|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 14
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Apr 10 2006 - 16:28:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A light week for critical new vulnerabilities in operating systems and
major applications offers us all an opportunity to focus on vulnerable
web applications. Few targets are more inviting or more vulnerable than
web applications written by people who are not super savvy about
avoiding SQL injection and "remote file include" vulnerabilities. If you
don't have a systematic way of eliminating these common errors, your
systems and your customers' private information are easy pickings.
(SANS Track 4: Hacker Exploits, at SANS Security San Diego and SANSFIRE
in Washington, and in eleven other cities around the world and live on
line is a great way to make sure you know how the attacks work and what
to do about them: http://www.sans.org)
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 10, 2006 Vol. 5. Week 14
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of the vulnerabilities reported this week:
====================================================================
Platform # of Updates & Vulnerabilities
====================================================================
Other Microsoft Products 1 (#2)
Third Party Windows Apps 5 (#4)
Mac OS 1
Linux 3
HP-UX 1
Unix 2
Cross Platform 8 (#1, #5)
Web Application - Cross Site Scripting 19
Web Application - SQL Injection 9
Web Application 26
Network Device 2 (#3)
********************** Sponsored by Sourcefire **************************
Sourcefire, the creator of Snort, is offering the Open Source Snort
community two comprehensive courses: "Snort: Building and Operating"
and "Snort Rules." Purchase both Snort courses either as an
instructor-led or 60-day online training bundle and receive a FREE
Snort Certified Professional exam (save $395).
For more information:
http://www.sans.org/info.php?id=1095
Contact Sourcefire Training at 800.501.6008 or at:
http://www.sans.org/info.php?id=1096
*************************************************************************
Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)
Widely Deployed Software
(1) MODERATE: ClamAV Multiple Buffer Overflows
(2) LOW: Internet Explorer Address Bar Spoofing
Other Software
(3) HIGH: Barracuda Spam Firewall Multiple Buffer Overflows
(4) HIGH: McAfee WebShield Format String Vulnerability
(5) MODERATE: UltrVNC Client and Server Buffer Overflows
Note: The number of SQL injection and remote file include
vulnerabilities continues to increase, and many of these vulnerabilities
are being actively exploited. The vulnerabilities are listed in separate
sub-sections in Part 2 of the newsletter, and we avoid repeating them
in Part 1. For this week, users of Claroline, PHP-Nuke-Clan, and
PHPMyChat should harden their installations as exploits for the flaws
in these packages are publicly available. The SANS Top-20 is another
good reference to harden against PHP-based attacks -
http://www.sans.org/top20/#c3.
***************************** Sponsored Links: **************************
1) FREE Case Study/White Paper - SIEM Log Management Capability and
Capacity at EDS:
http://www.sans.org/info.php?id=1097
2) Internet Storm Center Threat Update: "What you need to know about
5 new Microsoft Patches" and "Advanced Web Application Hacking"
Wednesday, April 12 at 1:00 PM EDT (1700 UTC/GMT)
http://www.sans.org/info.php?id=1098
3) Address HIPAA Security Awareness Specifications with Security 351
from SANS OnDemand - For a Limited Time Save 30%!
http://www.sans.org/info.php?id=1099
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Other Microsoft Products
06.14.1 - Internet Explorer Address Bar Spoofing
-- Third Party Windows Apps
06.14.2 - McAfee WebShield SMTP Remote Format String
06.14.3 - KGB Archiver Hostile Destination Path
06.14.4 - AN HTTPD Source Disclosure
06.14.5 - SynchronEyes Multiple Remote Denial of Service Vulnerabilities
06.14.6 - GlobalSCAPE Secure FTP Server Remote Denial of Service
-- Mac Os
06.14.7 - Apple Mac OS X Intel-Based Local Authentication Bypass
-- Linux
06.14.8 - Util-VServer SUEXEC Privilege Escalation Weakness
06.14.9 - Linux Kernel SYSFS PAGE_SIZE Local Denial of Service
06.14.10 - XZGV Image Viewer JPEG File Remote Heap Buffer Overflow
-- HP-UX
06.14.11 - HP-UX SU Local Unauthorized Access
-- Unix
06.14.12 - mpg123 Malformed MP3 File Memory Corruption
06.14.13 - Doomsday Multiple Remote Format String Vulnerabilities
-- Cross Platform
06.14.14 - Xine-Lib Malformed MPEG Stream Buffer Overflow
06.14.15 - Apache Struts Multiple Remote Vulnerabilities
06.14.16 - Kaffeine Remote HTTP_Peek Buffer Overflow
06.14.17 - Eset Software NOD32 Antivirus Local Arbitrary File Creation
06.14.18 - UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
06.14.19 - Clam Anti-Virus ClamAV Multiple Vulnerabilities
06.14.20 - OpenVPN Client Remote Code Execution Vulnerability
06.14.21 - Tachyondecay VSNS Lemon Authentication Bypass
-- Web Application - Cross Site Scripting
06.14.22 - PHP PHPInfo Large Input Cross-Site Scripting
06.14.23 - SiteSearch Indexer Searchresults.ASP Cross-Site Scripting
06.14.24 - Hitachi Groupmax Cross-Site Scripting
06.14.25 - Claroline RQMKHTML.PHP Cross-Site Scripting
06.14.26 - Blank'N'Berg Cross-Site Scripting
06.14.27 - Bugzero Multiple Cross-Site Scripting Vulnerabilities
06.14.28 - PHPBB Profile.PHP Cross-Site Scripting
06.14.29 - ReloadCMS User-Agent Cross-Site Scripting
06.14.30 - WebAPP Multiple Cross-Site Scripting Vulnerabilities
06.14.31 - LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities
06.14.32 - Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
06.14.33 - SKForum Multiple Cross-Site Scripting Vulnerabilities
06.14.34 - PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
