concept are publicly available for this vulnerability. This
vulnerability may be related to another vulnerability discussed in a
previous edition of @RISK.

Status: McAfee confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP port 1718 at the
network perimeter, if possible.

References:
McAfee Security Bulletin
https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=
SAL_Public&command=show&forward=nonthreadedKC&kcId=614472
INFIGO Security Advisory (includes proof-of-concept)
http://www.securityfocus.com/archive/1/485992
Previous @RISK Edition
http://www.sans.org/newsletters/risk/display.php?v=6&i=45#widely2
Product Home Page
http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html
SecurityFocus BID
http://www.securityfocus.com/bid/27197

*******************************

(4) CRITICAL: Apple QuickTime Player RTSP/HTTP Response Buffer Overflow
Affected:
Apple QuickTime versions 7.3.1 and prior

Description: Apple QuickTime is Apple's streaming media framework for
Apple Mac OS X and Microsoft Windows. It contains a flaw in its handling
of responses sent by remote servers when attempting to stream media from
them. An overlong  Hypertext Transfer Protocol (HTTP) error response
could trigger a buffer overflow in QuickTime Player. Successfully
exploiting this buffer overflow would allow an attacker to execute
arbitrary code with the privileges of the current user. This
vulnerability manifests itself when HTTP is used as a fallback from a
failed Real Time Transport Protocol (RTSP) connection. Note that
QuickTime may launch automatically upon encountering a malicious link,
depending upon configuration. Full technical details and a
proof-of-concept are publicly available for this vulnerability.

Status: Apple has not confirmed, no updates available.

References:
Advisory by Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/quicktimebof-adv.txt
Apple QuickTime Home Page
http://www.apple.com/quicktime/
SecurityFocus BID
http://www.securityfocus.com/bid/27225

*******************************

(5) CRITICAL: IBM Tivoli Storage Manager Express Heap Overflow
Affected:
IBM Tivoli Storage Manager Express versions prior to 5.3.74

Description: IBM Tivoli Storage Manager Express is a storage and backup
management application from IBM. It contains a heap overflow
vulnerability in its handling of client requests. A specially crafted
request could exploit this buffer overflow to execute arbitrary code
with the privileges of the vulnerable process (often SYSTEM). Note that
it appears only versions running on Microsoft Windows are affected. Some
technical details for this vulnerability are publicly available.

Status: IBM confirmed, updates available.

References:
IBM Security Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21291536
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-001.html
Product Home Page
http://www-306.ibm.com/software/tivoli/solutions/storage/
SecurityFocus BID
http://www.securityfocus.com/bid/27235

*******************************

(6) HIGH: Open Group OpenPegasus Authentication Buffer Overflow
Affected:
Open Group OpenPegasus versions 2.6.1 and prior

Description: Open Group OpenPegasus is an open source implementation of
the Common Information Model (CIM) and Web-Based Enterprise Management
(WBEM) standards. It is used to manage information technology and
enterprise infrastructure. It contains a buffer overflow vulnerability
in its authentication subsystem. A specially crafted authentication
request could trigger this buffer overflow, and allow an attacker to
execute arbitrary code with the privileges of the vulnerable process.
Full technical details for this vulnerability are available via source
code analysis. OpenPegasus is used as a component of some other
products, most notable VMWare ESX Server. Other products using
OpenPegasus are presumably vulnerable. Note that the vulnerable
interface is disabled by default on VMWare ESX Server.

Status: Open Group confirmed, updates available.

References:
VMWare Security Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
Wikipedia Article on CIM
http://en.wikipedia.org/wiki/Common_Information_Model_%28computing%29
Wikipedia Artical on WBEM
http://en.wikipedia.org/wiki/Web-Based_Enterprise_Management
OpenPegasus Home Page
http://www.openpegasus.org/
SecurityFocus BID
http://www.securityfocus.com/bid/27188

*******************************

(7) HIGH: AOL Radio AmpX ActiveX Control Buffer Overflow
Affected:
AOL Radio AmpX ActiveX Control versions prior to 2.6.2.6

Description: AOL Radio is a streaming media service from AOL. Part of
its functionality is implemented as an ActiveX control. This control
contains a flaw in its "AppendFileToPlaylist" method. A specially
crafted web page that instantiates this control could leverage this flaw
into a buffer overflow vulnerability. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. Some technical details for this
vulnerability are publicly available.

Status: AOL confirmed, updates available. Users can mitigate the impact
of this vulnerability by disabling the affected control via Microsoft's
"kill bit" mechanism for CLSIDs "B49C4597-8721-4789-9250-315DFBD9F525"
and "FA3662C3-B8E8-11D6-A667-0010B556D978". Note that this may affect
normal application functionality.

References:
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/568681
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
AOL Radio Home Page
http://radioplayer.aol.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27207

*******************************

(8) HIGH: Gateway Web Launch ActiveX Control Multiple Vulnerabilities
Affected:
Gateway Web Launch ActiveX Control versions 1.0.0.1 and prior

Description: The Gateway Web Launch ActiveX control is used to provide
troubleshooting and launch services to users of Gateway computers. It
is installed by default on many Gateway systems. This control contains
multiple vulnerabilities in its "DoWebLaunch" method. This method does
not validate its parameters, leaving it vulnerable to a path traversal
attack. Additionally, it contains multiple buffer overflows in the
parsing of other arguments. Successfully exploiting either of these
vulnerabilities would allow an attacker to execute arbitrary code with
the privileges of the current user. Full technical details and a
proof-of-concept are publicly available for this vulnerability.

Status: Gateway has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"93CEA8A4-6059-4E0B-ADDD-73848153DD5E". Note that this may affect normal
application functionality.

References:
Proof-of-Concept by e.b.
http://www.milw0rm.com/exploits/4869
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/735441
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/27193

*******************************

(9) HIGH: Microsoft Visual FoxPro Multiple ActiveX Controls Remote Command
Execution
Affected:
Microsoft Visual FoxPro version 6 and prior

Description: Microsoft Visual FoxPro is an integrated development
environment for the FoxPro database language. Several ActiveX controls
installed by the application contain arbitrary command execution
vulnerabilities. These controls provide methods explicitly designed to
execute commands upon request, and do not verify the caller. A malicious
web page that instantiated one of these controls could exploit one of
these vulnerabilities to execute arbitrary code with the privileges of
the current user. Multiple proofs-of-concept are publicly available for
these vulnerabilities. Note that these vulnerabilities may be related
to issues discussed in previous editions of @RISK.

