|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 10
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Mar 13 2006 - 12:59:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A very light week, but be prepared to update Windows and Office tomorrow
(Tuesday).
If your security policy denies users access to Peercast and other
multi-media software (that are being targeted more and more often by
hackers), you'll get better compliance if you use an IPS to enforce your
policy. Also LISTSERVE users should update their software to 14.5 well
before June. When vulnerability discovers promise to delay publishing
details, criminals work hard to find and exploit the vulnerability
before the patch comes out.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
March 13, 2006 Vol. 5. Week 10
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of the vulnerabilities reported this week:
====================================================================
Platform # of Updates & Vulnerabilities
====================================================================
Other Microsoft Products 2 (#3)
Third Party Windows Apps 6
Mac Os 1
Linux 3
HP-UX 1
Solaris 1
Unix 2 (#5)
Cross Platform 15 (#1, #4)
Web Application - Cross Site Scripting 14
Web Application - SQL Injection 7
Web Application 33 (#2)
Network Device 3
************************* Sponsored Links: ******************************
1) Blue Coat Systems (formerly Permeo Technologies)
10-minutes to endpoint security. In this 10 minute webcast analyst Mark
Bouchard, CISSP, discuss tips for protecting information on the
endpoint.
http://www.sans.org/info.php?id=1065
2) SANS OnSite InfoSec Training Your Location! Your Schedule! Lower Cost!
http://www.sans.org/info.php?id=1066
3) Prepare for the June 10, 2006 CISA(R) Certification examination! The
SANS(R) +S Training for the CISA(R) Certification Exam course has been
specifically written to help prepare for and to pass the CISA(R) exam
while ensuring that the information presented is practical and
applicable in daily life.
New SANSHome session led by James Tarala starts March 23.
See http://www.sans.org/info.php?id=1067
*************************************************************************
Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)
Other Software
(1) HIGH: Peercast Streaming Server HTTP Processing Overflow
(2) MODERATE: L-Soft Listserv Remote Code Execution
(3) MODERATE: Microsoft Visual Studio Overflow
(4) MODERATE: Micromuse Netcool/Neusecure Remote Database Access
Exploits
(5)LibTIFF TIFFOpen Buffer Overflow Vulnerability
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
-- Other Microsoft Products
06.10.1 - Microsoft Visual Studio Buffer Overflow
06.10.2 - Internet Explorer Java Applet Handling Denial of Service
-- Third Party Windows Apps
06.10.3 - AVG Anti-Virus Local Insecure Permissions
06.10.4 - RevilloC MailServer Remote Buffer Overflow
06.10.5 - Magic Winmail Server Multiple Unspecified Vulnerabilities
06.10.6 - Symantec Ghost SQLAnywhere Local Administrative Authentication Credentials Disclosure
06.10.7 - Novell BorderManager Remote Denial Of Service
06.10.8 - ZoneAlarm Security Suite Local Privilege Escalation
-- Mac Os
06.10.9 - Mac OS X Kernel MACH_MSG_SEND Local Heap Overflow
-- Linux
06.10.10 - Kaspersky Anti-Virus Unspecified Denial Of Service
06.10.11 - Debian-Specific Amaya Arbitrary Local Code Execution
06.10.12 - Linux Kernel die_if_kernel Local Denial of Service
-- HP-UX
06.10.13 - HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
-- Solaris
06.10.14 - Sun Solaris Proc Filesystem Pagedata Subsystem Local Denial Of Service
-- Unix
06.10.15 - Oreka RTP Packet Handling Remote Denial of Service
06.10.16 - Acme Labs thttpd htpasswd Multiple Vulnerabilities
-- Cross Platform
06.10.17 - Comvigo IM Lock 2006 Insecure Password Storage
06.10.18 - L-Soft Listserv 14.3 and 14.4 Multiple Unspecified Vulnerabilities
06.10.19 - Freeciv Remote Denial of Service
06.10.20 - Monopd Remote Denial Of Service
06.10.21 - Ravenous Unauthorized Access
06.10.22 - nCipher Insecure CBC-MAC API Vulnerability
06.10.23 - nCipher Testing Options Insecure Key Generation Vulnerabilities
06.10.24 - Symantec Ghost SQLAnywhere Local Information Disclosure and Data Corruption
06.10.25 - Dropbear Remote Denial Of Service
06.10.26 - Micromuse Netcool/NeuSecure Website NS Account Password Disclosure
06.10.27 - Red Hat Initscripts Local Privilege Escalation
06.10.28 - Peercast.org PeerCast Remote Buffer Overflow
06.10.29 - Kerio MailServer Remote Denial of Service
06.10.30 - UnrealIRCd Remote Denial Of Service
06.10.31 - GnuPG Incorrect Non-Detached Signature Verification
-- Web Application - Cross Site Scripting
06.10.32 - VBZooM Forum Multiple Cross-Site Scripting Vulnerabilities
06.10.33 - phpArcadeScript Multiple Cross-Site Scripting Vulnerabilities
06.10.34 - Woltlab Burning Board Misc.PHP Cross-Site Scripting
06.10.35 - CutePHP CuteNews Index.PHP Cross-Site Scripting
06.10.36 - DVGuestbook Multiple Cross-Site Scripting
06.10.37 - VBZoom Profile.PHP Cross-Site Scripting
06.10.38 - RunCMS Bigshow.PHP Cross-Site Scripting
06.10.39 - Game-Panel Login.PHP Cross-Site Scripting
06.10.40 - Link Bank Iframe.PHP Cross-Site Scripting
06.10.41 - Daverave HitHost Multiple Cross-Site Scripting Vulnerabilities
06.10.42 - textfileBB Multiple Cross-Site Scripting Vulnerabilities
06.10.43 - myBloggie Multiple Cross-Site Scripting Vulnerabilities
06.10.44 - DCP Portal Multiple Cross-Site Scripting Vulnerabilities
06.10.45 - txtForum Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
06.10.46 - D2-Shoutbox SQL Injection
06.10.47 - CyBoards PHP Lite Process_post.PHP SQL Injection
06.10.48 - Akarru Social BookMarking Engine Users.PHP SQL Injection
06.10.49 - WordPress User-Agent SQL Injection
06.10.50 - VBZoom Forum Show.PHP MainID SQL Injection
06.10.51 - TotalECommerce SQL Injection
06.10.52 - Redblog RSS.PHP SQL Injection
-- Web Application
06.10.53 - Evo-Dev evoBlog Comment Post HTML Injection
06.10.54 - Fantastic News Archive.PHP Remote Code Execution
06.10.55 - Skate Board Multiple Input Validation Vulnerabilities
06.10.56 - Aztek Forum New Message HTML Injection
