NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2006

RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 13

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Apr 03 2006 - 14:01:49 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

More than 95 new vulnerabilities discovered this week - only one, in
Veritas NetBackup, is critical. But notice, in Part II, cross-site
scripting vulnerabilities abound. What will it take to get web
developers to program securely?

Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 3, 2006 Vol. 5. Week 13
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:
===================================================================
Platform # of Updates & Vulnerabilities
===================================================================
Windows 1
Other Microsoft Products 2
Third Party Windows Apps 1
Mac Os 1
Linux 2
HP-UX 1
BSD 1
Solaris 1
Unix 3
Cross Platform 9 (#1)
Web Application - Cross Site Scripting 32
Web Application - SQL Injection 24
Web Application 17

********************* Sponsored By Sourcefire ***************************

Sourcefire, the creator of Snort(R), is offering the Open Source Snort
community two comprehensive courses: "Snort: Building and Operating"
and "Snort Rules."

Purchase both Snort courses either as an instructor-led or 60-day online
training bundle and receive a FREE Snort Certified Professional exam
(save $395).

For more information: http://www.sans.org/info.php?id=1089

Contact Sourcefire Training at 800.501.6008 or at:
hhttp://www.sans.org/info.php?id=1089
*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Symantec Veritas NetBackup Multiple Buffer Overflows

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
06.13.1 - Windows Help Image Processing Heap Overflow
-- Other Microsoft Products
06.13.2 - Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
06.13.3 - Microsoft Office XP Array Index Denial of Service
-- Third Party Windows Apps
06.13.4 - Symantec Norton Antivirus Remote Denial of Service
-- Mac Os
06.13.5 - Apple Mac OS X ImageIO Remote Denial of Service
-- Linux
06.13.6 - Tetris-BSD Tetris-bsd.scores Local Privilege Escalation
06.13.7 - BusyBox Insecure Password Hash Weakness
-- HP-UX
06.13.8 - HP-UX Passwd Unspecified Local Denial of Service
-- BSD
06.13.9 - NetBSD If_Bridge(4) Kernel Memory Disclosure
-- Solaris
06.13.10 - Sun Cluster SunPlex Manager Unauthorized File Access
-- Unix
06.13.11 - FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities
06.13.12 - MPlayer Multiple Integer Overflow Vulnerabilities
06.13.13 - DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities
-- Cross Platform
06.13.14 - Blazix Java Application/Web Server JSP Source Disclosure
06.13.15 - LibVC VCard Processing Buffer Overflow
06.13.16 - csDoom 2005 Multiple Buffer Overflow and Format String Vulnerabilities
06.13.17 - VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
06.13.18 - Debian GNU/Linux Multiple Packages Insecure RUNPATH
06.13.19 - FreeRadius RLM_SQLCounter SQL Injection
06.13.20 - GNU Mailman Attachment Scrubber Malformed MIME Message Denial of Service
06.13.21 - Samba Machine Trust Account Local Information Disclosure
06.13.22 - XFIT/S Unspecified Denial of Service
-- Web Application - Cross Site Scripting
06.13.23 - phpmyfamily Track.PHP Cross-Site Scripting
06.13.24 - phpCOIN Multiple Cross-Site Scripting Vulnerabilities
06.13.25 - CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities
06.13.26 - FusionZONE couponZONE Multiple Cross-Site Scripting Vulnerabilities
06.13.27 - classifiedZONE Accountlogon.CFM Cross-Site Scripting
06.13.28 - SupportTrio Multiple Cross-Site Scripting Vulnerabilities
06.13.29 - VihorDesing Index.PHP Cross-Site Scripting
06.13.30 - ConfTool Index.PHP Cross-Site Scripting
06.13.31 - Metisware Instructor PersonalTaskEdit.ASP Cross-Site Scripting
06.13.32 - EZHomePagePro Multiple Cross-Site Scripting Vulnerabilities
06.13.33 - Calendar Express Multiple Cross-Site Scripting Vulnerabilities
06.13.34 - Absolute FAQ Manager Cross-Site Scripting
06.13.35 - uniForum Multiple Cross-Site Scripting Vulnerabilities
06.13.36 - dotNetBB Forums dotNetBB Cross-Site Scripting
06.13.37 - Toast Forums Toast.ASP Multiple Cross-Site Scripting Vulnerabilities
06.13.38 - G-Book Cross-Site Scripting
06.13.39 - SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting
06.13.40 - Online Quiz System Multiple Cross-Site Scripting Vulnerabilities
06.13.41 - Meeting Reserve SearchResult.PHP Cross-Site Scripting
06.13.42 - Caloris Planitia Technologies School Management System Cross-Site Scripting
06.13.43 - Web Host Automation Ltd. Helm Multiple Cross-Site Scripting Vulnerabilities
06.13.44 - BlankOL Bol.CGI Multiple Cross-Site Scripting Vulnerabilities
06.13.45 - Arab IT ArabPortal System Cross-Site Scripting
06.13.46 - Connect Daily Multiple Cross-Site Scripting Vulnerabilities
06.13.47 - AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities
06.13.48 - PHPKIT Cross-Site Scripting
06.13.49 - PHP Script Index Search Parameter Cross-Site Scripting
06.13.50 - PHP Classifieds Search.PHP Cross-Site Scripting
06.13.51 - PhxContacts Login.PHP Cross-Site Scripting
06.13.52 - EzASPSite Default.ASP SQL Injection
06.13.53 - VNews Multiple Cross-Site Scripting
06.13.54 - Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
06.13.55 - Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection
06.13.56 - PhpCollab Sendpassword.PHP SQL Injection
06.13.57 - FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
06.13.58 - Cholod MySQL Based Message Board Mb.CGI SQL Injection
06.13.59 - PHP Ticket Search.PHP SQL Injection
06.13.60 - PHPBookingCalendar Details_View.PHP SQL Injection
06.13.61 - Nuked-Klan Index.PHP SQL Injection
06.13.62 - SaphpLesson Print.PHP SQL Injection
06.13.63 - AkoComment akocomment.PHP Multiple SQL Injection Vulnerabilities
06.13.64 - Maian Weblog Multiple SQL Injection Vulnerabilities
06.13.65 - Pixel Motion Multiple SQL Injection Vulnerabilities
06.13.66 - DSLogin Index.PHP Multiple SQL Injection Vulnerabilities
06.13.67 - NetOffice Sendpassword.PHP SQL Injection
06.13.68 - OneOrZero Helpdesk Index.PHP SQL Injection
06.13.69 - Tilde CMS Index.PHP SQL Injection
06.13.70 - Null News Multiple SQL Injection Vulnerabilities
06.13.71 - phpNewsManager Multiple SQL Injection Vulnerabilities
06.13.72 - vCounter vCounter.PHP SQL Injection
06.13.73 - Sourceworkshop Newsletter Newsletter.PHP SQL Injection
06.13.74 - PhxContacts Multiple SQL Injection Vulnerabilities
06.13.75 - VNews Multiple SQL Injection Vulnerabilities
06.13.76 - X-Changer Multiple SQL Injection Vulnerabilities
06.13.77 - O2PHP Oxygen Post.PHP SQL Injection
06.13.78 - qliteNews Multiple SQL Injection Vulnerabilities
-- Web Application
06.13.79 - MediaWiki Encoded Page Link HTML Injection
06.13.80 - Noah Grey Greymatter Arbitrary File Upload
06.13.81 - RealestateZONE Multiple Cross-Site Scripting Vulnerabilities
06.13.82 - WEBalbum Remote Command Execution
06.13.83 - PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
06.13.84 - TFT Gallery Administrator Password Information Disclosure
06.13.85 - Xigla Absolute Live Support XE Multiple HTML Injection Vulnerabilities
06.13.86 - TWiki Remote Denial Of Service
06.13.87 - TWiki Remote Information Disclosure
06.13.88 - VWar Functions_install.PHP Remote File Include
06.13.89 - Horde Help Viewer Remote PHP Code Execution
06.13.90 - Explorer XP Multiple Input Validation Vulnerabilities
06.13.91 - PHP Live Helper Multiple Remote File Include Vulnerabilities
06.13.92 - VWar Functions_Admin.PHP Remote File Include
06.13.93 - VBook multiple Cross-Site Scripting and SQL Injection Vulnerabilities
06.13.94 - MediaSlash Gallery Index.PHP Remote File Include
06.13.95 - Mon Album Multiple SQL Injection Vulnerabilities

