NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2006

RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 16

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Apr 24 2006 - 12:58:00 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

More than 100 new vulnerabilities were uncovered last week. The most
important are associated with Apple Mac OS/X, Oracle, and Symantec.
This week brings more evidence of the intensity with which security
researchers and attackers are going after vulnerabilities file parsing
code.

Alan

********************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 24, 2006 Vol. 5. Week 16
********************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:
===============================================================
Platform # of Updates & Vulnerabilities
===============================================================
Microsoft (#4)
Third Party Windows Apps 1
Mac Os 2 (#3)
Linux 6
Aix 1
Unix 2
Cross Platform 5 (#1, #2)
Web Application - Cross Site Scripting 33
Web Application - SQL Injection 17
Web Application 35
Network Device 3
Hardware 1
***************** Sponsored By Blue Coat Systems, Inc. *************************
(formerly Permeo Technologies)

New security ebook on Information Theft Prevention

In The Definitive Guide to Information Theft Prevention, security
author Dan Sullivan provides advice on information protection and
privacy regulations; how to tackle threats from unmanaged devices;
how to secure managed devices; and how to leverage new security
technologies. This guide also discusses risk management, incident
responses and emerging best practices around information security.
Download it now! http://www.sans.org/info.php?id=1120

********************************************************************************
"SANS has the highest quality instructors and the most relevant, current
information of any training I have attended." (Melodee McHone, Hallmark)

SANS offers the industry's best courses and extraordinary faculty,
offering authoritative up-to-the-minute material that shows you how to
do the job and gives you the confidence to go back and do it
immediately.

SANS Security Essentials, Hacker Exploits, System Forensics, Intrusion
Detection, Auditing, plus training for CISSP exam and all Technical
certification required for DoD 8570.

Join 600 security professionals in San Diego in May for SANS best
instructors, a great security product expo, and evening networking and
new technology sessions. Bonus: Smaller classes than the national
conferences: Register today: http://www.sans.org/security06/

*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Oracle Critical Patch Update April 2006
(2) HIGH: Symantec Scan Engine Multiple Vulnerabilities
(3) HIGH: Apple Mac OS X Multiple Vulnerabilities
(4) MODERATE: Internet Explorer Nested Object Tag Memory Corruption

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
06.16.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service
-- Mac Os
06.16.2 - Symantec LiveUpdate for Macintosh Local Privilege Escalation
06.16.3 - Mac OS X Multiple Security Vulnerabilities
-- Linux
06.16.4 - Linux Kernel Intel EM64T SYSRET Local Denial of Service
06.16.5 - Avast! Linux Home Edition Insecure Temporary File Creation
06.16.6 - Linux Kernel Shared Memory Security Restriction Bypass
06.16.7 - Linux Kernel IP_ROUTE_INPUT Local Denial of Service
06.16.8 - Beagle Helper Applications Arbitrary Code Execution
06.16.9 - Linux Kernel RCU Signal Handling
-- Aix
06.16.10 - IBM AIX RM_MLCache_File Local File Corruption
-- Unix
06.16.11 - FCheck Insecure Temporary File Creation
06.16.12 - Xine Playlist Handling Remote Format String Vulnerability
-- Cross Platform
06.16.13 - Sun Java Studio Local Privilege Escalation
06.16.14 - Asterisk JPEG File Handling Integer Overflow
06.16.15 - Neon Responders Remote Clock Synchronization Denial of Service
06.16.16 - Oracle April 2006 Security Update Multiple Vulnerabilities
06.16.17 - Gnome Foundation GDM .ICEauthority Improper File Permissions
-- Web Application - Cross Site Scripting
06.16.18 - Boardsolution Index.PHP Cross-Site Scripting
06.16.19 - TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
06.16.20 - phpFaber TopSites Index.PHP Cross-Site Scripting
06.16.21 - Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities
06.16.22 - Tiny Web Gallery Index.PHP Cross-Site Scripting
06.16.23 - phpGuestbook HTML Injection
06.16.24 - MODxCMS Index.PHP Cross-Site Scripting
06.16.25 - FarsiNews Search.PHP Cross-Site Scripting
06.16.26 - ar-blog Print.PHP Cross-Site Scripting
06.16.27 - PlanetSearch + Cross-Site Scripting
06.16.28 - LifeType Index.PHP Cross-Site Scripting
06.16.29 - Papoo Print.PHP Cross-Site Scripting
06.16.30 - BoastMachine Search.PHP Cross-Site Scripting
06.16.31 - Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting
06.16.32 - Calendarix YearCal.PHP Cross-Site Scripting
06.16.33 - Manila Multiple Cross-Site Scripting Vulnerabilities
06.16.34 - Serendipity Blog Config.PHP Script Injection
06.16.35 - axoverzicht.cgi Cross-Site Scripting
06.16.36 - phpLinks Index.PHP Cross-Site Scripting
06.16.37 - phpLister Index.PHP Cross-Site Scripting
06.16.38 - CutePHP CuteNews Editnews Module Cross-Site Scripting
06.16.39 - Visale Multiple Cross-Site Scripting Vulnerabilities
06.16.40 - CommuniMail Multiple Cross-Site Scripting Vulnerabilities
06.16.41 - Cisco Wireless LAN Engine ArchiveApplyDisplay.JSP Cross-Site Scripting
06.16.42 - IntelliLink Pro Multiple Cross-Site Scripting Vulnerabilities
06.16.43 - ContentBoxx Login.PHP Cross-Site Scripting
06.16.44 - BannerFarm Multiple Cross-Site Scripting Vulnerabilities
06.16.45 - Net Clubs Pro Multiple Cross-Site Scripting Vulnerabilities
06.16.46 - EasyGallery EasyGallery.PHP Cross-Site Scripting
06.16.47 - 4homepages 4images Member.PHP Cross-Site Scripting
06.16.48 - W2B Online Banking SID Parameter Cross-Site Scripting
06.16.49 - ThWboard Index.PHP Cross-Site Scripting
06.16.50 - Portal Pack Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
06.16.51 - BlackOrpheus Member.PHP SQL Injection
06.16.52 - RateIt Rateit.PHP SQL Injection
06.16.53 - PowerClan Member.PHP SQL Injection
06.16.54 - FlexBB Index.PHP SQL Injection
06.16.55 - Article Publisher Pro Multiple SQL Injection Vulnerabilities
06.16.56 - ModernGigabyte ModernBill User.PHP SQL Injection
06.16.57 - PMTool Index.PHP SQL Injection
06.16.58 - ThWboard Showtopic.PHP SQL Injection
06.16.59 - Neuron Blog Multiple SQL Injection Vulnerabilities
06.16.60 - WWWThread Multiple SQL Injection Vulnerabilities
06.16.61 - AspSitem Haberler.ASP SQL Injection
06.16.62 - Plexum Multiple SQL Injection Vulnerabilities
06.16.63 - AWStats AWstats.PL Cross-Site Scripting
06.16.64 - PCPIN Chat Main.PHP SQL Injection
06.16.65 - PHPSurveyor SurveyID Parameter SQL Injection
06.16.66 - Mini-NUKE Pages.ASP SQL Injection
06.16.67 - Bloggage Check_login.ASP Multiple SQL Injection Vulnerabilities
-- Web Application
06.16.68 - Neuron Blog Multiple HTML Injection Vulnerabilities
06.16.69 - Blursoft Blur6ex Index.PHP Local File Include
06.16.70 - MusicBox Multiple Input Validation Vulnerabilities
06.16.71 - Monster Top List Functions.PHP Remote File Include
06.16.72 - ShoutBOOK Multiple HTML Injection Vulnerabilities
06.16.73 - FlexBB Multiple HTML Injection Vulnerabilities
06.16.74 - MODxCMS Index.PHP Directory Traversal
06.16.75 - PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
06.16.76 - Warforge.NEWS Multiple Input Validation Vulnerabilities
06.16.77 - PHPWebSite Config.PHP File Include
06.16.78 - Sysinfo Multiple Input Validation Vulnerabilities
06.16.79 - PHPAlbum Language.PHP File Include
06.16.80 - BetaBoard User Profile HTML Injection
06.16.81 - phpWebFTP Index.PHP Directory Traversal
06.16.82 - DbbS Multiple Input Validation Vulnerabilities
06.16.83 - phpGraphy Index.PHP Unauthorized Access
06.16.84 - Coppermine Index.PHP Local File Include
06.16.85 - Fuju News SQL Injection and Authentication Bypass Vulnerabilities
06.16.86 - phpBB BBCode.TPL PHP Code Execution
06.16.87 - FlexBB Multiple Input Validation Vulnerabilities
06.16.88 - myEvent Multiple Remote File Include Vulnerabilities
06.16.89 - myEvent Multiple Input Validation Vulnerabilities
06.16.90 - RechnungsZentrale V2 Authent.PHP4 SQL Injection and Remote File Include
06.16.91 - PHP Net Tools Nettools.PHPArbitrary Shell Command Execution
06.16.92 - Dubelu PhpGuestboo HTML Injection Vulnerability
06.16.93 - ActualScripts ActualAnalyzer Direct.PHP Remote File Include
06.16.94 - xFlow Multiple Input Validation Vulnerabilities
06.16.95 - TotalCalendar Multiple Remote File Include Vulnerabilities
06.16.96 - LinPHA Multiple Unspecified Input Validation Vulnerabilities
06.16.97 - Internet Photoshow Index.PHP Remote File Include
06.16.98 - I-RATER Platinum Common.PHP Remote File Include
06.16.99 - Manic Web MWGuest MWguest.PHP HTML Injection
06.16.100 - Asterisk Recording Interface Audio.PHP Information Disclosure
06.16.101 - 1 Table Publisher HTML Injection
06.16.102 - PHPLDAPAdmin Multiple Input Validation Vulnerabilities
-- Network Device
06.16.103 - Cisco IOS XR MPLS Denial of Service
06.16.104 - Multiple Linux-Based Cisco Products Local Privilege Escalation
06.16.105 - Linksys RT31P2 Remote Malformed SIP Packet Denial of Service
-- Hardware
06.16.106 - Multiple Vendor AMD CPU Local FPU Information Disclosure