06.10.57 - Gregarius Multiple Input Validation Vulnerabilities
06.10.58 - Gallery Album Comments HTML Injection
06.10.59 - Gallery Arbitrary File Deletion
06.10.60 - Easy Forum New User Image File HTML Injection
06.10.61 - PHP-Stats Multiple Input Validation and Information Disclosure Vulnerabilities
06.10.62 - Pixelpost Multiple Input Validation Vulnerabilities
06.10.63 - Simplog Information Disclosure
06.10.64 - Bitweaver Title Field HTML Injection
06.10.65 - M-Phorum Remote File Include
06.10.66 - Inter7 QmailAdmin PATH_INFO Buffer Overflow
06.10.67 - Eschew.Net PHPBannerExchange ResetPW.PHP Directory Traversal
06.10.68 - Lurker Multiple Input Validation Vulnerabilities
06.10.69 - Link Bank Remote PHP Script Code Injection
06.10.70 - Geeklog Lib-sessions.PHP Authorization Bypass
06.10.71 - NMDeluxe News.PHP Multiple Input Validation Vulnerabilities
06.10.72 - SquirrelMail Redirect.PHP Cookie Theft
06.10.73 - Invision Power Board Multiple Input Validation Vulnerabilities
06.10.74 - Owl Intranet Engine Remote File Include
06.10.75 - Loudblog Multiple Input Validation Vulnerabilities
06.10.76 - CAPI4HylaFAX Insecure Temporary File Creation
06.10.77 - D2KBlog Multiple Input Validation Vulnerabilities
06.10.78 - sBlog HTML Injection
06.10.79 - Manas Tungare Site Membership Script Multiple Input Validation Vulnerabilities
06.10.80 - Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
06.10.81 - ADP Forum Subject Field HTML Injection
06.10.82 - Gallery Multiple Local File Include Vulnerabilities
06.10.83 - Light Weight Calendar Index.PHP Remote Command Execution
06.10.84 - Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass
06.10.85 - txtForum Remote PHP Script Code Injection
-- Network Device
06.10.86 - Multiple Router Vendor Remote IRC Denial Of Service
06.10.87 - nCipher Insecure Diffie-Hellman Key Generation
06.10.88 - Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rohit Dhamankar and Rob King
at TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk
******************************
Other Software
******************************
(1) HIGH: Peercast Streaming Server HTTP Processing Overflow
Affected:
Peercast server versions prior to 0.1217
Description: Peercast is a streaming media server that can run on
Windows, Linux and Mac OS X platforms. The server reportedly contains a
stack-based buffer overflow that can be triggered by an HTTP request
containing overlong parameters. Specifically, passing a string longer
than 800 character after the "?" character in a URL causes the overflow,
which can be exploited to execute arbitrary code. Exploit code has been
publicly posted.
Status: Vendor has released version 0.1217 that fixes the problem. Use
IDS/IPS system to block overlong parameters being in an HTTP request to
port 7441/tcp (default port).
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. All but one reported that no action was necessary.
One site has applied IPS blocking filters for users that are in
violation of their policy on these types of servers.
References:
Posting by infocus
http://www.securityfocus.com/archive/1/427160/30/0/threaded
Vendor Response
http://www.peercast.org/forum/viewtopic.php?t=3346
Exploit Code
http://www.frsirt.com/exploits/20060312.p33r-b33r-2.c.php
http://www.frsirt.com/exploits/20060311.prdelka-vs-GNU-peercast.c.php
Vendor Homepage
http://www.peercast.org
SecurityFocus BID
http://www.securityfocus.com/bid/17040
************************************************************
(2) MODERATE: L-Soft Listserv Remote Code Execution
Affected:
LISTSERV version 14.4 and 14.3, including LISTSERV Lite and HPO
Description: LISTSERV is a popular email management software that can
be used to manage email newsletters, discussion groups or announcement
lists. The LISTSERV web interface that allows remote web management of
the mailing lists contains flaws that may be exploited to execute
arbitrary code on the server running the LISTSERV software. The
discoverers will post the complete technical details on June 3, 2006.
Status: L-Soft has released version 14.5 to fix the flaws.
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Posting by NGSSoftware
http://www.securityfocus.com/archive/1/426770/30/90/threaded
LISTSERV Homepage
http://www.lsoft.com/products/listserv.asp
SecurityFocus BID
Not available yet.
****************************************************************
(3) MODERATE: Microsoft Visual Studio Overflow
Affected:
Microsoft Visual Studio version 6.0
Microsoft Development Environment version 6.0 (SP6)
Description: Microsoft Visual Studio, a development tool for Windows
applications, reportedly contains a stack-based overflow. The overflow
can be triggered by a ".dbp" (database project) or ".sln" (visual studio
solution) file containing a long "DataProject" name. A malicious
webpage, email or a file share can exploit this flaw to execute
arbitrary code on a developer's system. Exploit code has been publicly
posted. Note that ".dbp" and ".sln" files are not opened automatically.
Status: Microsoft is aware of the issue, no patches available yet.
Developers should be cautioned not to open ".dbp" or ".sln" files
delivered via web or HTTP from untrusted sources.
References:
Posting by AtmaCA
http://www.spyinstructors.com/show.php?name=Advisories&pa=showpage&pid=73
Exploit Code
http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php
Product Homepage
http://msdn.microsoft.com/vstudio/
SecurityFocus BID
http://www.securityfocus.com/bid/16953
***********************************************************************
(4) MODERATE: Micromuse Netcool/Neusecure Remote Database Access
Affected:
Netcool/Neusecure Management Database
Description: Netcool/Neusecure is a security management platform that
stores security events and data for an organization. The HTTP interface
for the management server stores the back-end database credentials in
clear text (can be accessed by viewing the page source). As a result,
any unauthenticated attacker can access the back-end MySQL database and
compromise the stored security information. The information in the
database may also be used to obtain the network topology to launch
further attacks.