************************* Sponsored Links: *****************************
1) SANS OnSite InfoSec Training Your Location! Your Schedule! Lower
Cost! Receive a bonus seat for your OnSite Course (up to $4,750 value).
Simply complete the interest form today!
http://www.sans.org/info.php?id=1087

2) Security 508: System Forensics, Investigation & Response via
SANSHome starts April 19!
http://www.sans.org/athome/details.php?id=1404
Also Security 506: Securing Unix/Linux led by the SANS System
Administrators
http://www.sans.org/athome/details.php?id=1431
See http://www.sans.org/athome/ for complete SANSHome listings.
PART I Critical Vulnerabilities
***********************************************************************

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of
3Com, as a by-product of that company's continuous effort to ensure that
its intrusion prevention products effectively block exploits using known
vulnerabilities. TippingPoint's analysis is complemented by input from
a council of security managers from twelve large organizations who
confidentially share with SANS the specific actions they have taken to
protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk

*************************
Widely Deployed Software
*************************

(1) HIGH: Symantec Veritas NetBackup Multiple Buffer Overflows
Affected:
Both server and client software is affected for the following products
on all platforms.
NetBackup Enterprise Server/NetBackup Server versions 5.0, 5.1 and 6.0
NetBackup DataCenter and BusinesServer version 4.5FP and 4.5MP

Description: Veritas NetBackup software offers a backup and recovery
solution for mid to large size enterprises. The backup server, as well
as, client contains stack-based buffer overflows that can be triggered
by sending specially crafted requests to the volume manager daemon
(13701/tcp), the Catalog daemon (13721/tcp) or the Sharepoint services
daemon (13724/tcp). The problem arises because user-supplied input is
copied to the process stack without any bounds checking. The buffer
overflows can be easily exploited to execute arbitrary code. The
technical details required to craft an exploit have been publicly
posted. If the backup software is installed on a large number of
enterprise desktop systems (a typical configuration that enables users
to back up their important data), the vulnerabilities can be leveraged
to compromise a large number of systems.

Status: Veritas has released patches for all the affected software. A
workaround is to block ports 13701/tcp, 13721/tcp and 13724/tcp at the
network perimeter. The overflows in the backup software have been widely
exploited during last year, and as a general security practice it is
recommended to also block the other ports used by this software at the
network perimeter. The list of ports is available here:
http://seer.support.veritas.com/docs/279553.htm

Council Site Actions: More than half of the council sites are using the
affected software. Most of these sites plan to deploy the patches
during their next regularly scheduled system maintenance. One site
commented that they just finished migrating to Legato and used this
vulnerability as an excuse to turn the old system off. They had been
running the old system. "just in case", off. Another site said that as
a result of this vulnerability, they built a test server that same day
in preparation for a full version upgrade of Veritas.

References:
Veritas Advisory
http://support.veritas.com/docs/281521
ZDI Advisories
http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
http://www.zerodayinitiative.com/advisories/ZDI-06-006.html
Securiteam Advisory
http://www.securiteam.com/securitynews/5JP0L2KI0A.html
Product Homepages and Information
http://eval.veritas.com/mktginfo/products/White_Papers/Data_Protection/nbu_6_tech_overview_wp_060105.pdf
http://www.veritas.com/Products/www?c=product&refId=58
http://www.veritas.com/Products/www?c=product&refId=2
SecurityFocus BIDs
http://www.securityfocus.com/bid/17264

*************************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 13, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4955 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

06.13.1 CVE: Not Available
Platform: Windows
Title: Windows Help Image Processing Heap Overflow
Description: winhlp32.exe is the Microsoft Windows Help File viewer.
It is vulnerable to a heap overflow issue when handling a specially
crafted Windows Help (.hlp) file containing a malicious image. See the
advisory for a list of vulnerable Windows operating systems.
Ref: http://www.open-security.org/advisories/15
http://www.securityfocus.com/bid/17325/info
______________________________________________________________________

06.13.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft .NET Framework SDK MSIL Tools Buffer Overflow
Vulnerabilities
Description: The Microsoft .NET Framework SDK is a development kit
used to create applications for the .NET environment. Microsoft .NET
Framework SDK contains tools for assembling and disassembling MSIL
files. These tools are prone to buffer overflow vulnerabilities that
could be exploited to cause a denial of service or potentially execute
arbitrary code.
Ref: http://www.securityfocus.com/bid/17243/exploit
______________________________________________________________________

06.13.3 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Office XP Array Index Denial of Service
Description: Microsoft Office is prone to a denial of service
condition when handling malformed files. Specifically, when .xls or
.xlw files containing a malformed array index is opened using Excel,
Word, or PowerPoint, an exception will be thrown by the "mso.dll"
library. Office XP is vulnerable to this issue; other versions may
also be affected.
Ref: http://www.securityfocus.com/bid/17252/exploit
______________________________________________________________________