**************************** Sponsored Links: **********************************

1) Free SANS WhatWorks in Intrusion Prevention Systems Webcast "Low-
Maintenance Security" Tuesday, April 25 at 1:00 PM EDT (1700 UTC/GMT)
http://www.sans.org/info.php?id=1121

2) "From Logs to Logic: Turning Log Piles into Log Intelligence" a Free
SANS Tool Talk Webcast this week! Wednesday, April 26 at 1:00 PM EDT
(1700 UTC/GMT)
http://www.sans.org/info.php?id=1122
********************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar at TippingPoint, a division of
3Com, as a by-product of that company's continuous effort to ensure that
its intrusion prevention products effectively block exploits using known
vulnerabilities. TippingPoint's analysis is complemented by input from
a council of security managers from twelve large organizations who
confidentially share with SANS the specific actions they have taken to
protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk

*************************
Widely Deployed Software
*************************

(1) HIGH: Oracle Critical Patch Update April 2006
Affected:
Oracle 9i Application Server, Collaboration Suite, Database, Developer Suite
Oracle 10g Application Server, Database Server
Oracle E-Business Suite 11i
Oracle Collaboration Suite
Oracle Database version 8.x
Oracle Workflow 11.x
Oracle Pharmaceutical Applications version 4.x
PeopleSoft Enterprise Tools
JD Edwards Enterprise One and OneWorld

Description: Oracle has released a security update that fixes over 30
vulnerabilities in various Oracle software packages. This update fixes:
(a) A security bypass flaw in the Oracle PL/SQL gateway that can be
leveraged to compromise certain Oracle applications via HTTP. (b) A
buffer overflow in the "VERIFY_LOG" procedure included in the
"DBMS_SNAPSHOT_UTL" package. However, according to the discoverer, fixed
packages for all the affected platforms are not available now and will
be released on May 1, 2006. (c) SQL Injection flaw in the
"SYS.DBMS_LOGMNR_SESSION" package. The technical details about other
vulnerabilities have not been posted yet.

Status: Apply the patches or upgrades as specified in the Oracle
Critical Patch Update - April 2006. Note that Oracle E-Business Suite
patches are not cumulative.

Council Site Actions: Most of the reporting council sites are
responding to this item and are in the process of quality assurance and
regression testing of the patches. They all plan to distribute the
patches during their next regularly scheduled system update process.
One site is implementing additional mitigation provided by removing
global permissions and restricting access to specific application ids.

References:
Oracle Advisory
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html
CERT Advisory
http://www.us-cert.gov/cas/techalerts/TA06-109A.html
Posting by Argeniss Security Group
http://archives.neohapsis.com/archives/bugtraq/2006-04/0428.html
Posting by Red Database Security
http://archives.neohapsis.com/archives/bugtraq/2006-04/0373.html
Posting by NGSS Software
http://archives.neohapsis.com/archives/bugtraq/2006-04/0369.html
Exploit Code
http://archives.neohapsis.com/archives/bugtraq/2006-04/0375.html
Previous RISK Postings on PL/SQL Vulnerabilities
http://www.sans.org/newsletters/risk/display.php?v=5&i=4#widely2
http://www.sans.org/newsletters/risk/display.php?v=5&i=5#exploit1
SecurityFocus BIDs
http://www.securityfocus.com/bid/17590

****************************************************************

(2) HIGH: Symantec Scan Engine Multiple Vulnerabilities
Affected:
Symantec Scan Engine version 5.0.0.24 and prior

Description: Symantec Scan Engine is a TCP/IP server and helps
third-party software to include support for Symantec content scanning.
The engine runs an administrative web interface on port 8004/tcp by
default. The authentication mechanism used to log in to this web server
contains flaws that can be exploited by a remote unauthenticated
attacker to change the administrator password. Hence, the attacker can
obtain complete control over the scan engine. A proof-of-concept perl
script has been included in the posted advisory. A remote attacker can
also download arbitrary files such as virus definition and log files
from the scan engine.

Status: Symantec has released version 5.1.0.7 that fixes these
vulnerabilities. A workaround is to block access to the port 8004/tcp
from the Internet.