06.14.35 - GNU Mailman Private Archive Script Cross-Site Scripting
06.14.36 - Jupiter CMS Index.PHP Cross-Site Scripting
06.14.37 - vBulletin Vbugs.PHP Cross-Site Scripting
06.14.38 - Bitweaver CMS Login.PHP Cross-Site Scripting
06.14.39 - Cherokee Webserver Cross-Site Scripting
06.14.40 - SaPHPLesson Search.PHP Cross-Site Scripting
-- Web Application - SQL Injection
06.14.41 - DbbS Topics.PHP SQL Injection
06.14.42 - Softbiz Image Gallery Multiple SQL Injection Vulnerabilities
06.14.43 - ISP Site Man Admin_Login.ASP SQL Injection
06.14.44 - TuxBank ManageAccount.PHP SQL Injection
06.14.45 - Crafty Syntax Image Gallery Slides.PHP SQL Injection
06.14.46 - wpBlog Index.PHP SQL Injection
06.14.47 - PHPMyChat MessagesL.PHP3 SQL Injection
06.14.48 - MD News Admin.PHP SQL Injection
06.14.49 - MAXDEV CMS PNuserapi.PHP SQL Injection
-- Web Application
06.14.50 - gtd-php Multiple Input Validation Vulnerabilities
06.14.51 - HP Toolbox Directory Traversal
06.14.52 - MyBulletinBoard Email BBCode Tag HTML Injection
06.14.53 - AngelineCMS Loadkernel.PHP Remote File Include
06.14.54 - V-creator Remote Shell Code Execution
06.14.55 - QLnews Multiple Input Validation Vulnerabilities
06.14.56 - Warcraft III Replay Parser for PHP Index.PHP Remote File Include
06.14.57 - RedCMS Multiple Input Validation Vulnerabilities
06.14.58 - Claroline ScormExport.inc.PHP File Include
06.14.59 - Claroline Rqmkhtml.PHP Information Disclosure
06.14.60 - Blank'N'Berg Directory Traversal
06.14.61 - PHPSelect Submit-A-Link HTML Injection
06.14.62 - aWebBB Multiple Input Validation Vulnerabilities
06.14.63 - Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass
06.14.64 - PHPNuke-Clan Functions_Common.PHP Remote File Include
06.14.65 - Exponent CMS Banner Module Arbitrary Script Execution
06.14.66 - VWar Get_header.PHP Remote File Include
06.14.67 - ArabPortal Multiple Input Validation Vulnerabilities
06.14.68 - Czaries Network CzarNews Multiple Input Validation Vulnerabilities
06.14.69 - Interact Multiple Remote Vulnerabilities
06.14.70 - Chucky A. Ivey's N.T. Index.PHP HTML Injection
06.14.71 - Basic Analysis and Security Engine PrintFreshPage Cross-Site Scripting
06.14.72 - Annuaire (Directory) HTML Injection
06.14.73 - VSNS Lemon Add Comment HTML Injection Vulnerability
06.14.74 - ARIA Multiple Cross-Site Scripting Vulnerabilities
06.14.75 - Manic Web MWNewsletter Multiple Input Validation Vulnerabilities
-- Network Device
06.14.76 - Cisco 11500 Content Services Switch HTTP Compression Remote Denial of Service
06.14.77 - Cisco Optical Networking System and Transport Controller Multiple Vulnerabilities
_____________________________________________________________________
PART I Critical Vulnerabilities
Part I is compiled by Rohit Dhamankar at TippingPoint, a division of
3Com, as a by-product of that company's continuous effort to ensure that
its intrusion prevention products effectively block exploits using known
vulnerabilities. TippingPoint's analysis is complemented by input from
a council of security managers from twelve large organizations who
confidentially share with SANS the specific actions they have taken to
protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk
*************************Widely Deployed Software*************************
(1) MODERATE: ClamAV Multiple Buffer Overflows
Affected:
ClamAV versions prior to 0.88.1
Description: ClamAV is an open-source antivirus software designed mainly
for scanning emails on UNIX mail gateways. The software includes a virus
scanning library - libClamAV. This library is used by many third party
email, web, FTP scanners as well as mail clients. The library contains
an integer overflow that can be triggered by a specially crafted Windows
Executable (PE format) if the "ArchiveMaxFileSize" option is disabled
(not a default configuration). The attacker can send the malicious files
via email, web, FTP or a file share, and exploit the overflow to execute
arbitrary code on the system running the ClamAV library.
Proof-of-concept Windows executable has been posted. The library also
contains a format string vulnerability in its logging function for which
limited technical details are available.
Council Site Actions: Only one council site was affected by this issue.
They have a few installations of this software, primarily on Debian
GNU/Linux systems that are relied upon by relatively small numbers of
users. Those systems will obtain the DSA-1024-1 update, or already have
done so.
Status: Vendor confirmed, upgrade to ClamAV version 0.88.1.
References:
Posting by Damina Put
http://www.overflow.pl/adv/clamavupxinteger.txt
Third Party Software Using ClamAV
http://www.clamav.net/whos.html#pagestart (Includes Mac OS X server)
http://www.clamav.net/3rdparty.html#pagestart
SecurityFocus BID
http://www.securityfocus.com/bid/17388
***********************************************************************
(2) LOW: Internet Explorer Address Bar Spoofing
Affected:
All versions of Internet Explorer
Description: This vulnerability in Internet Explorer can be exploited
to spoof the address bar displayed by Internet Explorer i.e. the address
bar can be made to point to a different webpage while the content is
loaded from the attacker's webpage. The vulnerability arises due to
timing issues in Internet Explorer when it tries to load a macromedia
flash file and another webpage in the same browser window in a quick
succession. An attacker can exploit this flaw to conduct phishing
attacks, which continue to be on a rise. Exploit code is publicly
available.
Status: Microsoft not confirmed, no patches available. A workaround is
to disable "Active Scripting". Note that disabling Active Scripting will
also help in protecting from certain 0-day vulnerabilities in Internet
Explorer.