Status: Vendor notified, no patches available. Restrict access to the
back-end MySQL database through the database configuration.
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Posting by Dimitri
http://www.securityfocus.com/archive/1/427155/30/0/threaded
Product Homepage
http://www.micromuse.com/sols/dom_man/sec_man.html
SecurityFocus BID
http://www.securityfocus.com/bid/17032
**********************************************************************
**************
Exploits
**************
(5)LibTIFF TIFFOpen Buffer Overflow Vulnerability
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. Most of the council sites reported that no action
was necessary. One site will distribute patches to their small number
of affected hosts during their next regularly scheduled system update
process.
References:
Exploit Code
http://www.frsirt.com/exploits/20060305.libtiff_exploit.c.php
Previous RISK Newsletter Posting
http://www.sans.org/newsletters/risk/display.php?v=4&i=19#05.19.26
______________________________________________________________________
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2006
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4928 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
06.10.1 CVE: CVE-2006-1043
Platform: Other Microsoft Products
Title: Microsoft Visual Studio Buffer Overflow
Description: Microsoft Visual Studio is a development tool. It is
vulnerable to a buffer overflow when a malicious file contains a
"DataProject" field of 384 bytes. Microsoft Visual Studio version 6 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/426767
______________________________________________________________________
06.10.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Internet Explorer Java Applet Handling Denial of Service
Description: Microsoft Internet Explorer is affected by a denial of
service with the "mshtml.dll" library when dereferencing a NULL
pointer. This issue occurs when Sun's Java runtime environment is
installed and configured to be the default handler for Java applets.
Microsoft Internet Explorer versions 6.0 SP2 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/426817
______________________________________________________________________
06.10.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: AVG Anti-Virus Local Insecure Permissions
Description: AVG Anti-Virus is prone to a local insecure permissions
issue because the application incorrectly resets the permissions on
critical files during its periodic update process. AVG version 7 is
affected.
Ref: http://www.securityfocus.com/bid/16952
______________________________________________________________________
06.10.4 CVE: CVE-2006-1124
Platform: Third Party Windows Apps
Title: RevilloC MailServer Remote Buffer Overflow
Description: RevilloC MailServer is vulnerable to a remote buffer
overflow vulnerability due to insufficient boundary checks to the
"USER" command. RevilloC MailServer version 1.21 is vulnerable.
Ref: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0910.html
______________________________________________________________________
06.10.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Magic Winmail Server Multiple Unspecified Vulnerabilities
Description: Magic Winmail Server is an email server designed for use
on Microsoft Windows. It is reportedly prone to multiple unspecified
security vulnerabilities affecting the "Webmail" component. Magic
Winmail Server versions 4.0 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17009
______________________________________________________________________
06.10.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Ghost SQLAnywhere Local Administrative Authentication
Credentials Disclosure
Description: Symantec Ghost is an application used for enterprise wide
remote PC deployment, recovery, cloning, and migration. It is prone to
a vulnerability that may allow a local attacker to gain elevated
privileges. The vulnerability presents itself in the Symantec
SQLAnywhere database installed with Symantec Ghost and the Central
Management Console in Symantec Ghost Solutions Suite (SGSS). The
application stores the default administrator authentication
credentials in the SQLAnywhere database on the local computer during
installation. All builds of Symantec Ghost 8.0 (EOL / EOS 11/15/2005)
and Ghost 8.2 (shipped as a part of SGSS 1.0) are vulnerable.
Ref: http://www.symantec.com/avcenter/security/Content/2006.03.07.html
______________________________________________________________________
06.10.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Novell BorderManager Remote Denial Of Service
Description: Novell BorderManager is a network security tool providing
firewall and VPN functionality. It is affected by a remote denial of
service vulnerability due to improper handling of exceptional network
input in the form of streaming media over HTTP 1.1. Novell
BorderManager versions 3.8 and 3.8 SP4 are vulnerable.
Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?2972993.htm
______________________________________________________________________
06.10.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: ZoneAlarm Security Suite Local Privilege Escalation
Description: Zone Labs ZoneAlarm Internet Security Suite is security
software package. It is vulnerable to a local privilege escalation
issue because of not specifying the full path of DLL libraries when it
executes. Zone Labs ZoneAlarm Security Suite version 6.1.744.000 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/427122
______________________________________________________________________
06.10.9 CVE: Not Available
Platform: Mac Os
Title: Mac OS X Kernel MACH_MSG_SEND Local Heap Overflow
Description: Apple Mac OS X kernel is vulnerable to a local heap
overflow due to insufficient boundary checking with the
"mach_msg_send()" function. All versions of the Apple Mac OS X are
vulnerable.
Ref: http://www.felinemenace.org/~nemo/
______________________________________________________________________
06.10.10 CVE: CVE-2006-1091
Platform: Linux
Title: Kaspersky Anti-Virus Unspecified Denial Of Service
Description: Kaspersky Anti-Virus is vulnerable to a denial of service
issue when the application scans a file of 1.6 MB in size that does
not contain suspicious or obviously malicious content. Kaspersky
Anti-Virus versions 5.0.5 and 5.5.3 for Unix are vulnerable.
Ref: http://www.securityfocus.com/archive/1/426699
______________________________________________________________________
06.10.11 CVE: Not Available
Platform: Linux
Title: Debian-Specific Amaya Arbitrary Local Code Execution
Description: Amaya is an HTML editor and viewer. It is vulnerable to
an insecure RPATH due to a flaw in the build process. Amaya version
9.2.1-6 for Debian is vulnerable.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341424
______________________________________________________________________
06.10.12 CVE: CVE-2006-0742
Platform: Linux
Title: Linux Kernel die_if_kernel Local Denial of Service
Description: The Linux kernel is prone to a local denial of service
vulnerability. This issue is due to a design error in the
"die_if_kernel()" function. This issue affects Linux kernel versions
prior to 2.6.15.6 running on Itanium systems.
Ref: http://www.securityfocus.com/bid/16993
______________________________________________________________________
06.10.13 CVE: CVE-2005-3670
Platform: HP-UX
Title: HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
Description: HP Tru64 is prone to denial of service vulnerabilities.