06.13.4 CVE: CVE-2005-0922, CVE-2005-0923
Platform: Third Party Windows Apps
Title: Symantec Norton Antivirus Remote Denial of Service
Description: Symantec Norton Antivirus is vulnerable to a remote
unspecified denial of service issue when handling a malicious file
with the Auto-Protect module. See the reference for a list of
vulnerable versions.
Ref: http://secunia.com/advisories/14741/
______________________________________________________________________

06.13.5 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X ImageIO Remote Denial of Service
Description: ImageIO is susceptible to a remote denial of service
vulnerability. This issue is due to a failure to properly process
malicious image files. This issue allows remote users to crash the
applications which use the ImageIO API, denying further service to
users.
Ref: http://www.securityfocus.com/bid/17321
______________________________________________________________________

06.13.6 CVE: CVE-2006-1539
Platform: Linux
Title: Tetris-BSD Tetris-bsd.scores Local Privilege Escalation
Description: Tetris-BSD is a multi-player game ported to the Linux
operating system. This game is prone to a local privilege escalation
vulnerability. An attacker who is a member of the "games" group can
modify the state data in the "/var/games/tetris-bsd.scores" file, and
trigger the execution of arbitrary code with another player's
privileges. This vulnerability exists in the "checkscores()" function
in the "scores.c" source code file.
Ref: http://www.securityfocus.com/archive/1/429296
______________________________________________________________________

06.13.7 CVE: CVE-2006-1058
Platform: Linux
Title: BusyBox Insecure Password Hash Weakness
Description: BusyBox is a Linux utility designed to implement the
functionality of fileutils and shellutils binaries. It is susceptible
to an insecure password hash weakness due to a design flaw that
results in password hashes being created without utilizing a salt.
BusyBox Linux Utilities version 1.1.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17330
______________________________________________________________________

06.13.8 CVE: Not Available
Platform: HP-UX
Title: HP-UX Passwd Unspecified Local Denial of Service
Description: HP-UX passwd(1) is prone to an unspecified local denial
of service vulnerability. Some unspecified error conditions cause
"/sbin/passwd" to improperly handle exceptional conditions resulting
in a denial of service condition. HP-UX versions B.11.23 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/17280
______________________________________________________________________

06.13.9 CVE: Not Available
Platform: BSD
Title: NetBSD If_Bridge(4) Kernel Memory Disclosure
Description: NetBSD "if_bridge(4)" is prone to a kernel memory
disclosure vulnerability. This issue arises due to a design error.
Specifically, the issue presents itself because the bridge(4) ioctl(2)
calls do not clear stack memory after temporarily storing the results
of the ioctl(2) requests before copying the result back to the calling
process.
Ref: http://www.securityfocus.com/bid/17312
______________________________________________________________________

06.13.10 CVE: Not Available
Platform: Solaris
Title: Sun Cluster SunPlex Manager Unauthorized File Access
Description: Sun Cluster is the high-availability software package
maintained and distributed by Sun Microsystems. It is prone to a
vulnerability that can allow local users to gain unauthorized access
to files, which can facilitate disclosure of sensitive information.
Specifically, this issue exists in the SunPlex Manager GUI application
and likely arises due to an access validation error. This issue
affects Sun Cluster 3.1 4/04 for Solaris 8 and 9.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102278-1
&searchclause=
______________________________________________________________________

06.13.11 CVE: CVE-2005-4746
Platform: Unix
Title: FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow
Vulnerabilities
Description: FreeRADIUS is an implementation of the RADIUS protocol.
FreeRADIUS is prone to multiple buffer overflow vulnerabilities in an
unspecified fashion in the "rlm_sqlcounter" module and through
unspecified means when expanding "%t" sequences.
Ref: http://www.freeradius.org/security.html
______________________________________________________________________

06.13.12 CVE: Not Available
Platform: Unix
Title: MPlayer Multiple Integer Overflow Vulnerabilities
Description: MPlayer is a multimedia video and audio application. It
is susceptible to two integer overflow vulnerabilities which are
caused by the way the application handles ASF and AVI file headers.
MPlayer version 1.0.20060329 is affected.
Ref: http://www.securityfocus.com/bid/17295
______________________________________________________________________

06.13.13 CVE: Not Available
Platform: Unix
Title: DIA XFIG File Import Multiple Remote Buffer Overflow
Vulnerabilities
Description: DIA is a gtk-based program for creating diagrams. The
application fails to properly bounds-check user-supplied input before
copying it into insufficiently sized memory buffers resulting into
multiple buffer overflow issues.
Ref: http://www.securityfocus.com/bid/17310
______________________________________________________________________

06.13.14 CVE: Not Available
Platform: Cross Platform
Title: Blazix Java Application/Web Server JSP Source Disclosure
Description: Blazix Java Application/Web Server is Java application
server. A problem with Blazix Java Application/Web Server may result
in the disclosure of the source code of Java Server Pages (JSP). This
issue is due to a failure in the server to properly validate the
filename extension. This issue affects Blazix Java Application/Web
Server 1.2.5 on Windows; other versions may be vulnerable as well.
Ref: http://www.securityfocus.com/archive/1/429108
______________________________________________________________________

06.13.15 CVE: CVE-2006-1356
Platform: Cross Platform
Title: LibVC VCard Processing Buffer Overflow
Description: LibVC is a library that is used to process vcard files.
It is vulnerable to a buffer overflow in the count_vcards function in
LibVC when handling a line that is longer than 256 bytes. LibVC
version 003 is vulnerable.
Ref: http://osvdb.org/ref/23/23985-libvc.txt
______________________________________________________________________

06.13.16 CVE: CVE-2006-1403, CVE-2006-1402
Platform: Cross Platform
Title: csDoom 2005 Multiple Buffer Overflow and Format String
Vulnerabilities
Description: csDoom 2005 is a network enabled version of Doom that is
available for multiple platforms. csDoom 2005 is susceptible to
multiple buffer overflow and format string vulnerabilities. These
issues may allow attackers to execute arbitrary machine code in the
context of the affected application. Both clients and servers are
affected by these issues.
Ref: http://aluigi.altervista.org/adv/csdoombof-adv.txt
______________________________________________________________________