References:
Posting by hainanluke
http://archives.neohapsis.com/archives/bugtraq/2006-04/0020.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0077.html
Secunia Vulnerability Test Page
http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/
SecurityFocus BID
http://www.securityfocus.com/bid/17404
************************************************************************
********************
Other Software
********************
(3) HIGH: Barracuda Spam Firewall Multiple Buffer Overflows
Affected:
Barracuda Spam Firewall Appliance with firmware version prior to
3.3.03.022 and spamdef version prior to 3.0.9388
Description: Barracuda Spam Firewall appliance is designed to protect
e-mail servers from viruses, spam, spyware etc. The mail filtering
software contains stack-based buffer overflows that can be triggered by
specially crafted e-mail attachments. Specifically ZOO and LHA archives
with overlong filenames in the archive trigger these overflows that can
be exploited to execute arbitrary code on the appliance. Pirana, a tool
to test e-mail content filtering solutions, can be used to exploit these
overflows. The posted advisory shows how to use the Pirana tool to get
a remote shell access to the appliance.
Status: Barracuda released a critical spamdef patch version 3.0.9388 on
March 3, 2006 to mitigate the issue. It is advised to upgrade to
firmware version 3.3.03.022.
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Posting by Jean-Sebastien Guay-Leroux
http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html
Pirana Tool
http://www.guay-leroux.com/projects.html
Product Homepage
http://www.barracudanetworks.com/ns/products/spam_overview.php
***********************************************************************
(4) HIGH: McAfee WebShield Format String Vulnerability
Affected:
WebShield SMTP version 4.5 MR1a
Description: McAfee WebShield SMTP is a Windows-based software that
scans e-mails for malicious attachments. This software contains a format
string vulnerability that can be triggered when the software processes
an email addressed to a non-existent domain. An unauthenticated attacker
can exploit this flaw by sending an email to a non-existent domain with
the email address containing format specifiers (such as %s), and execute
arbitrary code on the WebShield server with SYSTEM privileges.
Status: McAfee released patch P0803 for version 4.5MR1a three years
back. Version 4.5MR2 contains a fix for this issue.
Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Symantec Advisory
http://archives.neohapsis.com/archives/bugtraq/2006-04/0043.html
Product Homepage
http://www.mcafee.com/us/enterprise/products/anti_virus/internet_gateway/webshield_smtp.html
SecurityFocus BID
http://www.securityfocus.com/bid/16742
*************************************************************************************
(5) MODERATE: UltrVNC Client and Server Buffer Overflows
Affected:
UltrVNC version 1.0.1 and prior
Description: UltrVNC is an open-source VNC viewer that allows remote
access to Windows-based systems. The VNC server contains a buffer
overflow in its logging function that can be triggered by sending an
overlong HTTP request (over 1024 bytes) to port 5800/tcp. If the "Log
debug infos to the WinVNC.log file" option is enabled on the VNC server,
the flaw can be exploited to execute arbitrary code. The client also
contains a buffer overflow that can be triggered by a server response
greater than 1024 bytes. The client overflow is difficult to exploit as
the user needs to be tricked into connecting to a malicious VNC server.
Proof-of-concept exploits for both flaws have been publicly posted.
Status: Vendor not confirmed, no patch available. Block HTTP requests
over 1024 bytes to port 5800/tcp if running a UltraVNC server.
Council Site Actions: Only one of the reporting council sites is using
the affected software. They have only a few installations. In addition,
they feel that the conditions for exploitation would be difficult to
achieve given the details of the deployment, and have classified this
as a low risk.
References:
Posting by Luigi
http://archives.neohapsis.com/archives/bugtraq/2006-04/0068.html
Exploit Code
http://aluigi.altervista.org/poc/uvncbof.zip
Vendor Homepage
http://www.ultravnc.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/17378
****************************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 14, 2006
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4964 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________
06.14.1 CVE: CVE-2006-1626
Platform: Other Microsoft Products
Title: Internet Explorer Address Bar Spoofing
Description: Internet Explorer is prone to an address bar spoofing
vulnerability. The problem occurs during a race condition between the
loading of web content and a Macromedia Flash application. Microsoft
Internet Explorer versions 6.0, 7.0 beta1 and 7.0 beta 2 are
vulnerable.
Ref: http://www.securityfocus.com/bid/17404
______________________________________________________________________
06.14.2 CVE: CVE-2006-0559
Platform: Third Party Windows Apps
Title: McAfee WebShield SMTP Remote Format String
Description: McAfee WebShield SMTP is an application designed to parse
and scan incoming email for malicious content. It is vulnerable to a
remote format string issue due to insufficient sanitization of
user-supplied input before including it in a format specifier argument
to a formatted printing function. McAfee WebShield versions 4.5 MR2
and earlier are vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1219
______________________________________________________________________
06.14.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: KGB Archiver Hostile Destination Path
Description: KGB Archiver is a file compression/decompression
application. It contains a vulnerability in the handling of pathnames
in archived files. By specifying a path for an archived item that
points outside the expected destination directory, the creator of the
archive can cause the file to be extracted to arbitrary locations on
the filesystem. KGB Archiver versions 1.1.5.21 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17363
______________________________________________________________________
06.14.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: AN HTTPD Source Disclosure
Description: AN HTTPD is a web server. A problem with AN HTTPD in
validating the filename extension may result in the disclosure of the
source code of script files. This may allow an attacker to gain
unauthorized access to sensitive information, potentially aiding them
in further attacks. AN HTTPD version 1.42n is vulnerable.
Ref: http://www.securityfocus.com/bid/17350
______________________________________________________________________
06.14.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: SynchronEyes Multiple Remote Denial of Service Vulnerabilities
Description: SynchronEyes is a classroom management application. It is
vulnerable to multiple remote denial of service vulnerabilities due to
insufficient handling of oversized or malicious UDP traffic. SMART
Technologies SynchronEyes version 6.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/429843
______________________________________________________________________
06.14.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: GlobalSCAPE Secure FTP Server Remote Denial of Service
Description: GlobalSCAPE Secure FTP Server is an FTP server
application for Microsoft Windows. It is susceptible to a remote
denial of service vulnerability. Long parameter lines to a custom
command will cause the server to crash. Versions of Secure FTP Server
prior to 3.1.4 Build 01.10.2006 are affected by this issue.