References:
Rapid7 Advisories
http://archives.neohapsis.com/archives/bugtraq/2006-04/0454.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0455.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0456.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0458.html
Product Homepage and Information
http://www.symantec.com/Products/enterprise?c=prodinfo&refId=836
http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_scan_engine_5.0_06-2005.en-us.pdf
SecurityFocus BID
http://www.securityfocus.com/bid/17637

*******************************************************************

(3) HIGH: Apple Mac OS X Multiple Vulnerabilities
Affected:
Mac OS X version 10.4.6 and prior

Description: Mac OS X reportedly contains the following vulnerabilities:
(a) A heap-based overflow that can be triggered by a specially crafted
zip archive. (b) Memory corruption vulnerabilities in multiple
functions invoked by the Safari browser. (c) A heap-based overflow that
can be triggered by a specially crafted bitmap (.bmp) file. (d) A
heap-based overflow that can be triggered by a specially crafted GIF
image file. (e) Memory corruption vulnerabilities that can be triggered
by specially crafted TIFF files. Malicious zip, HTML or image files may
exploit these flaws to possibly execute arbitrary code on Mac OS/X
systems. The discoverer has posted gdb output and proof-of-concept files
for these flaws.

Status: Apple has been contacted, no patches yet available.

References:
Posting by Tom Ferris
http://www.security-protocols.com/sp-x25-advisory.php
http://www.security-protocols.com/sp-x26-advisory.php
http://www.security-protocols.com/sp-x27-advisory.php
http://www.security-protocols.com/sp-x28-advisory.php
http://www.security-protocols.com/sp-x29-advisory.php
http://www.security-protocols.com/sp-x30-advisory.php
SecurityFocus BID
http://www.securityfocus.com/bid/17634

***********************************************************************

(4) MODERATE: Internet Explorer Nested Object Tag Memory Corruption
Affected:
IE version 6.0 on XP SP2

Description: A discover has reported that Internet Explorer contains a
memory corruption when loading HTML file containing nested "OBJECT"
tags. The flaw can be exploited to crash IE and/or possibly execute
arbitrary code (not confirmed yet). Proof-of-concept exploit is included
in the discoverer's posting.

Status: Microsoft has not confirmed, no patches available.

References:
Posting by Michael Zalaweski
http://archives.neohapsis.com/archives/bugtraq/2006-04/0478.html
Posting by Matt Murphy
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html
SecurityFocus BID
http://www.securityfocus.com/bid/17658/

**********************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4986 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

______________________________________________________________________

06.16.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP StorageWorks Secure Path for Windows Remote Denial of
Service
Description: HP StorageWorks Secure Path for Windows provides data
access for RAID storage systems on Windows 2003, Windows 2000 and
Windows NT platforms. It is affected by a remote denial of service
vulnerability due to which a remote unauthenticated attacker may cause
the application to become unresponsive, denying service to legitimate
users. HP StorageWorks Secure Path for Windows version 4.0C-SP2 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17638
______________________________________________________________________

06.16.2 CVE: Not Available
Platform: Mac Os
Title: Symantec LiveUpdate for Macintosh Local Privilege Escalation
Description: Symantec products contain a feature called LiveUpdate
that checks for new virus definitions and product updates over the
Internet. LiveUpdate is affected by a local privilege escalation issue
due to a failure of the application to properly utilize the PATH
environment variable. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17571
______________________________________________________________________

06.16.3 CVE: Not Available
Platform: Mac Os
Title: Mac OS X Multiple Security Vulnerabilities
Description: Apple Mac OS X as well as Safari, Preview, Finder,
QuickTime and BOMArchiveHelper are reported vulnerable to multiple
security issues. Vulnerabilites range from heap overflow to denial of
service. Apple OS X versions 10.4.6 and earlier are vulnerable. See
the reference list for further details.
Ref: http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233
______________________________________________________________________

06.16.4 CVE: CVE-2006-0744
Platform: Linux
Title: Linux Kernel Intel EM64T SYSRET Local Denial of Service
Description: The Linux kernel is prone to a local denial of service
vulnerability. This issue presents itself in Intel EM64T CPUs when
program control is returned using SYSRET. Specifically, the Intel
EM64T CPU processes uncanonical return addresses differently from an
AMD CPU. Linux kernel version 2.6.16.5 fixes this issue.
Ref: http://www.securityfocus.com/bid/17541
______________________________________________________________________

06.16.5 CVE: Not Available
Platform: Linux
Title: Avast! Linux Home Edition Insecure Temporary File Creation
Description: Avast! Linux Home Edition is an antivirus application. It
creates temporary files in an insecure manner when scanning for
malicious code. Avast! Linux Home Edition versions 1.0.5 and 1.0.5-1
are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431019
______________________________________________________________________

06.16.6 CVE: Not Available
Platform: Linux
Title: Linux Kernel Shared Memory Security Restriction Bypass
Description: The Linux kernel is prone to a shared memory access
bypass issue due to improper validation in the "ipc/shm.c" and
"mm/madvice.c" files. Please see the attached advisory for a list of
affected versions.
Ref: http://www.securityfocus.com/bid/17587
______________________________________________________________________

06.16.7 CVE: Not Available
Platform: Linux
Title: Linux Kernel IP_ROUTE_INPUT Local Denial of Service
Description: The Linux kernel is prone to a local denial of service
issue due to a design error in the "ip_route_input()" function when it
dereferences the "skb->nh.protocol" field. Linux kernel versions prior
to 2.6.16.8 are affected.
Ref: http://www.securityfocus.com/bid/17593
______________________________________________________________________

06.16.8 CVE: CVE-2006-1296
Platform: Linux
Title: Beagle Helper Applications Arbitrary Code Execution
Description: Beagle is a local index application. It is vulnerable to
an insecure indexing issue when dealing with helper applications.
Beagle version 0.2.4 is vulnerable.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
______________________________________________________________________

06.16.9 CVE: Not Available
Platform: Linux
Title: Linux Kernel RCU Signal Handling
Description: Linux kernel is prone to a local unspecified
vulnerability. This issue exists in the "__group_complete_signal"
function of the RCU signal handling functionality. The affected code
resides in "signal.c" and the vulnerability is caused due to improper
use of "BUG_ON". Linux kernel version 2.6.16 fixes the issue.
Ref: http://www.securityfocus.com/bid/17640
______________________________________________________________________

06.16.10 CVE: Not Available
Platform: Aix
Title: IBM AIX RM_MLCache_File Local File Corruption
Description: The IBM AIX rm_mlcache_file command may let local
attackers overwrite arbitrary files leading to destruction of
sensitive data and denial of service. The affected utility is included
in the bos.rte.install fileset. IBM AIX versions 5.3 L and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17576
______________________________________________________________________

06.16.11 CVE: CVE-2006-1753
Platform: Unix
Title: FCheck Insecure Temporary File Creation
Description: Fcheck is a host-based intrusion detection system. The
vulnerability is due to a cronjob creating temporary files with
insecure file permissions. An attacker with local access could
potentially exploit this issue to view files and obtain privileged
information. The attacker may also perform symlink attacks,
overwriting arbitrary files in the context of the affected
application.
Ref: http://www.securityfocus.com/bid/17524
______________________________________________________________________

06.16.12 CVE: CVE-2006-1905
Platform: Unix
Title: Xine Playlist Handling Remote Format String Vulnerability
Description: The Xine package is a multimedia player. It is vulnerable
to a remote format string issue due to insufficient handling of
crafted playlist files. All versions of Xine are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431251
______________________________________________________________________