06.13.17 CVE: CVE-2006-0989, CVE-2006-0990, CVE-2006-0991
Platform: Cross Platform
Title: VERITAS NetBackup Multiple Remote Buffer Overflow
Vulnerabilities
Description: VERITAS NetBackup is a network enabled backup solution
from VERITAS. It is available for various platforms. Various daemons
running in VERITAS NetBackup are prone to buffer overflow
vulnerabilities. These issues arise because the application fails to
perform boundary checks prior to copying user-supplied data into
process buffers. Specifically, the vulnerabilities affect the volume
manager daemon (vmd), the NetBackup Catalog daemon (bpdbm) and the
NetBackup Sharepoint Services server daemon (bpspsserver). A
successful attack may allow remote attackers to execute arbitrary code
on a vulnerable computer to gain unauthorized access in the context of
the application.
Ref: http://www.symantec.com/avcenter/security/Content/2006.03.27.html

______________________________________________________________________

06.13.18 CVE: Not Available
Platform: Cross Platform
Title: Debian GNU/Linux Multiple Packages Insecure RUNPATH
Description: Debian GNU/Linux has a "buildd" automatic package
compilation system. Multiple packages in Debian GNU/Linux are
susceptible to an insecure RUNPATH vulnerability. This issue is due to
a flaw in the build system that results in insecure RUNPATHs being
included in certain binaries.
Ref: http://www.securityfocus.com/bid/17288/references
______________________________________________________________________

06.13.19 CVE: CVE-2005-4745
Platform: Cross Platform
Title: FreeRadius RLM_SQLCounter SQL Injection
Description: FreeRADIUS is an implementation of the RADIUS protocol.
It is prone to an SQL injection vulnerability due to insufficient
sanitization of user-supplied input to the "rlm_sqlcounter" module.
FreeRADIUS versions 1.0.4 and 1.0.3 are vulnerable.
Ref: http://www.securityfocus.com/bid/17294
______________________________________________________________________

06.13.20 CVE: CVE-2006-0052
Platform: Cross Platform
Title: GNU Mailman Attachment Scrubber Malformed MIME Message Denial
of Service
Description: GNU Mailman is prone to denial of service attacks. This
issue affects the attachment scrubber utility. The issue is caused by
improper exception handling in the "Scrubber.py" script. The specific
issue is caused when the script handles an email that includes a
single malformed multipart MIME-encoded part. GNU Mailman version 2.5
when used in conjunction with Python email is vulnerable.
Ref: http://www.securityfocus.com/bid/17311/references
______________________________________________________________________

06.13.21 CVE: CVE-2006-1059
Platform: Cross Platform
Title: Samba Machine Trust Account Local Information Disclosure
Description: Samba is susceptible to a local information disclosure
vulnerability. This issue is due to a design error that potentially
leads to sensitive information being written to log files. This occurs
when the debugging level has been set to 5 or higher. Samba versions
3.0.21 through to 3.0.21c that use the "winbindd" daemon are
susceptible to this issue.
Ref: http://www.samba.org/samba/security/CAN-2006-1059.html
______________________________________________________________________

06.13.22 CVE: Not Available
Platform: Cross Platform
Title: XFIT/S Unspecified Denial of Service
Description: XFIT/S is prone to a denial of service vulnerability. The
vulnerability presents itself when the application receives data
unexpectedly. This causes the server and control processes of the
application to halt and stop accepting file transfer requests.
Ref: http://www.hitachi-support.com/security_e/vuls_e/HS06-004_e/index
- -e.html
______________________________________________________________________

06.13.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpmyfamily Track.PHP Cross-Site Scripting
Description: phpmyfamily is a genealogy website builder application
implemented in PHP. It is prone to a cross-site scripting
vulnerability due to insufficient sanitization of user-supplied input
to the "name" parameter of the "track.php" script. phpmyfamily version
1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/17278
______________________________________________________________________

06.13.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpCOIN Multiple Cross-Site Scripting Vulnerabilities
Description: phpCOIN is a client, order and helpdesk management
solution. Insufficeint sanitization of the "fs" parameter of the
"mod.php" and the "mod_print.php" scripts exposes the application to
multiple cross-site scripting issues. phpCOIN versions 1.2.2 and
earlier are affetced.
Ref: http://www.securityfocus.com/bid/17279
______________________________________________________________________

06.13.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities
Description: CONTROLzx HMS is a content management system. It is prone
to multiple cross-site scripting vulnerabilities due to improper
sanitization of user-supplied input to the "sharedPlanID" parameter of
the "shared_order.php" script, the "dedicatedPlanID" parameter of the
"dedicated_order.php" script, and the "plan_id" parameter of the
"server_management.php" script. CONTROLzx HMS version 3.3.4 is
vulnerable; other versions may be affected as well.
Ref: http://www.securityfocus.com/bid/17282/exploit
______________________________________________________________________

06.13.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FusionZONE couponZONE Multiple Cross-Site Scripting
Vulnerabilities
Description: couponZONE is a web-based coupon management application.
It is prone to multiple cross-site scripting vulnerabilities due to
insufficient sanitization of user-supplied input to the "srchfor" and
"srchby" parameters of the "local.cfm" file. couponZONE version 4.2 is
vulnerable.
Ref: http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html
______________________________________________________________________

06.13.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: classifiedZONE Accountlogon.CFM Cross-Site Scripting
Description: classifiedZONE is a classified ad management system
implemented in ColdFusion. Insufficient sanitization of the "rtn"
parameter of the "accountlogon.cfm" page exposes the application to a
cross-site scripting issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17273
______________________________________________________________________

06.13.28 CVE: CVE-2006-1487
Platform: Web Application - Cross Site Scripting
Title: SupportTrio Multiple Cross-Site Scripting Vulnerabilities
Description: ActiveCampaign SupportTrio is a web-based technical
support management application. It is vulnerable to multiple
cross-site scripting issues due to insufficient sanitization of
user-supplied input to the "article" and "print" parameters of the
"index.php" script and the "category" parameter of the "pdf.php"
script. ActiveCampaign SupportTrio version 2.50.2 is vulnerable.
Ref: http://pridels.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html
______________________________________________________________________

06.13.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VihorDesing Index.PHP Cross-Site Scripting
Description: VihorDesing is a banner rotation application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "page" parameter of the
"index.php" script. All versions of VihorDesign are vulnerable.
Ref: http://www.securityfocus.com/archive/1/428737
______________________________________________________________________

06.13.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ConfTool Index.PHP Cross-Site Scripting
Description: ConfTool is a conference management application
implemented in PHP. It is prone to a cross-site scripting
vulnerability due to insufficient sanitization of user-supplied input
to the "page" parameter of the "index.php" script. ConfTool version
1.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17231
______________________________________________________________________

06.13.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Metisware Instructor PersonalTaskEdit.ASP Cross-Site Scripting
Description: Metisware Instructor is an e-learning application. It is
prone to a cross-site scripting vulnerability due to improper
sanitization of user-supplied input to the "Task" parameter of the
"PersonalTaskEdit.asp" script. Metisware Instructor version 1.3 is
vulnerable.
Ref: http://pridels.blogspot.com/2006/03/metisware-instructor-xss-vuln.html
______________________________________________________________________