These issues are due to security flaws in HP's IPSec implementation.
These vulnerabilities may be triggered by malformed IKE traffic. HP
Tru64 versions 5.1 B-2 PK4 and 5.1 B-3 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/427071
______________________________________________________________________
06.10.14 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Proc Filesystem Pagedata Subsystem Local Denial Of
Service
Description: Sun Solaris is prone to a local denial of service
vulnerability. A local unauthorized user can cause a system panic or
hang the system by exploiting an unspecified vulnerability in the
pagedata subsystem of the Process File System. Sun Solaris versions
10.0 and earlier are vulnerable.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102159-1
______________________________________________________________________
06.10.15 CVE: CVE-2006-0912
Platform: Unix
Title: Oreka RTP Packet Handling Remote Denial of Service
Description: Oreka is a freely available, open-source audio recording
application. Oreka is susceptible to a remote denial of service
vulnerability. This issue is due to the application's failure to
properly handle unspecified sequences of RTP packets. Oreka versions
prior to 0.5 are affected by this issue.
Ref: http://oreka.sourceforge.net/about/news?id=2006-02-16/0.5-release
______________________________________________________________________
06.10.16 CVE: Not Available
Platform: Unix
Title: Acme Labs thttpd htpasswd Multiple Vulnerabilities
Description: thttpd is a web server. The htpasswd utility is affected
by buffer overflow and command-execution issue. Acme Labs thttpd
htpasswd version 2.25b is affected.
Ref: http://www.securityfocus.com/bid/16972
______________________________________________________________________
06.10.17 CVE: Not Available
Platform: Cross Platform
Title: Comvigo IM Lock 2006 Insecure Password Storage
Description: Comvigo IM Lock 2006 is a security application designed
to allow administrators to enforce policy on computers such as
disallowing instant messages, peer to peer applications, streaming
media, and other network services. A local insecure password storage
vulnerability affects Comvigo IM Lock 2006 due to a failure of the
application to store passwords with secure permissions by default.
Comvigo IM Lock 2006 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/426935
______________________________________________________________________
06.10.18 CVE: Not Available
Platform: Cross Platform
Title: L-Soft Listserv 14.3 and 14.4 Multiple Unspecified
Vulnerabilities
Description: Listserv is a multi-platform application used to manage
mailing lists. It is affected by multiple unspecified vulnerabilities.
Listserv versions 14.3 and 14.4 are affected.
Ref: http://www.securityfocus.com/bid/16951
______________________________________________________________________
06.10.19 CVE: Not Available
Platform: Cross Platform
Title: Freeciv Remote Denial of Service
Description: Freeciv is a free turn-based multiplayer strategy game.
It is affected by a remote denial of service issue to a design error
in "common/packets.c" when handling the packet length. Freeciv
versions 2.0.7 and earlier are affected.
Ref: http://www.securityfocus.com/bid/16975
______________________________________________________________________
06.10.20 CVE: Not Available
Platform: Cross Platform
Title: Monopd Remote Denial Of Service
Description: The Monopd game server is prone to a remote denial of
service vulnerability. This issue is due to a design error in the
application when doing string replacements to avoid manipulation of
XML data. The problem occurs in "server.cpp" when an overly long
string of 15000 chars or more is processed, causing the application to
consume all available CPU and memory resources. monopd version 0.9.3
is affected.
Ref: http://www.securityfocus.com/bid/16981
______________________________________________________________________
06.10.21 CVE: Not Available
Platform: Cross Platform
Title: Ravenous Unauthorized Access
Description: Ravenous is a web server implemented in Java. It is prone
to an unauthorized access vulnerability due to a failure in the
application to properly secure sensitive information. The problem is
due to the application failing to properly secure access to ".rvplg"
files. Ravenous version 0.7 is vulnerable.
Ref: http://www.securityfocus.com/bid/17013
______________________________________________________________________
06.10.22 CVE: Not Available
Platform: Cross Platform
Title: nCipher Insecure CBC-MAC API Vulnerability
Description: nCipher products utilize cryptography to protect data and
communications. nCipher products are vulnerable to an insecure CBC-MAC
(Cipher Block Chaining-Message Authentication Code) API issue because
of a flaw in the API that allows users to utilize insecure CBC-MAC IVs
(Initialization Vector). nCipher Software CD version 9.0 resolves the
issue.
Ref: http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface
______________________________________________________________________
06.10.23 CVE: Not Available
Platform: Cross Platform
Title: nCipher Testing Options Insecure Key Generation Vulnerabilities
Description: nCipher products utilize strong cryptography to protect
sensitive data and communications. Certain nCipher products are
susceptible to insecure key generation vulnerabilities due to the
unintended inclusion of testing functionality in the affected
software.
Ref: http://www.ncipher.com/support/advisories/keysigs/advis14.txt.asc
______________________________________________________________________
06.10.24 CVE: Not Available
Platform: Cross Platform
Title: Symantec Ghost SQLAnywhere Local Information Disclosure and
Data Corruption
Description: Symantec Ghost is an application used for enterprise wide
remote PC deployment, recovery, cloning, and migration. It is affected
by an issue that may allow a local unauthorized attacker to disclose
or modify stored data. This issue arises from an access validation
error. All builds of Symantec Ghost version 8.0 (EOL / EOS 11/15/2005)
and Ghost version 8.2 (shipped as a part of SGSS 1.0) are affected.
Ref: http://www.securityfocus.com/bid/17019
______________________________________________________________________
06.10.25 CVE: Not Available
Platform: Cross Platform
Title: Dropbear Remote Denial Of Service
Description: Dropbear is an SSH client and server application. It is
prone to a remote denial of service vulnerability due to a design
error in "svr-main.c" when handling authorization pending connections
to the server. Dropbear SSH Server versions 0.47 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17024
______________________________________________________________________
06.10.26 CVE: Not Available
Platform: Cross Platform
Title: Micromuse Netcool/NeuSecure Website NS Account Password
Disclosure
Description: Micromuse Netcool/NeuSecure is a security information
management (SIM) platform that stores security data in a MySQL
database. It is affected by a password-disclosure issue because the NS
password is included in the source code of "body.phtml" on the
NeuSecure Server website. Neusecure version 3.0.236-1 is affected.