06.16.13 CVE: CVE-2006-1830
Platform: Cross Platform
Title: Sun Java Studio Local Privilege Escalation
Description: Sun Java Studio is an enterprise development platform. It
is prone to a local privilege escalation vulnerability. The
vulnerability presents itself when the application is installed by the
superuser and it creates certain files with world-writable
permissions. An unprivileged local attacker can execute arbitrary code
and commands in the context of a user who invokes the application. A
successful attack can facilitate privilege escalation. Sun Java Studio
Enterprise 8 is vulnerable to this issue.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102292-1
______________________________________________________________________

06.16.14 CVE: CVE-2006-1827
Platform: Cross Platform
Title: Asterisk JPEG File Handling Integer Overflow
Description: Asterisk is a private branch exchange (PBX) application.
It is vulnerable to an integer overflow when a JPEG file greater than
65536 bytes is processed. Asterisk versions 1.2.6 and earlier are
vulnerable.
Ref: http://www.cipher.org.uk/index.php?p=cipher/advisories.cipher
______________________________________________________________________

06.16.15 CVE: Not Available
Platform: Cross Platform
Title: Neon Responders Remote Clock Synchronization Denial of Service
Description: Neon Responders is a companion application for
LANsurveyor designed to aid in network resource management. It is
affected by a denial of service issue when processing
specially-crafted clock synchronization requests. Neon Responders
version 5.4 is affected.
Ref: http://www.securityfocus.com/bid/17569
______________________________________________________________________

06.16.16 CVE: Not Available
Platform: Cross Platform
Title: Oracle April 2006 Security Update Multiple Vulnerabilities
Description: Oracle released a Critical Patch Update advisory for
April 2006 to address multiple vulnerabilities. Please see the
advisory for further details.
Ref: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html
______________________________________________________________________

06.16.17 CVE: CVE-2006-1057
Platform: Cross Platform
Title: Gnome Foundation GDM .ICEauthority Improper File Permissions
Description: Gnome Display Manager (GDM) is a utility harnessed by
Gnome to manage various functions. It is vulnerable to an improper
file permissions issue because there is a race condition between the
time stat() is run on the ".ICEauthority" file and when the "chown()"
and "chmod()" functions are run on the file. Gnome GDM version 2.14.1
is vulnerable.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
______________________________________________________________________

06.16.18 CVE: CVE-2006-1889
Platform: Web Application - Cross Site Scripting
Title: Boardsolution Index.PHP Cross-Site Scripting
Description: Boardsolution is a web forum application. The application
is prone to a cross-site scripting vulnerability due to insufficient
sanitization of user-supplied input to the "index.php" script.
Boardsolution version 1.12 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431072
______________________________________________________________________

06.16.19 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
Description: TinyPHPForum is a web-based forum application.
Insufficient sanitization of the "uname" parameter of the
"profile.php" script and the "name" parameter of the login script
exposes the application to multiple cross-site scripting issues.
TinyPHPForum version 3.6 is affected.
Ref: http://www.securityfocus.com/bid/17553
______________________________________________________________________

06.16.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpFaber TopSites Index.PHP Cross-Site Scripting
Description: phpFaber TopSites is a web-based picture gallery.
Insufficient sanitization of the "page" parameter in the "index.php"
script exposes the application to a cross-site scripting issue. All
current versions are affected.
Ref: http://www.securityfocus.com/bid/17542
______________________________________________________________________

06.16.21 CVE: CVE-2006-1826
Platform: Web Application - Cross Site Scripting
Title: Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities
Description: Snipe Gallery is a web-based image gallery application
implemented in PHP. It is prone to multiple cross-site scripting
vulnerabilities. All current versions are affected.
Ref: http://www.securityfocus.com/archive/1/431074
______________________________________________________________________

06.16.22 CVE: CVE-2006-1802
Platform: Web Application - Cross Site Scripting
Title: Tiny Web Gallery Index.PHP Cross-Site Scripting
Description: Tiny Web Gallery is a web-based picture gallery. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of the "twg_album" parameter when it is submitted to the
"index.php" script. Tiny Web Gallery versions 1.4 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/431069
______________________________________________________________________

06.16.23 CVE: CVE-2006-1824
Platform: Web Application - Cross Site Scripting
Title: phpGuestbook HTML Injection
Description: phpGuestbook is web-based guest book application.
phpGuestbook is prone to an HTML injection vulnerability due to
insufficient sanitization of user-supplied input to the 'Name' and
'Comment' fields. phpGuestbook versions 1.0 and prior are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431070
______________________________________________________________________

06.16.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MODxCMS Index.PHP Cross-Site Scripting
Description: MODxCMS is a content management application. Insufficient
sanitization of the "id" parameter in the "index.php" script exposes
the application to a cross-site scripting issue. MODxCMS version 0.9.1
is affected.
Ref: http://www.securityfocus.com/bid/17532
______________________________________________________________________

06.16.25 CVE: CVE-2006-1822
Platform: Web Application - Cross Site Scripting
Title: FarsiNews Search.PHP Cross-Site Scripting
Description: FarsiNews is a news publishing system. It is vulnerable
to a cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "selected_search_arch" parameter of the
"search.php" script. FarsiNews versions 2.5.3 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/431011
______________________________________________________________________

06.16.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ar-blog Print.PHP Cross-Site Scripting
Description: ar-blog is a web log application. It is prone to a
cross-site scripting vulnerability due to insufficient sanitization of
user-supplied input to the "id" parameter of the "print.php" script.
ar-blog version 5.2 is affected.
Ref: http://www.securityfocus.com/bid/17522
______________________________________________________________________

06.16.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PlanetSearch + Cross-Site Scripting
Description: PlanetSearch + is a search application. It is vulnerable
to a cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "search_exp" parameter when it is submitted
to the "planetsearchplus.php" script. All versions of PlanetSearch +
are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431033
______________________________________________________________________

06.16.28 CVE: CVE-2006-1808
Platform: Web Application - Cross Site Scripting
Title: LifeType Index.PHP Cross-Site Scripting
Description: LifeType is a web blog application written in PHP. The
application is prone to a cross-site scripting vulnerability due to
insufficient sanitization of user-supplied input to the "index.php"
script. LifeType version 1.0.3 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431008
______________________________________________________________________

06.16.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Papoo Print.PHP Cross-Site Scripting
Description: Papoo is a website management application. It is prone to
a cross-site scripting vulnerability due to insufficient sanitization
of user-supplied input to the "reporeid_print" parameter of the
"print.php" script. Papoo versions 2.1.5 and 2.1.2 are affected.
Ref: http://www.securityfocus.com/bid/17530
______________________________________________________________________

06.16.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BoastMachine Search.PHP Cross-Site Scripting
Description: BoastMachine is a web-based forum application. It is
vulnerable to a cross-site scripting issue due to insufficent
sanitization of user-supplied input to the "search.php" script.
BoastMachine version 3.0 platinum is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431120
______________________________________________________________________

06.16.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting
Description: Jax Guestbook is a web forum application. Insufficient
sanitization of the "jax_guestbook.php" script exposes the application
to a cross-site scripting issue. Guestbook version 3.50 is affected.
Ref: http://www.securityfocus.com/bid/17560
______________________________________________________________________

06.16.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Calendarix YearCal.PHP Cross-Site Scripting
Description: Calendarix is a web calendar application. Insufficient
sanitization of the "ycyear" parameter of the "yearcal.php" script
exposes the application to a cross-site scripting issue. All current
versions are affected.
Ref: http://www.securityfocus.com/bid/17562
______________________________________________________________________