06.13.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EZHomePagePro Multiple Cross-Site Scripting Vulnerabilities
Description: EZHomePagePro is a web-based community application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input parameters such as "adid",
"aname", "m" and "usid". HTMLJunction EZHomePagePro version 1.5 is
vulnerable.
Ref: http://pridels.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html
______________________________________________________________________

06.13.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Calendar Express Multiple Cross-Site Scripting Vulnerabilities
Description: Calendar Express is a web application for creating
calendars. It is prone to multiple cross-site scripting
vulnerabilities due to insufficient sanitization of user-supplied
input to the "allwords" and 'oneword" parameters in the "search.php"
script. Calendar Express version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/17240
______________________________________________________________________

06.13.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Absolute FAQ Manager Cross-Site Scripting
Description: Absolute FAQ Manager is a web based FAQ manager.
Insufficient sanitization of the "question" parameter exposes the
application to a cross-site scripting issue. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17242
______________________________________________________________________

06.13.35 CVE: CVE-2006-1406
Platform: Web Application - Cross Site Scripting
Title: uniForum Multiple Cross-Site Scripting Vulnerabilities
Description: uniForum is a web application for creating forums. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "txtuser" and "txtpassword"
parameters of the "websecadmin.aspx" script. uniForum version 4 is
vulnerable.
Ref: http://pridels.blogspot.com/2006/03/uniforum-xss-vuln.html
______________________________________________________________________

06.13.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: dotNetBB Forums dotNetBB Cross-Site Scripting
Description: dotNetBB is a web-based forum application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "em" parameter of
"iforget.aspx script. dotNetBB version 2.42EC SP 3 is vulnerable.
Ref: http://pridels.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html
______________________________________________________________________

06.13.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Toast Forums Toast.ASP Multiple Cross-Site Scripting
Vulnerabilities
Description: Toast Forums is a web-based forum application written in
ASP. It is prone to multiple cross-site scripting vulnerabilities due
to insufficient sanitization of user-supplied input to the "author",
"message", "subject" and "dayprune" parameters of the "toast.asp"
script. Toast Forums versions 1.6 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/03/xss-in-toast-forums-16.html
______________________________________________________________________

06.13.38 CVE: CVE-2006-1398
Platform: Web Application - Cross Site Scripting
Title: G-Book Cross-Site Scripting
Description: G-Book is a web-based guestbook application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "g_message" field of the
"guestbook.php" script. G-Book version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/428900
______________________________________________________________________

06.13.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SweetSuite.NET Content Management System Search.ASPX Cross-Site
Scripting
Description: SweetSuite.NET Content Management System (CMS) is a web
application. It is vulnerable to a cross-site scripting issue due to
insufficient sanitization of user-supplied input to the "keywords"
parameter of the "search.aspx" script. SweetSuite.NET CMS version 2.1
is vulnerable.
Ref: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html
______________________________________________________________________

06.13.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Online Quiz System Multiple Cross-Site Scripting
Vulnerabilities
Description: Online Quiz System is a web-based quiz and examination
application. Online Quiz System is prone to multiple cross-site
scripting vulnerabilities. These issues are due to improper
sanitization of user-supplied input.
Ref: http://www.securityfocus.com/bid/17255/exploit
______________________________________________________________________

06.13.41 CVE: CVE-2006-1399
Platform: Web Application - Cross Site Scripting
Title: Meeting Reserve SearchResult.PHP Cross-Site Scripting
Description: Meeting Reserve is an on-line meeting reservation
application implemented in PHP. It is prone to a cross-site scripting
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input to the "search_term" parameter
of the "searchresult.php" script. An attacker may leverage this issue
to have arbitrary script code executed in the browser of an
unsuspecting user in the context of the affected site.
Ref: http://www.securityfocus.com/bid/17256
______________________________________________________________________

06.13.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Caloris Planitia Technologies School Management System
Cross-Site Scripting
Description: School Management System is affected by a cross-site
scripting issue due to insufficient sanitization of the "msg"
parameter of the "default.asp" page. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17257
______________________________________________________________________

06.13.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Web Host Automation Ltd. Helm Multiple Cross-Site Scripting
Vulnerabilities
Description: Helm is a server management and hosting control
application written in ASP. Helm is prone to multiple cross-site
scripting vulnerabilities due to a failure in the application to
properly sanitize user-supplied input. Helm version 3.2.10-beta is
reported to be vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/17263/exploit
______________________________________________________________________

06.13.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BlankOL Bol.CGI Multiple Cross-Site Scripting Vulnerabilities
Description: BlankOL is a solution to add services to a website.
Insufficeint saniitzation of the user-supplied input to the "file" and
"function" parameters of the "bol.cgi" script exposes the application
to multiple cross-site scripting issues. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17265
______________________________________________________________________

06.13.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Arab IT ArabPortal System Cross-Site Scripting
Description: ArabPortal System is a content management application
written in PHP. It is prone to a cross-site scripting vulnerability
due to a failure in the application to properly sanitize user-supplied
input to the "title" parameter used in the "online.php" and
"download.php" scripts. ArabPortal System version 2.0 is reported to
be vulnerable.
Ref: http://www.securityfocus.com/bid/17285/exploit
______________________________________________________________________

06.13.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Connect Daily Multiple Cross-Site Scripting Vulnerabilities
Description: Connect Daily is a calendar application implemented in
HTML and JavaScript. It is prone to multiple cross-site scripting
vulnerabilities because it fails to properly sanitize user-supplied
input to various scripts. Connect Daily versions 3.2.9 and 3.2.8 are
affected.
Ref: http://pridels.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html
______________________________________________________________________

06.13.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities
Description: AL-Caricatier is a PHP script written for Arabic
language. Insufficient sanitization of the "CatName", "CaricatierID"
and "CatID" parameters of the "view_caricatier.php" script exposes the
application to multiple cross-site scripting issues.
Ref: http://www.securityfocus.com/bid/17289
______________________________________________________________________

06.13.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHPKIT Cross-Site Scripting
Description: PHPKIT is a content management application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "error" parameter of the
"include.php" script. PHPKIT version 1.6.03 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/429249
______________________________________________________________________

06.13.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Script Index Search Parameter Cross-Site Scripting
Description: PHP Script Index is a directory indexing and file
management application. It is prone to a cross-site scripting
vulnerability due to a failure in the application to properly sanitize
user-supplied input to the "search" parameter.
Ref: http://www.securityfocus.com/bid/17297
______________________________________________________________________