Ref: http://www.securityfocus.com/bid/17032
______________________________________________________________________
06.10.27 CVE: CVE-2005-3629
Platform: Cross Platform
Title: Red Hat Initscripts Local Privilege Escalation
Description: The initscripts package contains the basic system scripts
used to boot a system, change run levels, and shut down the system. It
is prone to a local privilege escalation vulnerability due to
insufficient sanitization of user-supplied data. The problem occurs
when handling various environment variables when
"/sbin/service" is run.
Ref: http://www.securityfocus.com/bid/17038
______________________________________________________________________
06.10.28 CVE: Not Available
Platform: Cross Platform
Title: Peercast.org PeerCast Remote Buffer Overflow
Description: PeerCast is a streaming audio server. It is prone to a
remote buffer overflow vulnerability because of improper boundary
checks in the "procConnectArgs" function of the "servmgr.cpp".
PeerCast versions 0.1215 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17040
______________________________________________________________________
06.10.29 CVE: CVE-2006-0742
Platform: Cross Platform
Title: Kerio MailServer Remote Denial of Service
Description: Kerio MailServer is vulnerable to a denial of service
issue when the server handles specially crafted IMAP LOGIN commands.
Kerio MailServer versions 6.1.3 and earlier are vulnerable.
Ref: http://www.kerio.com/kms_history.html
______________________________________________________________________
06.10.30 CVE: Not Available
Platform: Cross Platform
Title: UnrealIRCd Remote Denial Of Service
Description: UnrealIRCd is an Internet Relay Chat (IRC) server. It is
vulnerable to a remote denial of service issue due to a design error
when handling malformed "TKL" commands from authenticated connections.
UnrealIRCd versions 3.2.3 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/427213
______________________________________________________________________
06.10.31 CVE: CVE-2006-0049
Platform: Cross Platform
Title: GnuPG Incorrect Non-Detached Signature Verification
Description: GnuPG is prone to a vulnerability involving incorrect
verification of non-detached signatures. This issue can allow
attackers to inject arbitrary data into a signed message. It should be
noted that this issue also affects verification of signatures embedded
in encrypted messages. Scripts and applications using gpg are affected
as well as applications using the GPGME library. GnuPG versions prior
to 1.4.2.2 are vulnerable.
Ref: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
______________________________________________________________________
06.10.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VBZooM Forum Multiple Cross-Site Scripting Vulnerabilities
Description: VBZooM Forum is web forum software. It is prone to
multiple cross site scripting vulnerabilities due to improper
sanitization of user supplied input to the "UserID" parameter of the
"comment.php" and "contact.php" scripts. VBZoom version 1.11 is
affected.
Ref: http://www.securityfocus.com/bid/16956/exploit
______________________________________________________________________
06.10.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpArcadeScript Multiple Cross-Site Scripting Vulnerabilities
Description: phpArcadeScript is a web application. Insufficeint
sanitization of user supplied input exposes the application to
multiple cross site scripting issues. phpArcadeScript version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/16950
______________________________________________________________________
06.10.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Woltlab Burning Board Misc.PHP Cross-Site Scripting
Description: Woltlab Burning Board is a free web-based bulletin-board
package. Insufficient sanitization of the "percent" parameter in the
"acp/misc.php" script exposes the application to a cross site
scripting issue. Woltlab Burning Board version 2.3.4 is affected.
Ref: http://www.securityfocus.com/bid/16959
______________________________________________________________________
06.10.35 CVE: CVE-2006-1121
Platform: Web Application - Cross Site Scripting
Title: CutePHP CuteNews Index.PHP Cross-Site Scripting
Description: CuteNews is a news-management system. It is vulnerable to
a cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "ucat" URI parameter of the "index.php"
script. CuteNews version 1.4.1 is vulnerable.
Ref: http://www.kapda.ir/advisory-277.html
______________________________________________________________________
06.10.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DVGuestbook Multiple Cross-Site Scripting
Description: DVGuestbook is a web-based guestbook application. It is
prone to multiple cross site scripting vulnerabilities due to improper
sanitization of user supplied input to the "page" parameter of
"index.php" and the "f" parameter of "dv_gbook.php". DVGuestbook
versions 1.2.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/16968/exploit
______________________________________________________________________
06.10.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VBZoom Profile.PHP Cross-Site Scripting
Description: VBZoom is a forum application. It is vulnerable to a
cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "UserID" parameter of the "profile.php"
script. VBZoom version 1.11 is vulnerable.
Ref: http://www.securityfocus.com/bid/16969
______________________________________________________________________
06.10.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RunCMS Bigshow.PHP Cross-Site Scripting
Description: RunCMS is a content management system. RunCMS is prone to
a cross site scripting vulnerability due to improper sanitization of
user supplied input. This issue affects the "id" URI parameter of the
"bigshow.php" script.
Ref: http://www.securityfocus.com/bid/16970/exploit
______________________________________________________________________
06.10.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Game-Panel Login.PHP Cross-Site Scripting
Description: Game-Panel is a game management application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "message" URI parameter of
the "login.php" script. Game-Panel versions 2.6.1 and earlier are
vulnerable.
Ref: http://notlegal.ws/gamepanel.txt
______________________________________________________________________
06.10.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Link Bank Iframe.PHP Cross-Site Scripting
Description: Link Bank is a web link management application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "site" URI parameter of the
"iframe.php" script. All versions of Link Bank are vulnerable.
Ref: http://www.securityfocus.com/archive/1/426932
______________________________________________________________________
06.10.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Daverave HitHost Multiple Cross-Site Scripting Vulnerabilities
Description: HitHost is a web-based hit counter. Insufficeint
sanitization of the "user" parameter in the "deleteuser.php" script
and the "hits" parameter of the "viewuser.php" script exposes the
application to multiple cross site scripting vulnerabilities.