Ref: http://www.globalscape.com/gsftps/history.asp
______________________________________________________________________
06.14.7 CVE: CVE-2006-0401
Platform: Mac Os
Title: Apple Mac OS X Intel-Based Local Authentication Bypass
Description: Mac OS X running on Intel-based Macintosh computers is
prone to an authentication bypass vulnerability. This issue is due to
a failure in the firmware to properly authenticate a user with
physical access to a vulnerable Intel-based Macintosh computer. A
local attacker can exploit this issue to bypass the firmware password
and gain access to Single User Mode.
Ref: http://docs.info.apple.com/article.html?artnum=303567
______________________________________________________________________
06.14.8 CVE: Not Available
Platform: Linux
Title: Util-VServer SUEXEC Privilege Escalation Weakness
Description: The Util-VServer package is an administrative utility for
the Linux-VServer package. It is vulnerable to a privilege escalation
weakness due to a flaw in the "suexec" option in the "vcontext.c"
source file. VServer util-vserver versions 0.30.210 and earlier are
vulnerable.
Ref: https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996
______________________________________________________________________
06.14.9 CVE: CVE-2006-1055
Platform: Linux
Title: Linux Kernel SYSFS PAGE_SIZE Local Denial of Service
Description: The Linux kernel is vulnerable to a local denial of
service issue due to crafted data written to a SYSFS file. Linux
kernel versions 2.6.12 to 2.6.17-rc1 are vulnerable.
Ref:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825
______________________________________________________________________
06.14.10 CVE: CVE-2006-1060
Platform: Linux
Title: XZGV Image Viewer JPEG File Remote Heap Buffer Overflow
Description: XZGV is an X Windows version of commandline image viewer.
It is vulnerable to a remote heap overflow issue due to failing to
handle a crafted JPEG image within the CMYK/YCCK color space. XZGV
versions 0.8 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17409
______________________________________________________________________
06.14.11 CVE: Not Available
Platform: HP-UX
Title: HP-UX SU Local Unauthorized Access
Description: HP-UX su(1) is prone to a local unauthorized-access issue
which is only exploitable when the LDAP netgroup feature is enabled.
HP-UX version B.11.11 is affected.
Ref: http://www.securityfocus.com/bid/17400
______________________________________________________________________
06.14.12 CVE: Not Available
Platform: Unix
Title: mpg123 Malformed MP3 File Memory Corruption
Description: mpg123 is a media player application. It is affected by a
memory corruption issue related to the handling of MP3 streams when
the player loads MP3 files with malformed header data. All current
versions are affected.
Ref: http://www.securityfocus.com/bid/17365
______________________________________________________________________
06.14.13 CVE: CVE-2006-1618
Platform: Unix
Title: Doomsday Multiple Remote Format String Vulnerabilities
Description: Doomsday is an open source port of the original Doom
engine. It is prone to multiple remote format string vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the
context of the vulnerable application or crash the affected game
server, effectively denying service to legitimate users.
Ref: http://aluigi.altervista.org/adv/doomsdayfs-adv.txt
______________________________________________________________________
06.14.14 CVE: Not Available
Platform: Cross Platform
Title: Xine-Lib Malformed MPEG Stream Buffer Overflow
Description: Xine-lib is a C library that may be used to develop third
party multimedia applications. It is susceptible to a buffer overflow
vulnerability that is triggered when malformed MPEG stream data is
handled by the affected library. Xine-lib version 1.1.1 is reportedly
affected.
Ref: http://www.securityfocus.com/bid/17370
______________________________________________________________________
06.14.15 CVE: CVE-2006-1546, CVE-2006-1547, CVE-2006-1548
Platform: Cross Platform
Title: Apache Struts Multiple Remote Vulnerabilities
Description: Apache Struts is an open-source framework for building
Web applications. It is susceptible to multiple remote
vulnerabilities. Please refer to the link below for further details.
Apache Struts versions prior to 1.2.9 are affected by these issues.
Ref: http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
http://issues.apache.org/bugzilla/show_bug.cgi?id=38534
http://issues.apache.org/bugzilla/show_bug.cgi?id=38749
______________________________________________________________________
06.14.16 CVE: CVE-2006-0051
Platform: Cross Platform
Title: Kaffeine Remote HTTP_Peek Buffer Overflow
Description: Kaffiene is a Linux based media player. It is affected by
a remote buffer overflow vulnerability due to insufficient boundary
checks performed on user-supplied strings prior to copying them into
finite stack-based buffers. Kaffeine Player versions 0.4.2 through
0.7.1 are vulnerable.
Ref: http://www.securityfocus.com/bid/17372
______________________________________________________________________
06.14.17 CVE: Not Available
Platform: Cross Platform
Title: Eset Software NOD32 Antivirus Local Arbitrary File Creation
Description: Eset Software's NOD32 Antivirus System is vulnerable to a
local arbitrary file creation issue due to failing to drop SYSTEM
privileges when performing operations on behalf of a local user. Eset
Software's NOD32 Antivirus System versions 2.5 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/429892
______________________________________________________________________
06.14.18 CVE: Not Available
Platform: Cross Platform
Title: UltraVNC Multiple Remote Error Logging Buffer Overflow
Vulnerabilities
Description: UltraVNC is a client/server remote access suite that
allows remote users to access desktops as though they are local users.
It is affected by multiple error logging and remote buffer overflow
issues due to it's failure to properly bounds check user-supplied
input prior to copying it to insufficiently-sized memory buffers.
UltrVNC version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/17378
______________________________________________________________________
06.14.19 CVE: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630
Platform: Cross Platform
Title: Clam Anti-Virus ClamAV Multiple Vulnerabilities
Description: ClamAV is an antivirus application. It is vulnerable to
numerous buffer overflow and denial of service issues. See reference
for further details. ClamAV versions 0.88 and earlier are vulnerable.