Status: Microsoft has not confirmed, updates are not available. Users
can mitigate the impact of these vulnerabilities by disabling the
affected controls via Microsoft's "kill bit" mechanism for CLSIDs
"008B6010-1F3D-11D1-B0C8-00A0C9055D74" and
"A7CD2320-6117-11D7-8096-0050042A4CD2".

References:
Proofs-of-Concept
http://milw0rm.com/exploits/4873
http://milw0rm.com/exploits/4875
Wikipedia Article on FoxPro
http://en.wikipedia.org/wiki/FoxPro
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://msdn2.microsoft.com/en-us/vfoxpro/default.aspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/27205
http://www.securityfocus.com/bid/27199

*******************************

(10) MODERATE: Microsoft Rich Text Box ActiveX Control Arbitrary File Overwrite
Affected:
Microsoft Rich Text Box ActiveX Control

Description: The Microsoft Rich Text Box ActiveX control provides a user
interface widget for editing Rich Text Format (RTF) documents. This
control provides a "SaveFile" method that, when called, will save the
contents of the text box to an arbitrary file on the system. A specially
crafted web page that instantiated this control would be able to exploit
this vulnerability to create or overwrite arbitrary files with the
privileges of the current user. A proof-of-concept is publicly available
for this vulnerability.

Status: Microsoft has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism for CLSID
"B617B991-A767-4F05-99BA-AC6FCABB102E".

References:
Proof-of-Concept
http://milw0rm.com/exploits/4874
Wikipedia Article on Rich Text Format
http://en.wikipedia.org/wiki/Rich_Text_Format
Widget Developer Documentation
http://technet.microsoft.com/en-us/library/s2t5aae7(VS.80.aspx
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/27201

****************
Other Software
****************

(11) HIGH: VideoLAN Client Media Player SDP Parsing Buffer Overflow
Affected:
VideoLAN Client versions 0.8.6d and prior

Description: VideoLAN Client, known as VLC, is a popular open source
multiplatform media player. VLC contains a buffer overflow in its
handling of Session Description Protocol (SDP) requests. SDP is used to
setup media streaming sessions. A specially crafted server responses to
a request could trigger this vulnerability and allow an attacker to
execute arbitrary code with the privileges of the current user. Note
that, depending upon configuration, VLC may be launched automatically
when a user accesses media that VLC is configured to play. Full
technical details and a proof-of-concept are publicly available for this
vulnerability.

Status: VLC has not confirmed, no updates available.

References:
Advisory from Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/vlcxhof-adv.txt
Wikipedia Article on SDP
http://en.wikipedia.org/wiki/Session_Description_Protocol
VideoLAN Client Home Page
http://www.videolan.org/
SecurityFocus BID
http://www.securityfocus.com/bid/27221

********************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.3.1 CVE: CVE-2007-5352
Platform: Windows
Title: Microsoft Windows LSASS LPC Request Local Privilege Escalation
Description: Microsoft Windows Local Security Authority Subsystem
Service (LSASS) is a security mechanism that handles local security and
login policies. The application is exposed to a local privilege
escalation issue because it fails to handle specially-crafted local
procedure call (LPC) requests.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-002.mspx
______________________________________________________________________

08.3.2 CVE: CVE-2007-0069
Platform: Windows
Title: Microsoft Windows TCP/IP IGMP MLD Remote Code Execution
Description: IGMP (Internet Group Management Protocol) is a
communications protocol for managing IP multicast-group memberships.
MLD (Multicast Listener Discovery) is the protocol used in the IPv6
protocol suite for discovering listeners for a specific multicast
group. Microsoft Windows is exposed to a remote code execution issue
because the Windows kernel fails to sufficiently validate
user-supplied data when storing the state of IGMPv3 and MLDv2 requests
that are processed by TCP/IP.
Ref: http://www.iss.net/threats/282.html
______________________________________________________________________

08.3.3 CVE: CVE-2007-0066
Platform: Windows
Title: Microsoft Windows TCP/IP ICMP Remote Denial of Service
Description: ICMP (Internet Control Management Protocol) is a TCP/IP
communications protocol used primarily to send error messages related
to network activity. The application is exposed to a remote denial of
service issue because the Windows kernel fails to sufficiently
validate fragmented router advertisement ICMP requests that are
processed by TCP/IP.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
______________________________________________________________________

08.3.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Foxit WAC Server Denial of Service
Description: Foxit WAC Server is a telnet and SSH server available for
Microsoft Windows. The application is exposed to a denial of service
issue because it fails to perform adequate boundary checks on
user-supplied data. The vulnerability exists when handling options
larger than 260 bytes. Foxit WAC Server version 2.1.0.910 is affected.
Ref: http://aluigi.altervista.org/adv/waccaz-adv.txt
______________________________________________________________________

08.3.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Pragma Systems FortressSSH
Description: Pragma Systems FortressSSH is an SSH server for Microsoft
Windows. The application is exposed to a remote denial of service
issue because of exception handling. The server uses *_s functions to
handle strings of incoming requests. FortressSSH version 5.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/485812
______________________________________________________________________

08.3.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Pragma TelnetServer NULL-Pointer Dereference Denial of Service
Description: Pragma TelnetServer is a telnet and SSH server for the
Microsoft Windows platform. The application is exposed to a denial of
service issue because it fails to adequately handle "TELOPT PRAGMA
LOGON" telnet options during the termination of multiple connections.
Pragma TelnetServer version 7.0 Build 4 Revision 589 is affected.
Ref: http://aluigi.altervista.org/adv/pragmatel-adv.txt
______________________________________________________________________

08.3.7 CVE: CVE-2007-5665
Platform: Third Party Windows Apps
Title: Novell ZENworks ESM Security Client
Description: Novell ZENworks ESM (Endpoint Security Management) is a
centrally-managed policy-based firewall application for the Microsoft
Windows operating platform. ZENworks ESM Security Client
"STEngine.exe" is exposed to a local privilege escalation issue.
ZENworks Endpoint Security Management version 3.5.0.20 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635
______________________________________________________________________