Ref: http://www.securityfocus.com/bid/17025
______________________________________________________________________
06.10.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: textfileBB Multiple Cross-Site Scripting Vulnerabilities
Description: textfileBB is a bulletin board application. It is prone
to multiple cross site scripting vulnerabilities due to insufficient
sanitization of user supplied input to the "mess" and "user"
parameters of the "messanger.php" script. textfileBB version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/17029/exploit
______________________________________________________________________
06.10.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: myBloggie Multiple Cross-Site Scripting Vulnerabilities
Description: myBloggie is a web log application. It is prone to
multiple cross-site scripting vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. myBloggie
versions 2.1.3 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17048
______________________________________________________________________
06.10.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DCP Portal Multiple Cross-Site Scripting Vulnerabilities
Description: DCP Portal is a web portal application. Insufficeint
sanitization of user-supplied input exposes the application to
multiple cross-site scripting issues. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17050
______________________________________________________________________
06.10.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: txtForum Multiple Cross-Site Scripting Vulnerabilities
Description: txtForum is web-based forum software implemented in PHP.
txtForum is prone to multiple cross site scripting vulnerabilities.
These issues are due to the application's failure to properly sanitize
user-supplied input. txtForum versions 1.0.4-dev and 1.0.3-dev are
reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17054/exploit
______________________________________________________________________
06.10.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: D2-Shoutbox SQL Injection
Description: D2-Shoutbox is a shoutbox module for Invision Power Board
(IPB). Insufficient sanitization of the "load" parameter exposes the
application to an SQL injection issue. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/16984
______________________________________________________________________
06.10.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CyBoards PHP Lite Process_post.PHP SQL Injection
Description: CyBoards PHP Lite is a forum application. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "parent" parameter of the
"process_post.php" script. CyBoards PHP Lite versions 1.25 and earlier
are vulnerable.
Ref: http://evuln.com/vulns/91/summary.html
______________________________________________________________________
06.10.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Akarru Social BookMarking Engine Users.PHP SQL Injection
Description: Akarru Social BookMarking Engine is a bookmark management
application. Insufficient sanitization of the "User Name" parameter of
the "users.php" script exposes the application to an SQL injection
issue. Akarru Social BookMarking versions prior to 0.4.3.4 are
affected.
Ref: http://www.securityfocus.com/bid/16989
______________________________________________________________________
06.10.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress User-Agent SQL Injection
Description: WordPress is a web-based publishing application.
Insufficeint sanitization of the "User-Agent" HTTP request header
exposes the application to an SQL injection issue. WordPress version
1.5.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/16950
______________________________________________________________________
06.10.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VBZoom Forum Show.PHP MainID SQL Injection
Description: VBZooM Forum is a web forum application. The application
is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied input to the "MainID" parameter of the
"show.php" script. VBZoom version 1.11 is vulnerable.
Ref: http://www.securityfocus.com/bid/16955/info
______________________________________________________________________
06.10.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TotalECommerce SQL Injection
Description: TotalECommerce is a web e-commerce application. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "id" parameter of the "index.asp"
script. TotalECommerce version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/16960
______________________________________________________________________
06.10.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Redblog RSS.PHP SQL Injection
Description: RedBLoG is affected by an SQL injection issue due to
insufficient sanitization of the "cat_id" parameter in the "rss.php"
script. RedBLoG version 0.5 is affected.
Ref: http://www.securityfocus.com/bid/17041
______________________________________________________________________
06.10.53 CVE: Not Available
Platform: Web Application
Title: Evo-Dev evoBlog Comment Post HTML Injection
Description: Evo-Dev evoBlog is a web log application. It is prone to
an HTML injection vulnerability due to insufficient sanitization of
user-supplied input to the "Name" and possibly other comment fields.
All versions of Evo-Dev evoBlog are vulnerable.
Ref: http://www.securityfocus.com/bid/16983
______________________________________________________________________
06.10.54 CVE: Not Available
Platform: Web Application
Title: Fantastic News Archive.PHP Remote Code Execution
Description: Fantastic News is a news reader application. It is prone
to a PHP code execution vulnerability. The input to the "archive.php"
script through the "script_path" parameter is not properly sanitized
before being passed to a PHP "require()" statement. Fantastic News
versions 2.1.2 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/16985
______________________________________________________________________
06.10.55 CVE: CVE-2006-0809, CVE-2006-0810, CVE-2006-0811
Platform: Web Application
Title: Skate Board Multiple Input Validation Vulnerabilities
Description: Skate Board is web-based forum software. It is prone to
multiple input validation vulnerabilities due to improper sanitization
of user supplied input. These vulnerabilities include SQL injection
vulnerabilities and a cross site scripting vulnerability. Skate Board
version 0.9 is affected.
Ref: http://www.securityfocus.com/archive/1/426658
______________________________________________________________________
06.10.56 CVE: Not Available
Platform: Web Application
Title: Aztek Forum New Message HTML Injection
Description: Aztek Forum is a web based forum application. It is prone
to an HTML injection vulnerability due to insufficient sanitization of
user-supplied input when posting a new forum message. Aztek Forum
version 4.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/16938
______________________________________________________________________
06.10.57 CVE: Not Available
Platform: Web Application
Title: Gregarius Multiple Input Validation Vulnerabilities
Description: Gregarius is web-based RSS feed agrigator. Insufficient
sanitization of user-supplied input exposes the application to
multiple cross site scripting and SQL injection issues. Gregarius
version 0.5.2 is affected.
Ref: http://www.securityfocus.com/bid/16939
______________________________________________________________________
06.10.58 CVE: CVE-2006-1127
Platform: Web Application
Title: Gallery Album Comments HTML Injection
Description: Gallery Album is an image gallery application. It is
vulnerable to an HTML injection issue due to insufficient sanitization
of the X_FORWARDED_FOR HTTP header. Gallery Album versions 2.0.0
through 2.0.2 are vulnerable
Ref: http://www.securityfocus.com/bid/16940
______________________________________________________________________
06.10.59 CVE: Not Available
Platform: Web Application
Title: Gallery Arbitrary File Deletion
Description: Gallery is prone to an arbitrary file deletion
vulnerability due to improper sanitization of user supplied session
cookie data. Gallery versions 2.0.0 through 2.0.2 are vulnerable to
this issue.