06.16.33 CVE: CVE-2006-1903, CVE-2006-1769
Platform: Web Application - Cross Site Scripting
Title: Manila Multiple Cross-Site Scripting Vulnerabilities
Description: Manila is a web-based forum application. It is vulnerable
to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "msgReader" and "sendMail"
modules. Manila version 9.0.1 is vulnerable.
Ref: http://www.osvdb.org/24554
______________________________________________________________________

06.16.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Serendipity Blog Config.PHP Script Injection
Description: Serendipity Blog is a web log application. Serendipity
Blog is prone to a PHP script execution vulnerability due to
insufficient sanitization of user-supplied input to the "config.php"
file. Serendipity version 1.0.beta 2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17566
______________________________________________________________________

06.16.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: axoverzicht.cgi Cross-Site Scripting
Description: axoverzicht.cgi is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied
input. All versions of axoverzicht.cgi are vulnerable.
Ref: http://www.securityfocus.com/bid/17584
______________________________________________________________________

06.16.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpLinks Index.PHP Cross-Site Scripting
Description: phpLinks is a web link management application.
Insufficient sanitization of the "term" parameter of the "index.php"
script exposes the application to a cross-site scripting issue.
phpLinks version 2.1.3.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17586
______________________________________________________________________

06.16.37 CVE: CVE-2006-1906
Platform: Web Application - Cross Site Scripting
Title: phpLister Index.PHP Cross-Site Scripting
Description: phpLister is a web-based file management application. The
application is prone to a cross-site scripting vulnerability because
it fails to properly sanitize user-supplied input. phpLister version
0.4.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431308
______________________________________________________________________

06.16.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CutePHP CuteNews Editnews Module Cross-Site Scripting
Description: CuteNews is a news management system. It is prone to a
cross-site scripting vulnerability due to insufficient sanitization of
user-supplied input to the "source" parameter of the "editnews"
module. CuteNews version 1.4.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17592
______________________________________________________________________

06.16.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Visale Multiple Cross-Site Scripting Vulnerabilities
Description: Visale is a web-based classified advertising application.
It is vulnerable to multiple cross-site scripting issues due to
insufficient sanitization of user-supplied input to the "pbpgst.cgi",
"pblscg.cgi" and the "pblsmb.cgi" scripts. Visale versions 1.0 and
earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/visale-xss-vuln.html
______________________________________________________________________

06.16.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CommuniMail Multiple Cross-Site Scripting Vulnerabilities
Description: CommuniMail is a mailing list manager and newsletter
script. It is prone to multiple cross-site scripting vulnerabilities
due to insufficient sanitization of user-supplied input to various
scripts. CommuniMail version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/17602
______________________________________________________________________

06.16.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cisco Wireless LAN Engine ArchiveApplyDisplay.JSP Cross-Site
Scripting
Description: CiscoWorks Wireless LAN Solution Engine (WLSE) is a
centralized systems-level application for managing and controlling an
entire autonomous Cisco WLAN infrastructure. Insufficient sanitization
of the "displayMsg" parameter of the
"/wlse/configure/archive/archiveApplyDisplay.jsp" script exposes the
application to a cross-site scripting issue. Cisco Wireless Lan
Solution Engine Express version 2.13 resolves the issue.
Ref: http://www.securityfocus.com/bid/17604
______________________________________________________________________

06.16.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IntelliLink Pro Multiple Cross-Site Scripting Vulnerabilities
Description: IntelliLink Pro is a link exchange application.
Insufficient sanitization of user-supplied input exposes the
application to multiple cross-site scripting issues. All current
versions are affected.
Ref: http://www.securityfocus.com/bid/17605
______________________________________________________________________

06.16.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ContentBoxx Login.PHP Cross-Site Scripting
Description: ContentBoxx is a content management application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "action" parameter of the
"login.php" script. All versions of ContentBoxx are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431386
______________________________________________________________________

06.16.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BannerFarm Multiple Cross-Site Scripting Vulnerabilities
Description: BannerFarm is a banner advertisement exchange
application. It is vulnerable to multiple cross-site scripting issues
due to insufficient sanitization of user-supplied input to the "aff"
and "cat" parameters of the "banners.cgi" script. BannerFarm versions
2.3 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/bannerfarm-xss-vuln.html
______________________________________________________________________

06.16.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Net Clubs Pro Multiple Cross-Site Scripting Vulnerabilities
Description: Net Clubs Pro is a web-based portal. It is prone to
multiple cross-site scripting vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. Net Clubs Pro
version 4.0 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html
______________________________________________________________________

06.16.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EasyGallery EasyGallery.PHP Cross-Site Scripting
Description: EasyGallery is a web-based image gallery application
implemented in PHP. It is prone to a cross-site scripting
vulnerability due to insufficient sanitization of user-supplied input
to the "order" parameter of the "EasyGallery.php" script. EasyGallery
version 1.17 is affected.
Ref: http://www.securityfocus.com/bid/17624
______________________________________________________________________

06.16.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: 4homepages 4images Member.PHP Cross-Site Scripting
Description: 4images is a web-based image gallery. It is vulnerable to
a cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "user_id" URI parameter of the "member.php"
script. 4images versions 1.7 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17625/info
______________________________________________________________________

06.16.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: W2B Online Banking SID Parameter Cross-Site Scripting
Description: W2B Online Banking is an application suite for managing
banking information. It is vulnerable to a cross-site scripting issue
due to insufficient sanitization of user-supplied input to the "SID"
parameter. All versions of W2B Online Banking are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/w2b-online-banking-vuln.html
______________________________________________________________________

06.16.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ThWboard Index.PHP Cross-Site Scripting
Description: ThWboard is a message board application. It is vulnerable
to a cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "navpath" URI parameter of the "index.php"
script. ThWboard 3 version Beta 2.84 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431509
______________________________________________________________________

06.16.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Portal Pack Multiple Cross-Site Scripting Vulnerabilities
Description: Portal Pack is a web-based portal. It is prone to
multiple cross-site scripting vulnerabilities due to insufficient
sanitization of user-supplied input. Portal Pack versions 6.0 and
prior are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/portal-pack-6-xss-vuln.html
______________________________________________________________________

06.16.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlackOrpheus Member.PHP SQL Injection
Description: BlackOrpheus is a web-based application used to manage
site members. It is vulnerable to an SQL injection issue due to
insufficient sanitization of user-supplied input to the "userID"
parameter of the "member.php" script. BlackOrpheus version 1.0 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17558/info
______________________________________________________________________

06.16.52 CVE: CVE-2006-1798
Platform: Web Application - SQL Injection
Title: RateIt Rateit.PHP SQL Injection
Description: RateIt is a web-based rating system. It is vulnerable to
an SQL injection issue due to insufficient sanitization of
user-supplied input to the "rateit_id" parameter of the "rateit.php"
script. RateIt version 2.2 is vulnerable.
Ref: http://evuln.com/vulns/124/summary.html
______________________________________________________________________

06.16.53 CVE: CVE-2006-1805
Platform: Web Application - SQL Injection
Title: PowerClan Member.PHP SQL Injection
Description: PowerClan is a web-based portal. It is vulnerable to an
SQL injection issue due to insufficient sanitization of user-supplied
input to the "memberid" parameter of the "member.php" script.
PowerClan version 1.14 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431005
______________________________________________________________________