08.3.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: JustSystem Multiple Products "JSFC.DLL" Buffer Overflow
Description: JustSystem products are exposed to a buffer overflow
issue because they fail to properly bounds check user-supplied data
before using it in an insufficiently sized buffer.
Ref: http://www.securityfocus.com/bid/27153
______________________________________________________________________

08.3.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sun Java Runtime Environment "jpiexp32.dll" Object Name
NULL-Pointer Denial of Service
Description: Sun Java Runtime Environment (JRE) is an environment for
running applications written in Java. JRE is exposed to a remote
denial of service issue when an HTML object that references an
arbitrary Java applet but does not define the "name" attribute is
handled by Internet Explorer (other browsers may also be affected). A
NULL-pointer exception occurs when the data is passed to the JRE
Virtual Machine. This issue occurs in the "jpiexp32.dll" library. Sun
JRE versions prior to 5.0 update 14 are affected.
Ref: http://www.securityfocus.com/archive/1/485942
______________________________________________________________________

08.3.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Gateway CWebLaunchCtl ActiveX Control Remote Buffer Overflow
Description: CWebLaunchCtl is an ActiveX control provided on Gateway
Computers products. The ActiveX control is exposed to a buffer
overflow issue that affects the "DoWebLaunch()" method of the ActiveX
control. weblaunch.ocx version 1.0.0.1, which provides the ActiveX
control, is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.3.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft VFP_OLE_Server ActiveX Control Remote Command
Execution
Description: Microsoft VFP_OLE_Server ActiveX control is a tool used
for linking Visual FoxPro components to other software. The control is
exposed to a remote command execution issue.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.3.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Rich TextBox Control "richtx32.ocx" ActiveX Insecure
Method
Description: Microsoft Rich TextBox Control is an ActiveX control
used to display, enter, and format text. The application is exposed to
an issue that allows attackers to create or overwrite arbitrary data
with the privileges of the application using the control (typically
Internet Explorer). Microsoft Rich TextBox Control richtx32.ocx
version 6.1.97.82 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.3.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Visual FoxPro "vfp6r.dll" ActiveX Control Arbitrary
Command Execution
Description: Microsoft Visual FoxPro provides tools to create and
manage 32-bit database applications and components. The application is
exposed to an issue that lets attackers execute arbitrary commands.
Microsoft Visual FoxPro version 6.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.3.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: SAP MaxDB "cons.exe" Remote Command Injection
Description: SAP MaxDB is a database application developed by SAP. It
is available for multiple platforms. The application is exposed to a
remote command injection issue due to a failure of the application to
properly sanitize user-supplied input. MaxDB version 7.6.03 build 007
is affected.
Ref: http://www.securityfocus.com/archive/1/486039
______________________________________________________________________

08.3.15 CVE: CVE-2007-6250
Platform: Third Party Windows Apps
Title: AOL Radio "MediaPlaybackControl.exe" AmpX ActiveX Control Stack
Buffer Overflow
Description: AOL Radio is used for streaming audio files in web
browsers. The application is exposed to a stack-based buffer overflow
issue because the application fails to perform adequate boundary
checks on user-supplied data. AOL Radio "AmpX.dll" ActiveX control
versions prior to 2.6.2.6 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.3.16 CVE: Not Available
Platform: Aix
Title: IBM AIX Trusted Execution Unspecified
Description: IBM AIX Trusted Execution is exposed to an unspecified
issue due to a flaw in the "trustchk_block_write()" function. Please
refer to the link below for further information.
Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ12119
______________________________________________________________________

08.3.17 CVE: CVE-2007-5762
Platform: Novell
Title: Novell Client for Windows "nicm.sys" Local Privilege Escalation
Description: Novell Client for Windows allows users to access Novell
services from remote computers. The client is exposed to a local
privilege escalation issue because it fails to adequately handle
user-supplied input. Novell Client for Windows 4.91 SP3 and SP4 are
affected.
Ref: http://www.securityfocus.com/archive/1/486053
______________________________________________________________________

08.3.18 CVE: Not Available
Platform: Cross Platform
Title: yaSSL Multiple Remote Buffer Overflow Vulnerabilities
Description: yaSSL (yet Another SSL) is an open source SSL (Secure
Sockets Layer) library. The application is exposed to remote buffer
overflow issues. yaSSL version 1.7.5 is affected.
Ref: http://www.securityfocus.com/archive/1/485810
______________________________________________________________________

08.3.19 CVE: Not Available
Platform: Cross Platform
Title: Aruba Mobility Controller LDAP Authentication Bypass
Description: Aruba Mobility Controller is used to scale ArubaOS and
other software modules on enterprise networks. The application is
exposed to an authentication bypass issue in the LDAP-authentication
mechanism. The LDAP authentication mechanism is not enabled by
default. Aruba Mobility Controller firmware versions 2.3.6.15,
2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, 2.4.8.11-FIPS and earlier
versions using LDAP authentication for management and VPN
user-authentication are affected.
Ref: http://www.arubanetworks.com/support/alerts/aid-122207.asc
______________________________________________________________________

08.3.20 CVE: CVE-2007-5906, CVE-2007-5907
Platform: Cross Platform
Title: Xen DR7 and CR4 Registers Multiple Local Denial of Service
Vulnerabilities
Description: Xen is an open-source hypervisor or virtual machine
monitor. The application is exposed to a local denial of service
issue.
Ref:
http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html
______________________________________________________________________

08.3.21 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player "sdpplin_parse()" RTSP and Unspecified Heap
Based Buffer Overflow Vulnerabilities
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to multiple
heap-based buffer overflow issues because it fails to perform adequate
boundary checks on user-supplied input. VLC version 0.8.6d is
affected.
Ref: http://aluigi.altervista.org/adv/vlcxhof-adv.txt
______________________________________________________________________

08.3.22 CVE: Not Available
Platform: Cross Platform
Title: Half-Life Counter-Strike Login Denial of Service
Description: Half-Life Counter-Strike is a game distributed and
maintained by Valve Software. It includes features that allow users to
play locally or across a network. The game engine is used in many
modifications. The application is exposed to a denial of service issue
because it fails to handle specially-crafted network packets. The
issue occurs when logging into the server. Half-Life Counter-Strike
version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/27159
______________________________________________________________________