Ref: http://www.securityfocus.com/archive/1/426655
______________________________________________________________________
06.10.60 CVE: CVE-2006-0877
Platform: Web Application
Title: Easy Forum New User Image File HTML Injection
Description: Easy Forum is a web discussion forum application. It is
prone to an HTML injection vulnerability due to insufficient
sanitization of user-supplied input to the "Image File" field when
creating new users. Easy Forum version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/16958
______________________________________________________________________
06.10.61 CVE: Not Available
Platform: Web Application
Title: PHP-Stats Multiple Input Validation and Information Disclosure
Vulnerabilities
Description: PHP-Stats is a statistics package. It is vulnerable to
multiple input validation and information disclosure issues due to
insufficient sanitization of user-supplied input. PHP-Stats version
0.1.9.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/426762
______________________________________________________________________
06.10.62 CVE: Not Available
Platform: Web Application
Title: Pixelpost Multiple Input Validation Vulnerabilities
Description: Pixelpost is photoblog web application. It is prone to
multiple input validation vulnerabilities due to improper sanitization
of user supplied input. It is vulnerable to SQL injection
vulnerabilities and HTML injection vulnerabilities. Pixelpost versions
1.4.3 and 1.5 beta 1 are vulnberable to these issues; other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/16964
______________________________________________________________________
06.10.63 CVE: Not Available
Platform: Web Application
Title: Simplog Information Disclosure
Description: Simplog is a web log application. Insufficient
sanitization of the "act" and "blogid" parameter in the "index.php"
script exposes the application to a directory traversal and
information disclosure issues. Simplog version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/16965
______________________________________________________________________
06.10.64 CVE: Not Available
Platform: Web Application
Title: Bitweaver Title Field HTML Injection
Description: Bitweaver is a web application framework. It is prone to
an HTML injection vulnerability due to insufficient sanitization of
user-supplied input to the "title" field. Bitweaver version 1.2.1 is
vulnerable.
Ref: http://www.securityfocus.com/bid/16973
______________________________________________________________________
06.10.65 CVE: Not Available
Platform: Web Application
Title: M-Phorum Remote File Include
Description: M-phorum is a web-based forum application. It is prone to
a remote file include vulnerability due to improper sanitization of
user supplied input to the "go" parameter of "index.php". M-phorum
versions 0.2 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/16977
______________________________________________________________________
06.10.66 CVE: Not Available
Platform: Web Application
Title: Inter7 QmailAdmin PATH_INFO Buffer Overflow
Description: Inter7 QmailAdmin provides a web management interface for
qmail systems with virtual domains. Insufficient sanitization of the
"PATH_INFO" variable in the "qmailadmin.c" file exposes the
application to a buffer overflow issue. QmailAdmin versions 1.2.9 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/16994
______________________________________________________________________
06.10.67 CVE: Not Available
Platform: Web Application
Title: Eschew.Net PHPBannerExchange ResetPW.PHP Directory Traversal
Description: phpBannerExchange is a web-based banner exchange
application. It is prone to a directory traversal vulnerability due to
improper sanitization of user supplied input to the email address
field of the "resetpw.php" script. phpBannerExchange versions 2.0 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/426940
______________________________________________________________________
06.10.68 CVE: Not Available
Platform: Web Application
Title: Lurker Multiple Input Validation Vulnerabilities
Description: Lurker is a web-based email archive and search tool. It
is prone to multiple input validation vulnerabilities due to improper
sanitization of user-supplied input. The following specific issues
have been discovered: Cross site scripting vulnerability, Information
disclosure vulnerability, Arbitrary file overwrite vulnerability.
Lurker versions 2.0 and 0.1a are vulnerable.
Ref: http://www.securityfocus.com/bid/17003
______________________________________________________________________
06.10.69 CVE: Not Available
Platform: Web Application
Title: Link Bank Remote PHP Script Code Injection
Description: Link Bank is a web link management application. It is
prone to a remote PHP script code injection vulnerability due to
insufficient sanitization of user-supplied input to message posts. All
versions of Link Bank are vulnerable.
Ref: http://www.securityfocus.com/archive/1/426932
______________________________________________________________________
06.10.70 CVE: Not Available
Platform: Web Application
Title: Geeklog Lib-sessions.PHP Authorization Bypass
Description: Geeklog is affected by an authorization-bypass issue due
to insufficient sanitization in the "system/lib-sessions.php" script.
Please see the refrence link for a list of vulnerable versions.
Ref: http://www.securityfocus.com/bid/17010
______________________________________________________________________
06.10.71 CVE: Not Available
Platform: Web Application
Title: NMDeluxe News.PHP Multiple Input Validation Vulnerabilities
Description: NMDeluxe is a shopping cart application. It is prone to
multiple input validation vulnerabilities because it fails to properly
sanitize user-supplied input. NMDeluxe version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17017
______________________________________________________________________
06.10.72 CVE: CAN-2005-3128
Platform: Web Application
Title: SquirrelMail Redirect.PHP Cookie Theft
Description: SquirrelMail is a web based mail application. It is prone
to a cookie theft vulnerability. This issue affects the
"src/redirect.php" script when "register_globals" is enabled and the
malicious site resides in the same domain. SquirrelMail versions 1.4.6
- -rc1 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17005
______________________________________________________________________
06.10.73 CVE: CAN-2006-0750
Platform: Web Application
Title: Invision Power Board Multiple Input Validation Vulnerabilities
Description: Invision Power Board (IPB) is a web-based bulletin board
application. It is vulnerable to multiple input validation issues due
to insufficient sanitization of user-supplied input. Invision Power
Services Invision Board versions 2.1.5 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/16971
______________________________________________________________________
06.10.74 CVE: Not Available
Platform: Web Application
Title: Owl Intranet Engine Remote File Include
Description: Owl Intranet Engine is a web-based multiuser document
repository. It is prone to a remote file include vulnerability due to
insufficient sanitization of user supplied input to the
"xrms_file_root" parameter of "lib/OWL_API.php". Owl Intranet Engine
version 0.82 is vulnerable.
Ref: http://www.securityfocus.com/bid/17021/exploit
______________________________________________________________________
06.10.75 CVE: Not Available
Platform: Web Application
Title: Loudblog Multiple Input Validation Vulnerabilities
Description: Loudblog is a content management application. It is prone
to multiple input validation vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. Loudblog
version 0.41 is vulnerable.