06.16.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FlexBB Index.PHP SQL Injection
Description: FlexBB is a bulletin board application. Insufficient
sanitization of the "flexbb_username" parameter of the "index.php"
script exposes the application to an SQL injection issue. FlexBB
version 0.5.5 is affected.
Ref: http://www.securityfocus.com/bid/17568
______________________________________________________________________

06.16.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Article Publisher Pro Multiple SQL Injection Vulnerabilities
Description: Article Publisher Pro is a document publishing
application. Insufficient sanitization of the the "cname" parameter of
the "category.php" script and "art_id" parameter of the "articles.php"
script exposes the application to multiple SQL injection issues.
Article Publisher Pro version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/17595
______________________________________________________________________

06.16.56 CVE: CVE-2006-1853
Platform: Web Application - SQL Injection
Title: ModernGigabyte ModernBill User.PHP SQL Injection
Description: ModernBill is a web-based hosting application. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "ID" parameter of the "user.php" script.
ModernGigabyte ModernBill versions 4.3.2 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html
______________________________________________________________________

06.16.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PMTool Index.PHP SQL Injection
Description: PMTool is web-based project management software. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input of the "order" parameter. PMTool version 1.2.2
is vulnerable.
Ref: http://www.securityfocus.com/bid/17599/info
______________________________________________________________________

06.16.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ThWboard Showtopic.PHP SQL Injection
Description: ThWboard is web-based bulletin board software. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "pagenum" parameter of the
"showtopic.php" script. Thwboard Beta versions 2.84 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/431354
______________________________________________________________________

06.16.59 CVE: CVE-2006-1899
Platform: Web Application - SQL Injection
Title: Neuron Blog Multiple SQL Injection Vulnerabilities
Description: Neuron Blog is a weblog application. It is vulnerable to
multiple SQL injection issues due to insufficient sanitization of
user-supplied input to the "commentname", "commentmail",
"commentwebsite", and "comment" parameters of the
"pages/addcomment2.php" script. Neuron Blog versions 1.1 and earlier
are vulnerable.
Ref: http://www.securityfocus.com/bid/17608/info
______________________________________________________________________

06.16.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WWWThread Multiple SQL Injection Vulnerabilities
Description: WWWThread is a message board application. It is prone to
multiple SQL injection vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. WWWThreads
version RC3 is affected.
Ref: http://www.securityfocus.com/bid/17615
______________________________________________________________________

06.16.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AspSitem Haberler.ASP SQL Injection
Description: AspSitem is prone to an SQL injection issue due to
insufficient sanitization of the "id" parameter in the "Haberler.asp"
script. AspSitem version 1.83 is affected.
Ref: http://www.securityfocus.com/bid/17616
______________________________________________________________________

06.16.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Plexum Multiple SQL Injection Vulnerabilities
Description: Plexum is a document publishing application. It is prone
to multiple SQL injection vulnerabilities due to insufficient
sanitization of user-supplied input to the "pagesize", "maxrec" and
"startpos" parameters of the "plexum.php" script. Plexum version X5 is
vulnerable.
Ref: http://www.securityfocus.com/bid/17617
______________________________________________________________________

06.16.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AWStats AWstats.PL Cross-Site Scripting
Description: AWStats is a server traffic statistics application. It is
prone to a cross-site scripting vulnerability. Specifically, this
issue affects the "config" URI parameter of the "awstats.pl" script.
AWStats versions 6.5 (build 1.857) and prior are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/awstats-65-vuln.html
______________________________________________________________________

06.16.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PCPIN Chat Main.PHP SQL Injection
Description: PCPIN Chat is website statistics software. It is prone to
an SQL injection vulnerability due to insufficient sanitization of
user-supplied input to the "login" parameter of the "main.php" script.
PCPIN Chat version 5.0.4 is affected.
Ref: http://www.securityfocus.com/bid/17632
______________________________________________________________________

06.16.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPSurveyor SurveyID Parameter SQL Injection
Description: PHPSurveyor is a web-based application for performing
online surveys. It is vulnerable to an SQL injection issue due to
insufficient sanitization of user-supplied input to the "surveyid"
cookie parameter in the "save.php" script.
PHPSurveyor version 0.995 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431508
______________________________________________________________________

06.16.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mini-NUKE Pages.ASP SQL Injection
Description: Mini-NUKE is a content management application. Mini-NUKE
is prone to an SQL injection vulnerability due to insufficient
sanitization of the "id" parameter in the "pages.asp" script.
Mini-NUKE version 2.3 is vulnerable.
Ref: http://www.securityfocus.com/bid/17636
______________________________________________________________________

06.16.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bloggage Check_login.ASP Multiple SQL Injection Vulnerabilities
Description: Bloggage is a web log application. Insufficient
sanitization of the "acc_name" and "password" parameters of the
"check_login.asp" script exposes the application to an SQL injection
issue. All versions of Bloggage are vunerable.
Ref: http://www.securityfocus.com/bid/17639
______________________________________________________________________

06.16.68 CVE: Not Available
Platform: Web Application
Title: Neuron Blog Multiple HTML Injection Vulnerabilities
Description: Neuron Blog is a web blog application. It is prone to
multiple HTML injection vulnerabilities due to insufficient
sanitization of user-supplied input to the "name" and "website" fields
when creating a new comment. Neuron Blog versions 1.1 and prior are
vulnerable.
Ref: http://www.securityfocus.com/bid/17552
______________________________________________________________________

06.16.69 CVE: Not Available
Platform: Web Application
Title: Blursoft Blur6ex Index.PHP Local File Include
Description: Blur6ex is a web-based blog and content management system
(CMS) implemented in PHP. Blur6ex is prone to a local file include
vulnerability. All versions are affected.
Ref: http://www.securityfocus.com/archive/1/431284
______________________________________________________________________

06.16.70 CVE: CVE-2006-1806, CVE-2006-1807
Platform: Web Application
Title: MusicBox Multiple Input Validation Vulnerabilities
Description: MusicBox is a web-based application. It is vulnerable to
multiple input validation issues such as cross-site scripting and SQL
injection. This is due to insufficient sanitization of user-supplied
input to the "index.php" script. MusicBox versions 2.3.3 and earlier
are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/musicbox-vuln.html
______________________________________________________________________

06.16.71 CVE: CVE-2006-1781
Platform: Web Application
Title: Monster Top List Functions.PHP Remote File Include
Description: Monster Top List is a web-based topsite script. It is
vulnerable to a remote file include issue due to insufficient
sanitization of user-supplied input to the "root_path" variable of
"sources/functions.php". Monster Top List version 1.4 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/monstertoplist.html
______________________________________________________________________

06.16.72 CVE: Not Available
Platform: Web Application
Title: ShoutBOOK Multiple HTML Injection Vulnerabilities
Description: ShoutBOOK is a bulletin board application. It is
vulnerable to multiple HTML injection issues due to insufficient
sanitization of user-supplied input to the "Name" and "Comments"
fields when creating a new message. ShoutBOOK versions 1.1 and earlier
are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431130
______________________________________________________________________

06.16.73 CVE: Not Available
Platform: Web Application
Title: FlexBB Multiple HTML Injection Vulnerabilities
Description: FlexBB is a bulletin board application. It is prone to
multiple HTML injection vulnerabilities due to insufficient
sanitization of user-supplied input to the thread name field when
creating a new thread and a reply to any thread. FlexBB versions 0.5.7
BETA and prior are vulnerable.
Ref: http://www.securityfocus.com/bid/17539
______________________________________________________________________