08.3.23 CVE: CVE-2007-6600, CVE-2007-6601, CVE-2007-4772,
CVE-2007-6067, CVE-2007-4769
Platform: Cross Platform
Title: PostgreSQL Multiple Privilege Escalation and Denial of Service
Vulnerabilities
Description: PostgreSQL is an open-source database for Windows, UNIX,
and Linux. The application is exposed to multiple remote issues.
PostgreSQL versions 8.2, 8.1, 8.0, 7.4, and 7.3 are affected.
Ref: http://www.securityfocus.com/archive/1/485864
______________________________________________________________________

08.3.24 CVE: Not Available
Platform: Cross Platform
Title: Shareaza Update Notification Spoofing
Description: Shareaza is a peer to peer (P2P) client. The application
is exposed to an issue that allows attackers to spoof update
notifications because notifications from the domain
"update.shareaza.com" are not controlled by the vendor. Shareaza
versions prior to 2.3.1.0 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250
______________________________________________________________________

08.3.25 CVE: CVE-2008-0003
Platform: Cross Platform
Title: OpenPegasus WBEM CIM Management Server PAM Authentication
Remote Buffer Overflow
Description: OpenPegasus is an implementation of the WBEM (Web-Based
Enterprise Management) and DMTF (Distributed Management Task Force)
CIM (Common Information Model) standards. These standards define an
information model and communication protocol for server resource
management. The application is exposed to a remote buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The version 2.6 series of OpenPegasus is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=426578
______________________________________________________________________

08.3.26 CVE: CVE-2007-5761
Platform: Cross Platform
Title: Motorola netOctopus Agent "nantsys.sys" Local Privilege
Escalation
Description: netOctopus is an asset management agent. The application
is exposed to a local privilege escalation issue because the
"nantsys.sys" driver exposes ".NantSys" as a world-writeable device
interface. Specifically, the driver allows reading and writing of CPU
Model Specific Registers (MSRs). netOctopus version 5.1.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485911
______________________________________________________________________

08.3.27 CVE: Not Available
Platform: Cross Platform
Title: SynCE "vdccm" Daemon Remote Command Injection
Description: SynCE is an open-source project that provides tools to
communicate between Microsoft Windows CE or Pocket PC devices and
computers running Linux/Unix. The application is exposed to a remote
command injection issue because it fails to adequately sanitize
user-supplied input data. SynCE version 0.92 is affected.
Ref: http://www.securityfocus.com/archive/1/485884
______________________________________________________________________

08.3.28 CVE: CVE-2007-6610
Platform: Cross Platform
Title: unp File Name Remote Arbitrary Shell Command Injection
Description: unp is a perl script to speed up and automate extraction
of different archive files. The application is exposed to a remote
command injection issue because it fails to adequately sanitize
user-supplied input data. Specifically, filenames are not properly
sanitized before being passed as arguments to invoked commands.
Attackers can exploit this issue by enticing an unsuspecting user to
use unp to open a file with a specially-crafted name. unp version
1.0.12 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448437
______________________________________________________________________

08.3.29 CVE: CVE-2007-5616
Platform: Cross Platform
Title: SSH Tectia Client and Server ssh-signer Local Privilege
Escalation
Description: SSH Tectia Client and Server packages are commercial
implementations of the SSH protocol. They are available for multiple
platforms including Unix, Unix-like, and Microsoft Windows operating
systems. The application is exposed to a local privilege escalation
issue due to an unspecified flaw in the setuid-superuser "ssh-signer"
utility. SSH Tectia Client and Server packages versions from 5.0
through to 5.2.3, and 5.3 through to 5.3.5 are affected.
Ref: http://www.kb.cert.org/vuls/id/921339
______________________________________________________________________

08.3.30 CVE: Not Available
Platform: Cross Platform
Title: McAfee E-Business Server Authentication Remote Code Execution
Description: McAfee E-Business Server secures communication channels on
enterprise networks. E-Business Server is exposed to a remote code
execution issue that occurs prior to authentication. E-Business Server
versions 8.5.2 and earlier are affected.
Ref: https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=
614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472
______________________________________________________________________

08.3.31 CVE: Not Available
Platform: Cross Platform
Title: xine-lib "rmff_dump_cont()" Remote Heap Buffer Overflow
Description: The "xine-lib" is a library that allows various media
players to play various media formats. The library is a plugin for
Real media. It is available for UNIX, Linux, Mac OS X, and other
UNIX-like operating systems. The application is exposed to a remote
heap-based buffer overflow issue because it fails to
perform adequate boundary-checks on user-supplied data. xine-lib
versions 1.1.9 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27203
______________________________________________________________________

08.3.32 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Identity Manager Multiple Input Validation
Vulnerabilities
Description: Sun Java System Identity Manager facilitates user
identity management across various platforms and applications. The
application is exposed to multiple input validation issues because it
fails to adequately sanitize user-supplied input. Sun Java System
Identity Manager versions 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0 and 7.1 are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1

______________________________________________________________________

08.3.33 CVE: Not Available
Platform: Cross Platform
Title: IBM Lotus Domino Unspecified Denial of Service
Description: IBM Lotus Domino is a client/server product designed for
collaborative working environments. Domino Server supports email,
scheduling, instant messaging, and data-driven applications. The
application is exposed to a denial of service issue to deny service to
legitimate users. IBM Lotus Domino versions prior to 7.0.2 Fix Pack 3
are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27011539
______________________________________________________________________

08.3.34 CVE: Not Available
Platform: Cross Platform
Title: Horde Products Multiple Unspecified Security Bypass
Vulnerabilities
Description: Horde products are exposed to multiple unspecified
issues. Mnemo version 2.1.1, Nag 2.1.3, Kronolith 2.1.6, Turba 2.1.5,
Horde Groupware Webmail Edition 1.0.3, and Horde Groupware 1.0.2 is
affected. Horde version 3.1.5 is affected.
Ref: http://www.securityfocus.com/bid/27217
______________________________________________________________________

08.3.35 CVE: Not Available
Platform: Cross Platform
Title: Apple QuickTime RTSP Connection Status Display Remote Buffer
Overflow
Description: Apple QuickTime is a media player for Mac OS X and
Microsoft Windows. The application is exposed to a remote buffer
overflow issue because the application fails to properly bounds check
user-supplied input before copying it to an insufficiently sized
buffer. QuickTime version 7.3.1.70 is affected.
Ref: http://www.kb.cert.org/vuls/id/112179
______________________________________________________________________