06.13.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Classifieds Search.PHP Cross-Site Scripting
Description: PHP Classifieds is a classified advertisement
application. It is vulnerable to a cross-site scripting issue due to
insufficient sanitization of user-supplied input to the "searchword"
parameter of the "search.php" script. PHP Classifieds versions 6.18
and 6.20 are vulnerable.
Ref: http://www.securityfocus.com/bid/17305/info
______________________________________________________________________

06.13.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PhxContacts Login.PHP Cross-Site Scripting
Description: PhxContacts is an address-book application written in
PHP. PhxContacts is prone to a cross-site scripting vulnerability due
to a failure in the application to properly sanitize user-supplied
input to the "m" parameter of the "login.php" script. PhxContacts
versions 0.93.1 and prior are reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17307
______________________________________________________________________

06.13.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EzASPSite Default.ASP SQL Injection
Description: EzASPSite is a web-based application that is used to
create ASP-driven websites. It is prone to an SQL injection
vulnerability due to insufficient sanitization of user-supplied input
to the "Scheme" parameter of the "Default.asp" script. EzASPSite
versions 2.0 RC3 and earlier are affected by this issue.
Ref: http://www.securityfocus.com/bid/17309
______________________________________________________________________

06.13.53 CVE: CVE-2006-1544
Platform: Web Application - Cross Site Scripting
Title: VNews Multiple Cross-Site Scripting
Description: VNews is a news readers application, written in PHP.
VNews is prone to multiple cross-site scripting vulnerabilities
because it fails to properly sanitize user-supplied input to the
"autorkomentarza" and "tresckomentarza" parameters of the "news.php"
script.
Ref: http://evuln.com/vulns/112/summary.html
______________________________________________________________________

06.13.54 CVE: CVE-2006-0841
Platform: Web Application - Cross Site Scripting
Title: Mantis View_All_Set.PHP Multiple Cross-Site Scripting
Vulnerabilities
Description: Mantis is bug-tracking software. It is vulnerable to
multiple cross-site scripting issues due to insufficient sanitization
of user-supplied input to the "start_day", "start_year" and
"start_month" parameters of the "view_all_set.php" script. Mantis
versions 1.0.1 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/03/mantis-xss-vuln.html
______________________________________________________________________

06.13.55 CVE: CVE-2006-0540
Platform: Web Application - SQL Injection
Title: Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection
Description: VSNS Lemon is a weblog application implemented in PHP.
Lemon is prone to an SQL injection vulnerability due to insufficient
sanitization of user-supplied input to the "id" parameter of the
"functions/final_functions.php" script.
Ref: http://evuln.com/vulns/106/description.html
______________________________________________________________________

06.13.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpCollab Sendpassword.PHP SQL Injection
Description: PhpCollab is a collaboration and project management
application. It is vulnerable to an SQL injection issue due to
insufficient sanitization of user-supplied input to the "loginForm"
parameter of the "sendpassword.php" script. PHPCollab versions 2.5.rc3
and earlier are vulnerable.
Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_SQLINJ.php
______________________________________________________________________

06.13.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
Description: couponZONE is a web-based coupon management application.
It is prone to multiple SQL-injection vulnerabilities. The application
fails to properly sanitize user-supplied input. Specifically, data
passed to the "companyid", "scat" and "coid" parameters of the
"local.cfm" script is not properly sanitized. couponZONE 4.2 is
reported to be vulnerable; other versions may be affected as well.
Ref: http://www.securityfocus.com/bid/17274/exploit
______________________________________________________________________

06.13.58 CVE: CVE-2006-1395
Platform: Web Application - SQL Injection
Title: Cholod MySQL Based Message Board Mb.CGI SQL Injection
Description: Cholod MySQL Based Message Board is a web-based message
board application. It is vulnerable to an SQL injection issue due to
insufficient sanitization of user-supplied input to the "action"
parameter of the "mb.cgi" script. All versions of Cholod.com MySQL
Based Message Board are vulnerable.
Ref: http://www.securityfocus.com/bid/17224/info
______________________________________________________________________

06.13.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Ticket Search.PHP SQL Injection
Description: PHP Ticket is a ticketing application. It is prone to an
SQL injection vulnerability due to insufficient sanitization of
user-supplied input to the "search.php" script. PHP Ticket versions
0.71 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17229
______________________________________________________________________

06.13.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPBookingCalendar Details_View.PHP SQL Injection
Description: phpBookingCalendar is a booking calendar application
implemented in PHP. Insufficient sanitization of the "event_id"
variable of the "details_view.php" script exposes the application to
an SQL injection issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17230
______________________________________________________________________

06.13.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nuked-Klan Index.PHP SQL Injection
Description: Nuked-Klan is a content management system. Insufficient
sanitization of the "index.php" script exposes the application to SQL
injcetion issues. Nuked-Klan version 1.7.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17233
______________________________________________________________________

06.13.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SaphpLesson Print.PHP SQL Injection
Description: SaphpLesson is a web-based tutoring application
implemented in PHP. SaphpLesson is prone to an SQL injection
vulnerability due to improper sanitization of user-supplied input.
Specifically, data passed to the "lessid" parameter of the "print.php"
script is not properly sanitized. SaphpLesson version 2.0 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17239/exploit
______________________________________________________________________

06.13.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AkoComment akocomment.PHP Multiple SQL Injection
Vulnerabilities
Description: AkoComment is an add-on for the Mambo and Joomla content
management system. It is prone to multiple SQL injection
vulnerabilities due to insufficient sanitization of user-supplied
input to the "acname" and "contentid" parameters of the
"akocomment.php" script. AkoComment version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/428893
______________________________________________________________________

06.13.64 CVE: CVE-2006-1334
Platform: Web Application - SQL Injection
Title: Maian Weblog Multiple SQL Injection Vulnerabilities
Description: Maian Weblog is a web blog application written in PHP. It
is prone to multiple SQL injection vulnerabilities due to improper
sanitization of user-supplied input. Specifically, the application
fails to sanitize user-supplied input to the "entry" parameter of the
"print.php" script and the "email" parameter of the "mail.php" script
before using that input in SQL queries. Maian Weblog version 2.0 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17247/exploit
______________________________________________________________________

06.13.65 CVE: CVE-2006-1426
Platform: Web Application - SQL Injection
Title: Pixel Motion Multiple SQL Injection Vulnerabilities
Description: Pixel Motion is a web blog application. It is vulnerable
to multiple SQL injection issues due to insufficient sanitization of
user-supplied input to the "date" and "pass" parameters of the
"admin/index.php" script. All versions of Pixel Motion are vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1135
______________________________________________________________________