Ref: http://www.overflow.pl/adv/clamavupxinteger.txt
______________________________________________________________________
06.14.20 CVE: CVE-2006-1629
Platform: Cross Platform
Title: OpenVPN Client Remote Code Execution Vulnerability
Description: OpenVPN is an OpenSSL based tunneling application. It is
vulnerable to a remote code execution issue due to a lack of proper
sanitization of server supplied data. OpenVPN versions 2.0.0 through
2.0.5 are vulnerable.
Ref: http://openvpn.net/changelog.html
______________________________________________________________________
06.14.21 CVE: CVE-2006-1555
Platform: Cross Platform
Title: Tachyondecay VSNS Lemon Authentication Bypass
Description: Tachyondecay VSNS Lemon is a news management script. It
is vulnerable to an authentication bypass issue because it fails to
properly validate cookie data. Tachyondecay VSNS Lemon version 3.2 is
vulnerable.
Ref: http://evuln.com/vulns/106/description.html
______________________________________________________________________
06.14.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP PHPInfo Large Input Cross-Site Scripting
Description: PHP is a freely available, open-source web scripting
language package. It is available for Microsoft Windows, Linux, and
UNIX operating systems. It is prone to a cross-site scripting
vulnerability due to improper sanitization of user-supplied input to
scripts containing the "phpinfo()" function.
Ref: http://www.securityfocus.com/bid/17362/references
______________________________________________________________________
06.14.23 CVE: CVE-2006-1567
Platform: Web Application - Cross Site Scripting
Title: SiteSearch Indexer Searchresults.ASP Cross-Site Scripting
Description: SiteSearch Indexer is a website indexing application. It
is vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "searchField" parameter of
the "searchresults.asp" script. SiteSearch Indexer version 3.5 is
vulnerable.
Ref: http://pridels.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html
______________________________________________________________________
06.14.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hitachi Groupmax Cross-Site Scripting
Description: Hitachi Groupmax World Wide Web is prone to a cross-site
scripting issue which occurs due to a failure in the application to
properly sanitize user-supplied input prior to utilizing it in
dynamically generated HTML content. Hitachi Groupmax version 06-52-/F
has been released to address this issue.
Ref: http://www.securityfocus.com/bid/17337
______________________________________________________________________
06.14.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Claroline RQMKHTML.PHP Cross-Site Scripting
Description: Claroline is an online collaborative learning
application. Insufficient sanitization of the "file" parameter in the
"rqmkhtml.php" script exposes the application to a cross-site
scripting issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17344
______________________________________________________________________
06.14.26 CVE: CVE-2006-1582
Platform: Web Application - Cross Site Scripting
Title: Blank'N'Berg Cross-Site Scripting
Description: Blank'N'Berg is a web application used to create web
sites. It is vulnerable to a cross-site scripting issue due to
insufficient sanitization of user-supplied input to the "_path"
parameter of the "index.php" script. Blank'N'Berg version 0.2 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17346/info
______________________________________________________________________
06.14.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Bugzero Multiple Cross-Site Scripting Vulnerabilities
Description: Bugzero is bug-tracking software implemented in Java.
Insufficeint sanitization of the "msg" parameter of the "query.jsp"
script and the "entryId" parameter of the "edit.jsp" script exposes
the application to multiple cross-site scripting issues.
Ref: http://www.securityfocus.com/bid/17351
______________________________________________________________________
06.14.28 CVE: CVE-2006-1603
Platform: Web Application - Cross Site Scripting
Title: PHPBB Profile.PHP Cross-Site Scripting
Description: PHPBB is a web-based bulletin board application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "cur_password" parameter of
"profile.php" script. PHPBB version 2.0.19 is vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1191
______________________________________________________________________
06.14.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ReloadCMS User-Agent Cross-Site Scripting
Description: ReloadCMS is a Web content management application. It is
vulnerable to an cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "User-Agent" field of the
HTTP header before storing it for use in site statistics. ReloadCMS
version 1.2.5 is vulnerable.
Ref: http://sourceforge.net/tracker/?atid=679602&group_id=117921&func=browse
______________________________________________________________________
06.14.30 CVE: CVE-2006-1427
Platform: Web Application - Cross Site Scripting
Title: WebAPP Multiple Cross-Site Scripting Vulnerabilities
Description: WebAPP is a web portal application. It is prone to
multiple cross-site scripting vulnerabilities because it fails to
properly sanitize user-supplied input. WebAPP versions 0.9.9.3.2 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17359/exploit
______________________________________________________________________
06.14.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LucidCMS Index.PHP Multiple Cross-Site Scripting
Vulnerabilities
Description: LucidCMS is a content management application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "login" and "panel"
parameters of the "index.php" script. LucidCMS
version 2.0.0 RC4 is reported to be vulnerable.
Ref: http://www.securityfocus.com/archive/1/429744
______________________________________________________________________
06.14.32 CVE: CVE-2006-1438
Platform: Web Application - Cross Site Scripting
Title: Andy's PHP Knowledgebase Multiple Cross-Site Scripting
Vulnerabilities
Description: Andy's PHP Knowledgebase (aphpkb) is a web-based
knowledgebase application. It is prone to multiple cross-site
scripting vulnerabilities due to insufficient sanitization of
user-supplied input to various scripts. Andy's PHP Knowledgebase
version 0.57 is affected.
Ref: http://www.securityfocus.com/bid/17377
______________________________________________________________________
06.14.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SKForum Multiple Cross-Site Scripting Vulnerabilities
Description: SKForum is a web-based J2EE forum application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "areaID", "time", and
"userID' parameters. SKForum versions 1.4.1 and earlier are
vulnerable.
Ref: http://pridels.blogspot.com/2006/04/skforum-xss-vuln.html
______________________________________________________________________
06.14.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
Description: phpMyAdmin is a freely available tool that provides a web
interface for handling MySQL administrative tasks, such as creating
databases and tables. It is prone to multiple cross-site scripting
vulnerabilities due to improper sanitization of user-supplied input to
multiple unspecified scripts in the "themes" directory.