08.3.36 CVE: Not Available
Platform: Cross Platform
Title: Oracle January 2008 Advance Announcement Multiple
Vulnerabilities
Description: Oracle has released an advance announcement of their
critical patch update. The advisory will address 27 issues affecting
Oracle Database, Oracle Application Server, Oracle Collaboration Suite,
Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft
Enterprise, and JD Edwards EnterpriseOne.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/
cpujan2008.html
______________________________________________________________________

08.3.37 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Storage Manager Express Remote Heap Overflow
Description: IBM Tivoli Storage Manager (TCM) facilitates data backup
and archiving. The application is exposed to a remote heap overflow
issue because the software fails to properly bounds check
user-supplied data before copying it to an insufficiently sized
buffer. The issue arises when an application which is not a TCM client
directly opens the server TCP socket and sends specially-crafted
packets to the server. IBM Tivoli Storage Manager Express version 5.3
for Microsoft Windows 2003 server platforms is exposed.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21291536
______________________________________________________________________

08.3.38 CVE: CVE-2007-6420, CVE-2007-6421, CVE-2007-6422,
CVE-2007-6423
Platform: Cross Platform
Title: Apache "mod_proxy_balancer" Multiple Vulnerabilities
Description: Apache is exposed to multiple vulnerabilities affecting
the "mod_proxy_balancer" module. Apache versions 2.2.6, 2.2.5, 2.2.4,
2.2.3, 2.2.2 and 2.2.0 are affected.
Ref: http://www.securityfocus.com/archive/1/486169
______________________________________________________________________

08.3.39 CVE: Not Available
Platform: Cross Platform
Title: Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms, including Microsoft Windows and
UNIX/Linux variants. The application is exposed to multiple remote
issues. Drupal versions prior to 4.7.11 and 5.6 are affected.
Ref: http://drupal.org/node/208565
______________________________________________________________________

08.3.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RotaBanner Local Multiple Cross-Site Scripting Vulnerabilities
Description: RotaBanner Local is a banner engine for web-based
advertising. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input to the "user" and "drop" parameters of the "index.php" script.
RotaBanner versions Local 2 and 3 are affected.
Ref: http://www.securityfocus.com/archive/1/485786
______________________________________________________________________

08.3.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Joomla-SMF Forum Multiple Cross-Site Scripting Vulnerabilities
Description: Joomla-SMF Forum is a bridge that integrates Joomla! and
Simple Machines Forum (SMF). The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input to unspecified parameters. SMF version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/27218
______________________________________________________________________

08.3.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
Description: Snitz Forums 2000 is a web-based forum application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. The following scripts and
parameters are affected: "/Forums/setup.php : mail" and "/login.php :
target". Snitz Forums 2000 versions 2.4.05 and 3.4.06 are affected.
Ref: http://www.securityfocus.com/archive/1/485836
______________________________________________________________________

08.3.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IceWarp Mail Server "admin/index.html" Cross-Site Scripting
Description: IceWarp Mail Server is a commercially-available mail
server implemented for Windows and Linux platforms. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "message" parameter of the
"/admin/index.html" script.
Ref: http://www.securityfocus.com/bid/27189
______________________________________________________________________

08.3.44 CVE: CVE-2008-0005
Platform: Web Application - Cross Site Scripting
Title: Apache "mod_proxy_ftp" Undefined Charset UTF-7 Cross-Site
Scripting
Description: Apache is an HTTP webserver available for multiple
operating platforms. The "mod_proxy_ftp" is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to unspecified parameters. Reports indicate that this issue
exists in the "mod_proxy_ftp.c" source file and an attacker can use the
";" character in a URL by setting the Charset to UTF-7 because the
Charset is not defined by the application. Apache versions prior
to 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev are affected.
Ref: http://securityreason.com/achievement_securityalert/49
______________________________________________________________________

08.3.45 CVE: CVE-2007-6388
Platform: Web Application - Cross Site Scripting
Title: Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 "mod_status"
Cross-Site Scripting
Description: The Apache HTTP Server mod_status module provides
information on server activity. The module is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to unspecified parameters.  Specifically, this issue occurs when
the "server-status" page is publicly accessible. Apache versions prior
to 2.2.7-dev, 2.0.62-dev and 1.3.40-dev are affected.
Ref: http://httpd.apache.org/security/vulnerabilities_22.html
______________________________________________________________________

08.3.46 CVE:
Platform: Web Application - SQL Injection
Title: ID-Commerce "liste.php" SQL Injection
Description: ID-Commerce is a web-based e-commerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "idFamille" parameter
of the "liste.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27220
______________________________________________________________________

08.3.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SAM Broadcaster samPHPweb
Description: SAM Broadcaster is an application for streaming internet
radio content. samPHPweb is a component of the application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "songid" parameter of
the "songinfo.php" script before using it in an SQL query. SAM
Broadcaster samPHPweb version 4.2.2 is affected.
Ref: http://www.securityfocus.com/bid/27147
______________________________________________________________________

08.3.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tribisur Multiple SQL Injection Vulnerabilities
Description: Tribisur is a content-management system (CMS). The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input before using it in SQL
queries. Tribisur version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27149
______________________________________________________________________

08.3.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS Newbb_plus Module Client-IP SQL Injection
Description: RunCMS is a web-based content manager implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize client-supplied data to the "Clinet-IP" field
in HTTP requests before using it in an SQL query. Specifically, the
issue affects the "newbb_plus" module versions 0.92 and earlier and
can be exploited by spoofing the the "Client-IP" header.
Ref: http://www.securityfocus.com/bid/27152
______________________________________________________________________

08.3.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OneCMS Arbitrary File Upload Vulnerability and Multiple
SQL Injection Vulnerabilities
Description: OneCMS is a PHP-based content manager. The application is
exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. OneCMS version 2.4 is
affected.
Ref: http://www.securityfocus.com/archive/1/485837
______________________________________________________________________

08.3.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FlexBB "flexbb_temp_id" SQL Injection
Description: FlexBB is a web-based bulletin board. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "flexbb_temp_id" Cookie HTTP
request parameter of the "Templates" function before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/27164
______________________________________________________________________

08.3.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DCP-Portal "index.php" SQL Injection
Description: DCP-Portal is a web-based portal application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize client-supplied data to the "cid" parameter of
the "index.php" script before using it in an SQL query. DCP-Portal
version 6.11 is affected.
Ref: http://www.securityfocus.com/bid/27167
______________________________________________________________________