06.13.66 CVE: CVE-2006-1238
Platform: Web Application - SQL Injection
Title: DSLogin Index.PHP Multiple SQL Injection Vulnerabilities
Description: DSLogin is a web-based application implemented in PHP. It
is prone to multiple SQL injection vulnerabilities due to insufficient
sanitization of user-supplied input to the "log_userid" parameter in
the "index.php" and "admin/index.php" scripts. All current versions
are vulnerable.
Ref: http://www.securityfocus.com/bid/17262
______________________________________________________________________

06.13.67 CVE: CVE-2006-1495
Platform: Web Application - SQL Injection
Title: NetOffice Sendpassword.PHP SQL Injection
Description: NetOffice is a collaboration and project management
application implemented in PHP. NetOffice is prone to an SQL injection
vulnerability due to insufficient sanitization of user-supplied input
to the "loginForm" parameter of the "sendpassword.php" script.
Ref: http://www.securityfocus.com/bid/17286
______________________________________________________________________

06.13.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OneOrZero Helpdesk Index.PHP SQL Injection
Description: OneOrZero Helpdesk is a web-based helpdesk application.
It is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied input to the "id" parameter of the
"index.php" script. OneOrZero Helpdesk version 1.6.3.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17298/info
______________________________________________________________________

06.13.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tilde CMS Index.PHP SQL Injection
Description: Tilde CMS is a content management application. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "id" parameter of the "index.php"
script. Tilde CMS version 3 is vulnerable.
Ref: http://www.securityfocus.com/bid/17299
______________________________________________________________________

06.13.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Null News Multiple SQL Injection Vulnerabilities
Description: Null News is a web-based news application, written in
PHP. The application is prone to multiple SQL injection
vulnerabilities because it fails to properly sanitize user-supplied
input. Null News version 2005.07.27 is reported to be vulnerable.
Other versions may be affected as well.
Ref: http://www.securityfocus.com/bid/17300
______________________________________________________________________

06.13.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpNewsManager Multiple SQL Injection Vulnerabilities
Description: phpNewsManager is a script for managing news for
websites. It is prone to multiple SQL injection vulnerabilities
because it fails to properly sanitize user-supplied input to the
"browse.php", "category.php", "gallery.php" and "poll.php" scripts.
phpNewsManager version 1.48 is vulnerable.
Ref: http://evuln.com/vulns/110/summary.html
______________________________________________________________________

06.13.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vCounter vCounter.PHP SQL Injection
Description: vCounter is an application which counts visits to a web
site. It is prone to an SQL injection vulnerability due to
insufficient sanitization of user-supplied input to the "REQUEST_URI"
header which is passed through the "url" parameter of the
"vCounter.php" script. vCounter version 1.0 is reported to be
affected.
Ref: http://www.securityfocus.com/bid/17302
______________________________________________________________________

06.13.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Sourceworkshop Newsletter Newsletter.PHP SQL Injection
Description: Newsletter is a simple newsletter application implemented
in PHP. It is prone to an SQL injection vulnerability due to improper
sanitization of user-supplied input. Specifically, data passed through
the "newsletteremail" parameter of the "newsletter.php" script.
Newsletter version 1.0 is reported to be affected. Other versions may
be vulnerable as well.
Ref: http://www.securityfocus.com/bid/17304
______________________________________________________________________

06.13.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhxContacts Multiple SQL Injection Vulnerabilities
Description: PhxContacts is an address book application. It is
vulnerable to multiple SQL injection vulnerabilities due to
insufficient sanitization of user-supplied input to parameters such as
"motclef", "nbr_line_view" and "id_contact". PhxContacts versions
0.93.1 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/429259
______________________________________________________________________

06.13.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VNews Multiple SQL Injection Vulnerabilities
Description: VNews is a web-based news application written in PHP. It
is prone to multiple SQL injection vulnerabilities because it fails to
properly sanitize user-supplied input. VNews version 1.2 is reported
to be vulnerable. Other versions may be affected as well.
Ref: http://www.securityfocus.com/bid/17316
______________________________________________________________________

06.13.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: X-Changer Multiple SQL Injection Vulnerabilities
Description: X-Changer is a currency exchange-rate calculator written
in PHP. It is prone to multiple SQL injection vulnerabilities due to
insufficient sanitization of user-supplied input to the "from", "into"
and "id" parameters of the "index.php" script. X-Changer version 0.20
is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17322
______________________________________________________________________

06.13.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: O2PHP Oxygen Post.PHP SQL Injection
Description: Oxygen is a bulletin-board application written in PHP. It
is prone to an SQL injection vulnerability due to improper
sanitization of user-supplied input. Specifically, the application
fails to sanitize data passed through the "id" parameter of the
"post.php" script. Oxygen versions 1.1.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17324/exploit
______________________________________________________________________

06.13.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: qliteNews Multiple SQL Injection Vulnerabilities
Description: qliteNews is a web-based news application written in PHP.
It is prone to multiple SQL injection vulnerabilities because it fails
to properly sanitize user-supplied input. Specifically, the
application fails to sanitize input to the "username" and "password"
parameters of the "loginprocess.php" script. qliteNews version
2005.07.01 is reported to be vulnerable. Other versions may be
affected as well.
Ref: http://www.securityfocus.com/bid/17333
______________________________________________________________________

06.13.79 CVE: Not Available
Platform: Web Application
Title: MediaWiki Encoded Page Link HTML Injection
Description: MediaWiki is a wiki application. It is vulnerable to an
HTML injection issue due to insufficient sanitization of user-supplied
input to the encoded page links. MediaWiki version 1.5.7 is
vulnerable.
Ref: http://www.mediawiki.org/wiki/MediaWiki
______________________________________________________________________

06.13.80 CVE: CVE-2006-1485
Platform: Web Application
Title: Noah Grey Greymatter Arbitrary File Upload
Description: Greymatter is a web-based log and journal maintenance
system. It is prone to an arbitrary file upload vulnerability due to
insufficient sanitization of user-supplied input to the
"gm-upload.cgi" script. Greymatter versions 1.21d and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17271
______________________________________________________________________

06.13.81 CVE: CVE-2006-1486
Platform: Web Application
Title: RealestateZONE Multiple Cross-Site Scripting Vulnerabilities
Description: RealestateZONE is a real estate management solution. It
is vulnerable to multiple cross-site scripting issues due to
insufficient sanitization of user-supplied input to the "bamin",
"bemin", "pmin", and "state" parameters of "index.cfm". FusionZONE
RealestateZONE version 4.2 is vulnerable.
Ref: http://pridels.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html
______________________________________________________________________