Ref: http://www.securityfocus.com/bid/17390
______________________________________________________________________
06.14.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GNU Mailman Private Archive Script Cross-Site Scripting
Description: GNU Mailman is an application that manages electronic
mail discussions and e-newsletter lists. It is vulnerable to a
cross-site scripting issue due to insufficent sanitization of
user-supplied input to the private archive script. GNU Mailman
versions 2.1.7 and earlier are vulnerable.
Ref: http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html
______________________________________________________________________
06.14.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jupiter CMS Index.PHP Cross-Site Scripting
Description: Jupiter CMS is a web-based content management system
implemented in PHP. It is prone to a cross-site scripting
vulnerability due to improper sanitization of user-supplied input to
the "layout" parameter of "index.php". Jupiter CMS version 1.1.5 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17405/exploit
______________________________________________________________________
06.14.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: vBulletin Vbugs.PHP Cross-Site Scripting
Description: vBulletin is a bulletin board application written in PHP.
It is prone to a cross-site scripting vulnerability. Version 3.5.1 is
vulnerable.
Ref:
http://pridels.blogspot.com/2006/04/vbug-tracker-for-vbulletin-35x-xss.html
______________________________________________________________________
06.14.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Bitweaver CMS Login.PHP Cross-Site Scripting
Description: Bitweaver CMS is a web-based content management system.
Insufficient sanitization of the "error" parameter in the "login.php"
script exposes the application to a cross-site scripting issue.
Ref: http://www.securityfocus.com/bid/17406
______________________________________________________________________
06.14.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cherokee Webserver Cross-Site Scripting
Description: Cherokee Webserver is a web server application. It is
prone to a cross-site scripting vulnerability due to improper
sanitization of user-supplied input. Cherokee Webserver versions 0.5.0
and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17408/exploit
______________________________________________________________________
06.14.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SaPHPLesson Search.PHP Cross-Site Scripting
Description: SaphpLesson is a web-based tutoring application. It is
prone to a cross-site scripting vulnerability due to insufficient
sanitization of user-supplied input to the "search' parameter of the
"search.php" script. SaphpLesson version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/17414
______________________________________________________________________
06.14.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DbbS Topics.PHP SQL Injection
Description: DbbS is a bulletin-board application. It is prone to an
SQL injection vulnerability due to improper sanitization of
user-supplied input before using it in an SQL query. Specifically, the
application fails to sanitize data passed through the "limite"
parameter of the "topics.php" script. DbbS versions 2.0-alpha and
prior are reported to be affected.
Ref: http://www.securityfocus.com/bid/17338/exploit
______________________________________________________________________
06.14.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Image Gallery Multiple SQL Injection Vulnerabilities
Description: Softbiz Image Gallery is an image gallery application. It
is vulnerable to multiple SQL injection issues due to insufficient
sanitization of user-supplied input to such script as image_desc.php,
template.php, suggest_image.php, insert_rating.php and images.php. All
versions of Softbiz Image Gallery are vulnerable.
Ref: http://www.securityfocus.com/archive/1/429763
______________________________________________________________________
06.14.43 CVE: CVE-2006-1586
Platform: Web Application - SQL Injection
Title: ISP Site Man Admin_Login.ASP SQL Injection
Description: Site Man is a web-based content management system. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "pass" field of the "admin_login.asp"
script. All versions of Site Man are vulnerable.
Ref: http://www.securityfocus.com/archive/1/429607
______________________________________________________________________
06.14.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TuxBank ManageAccount.PHP SQL Injection
Description: TuxBank is a web-based application for organizing
personal bank accounts. TuxBank is prone to an SQL injection
vulnerability. TuxBank versions 0.8 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17376
______________________________________________________________________
06.14.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Crafty Syntax Image Gallery Slides.PHP SQL Injection
Description: Crafty Syntax Image Gallery is a web-based thumbnail
image gallery. It is prone to an SQL injection vulnerability due to
improper sanitization of user-supplied input to the "limitquery_s"
parameter of the "slides.php" script. Crafty Syntax Image Gallery
version 3.1g is vulnerable.
Ref: http://www.securityfocus.com/bid/17379/exploit
______________________________________________________________________
06.14.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: wpBlog Index.PHP SQL Injection
Description: wpBlog is a web log application. It is vulnerable to an
SQL injection issue due to insufficient sanitization of user-supplied
input to the "postid" parameter of the "index.php" script. wpBlog
version 0.4 is vulnerable.
Ref: http://evuln.com/vulns/119/summary.html
______________________________________________________________________
06.14.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPMyChat MessagesL.PHP3 SQL Injection
Description: PHPMyChat is a web chat application implemented in PHP.
It is prone to an SQL injection vulnerability due to insufficient
sanitization of user-supplied input to the "T" parameter of the
"messagesL.php3" script. phpMyChat versions 0.14.5 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/17382/exploit
______________________________________________________________________
06.14.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MD News Admin.PHP SQL Injection
Description: MD News is a web-based news reader application.
Insufficient sanitization of the "id" parameter in the "admin.php"
script exposes the application to an SQL injection issue.
Ref: http://www.securityfocus.com/bid/17394
______________________________________________________________________
06.14.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MAXDEV CMS PNuserapi.PHP SQL Injection
Description: MAXDEV CMS is a content management application. It is
prone to an SQL injection vulnerability due to insufficient
sanitization of user-supplied input to the "topicid" parameter of the
"pnuserapi.php" script. MAXdev MD-Pro versions 1.0.72 and 1.0.73 are
vulnerable.
Ref: http://www.securityfocus.com/bid/17399
______________________________________________________________________
06.14.50 CVE: CVE-2006-1479
Platform: Web Application
Title: gtd-php Multiple Input Validation Vulnerabilities
Description: gtd-php is a personal productivity application. An
attacker can exploit these issues to execute arbitrary HTML and script
code in the browser of a victim user in the context of the affected
website. gtd-php version 0.5 is vulnerable.
Ref: http://www.securityfocus.com/bid/17366
______________________________________________________________________
06.14.51 CVE: Not Available
Platform: Web Application
Title: HP Toolbox Directory Traversal
Description: The HP Toolbox is an administrator software application
for printers. It is vulnerable to a directory traversal issue due to
insufficient sanitization of user-supplied input. HP Color LaserJet
models 2500 and 4600 that ship with Toolbox are vulnerable.