08.3.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Eggblog "eggblogpassword" SQL Injection
Description: Eggblog is a web-based tutoring application. The
application is exposed to an SQL injection issue because the
application fails to sufficiently sanitize user-supplied data before
using it in an SQL query. The issue affects "eggblogpassword"
parameter when handling malformed cookie data. Eggblog version 3.10 is
affected.
Ref: http://www.securityfocus.com/bid/27168
______________________________________________________________________

08.3.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SmallNuke "index.php" Multiple SQL Injection Vulnerabilities
Description: SmallNuke is a PHP-based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "user_email" and
"username" parameters of the "index.php" script before using it in an
SQL query. Specifically, the issues arise when "index.php" is called
with the "go" parameter set to the value "Members". SmallNuke version
2.0.4 is affected.
Ref: http://www.securityfocus.com/bid/27180
______________________________________________________________________

08.3.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zero CMS Arbitrary File Upload Vulnerability and Multiple
SQL Injection Vulnerabilities
Description: Zero CMS is a PHP-based content manager. The application
is exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. Zero CMS version 1.0 Alpha
is affected.
Ref: http://www.securityfocus.com/bid/27186
______________________________________________________________________

08.3.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Webquest "soporte_horizontal_w.php" SQL Injection
Description: PHP Webquest is a PHP-based content manager designed for
educators. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id_actividad" parameter of the "soporte_horizontal_w.php" script
before using it in an SQL query. PHP Webquest version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/27192
______________________________________________________________________

08.3.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DomPHP "inscription.php" SQL Injection
Description: DomPHP is a content management system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "mail" parameter of the
"welcome/inscription.php" script before using it in an SQL query.
DomPHP versions 0.81 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27212
______________________________________________________________________

08.3.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MTCMS Index.PHP Multiple SQL Injection Vulnerabilities
Description: MTCMS is a content management system. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "a" and "cid"
parameters of the "index.php" script before using it in an SQL query.
MTCMS version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/486090
______________________________________________________________________

08.3.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iGaming CMS "archive.php" SQL Injection
Description: iGaming CMS is a content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "section" parameter of
the "archive.php" script before using it in an SQL query. iGaming CMS
versions 1.3.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27230
______________________________________________________________________

08.3.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DigitalHive "gestion_membre.php" SQL Injection
Description: DigitalHive is a forum implemented in PHP. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user_id" parameter of the
"gestion_membre.php" script before using it in an SQL query. DigitalHive
versions 2.0 RC2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27232/info
______________________________________________________________________

08.3.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DomPHP "agenda/index.php" SQL Injection
Description: DomPHP is a content management system implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "agenda/index.php" script before using it in an SQL query. DomPHP
version 0.81 is affected.
Ref: http://www.securityfocus.com/bid/27233
______________________________________________________________________

08.3.62 CVE: Not Available
Platform: Web Application
Title: XOOPS Information Disclosure
Description: XOOPS is a PHP-based content manager. The application is
exposed to an information disclosure issue because the application
fails to check user permissions in the "b_system_comments_show()"
function of the script "htdocs/modules/system/blocks/system_blocks.php".
XOOPS versions prior to 2.0.18 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=1808484&group_id=41586&
atid=430840
______________________________________________________________________

08.3.63 CVE: Not Available
Platform: Web Application
Title: netRisk Remote File Include
Description: netRisk is a multi-player, web-based version of the board
game Risk. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"page" parameter of the "index.php" script. netRisk version 1.9.7 is
affected.
Ref: http://www.securityfocus.com/bid/27136
______________________________________________________________________

08.3.64 CVE: Not Available
Platform: Web Application
Title: SAM Broadcaster samPHPweb Remote File Include
Description: SAM Broadcaster is an application for streaming Internet
radio content. SamPHPweb is a component of the application. The
application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the "commonpath"
parameter of the "/common/db.php" script. SAM Broadcaster samPHPweb
version 4.2.2 is affected.
Ref: http://www.securityfocus.com/bid/27137
______________________________________________________________________

08.3.65 CVE: Not Available
Platform: Web Application
Title: WebPortal CMS Unauthorized Access
Description: WebPortal CMS is a PHP-based content manager. The
application is exposed to an issue that results in unauthorized access
because the application generates predictable passwords for users who
forget their password. WebPortal CMS version 0.6 is affected.
Ref: http://www.securityfocus.com/bid/27145
______________________________________________________________________

08.3.66 CVE: Not Available
Platform: Web Application
Title: ClipShare Information Disclosure
Description: ClipShare is a PHP-based application that allows users to
develop video-sharing web sites. The application is exposed to an
information disclosure issue because it fails to sanitize
user-supplied input before using it to provide authentication
credentials.
Ref: http://www.securityfocus.com/bid/27148
______________________________________________________________________

08.3.67 CVE: Not Available
Platform: Web Application
Title: netRisk Information Disclosure
Description: netRisk is a multi-player, web-based version of the board
game Risk. The application is exposed to an information disclosure
issue because it fails to sanitize user-supplied input before using it
to provide authentication credentials.
Ref: http://www.securityfocus.com/bid/27150
______________________________________________________________________

08.3.68 CVE: Not Available
Platform: Web Application
Title: WordPress Plugin Wp-FileManager "ajaxfilemanager.php" Arbitrary
File Upload
Description: WebPress is a web-based publishing application
implemented in PHP. WP-FileManager plugin for WordPress provides
functionality to upload, delete and organize files. The plugin is
exposed to an arbitrary file upload issue because it fails to properly
restrict access to file upload functionality. WP-FileManager version
1.2 is affected.
Ref: http://www.securityfocus.com/bid/27151
______________________________________________________________________

08.3.69 CVE: Not Available
Platform: Web Application
Title: UebiMiau "error.php" Local File Include
Description: UebiMiau is a web-based email client. The application is
exposed to a local file include issue because it fails to sufficiently
sanitize user-supplied input to the "selected_theme" parameter of the
"error.php" script. UebiMiau versions 2.7.10 and 2.7.2 are affected.
Ref: http://www.securityfocus.com/bid/27154
______________________________________________________________________