06.16.74 CVE: Not Available
Platform: Web Application
Title: MODxCMS Index.PHP Directory Traversal
Description: MODxCMS is a content management system (CMS) implemented
in PHP. MODxCMS is prone to a directory traversal vulnerability. The
problem occurs with specially-crafted HTTP GET requests containing
directory traversal strings supplied through the "id" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/archive/1/431010
______________________________________________________________________

06.16.75 CVE: CVE-2006-1551, CVE-2006-1789
Platform: Web Application
Title: PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
Description: PAJAX is a framework that is used to create remote
asynchronous PHP objects in JavaScript. It is vulnerable to multiple
remote PHP code execution issues due to insufficient sanitization of
user-supplied data by the application. PAJAX versions 0.5.1 and
earlier are vulnerable.
Ref: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0270.html
______________________________________________________________________

06.16.76 CVE: CVE-2006-1817
Platform: Web Application
Title: Warforge.NEWS Multiple Input Validation Vulnerabilities
Description: Warforge.NEWS is a web-based news management application.
It is vulnerable to multiple input validation issues due to
insufficient sanitization of user-supplied input to the
"myaccounts.php" and "authcheck.php" scripts. Warforge.NEWS version
1.0 is vulnerable.
Ref: http://evuln.com/vulns/125/summary.html
______________________________________________________________________

06.16.77 CVE: CVE-2006-1819
Platform: Web Application
Title: PHPWebSite Config.PHP File Include
Description: PHPWebSite is prone to a remote and local file include
vulnerability. The "hub_dir" parameter of "config.php" is not properly
sanitized, allowing attackers to specify local file includes.
PHPWebSite versions 0.10.2 and prior are affected.
Ref: http://www.securityfocus.com/bid/17521
______________________________________________________________________

06.16.78 CVE: Not Available
Platform: Web Application
Title: Sysinfo Multiple Input Validation Vulnerabilities
Description: Sysinfo is affected by multiple input validation issues.
The application fails to sanitize user-supplied input to the "name"
parameter of the "sysinfo.cgi" script exposing itself to an arbitrary
shell commands execution issue. Insufficient sanitization of the
"debugger" option can allow remote attackers to obtain the
installation path. Sysinfo version 1.21 is affected.
Ref: http://www.securityfocus.com/bid/17523
______________________________________________________________________

06.16.79 CVE: Not Available
Platform: Web Application
Title: PHPAlbum Language.PHP File Include
Description: PHPAlbum is a web-based photo album. It is vulnerable to
a remote file include issue due to insufficient sanitization of the
"data_dir" parameter of the "language.php" script. PHPAlbum versions
0.3.2.3 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17526/info
______________________________________________________________________

06.16.80 CVE: Not Available
Platform: Web Application
Title: BetaBoard User Profile HTML Injection
Description: BetaBoard is a web-based guest book application. It is
vulnerable to an HTML injection issue due to insufficient sanitization
of user-supplied input to unspecified fields on a "User Profile" page.
BetaBoard version 0.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431116
______________________________________________________________________

06.16.81 CVE: CVE-2006-1813
Platform: Web Application
Title: phpWebFTP Index.PHP Directory Traversal
Description: phpWebFTP is a web-based file transfer application
designed to forward FTP traffic over HTTP to bypass firewall settings.
phpWebFTP is prone to a directory traversal vulnerability. The problem
occurs with specially-crafted HTTP POST requests containing directory
traversal strings supplied through the "index.php" script. phpWebFTP
version 3.2 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431115
______________________________________________________________________

06.16.82 CVE: Not Available
Platform: Web Application
Title: DbbS Multiple Input Validation Vulnerabilities
Description: DbbS is a bulletin board application. It is prone to
multiple input validation vulnerabilities because the application
fails to properly sanitize user-supplied input. DbbS version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/17559
______________________________________________________________________

06.16.83 CVE: Not Available
Platform: Web Application
Title: phpGraphy Index.PHP Unauthorized Access
Description: phpGraphy is an image gallery application. It is prone to
an unauthorized access vulnerability due to improper validation of
credentials before granting access to sensitive scripts. phpGraphy
version 0.9.12 fixes these issues.
Ref: http://www.securityfocus.com/bid/17567
______________________________________________________________________

06.16.84 CVE: CVE-2006-0873
Platform: Web Application
Title: Coppermine Index.PHP Local File Include
Description: Coppermine is a web-based image gallery application. It
is vulnerable to a local file include issue due to insufficient
sanitization of user-supplied input to the "index.php" script.
Coppermine version 1.4.4 is vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/0669
______________________________________________________________________

06.16.85 CVE: CVE-2006-1837, CVE-2006-1838
Platform: Web Application
Title: Fuju News SQL Injection and Authentication Bypass
Vulnerabilities
Description: Fuju News is a web-based news application. It is
vulnerable to an SQL injection and Authentication Bypass issue due to
a design flaw and insufficient sanitization of user-supplied input.
Fuju News version 1.0 is vulnerable.
Ref: http://milw0rm.com/exploits/1682
______________________________________________________________________

06.16.86 CVE: CVE-2006-1895
Platform: Web Application
Title: phpBB BBCode.TPL PHP Code Execution
Description: phpBB is a bulletin board application. It is vulnerable
to an arbitrary PHP code execution issue because the
"includes/bbcode.php" script does not properly sanitize user template
files. phpBB version 2.0.9 is vulnerable.
Ref: http://www.securityfocus.com/bid/17573
______________________________________________________________________

06.16.87 CVE: CVE-2006-1810, CVE-2006-1811
Platform: Web Application
Title: FlexBB Multiple Input Validation Vulnerabilities
Description: FlexBB is a web-based bulletin board application
implemented in PHP. FlexBB is prone to multiple HTML and SQL injection
vulnerabilities. Version 0.5.5 of FlexBB is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431121
______________________________________________________________________

06.16.88 CVE: Not Available
Platform: Web Application
Title: myEvent Multiple Remote File Include Vulnerabilities
Description: myEvent is a web-based event application. It is prone to
multiple remote file include vulnerabilities due to insufficient
sanitization of user-supplied input to various scripts. myEvent
version 1.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17575
______________________________________________________________________

06.16.89 CVE: CVE-2006-1890
Platform: Web Application
Title: myEvent Multiple Input Validation Vulnerabilities
Description: myEvent is a web-based event application. It is
vulnerable to multiple input validation issues such as cross-site
scripting and SQL injection. This is due to insufficient sanitization
of user-supplied input. myEvent version 1.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/17580/info
______________________________________________________________________

06.16.90 CVE: Not Available
Platform: Web Application
Title: RechnungsZentrale V2 Authent.PHP4 SQL Injection and Remote File
Include
Description: RechnungsZentrale V2 is a billing application. It is
vulnerable to an SQL injection and remote file include issue due to
insufficient sanitization of user-supplied input to the "authent.php4"
script. RechnungsZentrale V2 versions 1.1.3 and earlier are
vulnerable.
Ref: http://www.g-0.org/code/rz2-adv.html
______________________________________________________________________