06.13.82 CVE: CVE-2006-1480
Platform: Web Application
Title: WEBalbum Remote Command Execution
Description: WEBalbum is a web application written in PHP. It is prone
to a remote command execution vulnerability because the application
fails to adequately sanitize paths contained in cookies before using
them in includes. An attacker can connect to a vulnerable server
using a malicious cookie in order to have arbitrary commands included
in the webserver's Apache log files. WEBalbum version 2.02pl is
vulnerable.
Ref: http://www.securityfocus.com/bid/17228
______________________________________________________________________

06.13.83 CVE: Not Available
Platform: Web Application
Title: PHPAdsNew and PHPPGAds Multiple Input Validation
Vulnerabilities
Description: phpAdsNew is a web-based banner ad management application
and phpPgAds is a port of phpAdsNew designed to utilize a PostgreSQL
database backend. Insufficient sanitization of user-supplied input
exposes these applications to multiple HTML injection and cross-site
scripting issues. phpAdsNew version 2.0.8 has been released to fix the
issue.
Ref: http://www.securityfocus.com/bid/17251
______________________________________________________________________

06.13.84 CVE: Not Available
Platform: Web Application
Title: TFT Gallery Administrator Password Information Disclosure
Description: TFT Gallery is an image gallery application implemented
in PHP. It is prone to an information disclosure vulnerability due to
improper access validation before granting access to sensitive and
privileged information like the administrative username and encrypted
password in the file "admin/passwd". All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17250
______________________________________________________________________

06.13.85 CVE: Not Available
Platform: Web Application
Title: Xigla Absolute Live Support XE Multiple HTML Injection
Vulnerabilities
Description: Xigla Absolute Live Support XE is a customer and
technical support application implemented in ASP. It is prone to HTML
injection vulnerabilities due to improper sanitization of
user-supplied input. Specifically, the "Screen name" and "Session
Topic" input fields of the registration page are not properly
sanitized. Xigla Absolute Live Support XE versions 2.0 and prior are
vulnerable; other versions may also be affected.
Ref: http://pridels.blogspot.com/2006/03/absolute-live-support-xe-v20-xss-vuln.html
______________________________________________________________________

06.13.86 CVE: Not Available
Platform: Web Application
Title: TWiki Remote Denial Of Service
Description: TWiki is a web-based wiki application. It is prone to a
remote denial of service vulnerability. This issue is due to a design
error. TWiki versions 20040903 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17267
______________________________________________________________________

06.13.87 CVE: CVE-2006-1386
Platform: Web Application
Title: TWiki Remote Information Disclosure
Description: TWiki is a web log application. It is vulnerable to an
information disclosure issue due to insufficient sanitization of
user-supplied input to the "rdiff" and "preview" scripts. TWiki
versions 20040903 and earlier are vulnerable.
Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
______________________________________________________________________

06.13.88 CVE: Not Available
Platform: Web Application
Title: VWar Functions_install.PHP Remote File Include
Description: VWar is a team organizer application. It is vulnerable to
a remote file include issue due to insufficient sanitization of
user-supplied input to the "vwar_root" variable of
"functions_install.php". VWar versions 1.5.0 and earlier are
vulnerable.
Ref: http://downloads.securityfocus.com/vulnerabilities/exploits/VWar_1.5.0_RCE.php
______________________________________________________________________

06.13.89 CVE: Not Available
Platform: Web Application
Title: Horde Help Viewer Remote PHP Code Execution
Description: Horde is a web application framework, written in PHP.
Horde is prone to a remote PHP code execution vulnerability due to a
lack of proper sanitization of user-supplied input to the "Help
Viewer" section of the application, when viewing the "About" dialog.
Horde versions 3.0 up to 3.0.9 and 3.1.0 are vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/17292
______________________________________________________________________

06.13.90 CVE: Not Available
Platform: Web Application
Title: Explorer XP Multiple Input Validation Vulnerabilities
Description: Explorer XP is a web-based file explorer. Insufficient
sanitization of user-supplied input to the "chemin" parameter of the
"dir.php" script exposes the application to script injection and
cross-site scripting issues.
Ref: http://www.securityfocus.com/bid/17303
______________________________________________________________________

06.13.91 CVE: CAN-2006-1477
Platform: Web Application
Title: PHP Live Helper Multiple Remote File Include Vulnerabilities
Description: Turnkeywebtools PHP Live Helper is a customer and
technical support application. It is vulnerable to multiple remote
file include issues due to insufficient sanitization of the "abs_path"
parameter. Turnkeywebtools PHP Live Helper version 1.8 is vulnerable.
Ref: http://www.worlddefacers.de/Public/WD-TMPLH.txt
______________________________________________________________________

06.13.92 CVE: Not Available
Platform: Web Application
Title: VWar Functions_Admin.PHP Remote File Include
Description: VWar is a team organizer application. Insufficient
sanitization of the "functions_admin.php" script exposes the
application to a file include issue. VWar versions 1.4 and 1.3 are
affected.
Ref: http://www.securityfocus.com/bid/17315
______________________________________________________________________

06.13.93 CVE: Not Available
Platform: Web Application
Title: VBook multiple Cross-Site Scripting and SQL Injection
Vulnerabilities
Description: VBook is an application that counts visits to a web site.
It is vulnerable to multiple cross-site scripting and SQL injection
issues due to insufficient sanitization of user-supplied input to such
parameters as "x", "author", "email", "www", "temat", and "tresc" of
the "index.php" script. VBook version 2.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17320/info
______________________________________________________________________

06.13.94 CVE: Not Available
Platform: Web Application
Title: MediaSlash Gallery Index.PHP Remote File Include
Description: MediaSlash Gallery is an image-gallery application.
Insufficient sanitization of the "rub" variable in the "index.php"
script exposes the application to a remote file include issue.
Ref: http://www.securityfocus.com/bid/17323
______________________________________________________________________

06.13.95 CVE: Not Available
Platform: Web Application
Title: Mon Album Multiple SQL Injection Vulnerabilities
Description: Mon Album is a photo album application written in PHP.
The application is prone to multiple SQL injection vulnerabilities as
it fails to properly sanitize user-supplied input. Specifically, the
application fails to sanitize input to the "pc" parameter of the
"index.php" script, and the "pnom", "pcourriel" and "pcommentaire"
parameters of the "image_agrandir.php" script. Mon Album version 0.8.7
is reported to be vulnerable; other versions may be affected as well.
Ref: http://www.securityfocus.com/archive/1/429475
______________________________________________________________________

(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMWRO+LUG5KFpTkYRAh4LAJ9OMAdr1HnvwkEmLyb7CCO4wZmL/gCdE22J
6MuAMl1P5d1ff6Ea7V0NFX8=
=ga32
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]