08.3.70 CVE: Not Available
Platform: Web Application
Title: Xoops XoopsGallery Module "init_basic.php" Remote File Include
Description: XoopsGallery is a gallery module for the XOOPS content
manager. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"GALLERY_BASEDIR" parameter of the "init_basic.php" script when passed
in a specially crafted URI that contains hash values for
"GALLERY_BASEDIR". XoopsGallery version 1.3.3.9 is affected.
Ref: http://www.securityfocus.com/bid/27155
______________________________________________________________________

08.3.71 CVE: Not Available
Platform: Web Application
Title: SineCms "index.php" File Include
Description: SineCms is a web-based content manager. The application
is exposed to a file include issue because it fails to sufficiently
sanitize user-supplied input to the "sine[config][index_main]"
parameter of the "mods/Integrated/index.php" script. SineCms versions
2.3.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27156
______________________________________________________________________

08.3.72 CVE: Not Available
Platform: Web Application
Title: Loudblog "parse_old.php" Remote File Include
Description: Loudblog is a content-management application. It is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "template" parameter of the
"inc/parse_old.php" script. Loudblog versions 0.6.1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/27157
______________________________________________________________________

08.3.73 CVE: Not Available
Platform: Web Application
Title: netRisk "patch/index.php" Multiple Input Validation
Vulnerabilities
Description: netRisk is a PHP-based version of the Risk board game.
The application is exposed to multiple input validation issues because
it fails to sufficiently sanitize user-supplied data. netRisk version
1.9.7 is affected.
Ref: http://www.securityfocus.com/bid/27161
______________________________________________________________________

08.3.74 CVE: Not Available
Platform: Web Application
Title: Shop-Script "index.php" Local Information Disclosure
Description: Shop-Script is a PHP-based content management system
framework. The application is exposed to a local information
disclosure issue because it fails to properly sanitize user-supplied
input to the "aux_page" parameter of the "Script/index.php" script.
Shop-Script version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27165
______________________________________________________________________

08.3.75 CVE: Not Available
Platform: Web Application
Title: ekinboard Multiple Authentication Bypass and Arbitrary File
Upload Vulnerabilities
Description: ekinboard is a content manager. The application is
exposed to multiple input validation issues because it fails to
adequately sanitize user-supplied input. ekinboard version 1.1.0 is
affected.
Ref: http://www.securityfocus.com/bid/27166
______________________________________________________________________

08.3.76 CVE: Not Available
Platform: Web Application
Title: PortalApp "forums.asp" and "content.asp" Multiple Input
Validation Vulnerabilities
Description: PortalApp is a content-management system
implemented in ASP. The application is exposed to multiple input
validation issues because it fails to properly sanitize user-supplied
input. PortalApp version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/27170
______________________________________________________________________

08.3.77 CVE: Not Available
Platform: Web Application
Title: eTicket Multiple Scripts Multiple Input Validation
Vulnerabilities
Description: eTicket is an open-source, support ticket system based on
osTicket. The application is exposed to multiple input validation
issues because it fails to properly sanitize user-supplied input.
eTicket version 1.5.5.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485835
______________________________________________________________________

08.3.78 CVE: Not Available
Platform: Web Application
Title: Million Dollar Script "index.php" Local File Include
Description: Million Dollar Script is a PHP based application that
enables site administrators to sell advertising space on their site.
The application is exposed to a local file include issue because it
fails to sufficiently sanitize user-supplied input to the "link"
parameter of the "index.php" script. Million Dollar Script version
2.0.14 is affected.
Ref: http://www.securityfocus.com/archive/1/485882
______________________________________________________________________

08.3.79 CVE: Not Available
Platform: Web Application
Title: CherryPy Cookie Session Id Information Disclosure
Description: CherryPy is an object-oriented development framework for
web applications; it is written in Python. The application is exposed
to an information disclosure issue because it fails to properly
validate user access rights before performing certain actions.
CherryPy versions 2.2.1 and 3.0.2 are affected.
Ref: http://www.cherrypy.org/ticket/744
______________________________________________________________________

08.3.80 CVE: Not Available
Platform: Web Application
Title: SysHotel On Line System "index.php" Local File Include
Description: SysHotel On Line System is a hotel booking and management
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"file" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/485940
______________________________________________________________________

08.3.81 CVE: CVE-2007-5401, CVE-2007-5402, CVE-2007-5403,
CVE-2007-5404
Platform: Web Application
Title: HelpBox Multiple Security Vulnerabilities
Description: HelpBox is a web-based helpdesk application implemented
in ASP. The application is exposed to multiple security issues because
the application fails to properly sanitize user-supplied input.
HelpBox version 3.7.1 is affected.
Ref: http://secunia.com/secunia_research/2007-94/advisory/
______________________________________________________________________

08.3.82 CVE: CVE-2008-0003
Platform: Web Application
Title: OpenPegasus Management Server PAM Authentication
"cimservera.pp" Buffer Overflow
Description: OpenPegasus is an implementation of the WBEM (Web-Based
Enterprise Management) and DMTF (Distributed Management Task Force)
CIM (Common Information Model) standards. The application is exposed
to a remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input. OpenPegasus version 2.6 series
is affected.
Ref:
http://cvs.opengroup.org/cgi-bin/cvsweb.cgi/pegasus/src/Pegasus/Security/
Cimservera/Attic/cimservera.cpp.diff?cvsroot=Pegasus&r1=1.6&r2=1.6.2.1&f=H&
only_with_tag=RELEASE_2_5-branch
______________________________________________________________________

08.3.83 CVE: Not Available
Platform: Web Application
Title: EvilBoard Cross-Site Scripting and SQL Injection
Description: EvilBoard is a PHP-based bulletin board application. The
application is exposed to a cross-site scripting issue and an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "c" parameter of the "index.php" script.
EvilBoard version 0.1a is affected.
Ref: http://www.securityfocus.com/bid/27190
______________________________________________________________________

08.3.84 CVE: Not Available
Platform: Web Application
Title: Tune Studios Multiple Web Page Templates "index.php" Remote File
Include
Description: Tune Studio Subwoofer, Freeze Theme, Orange Cutout, Lonely
Maple, Endless, Classic Theme, Music Theme are web page templates. The
application is exposed to a remote file include issue. When exploited,
applications fail to sufficiently sanitize user-supplied data to the
"page" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/27196
______________________________________________________________________