Ref: http://www.securityfocus.com/archive/1/429984
______________________________________________________________________
06.14.52 CVE: Not Available
Platform: Web Application
Title: MyBulletinBoard Email BBCode Tag HTML Injection
Description: MyBulletinBoard is a bulletin board application
implemented in PHP. It is prone to an HTML injection vulnerability due
to improper sanitization of user-supplied input before using it in
dynamically generated content. Specifically, user-supplied input to
"email" BBCode tags is not properly sanitized. MyBulletinBoard version
1.10 is vulnerable.
Ref: http://www.securityfocus.com/bid/17368
______________________________________________________________________
06.14.53 CVE: Not Available
Platform: Web Application
Title: AngelineCMS Loadkernel.PHP Remote File Include
Description: AngelineCMS is a content management application written
in PHP. It is affected by a remote file include issue due to improper
sanitization of user-supplied input to the "installPath" variable of
"loadkernel.php" script. AngelineCMS version 0.8.1 is affected.
Ref: http://www.securityfocus.com/bid/17371
______________________________________________________________________
06.14.54 CVE: CVE-2006-1599
Platform: Web Application
Title: V-creator Remote Shell Code Execution
Description: V-creator is a web application framework. It is
vulnerable to a remote shell code execution issue due to insufficient
sanitization of user-supplied input to the "encrypt()" and "decrypt()"
functions of the "VCEngine.php" script. V-creator versions 1.3-pre2
and earlier are vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1189
______________________________________________________________________
06.14.55 CVE: Not Available
Platform: Web Application
Title: QLnews Multiple Input Validation Vulnerabilities
Description: QLnews is a web application implemented in PHP. It is
prone to multiple input validation vulnerabilities due to improper
sanitization of user-supplied input. QLnews version 1.2 are vulnerable
to these issues.
Ref: http://www.securityfocus.com/bid/17335
______________________________________________________________________
06.14.56 CVE: CVE-2006-1584
Platform: Web Application
Title: Warcraft III Replay Parser for PHP Index.PHP Remote File
Include
Description: Warcraft III Replay Parser for PHP is a web-based
application that is used to parse Warcraft III Replay (.w3g) files. It
is prone to a remote file include vulnerability due to improper
sanitization of user-supplied input to the "page" variable of
"index.php". Warcraft III Replay Parser for PHP 1.8c is reported to be
vulnerable.
Ref: http://www.securityfocus.com/archive/1/429535
______________________________________________________________________
06.14.57 CVE: Not Available
Platform: Web Application
Title: RedCMS Multiple Input Validation Vulnerabilities
Description: RedCMS is a content management application. It is prone
to multiple input validation vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. RedCMS version
0.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17336
______________________________________________________________________
06.14.58 CVE: Not Available
Platform: Web Application
Title: Claroline ScormExport.inc.PHP File Include
Description: Claroline is a collaborative learning application written
in PHP. It is affected by a remote file include vulnerability due to
insufficient sanitization of user input to the "includePath" parameter
in the "claroline/learnPath/include/scormExport.inc.php" script.
Claroline versions 1.7.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17341/exploit
______________________________________________________________________
06.14.59 CVE: Not Available
Platform: Web Application
Title: Claroline Rqmkhtml.PHP Information Disclosure
Description: Claroline is an online collaborative learning
application. It is prone to an information disclosure vulnerability
due to insufficient sanitization of user-supplied input to the "file"
parameter of the "rqmkhtml.php" script. Claroline versions 1.7.4 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17343
______________________________________________________________________
06.14.60 CVE: Not Available
Platform: Web Application
Title: Blank'N'Berg Directory Traversal
Description: Blank'N'Berg is a web application used to create web
sites. It is prone to a directory traversal vulnerability due to
improper sanitization of user-supplied input to the "_path" parameter
of the "index.php" script. Blank'N'Berg version 0.2 is reported to be
vulnerable.
Ref: http://www.securityfocus.com/bid/17345/exploit
______________________________________________________________________
06.14.61 CVE: Not Available
Platform: Web Application
Title: PHPSelect Submit-A-Link HTML Injection
Description: Submit-A-Link is a web-based application used to add
links to a site. It is prone to an HTML injection vulnerability due to
improper sanitization of user-supplied input before using it in
dynamically generated content. Specifically, user-supplied input to
the "description" field of "linklist.php" is not properly sanitized.
All versions of Submit-A-Link are reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17348/exploit
______________________________________________________________________
06.14.62 CVE: Not Available
Platform: Web Application
Title: aWebBB Multiple Input Validation Vulnerabilities
Description: aWebBB is a web-based bulletin board application. It is
prone to multiple input validation vulnerabilities because the
application fails to properly sanitize user-supplied input. The issues
include: Multiple cross-site scripting vulnerabilities and Multiple
SQL injection vulnerabilities. aWebBB version 1.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17352/references
______________________________________________________________________
06.14.63 CVE: CVE-2006-1505
Platform: Web Application
Title: Basic Analysis and Security Engine Base_maintenance.PHP
Authentication Bypass
Description: BASE is a web interface to perform analysis of intrusions
from the SNORT intrusion detection system. It is prone to an
unspecified authentication bypass vulnerability. This issue exists in
the "base_maintenance.php" script when running in standalone mode.
BASE versions 1.2.4 and earlier are prone to this issue.
Ref: http://www.securityfocus.com/bid/17354
______________________________________________________________________
06.14.64 CVE: CVE-2006-1602
Platform: Web Application
Title: PHPNuke-Clan Functions_Common.PHP Remote File Include
Description: PHPNuke-Clan is a web-based clan Content Management
System (CMS) based on PHPNuke. PHPNuke-Clan is prone to a remote file
include vulnerability due to insufficient sanitization of
user-supplied input to the "vwar_root" variable of
"modules/vWar_Account/includes/functions_common.php". This issue
affects version 3.0.1.