06.16.91 CVE: Not Available
Platform: Web Application
Title: PHP Net Tools Nettools.PHPArbitrary Shell Command Execution
Description: PHP Net Tools is a PHP application for gathering and
recording network statistics. It is prone to an arbitrary command
execution vulnerability. An attacker can inject and execute arbitrary
shell commands through use of the pipe "|" character. This issue
affects PHP Net Tools version 2.7.1.
Ref: http://www.securityfocus.com/bid/17601
______________________________________________________________________

06.16.92 CVE: Not Available
Platform: Web Application
Title: Dubelu PhpGuestboo HTML Injection Vulnerability
Description: Dubelu PhpGuestbook is a web-based guest book
application. It is vulnerable to an HTML injection issue due to
insufficient sanitization of user-supplied input to the "Name",
"Website", and "Comment" fields in the "PhpGuestbook.php" script.
Dubelu PhpGuestbook versions 1.0 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html
______________________________________________________________________

06.16.93 CVE: Not Available
Platform: Web Application
Title: ActualScripts ActualAnalyzer Direct.PHP Remote File Include
Description: ActualAnalyzer is a web-based application that collects
site statistics. It is prone to a remote file include vulnerability.
ActualAnalyzer versions 8.23 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431351
______________________________________________________________________

06.16.94 CVE: CVE-2006-1849, CVE-2006-1850
Platform: Web Application
Title: xFlow Multiple Input Validation Vulnerabilities
Description: xFlow is web-based membership management software. xFlow
is prone to multiple SQL injection and cross-site scripting
vulnerabilities. xFlow version 5.46.11 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html
______________________________________________________________________

06.16.95 CVE: Not Available
Platform: Web Application
Title: TotalCalendar Multiple Remote File Include Vulnerabilities
Description: TotalCalendar is a web-based calendar application. It is
vulnerable to multiple remote file include issues due to insufficient
sanitization of user-supplied input to the "inc_dir" variable of the
"about.php" and "auth.php" scripts. All versions of TotalCalendar are
vulnerable.
Ref: http://pridels.blogspot.com/2006/04/totalcalendar-remote-code-execution.html
______________________________________________________________________

06.16.96 CVE: CVE-2006-1848, CVE-2006-0713
Platform: Web Application
Title: LinPHA Multiple Unspecified Input Validation Vulnerabilities
Description: LinPHA is a web-based photo gallery application. It is
vulnerable to multiple input validation issues such as cross-site
scripting and SQL injection. This is due to insufficient sanitization
of user-supplied input. LinPHA versions 1.1 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17619/info
______________________________________________________________________

06.16.97 CVE: Not Available
Platform: Web Application
Title: Internet Photoshow Index.PHP Remote File Include
Description: Internet Photoshow is a web-based photo gallery
application. It is vulnerable to a remote file include issue due to
insufficient sanitization of user-supplied input to the "page"
variable of "index.php". All versions of Interactive Webdesign
Internet Photoshop are vulnerable.
Ref: http://www.securityfocus.com/bid/17620/info
______________________________________________________________________

06.16.98 CVE: Not Available
Platform: Web Application
Title: I-RATER Platinum Common.PHP Remote File Include
Description: I-RATER Platinum is a web-based image rating script. It
is affected by a remote file include issue due to a failure in the
application to sanitize user-supplied input to the "include_path"
variable of the "common.php" script. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17623
______________________________________________________________________

06.16.99 CVE: Not Available
Platform: Web Application
Title: Manic Web MWGuest MWguest.PHP HTML Injection
Description: MWGuest is a web-based guest book application. It is
prone to an HTML injection vulnerability due to insufficient
sanitization of user-supplied input to the "Homepage" field in the
"mwguest.php" script. Manic Web MWGuest version 2.1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17630
______________________________________________________________________

06.16.100 CVE: Not Available
Platform: Web Application
Title: Asterisk Recording Interface Audio.PHP Information Disclosure
Description: Asterisk Recording Interface (ARI) is a web-based
interface to the Asterisk PBX application. It is vulnerable to an
information disclosure issue due to insufficient sanitization of
absolute paths or directory traversal sequences in the "recording"
parameter of the "audio.php" script. Asterisk Recording Interface
version 0.7.15 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431655
______________________________________________________________________

06.16.101 CVE: CVE-2006-1795
Platform: Web Application
Title: 1 Table Publisher HTML Injection
Description: 1 Table Publisher is an application designed to allow
quick editing of HTML tables. It is vulnerable to an HTML injection
issue due to insufficient sanitization of user-supplied input to the
"Title of table" field when adding a new table. 1 Table Publisher
version 2006.3.23 is vulnerable.
Ref: http://osvdb.org/ref/24/24236-upoint.txt
______________________________________________________________________

06.16.102 CVE: Not Available
Platform: Web Application
Title: PHPLDAPAdmin Multiple Input Validation Vulnerabilities
Description: PHPLDAPAdmin is a web-based application for administering
LDAP servers. It is vulnerable to numerous cross-site scripting issues
due to insufficient sanitization of user-supplied input. PHPLDAPAdmin
version 0.9.8 and earlier are vulnerable.
Ref: http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
______________________________________________________________________

06.16.103 CVE: Not Available
Platform: Network Device
Title: Cisco IOS XR MPLS Denial of Service
Description: Cisco IOS XR software runs on Cisco CRS-1 and Cisco 12000
series routers. The NetIO process on devices that run Cisco IOS XR
with Multiple Multi Protocol Label Switching (MPLS) can restart when
switching malicous MPLS packets. Cisco IOS XR version 3.3 resolves the
issue.
Ref: http://www.securityfocus.com/bid/17607
______________________________________________________________________

06.16.104 CVE: Not Available
Platform: Network Device
Title: Multiple Linux-Based Cisco Products Local Privilege Escalation
Description: Multiple Linux-based Cisco products are prone to a local
privilege escalation vulnerability. This issue is due to a failure of
the application to properly sanitize user-supplied input to the "show"
application. This vulnerability presents itself when a user is logged
into affected devices via telnet or SSH. Attackers that include shell
metacharacters may inject arbitrary commands that will be executed
with superuser privileges.
Ref: http://www.securityfocus.com/archive/1/431367
______________________________________________________________________

06.16.105 CVE: Not Available
Platform: Network Device
Title: Linksys RT31P2 Remote Malformed SIP Packet Denial of Service
Description: Linksys RT31P2 devices are cable/DSL broadband routers
with an integrated 3-port Ethernet switch with Voice Over IP (VoIP)
functionality. These routers are affected by multiple denial of
service issues when processing SIP packets with unspecified content.
All current versions are affected.
Ref: http://www.securityfocus.com/bid/17631
______________________________________________________________________

06.16.106 CVE: Not Available
Platform: Hardware
Title: Multiple Vendor AMD CPU Local FPU Information Disclosure
Description: Multiple vendors are susceptible to a local information
disclosure vulnerability. This issue arises due to the failure of the
affected operating systems to take into account the differing behavior
of AMD CPUs. The operating systems expect AMD CPUs to save and restore
the FOP, FIP, and FDP registers in the same manner as Intel CPUs, and
this results in the register information remaining the same across
context-switches. This issue affects Linux and FreeBSD operating
systems that utilize generations 7 and 8 AMD CPUs.
Ref: http://www.securityfocus.com/bid/17600
___________________________________________________________________

(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFETQq4+LUG5KFpTkYRAgEdAJ9XKOqaQEKK/X4r/LV2ZGoZnzm05wCcCg+K
2p5oi+EJ31ONskuDyjUyKI0=
=m3xw
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]