08.3.85 CVE: Not Available
Platform: Web Application
Title: PHP Webquest MySQL Credentials Information Disclosure
Description: PHP Webquest is a PHP-based content manager designed for
educators. The application is exposed to an information disclosure
issue because it fails to protect the MySQL database credentials. PHP
Webquest version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/27202
______________________________________________________________________

08.3.86 CVE: Not Available
Platform: Web Application
Title: UploadScript and UploadImage "admin.php" Unauthorized Access
Description: UploadScript and UploadImage are PHP-based file hosting
scripts. The applications are exposed to an issue that results in
unauthorized access. This issue occurs because the application fails
to restrict access to the "act=nopass" password setting functionality
of the "admin.php" script. UploadScript and UploadImage version 1.0
are affected.
Ref: http://www.securityfocus.com/bid/27203
______________________________________________________________________

08.3.87 CVE: Not Available
Platform: Web Application
Title: osDate "php121db.php" Remote File Include
Description: osDate is web-based dating application implemented in
PHP. The application is exposed to a remote file include issue because
it fails to properly sanitize user-supplied input to the "php121dir"
parameter of the "php121db.php" script. osDate version 2.0.8 is
affected.
Ref: http://www.securityfocus.com/bid/27208
______________________________________________________________________

08.3.88 CVE: Not Available
Platform: Web Application
Title: Omegasoft Insel Authentication Bypass Vulnerability and User
Enumeration Weakness
Description: Omegasoft Insel is a web-based application. The
application is exposed to multiple remote issues. Omegasoft Insel
version 7 is affected.
Ref: http://www.securityfocus.com/archive/1/486009
______________________________________________________________________

08.3.89 CVE: Not Available
Platform: Web Application
Title: Docebo SQL Injection Vulnerability and Multiple Information
Disclosure Vulnerabilities
Description: Docebo is a PHP-based content manager, targeted at
corporate and higher education markets. The application is exposed to
multiple information disclosure issues. Docebo version 3.5.0.3 is
affected.
Ref: http://www.securityfocus.com/bid/27211
______________________________________________________________________

08.3.90 CVE: CVE-2007-6018
Platform: Web Application
Title: Horde IMP and Groupware Webmail Edition Multiple Input
Validation Vulnerabilities
Description: Horde IMP (Internet Messaging Program) is a PHP-based
application that supports IMAP and POP3 webmail access. The
application is exposed to multiple input validation issues because it
fails to sanitize certain HTML and HTTP data. IMP version 4.1.5, Horde
Application Framework version 3.1.5, and Horde Groupware Webmail
Edition version 1.0.3 are affected.
Ref: http://secunia.com/secunia_research/2007-102/advisory/
______________________________________________________________________

08.3.91 CVE: Not Available
Platform: Web Application
Title: DomPHP "index.php" Remote File Include
Description: DomPHP is a content management system. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "page" parameter of the
"aides/index.php" script. DomPHP version 0.81 is affected.
Ref: http://www.securityfocus.com/bid/27226
______________________________________________________________________

08.3.92 CVE: Not Available
Platform: Web Application
Title: Evilsentinel Multiple Remote Vulnerabilities
Description: Evilsentinel is a PHP-based security application that
protects against various web-based vulnerabilities. The application is
exposed to multiple remote issues. Evilsentinel version 1.0.9 is
affected.
Ref: http://www.securityfocus.com/bid/27227
______________________________________________________________________

08.3.93 CVE: Not Available
Platform: Web Application
Title: vtiger CRM File Information Disclosure
Description: vtiger CRM is a customer relationship management
application. The application is exposed to an information disclosure
issue because it fails to restrict access to certain directories.
Ref: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107
______________________________________________________________________

08.3.94 CVE: Not Available
Platform: Web Application
Title: VisionBurst vcart "abs_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: VisionBurst vcart is a web-based shopping cart
application. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input to the "abs_path" parameter of the "index.php" and
"checkout.php" scripts. vcart version 3.3.2 is affected.
Ref: http://www.milw0rm.com/exploits/4889
______________________________________________________________________

08.3.95 CVE: Not Available
Platform: Web Application
Title: Mambo Search Remote Denial of Service
Description: Mambo is a PHP-based content manager. The application is
exposed to a denial of service issue. Specifically, the application
may crash when handling data supplied through the search component.
Mambo versions 4.5.x and 4.6.x  are affected.
Ref: http://forum.mambo-foundation.org/showthread.php?t=9651
______________________________________________________________________

08.3.96 CVE: Not Available
Platform: Network Device
Title: Creative Ensoniq PCI ES1371 WDM Driver Local Privilege
Escalation
Description: Creative Ensoniq PCI ES1371 WDM drivers are exposed to a
local privilege escalation issue when the vulnerable device drivers
attempt to dereference a NULL pointer. User-space processes can map
memory at 0, allowing attackers to execute arbitrary code with
elevated privileges. This occurs only in certain circumstances, when
affected drivers are running in Windows Vista operating systems.
Creative Ensoniq PCI ES1371 WDM driver version 5.1.3612.0 of the
"es1371mp.sys" driver is affected.
Ref:
http://www.reversemode.com/index.php?option=com_content&task=view&id=46&Itemid=2
______________________________________________________________________

08.3.97 CVE: Not Available
Platform: Network Device
Title: Level One WBR-3460A 4-Port ADSL 2/2+ Wireless Modem Router
Unauthorized Access
Description: Level One WBR-3460A is a 4-Port ADSL 2/2+ Wireless Modem
Router that includes QoS and VPN support. By default the router
listens on TCP port 23 for its Telnet service and TCP port 80 for
HTTP, however these services are only accessible via the local
network. The router is exposed to an issue that results in
unauthorized superuser access because the device lacks access control
and authentication mechanisms for its Telnet service. WBR-3460A
firmware versions 1.00.11 and 1.00.12 are affected.
Ref: http://www.securityfocus.com/archive/1/485935
______________________________________________________________________

08.3.98 CVE: Not Available
Platform: Network Device
Title: Ingate Firewall and SIParator Remote Denial of Service
Description: Ingate Firewalls are hardware firewall devices that
support Session Initiation Protocol (SIP) via SIParator SIP-based
communication devices. The application is exposed to a remote denial
of service issue. Ingate Firewall versions prior to 4.6.1 and Ingate
SIParator version 4.6.1 are affected.
Ref: http://www.ingate.com/relnote-461.php
______________________________________________________________________
[ terug ]