Ref: http://www.securityfocus.com/bid/17356
______________________________________________________________________
06.14.65 CVE: Not Available
Platform: Web Application
Title: Exponent CMS Banner Module Arbitrary Script Execution
Description: Exponent CMS is a content management application written
in PHP. It is prone to an arbitrary script execution vulnerability due
to insufficient sanitization of user-supplied input to the banner and
image upload portion. Exponent CMS versions prior to 0.96.5 RC 1 are
reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/17357
______________________________________________________________________
06.14.66 CVE: Not Available
Platform: Web Application
Title: VWar Get_header.PHP Remote File Include
Description: VWar is a team organizer application written in PHP.
Insufficient sanitization of the "vwar_root" variable of the
"get_header.php" script exposes the application to a remote file
include issue. VWar versions 1.5.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17358
______________________________________________________________________
06.14.67 CVE: Not Available
Platform: Web Application
Title: ArabPortal Multiple Input Validation Vulnerabilities
Description: ArabPortal is a web-portal application implemented in
PHP. It is prone to multiple input validation vulnerabilities because
the application fails to properly sanitize user-supplied input. The
issues include multiple cross-site scripting vulnerabilities and an
SQL injection vulnerability. Arab Portal version 2.0.1-stable is
affected.
Ref: http://www.securityfocus.com/bid/17375/exploit
______________________________________________________________________
06.14.68 CVE: Not Available
Platform: Web Application
Title: Czaries Network CzarNews Multiple Input Validation
Vulnerabilities
Description: CzarNews is web-based forum software. The application is
vulnerable to multiple input validation issues such as SQL injection
and cross-site scripting. These are due to insufficient sanitization
of user-supplied input. CzarNews version 1.14 is vulnerable.
Ref: http://evuln.com/vulns/118/summary.html
______________________________________________________________________
06.14.69 CVE: Not Available
Platform: Web Application
Title: Interact Multiple Remote Vulnerabilities
Description: Interact is a web application. It is affected by multiple
SQL injection, cross-site scripting and user enumeration issues.
Interact version 2.1 and 2.1.1 are vulnerable.
Ref: http://www.securityfocus.com/bid/17385
______________________________________________________________________
06.14.70 CVE: Not Available
Platform: Web Application
Title: Chucky A. Ivey's N.T. Index.PHP HTML Injection
Description: N.T. is a wiki application. It is prone to an HTML
injection vulnerability due to insufficient sanitization of
user-supplied input to the "username" parameter in the "index.php"
script. Chucky A. Ivey's N.T. version 1.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17387/references
______________________________________________________________________
06.14.71 CVE: CVE-2006-1590
Platform: Web Application
Title: Basic Analysis and Security Engine PrintFreshPage Cross-Site
Scripting
Description: BASE is a web interface to perform analysis of intrusions
from the SNORT intrusion detection system. It is prone to a cross-site
scripting vulnerability. This issue affects version 1.2.4.
Ref:
http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223
______________________________________________________________________
06.14.72 CVE: CVE-2006-1434
Platform: Web Application
Title: Annuaire (Directory) HTML Injection
Description: Annuaire (Directory)is a web-based address book and
directory application. It is prone to an HTML injection vulnerability
due to insufficient sanitization of user-supplied input to the
"COMMENTAIRE" parameter of the "inscription.php" script. Annuaire
(Directory) version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17393
______________________________________________________________________
06.14.73 CVE: CVE-2006-1554
Platform: Web Application
Title: VSNS Lemon Add Comment HTML Injection Vulnerability
Description: VSNS Lemon is a wiki application. It is prone to an HTML
injection vulnerability due to improper sanitization of user-supplied
input to the "name" parameter on the "Add Comment" page of the
application. Tachyondecay VSNS Lemon version 3.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17395
______________________________________________________________________
06.14.74 CVE: CVE-2006-1435
Platform: Web Application
Title: ARIA Multiple Cross-Site Scripting Vulnerabilities
Description: ARIA is an accounting application. It is vulnerable to
multiple cross-site scripting issues due to insufficient sanitization
of user-supplied input to such parameters as the "message" parameter
of the "genmessage.php" script. ARIA version 0.99-6 is vulnerable.
Ref: http://osvdb.org/ref/24/24255-aria.txt
______________________________________________________________________
06.14.75 CVE: Not Available
Platform: Web Application
Title: Manic Web MWNewsletter Multiple Input Validation
Vulnerabilities
Description: Manic Web MWNewsletter is a web-based newsletter
application implemented in PHP. It is prone to multiple input
validation vulnerabilities due to improper sanitization of
user-supplied input. These vulnerabilities include SQL injection
vulnerabilities and an HTML injection vulnerability.
Ref: http://www.securityfocus.com/bid/17412/references
______________________________________________________________________
06.14.76 CVE: CVE-2006-1631
Platform: Network Device
Title: Cisco 11500 Content Services Switch HTTP Compression Remote
Denial of Service
Description: Cisco 11500 Content Services Switch is a load balancing
device designed to provide scalable network services for datacenters.
The device performs an analysis of protocol headers and directs
requests to the appropriate resources based on policy configuration. A
compression module enables the device to compress HTTP client traffic.
Cisco 11500 Content Services Switch is prone to a remote denial of
service vulnerability. This issue arises on devices that have been
configured for HTTP compression when handling valid but obsolete or
specially crafted HTTP requests.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml
______________________________________________________________________
06.14.77 CVE: Not Available
Platform: Network Device
Title: Cisco Optical Networking System and Transport Controller
Multiple Vulnerabilities
Description: Cisco Optical Networking System (ONS) 15000 series is
affected by multiple denial of service vulnerabilities. These issues
affect Optical nodes that have the Common Control Cards connected to a
Data Communications Network (DCN) and are enabled for IPv4. See
reference for list of vulnerable systems.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml
_______________________________________________________________________
(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
==end==
Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEOrz0+LUG5KFpTkYRAsBCAJ9sNoiPLeThdDpNXkaJbCeJNC0frgCePPP5
IVm15y1aAMjeDYuROLbkKOY=
=86lH
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]