Ref: http://www.securityfocus.com/bid/17023
______________________________________________________________________
06.10.76 CVE: Not Available
Platform: Web Application
Title: CAPI4HylaFAX Insecure Temporary File Creation
Description: CAPI4HylaFAX is an add on module for the HylaFAX faxing
and paging application. It creates temporary files in an insecure
manner. This may allow a local attacker to perform symbolic link
attacks. CAPI4HylaFAX version 1.3 is vulenrable.
Ref: http://www.securityfocus.com/bid/17034
______________________________________________________________________
06.10.77 CVE: CVE-2006-1122, CVE-2006-1123
Platform: Web Application
Title: D2KBlog Multiple Input Validation Vulnerabilities
Description: D2KBlog is web blog application. It is vulnerable to
multiple input validation issues such as SQL and HTML injection. This
is due to insufficient sanitization of user-supplied input. D2KBlog
versions 1.0.3 and earlier are vulnberable.
Ref: http://www.frsirt.com/english/advisories/2006/0896
______________________________________________________________________
06.10.78 CVE: Not Available
Platform: Web Application
Title: sBlog HTML Injection
Description: sBlog is a web log application. It is prone to HTML
injection vulnerabilities due to improper sanitization of user
supplied input before using it in dynamically generated content.
Specifically, the "title" field of user post comment page and the
"keyword" parameter of the "search.php" script are not properly
sanitized. sBlog version 0.7.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17044/exploit
______________________________________________________________________
06.10.79 CVE: Not Available
Platform: Web Application
Title: Manas Tungare Site Membership Script Multiple Input Validation
Vulnerabilities
Description: Manas Tungare Site Membership Script is a web-based
script. It is vulnerable to multiple input validation issues such as
SQL injection and cross-site scripting due to insufficient
sanitization of user-supplied input. All versions of Manas Tungare
Site Membership script are vulnerable.
Ref: http://secunia.com/advisories/19156/
______________________________________________________________________
06.10.80 CVE: Not Available
Platform: Web Application
Title: Easy File Sharing Web Server Multiple Input Validation
Vulnerabilities
Description: Easy File Sharing Web Server is a commercially available
web server software package distributed by EFS Software. It is
available for the Microsoft Windows platform. It is prone to the
following vulnerabilities: HTML injection vulnerability, denial of
service vulnerability, and an arbitrary file upload vulnerability.
Easy File Sharing Web Server version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/17046/exploit
______________________________________________________________________
06.10.81 CVE: Not Available
Platform: Web Application
Title: ADP Forum Subject Field HTML Injection
Description: ADP Forum is prone to an HTML injection vulnerability due
to improper sanitization of user supplied input before using it in
dynamically generated content. Specifically, input to the "Subject"
field of a message post is not properly sanitized. ADP Forum versions
2.0.3 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17047/exploit
______________________________________________________________________
06.10.82 CVE: Not Available
Platform: Web Application
Title: Gallery Multiple Local File Include Vulnerabilities
Description: Gallery is a web-based classified ads application. It is
vulnerable to multiple local file include issues due to insufficient
sanitization of user-supplied input to the "stepOrder[]" parameter in
both the "upgrade/index.php" and "install/index.php" scripts. Gallery
versions 2.0.3 and earlier are vulnerable.
Ref: http://milw0rm.com/exploits/1566
______________________________________________________________________
06.10.83 CVE: Not Available
Platform: Web Application
Title: Light Weight Calendar Index.PHP Remote Command Execution
Description: Light Weight Calendar is affected by a remote command
execution issue. The problem presents itself when attacker-supplied
data to the "date" parameter of the "index.php" script is not properly
sanitized before being used in an "eval()" call.
Ref: http://www.securityfocus.com/bid/17059
______________________________________________________________________
06.10.84 CVE: Not Available
Platform: Web Application
Title: Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass
Description: Jiros Banner Experience Pro is an advertising banner
management application. It is prone to an authorization bypass
vulnerability. The application fails to properly perform
authentication before granting access. The "addadmin.asp" script
doesn't properly validate session data when authenticating a user.
Jiros Banner Experience Pro version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/17060
______________________________________________________________________
06.10.85 CVE: Not Available
Platform: Web Application
Title: txtForum Remote PHP Script Code Injection
Description: txtForum is a forum application. It is vulnerable to a
remote PHP code injection issue due to insufficient sanitization of
the "application skins". txtForum versions 1.0.4 -dev and earlier are
vulnerable.
Ref: http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-004.txt
______________________________________________________________________
06.10.86 CVE: CVE-2006-1067, CVE-2006-1068
Platform: Network Device
Title: Multiple Router Vendor Remote IRC Denial Of Service
Description: Linksys and Netgear routers are vulnerable to a remote
IRC denial of service issue due to insufficient handling a malformed
"DCC SEND" string command to an IRC channel. Routers such as Linksys
WRT54G, Netgear 614 and 624 running the vxWorks-based operating system
are vulnerable.
Ref: http://www.securityfocus.com/archive/1/426756
______________________________________________________________________
06.10.87 CVE: CVE-2006-1115
Platform: Network Device
Title: nCipher Insecure Diffie-Hellman Key Generation
Description: nCipher products utilize cryptography to protect
sensitive data and communications. Some are vulnerable to an insecure
Diffie-Hellman (DH) key generation weakness when DH private/public key
pairs are created without passing the "DiscreteLogGroup" parameter.
nCipher Software CD version 9.0 resolves the issue.
Ref: http://www.ncipher.com/resources/95/sa12_insecure_generation_of_d
iffiehellman_keys
______________________________________________________________________
06.10.88 CVE: Not Available
Platform: Network Device
Title: Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
Description: Xerox WorkCentre / CopyCentre are web enabled printers
and copiers. They are vulnerable to multiple issues such as a denial
of service. Xerox WorkCentre / CopyCentre software versions
1.001.02.074 and 1.001.02.716 resolves the issue.
Ref: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf
______________________________________________________________________
(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
==end==
Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEFadU+LUG5KFpTkYRAlkPAJ9jm1uYwwNlR/A3k5Ov97Ta8C7OeACfct6H
ArUQ97RTXCjgEUVhTw/1ouI=
=KpQE
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]