NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2006

RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 17

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon May 01 2006 - 15:07:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************************
RISK: The Consensus Security Vulnerability Alert
May 1, 2006 Vol. 5. Week 17
********************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:
- -----------------------------------------------------------------
Platform Number of Updates and Vulnerabilities
- -----------------------------------------------------------------
Other Microsoft Products 3 (#3, #5)
Third Party Windows Apps 11 (#7)
Mac OS 1
Linux 2
Solaris 1
Unix 4 (#9)
Cross Platform 15 (#1, #2, #6, #8)
Web Application - Cross Site Scripting 9
Web Application - SQL Injection 9
Web Application 13 (#4)
Network Device 4

************************** Sponsored By Sourcefire *****************************

Sourcefire, the creator of Snort(R), is offering the Open Source Snort
community two comprehensive courses: "Snort: Building and Operating"
and "Snort Rules."

Purchase both Snort courses either as an instructor-led or 60-day online
training bundle and receive a FREE Snort Certified Professional exam
(save $395).

For more information:
http://www.sans.org/info.php?id=1129

Contact Sourcefire Training at 800.501.6008 or at:
http://www.sans.org/info.php?id=1130

********************************************************************************

July 5-13 - Bring your family for the fireworks and stay for SANS
largest conference in Washington.

The industry's best security courses - extraordinary faculty;
authoritative up-to-the-minute material - shows you how to do the job
and gives you the confidence to go back and do it immediately.

"Jacked my paranoia level up around my ears, and then gave me the tools
to manage the threat." (Don Geiger, DCPS Division of Technology)

Offers every one of SANS' 17 immersion training courses plus 12 short
courses and a big exposition: SANS Security Essentials, Hacker
Exploits, System Forensics, Intrusion Detection, Auditing, plus training
for CISSP exam and all Technical certification required for DoD 8570 and
more. Plus special evening sessions by the global security leaders who
staff the Internet Storm Center.

http://www.sans.org/sansfire06/
*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Firefox Javascript Remote Code Execution Vulnerability
(2) MODERATE: Multiple Vendor DNS Implementation Vulnerabilities
(3) MODERATE: Internet Explorer Modal Dialog Code Execution
(4) MODERATE: PHP wordwrap() Function Buffer Overflow
(5) UPDATE: Internet Explorer Nested Object Tag Memory Corruption
(6) UPDATE: Oracle Critical Patch Update April 2006

Other Software
(7) HIGH: Juniper Networks SSL-VPN Client Buffer Overflow
(8) HIGH: Ethereal Multiple Protocol Decoding Vulnerabilities
(9) MODERATE: Asterisk JPEG Processing Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Other Microsoft Products
06.17.1 - Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption
06.17.2 - Microsoft Internet Explorer Modal Dialog Manipulation
06.17.3 - Internet Explorer MHTML URI Handler Information Disclosure
-- Third Party Windows Apps
06.17.4 - iOpus Secure Email Attachments Encryption Weakness
06.17.5 - Skulltag Remote Format String
06.17.6 - IZArc Hostile Destination Path
06.17.7 - Winny File Transfer Heap Overflow
06.17.8 - SolarWinds TFTP Server Directory Traversal
06.17.9 - Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow
06.17.10 - PowerISO Directory Traversal
06.17.11 - Multiple SpeedProject Products ACE Archive Filename Handling Buffer Overflow
06.17.12 - Juniper SSL-VPN Client ActiveX Control Remote Buffer Overflow
06.17.13 - WinAgents TFTP Server Directory Traversal
06.17.14 - MagicISO Directory Traversal
-- Mac Os
06.17.15 - Apple Safari Web Browser Rowspan Denial of Service
-- Linux
06.17.16 - ABC2PS ABC Music Files Remote Buffer Overflow
06.17.17 - abcMIDI ABC Music Files Remote Buffer Overflow
-- Solaris
06.17.18 - Solaris PKCS#11 Library Local Privilege Escalation
-- Unix
06.17.19 - Tcpick Write.C Remote Denial of Service
06.17.20 - Fenice Remote Buffer Overflow and Denial of Service Vulnerabilities
06.17.21 - DeleGate DNS Response Denial of Service
06.17.22 - Paul A. Rombouts PDNSD DNS Query Denial of Service
-- Cross Platform
06.17.23 - OpenTTD Multiple Denial of Service Vulnerabilities
06.17.24 - Dnsmasq Broadcast Reply Denial of Service
06.17.25 - Blender BVF File Import Python Code Execution
06.17.26 - Lotus Domino Unspecified LDAP Denial of Service
06.17.27 - Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
06.17.28 - 1 Event Publisher Information Disclosure
06.17.29 - Ruby WEBrick HTTP Server Denial of Service
06.17.30 - Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
06.17.31 - Sybase Pylon Anywhere Unauthorized Access
06.17.32 - Ethereal Multiple Protocol Dissector Vulnerabilities
06.17.33 - ISC BIND TSIG Zone Transfer Denial of Service
06.17.34 - Oracle 10g DBMS_EXPORT_EXTENSION SQL Injection
06.17.35 - Multiple Hitachi JP1 Products Denial of Service
06.17.36 - PowerDNS Malformed EDNS0 Packet Remote Denial of Service
06.17.37 - BL4 SMTP Server Buffer Overflow
-- Web Application - Cross Site Scripting
06.17.38 - Scry Gallery Index.PHP Cross-Site Scripting
06.17.39 - Simplog ImageList.PHP Cross-Site Scripting
06.17.40 - 1 Event Publisher Multiple HTML Injection Vulnerabilities
06.17.41 - LogMethods A2Z.JSP Cross-Site Scripting
06.17.42 - NextAge Shopping Cart Multiple HTML Injection Vulnerabilities
06.17.43 - Instant Photo Gallery Multiple Cross-Site Scripting Vulnerabilities
06.17.44 - CuteNews Multiple Cross-Site Scripting Vulnerabilities
06.17.45 - FarsiNews Multiple Cross-Site Scripting Vulnerabilities
06.17.46 - DevBB Member.PHP Cross-Site Scripting
-- Web Application - SQL Injection
06.17.47 - PHPMyAgenda Agenda.PHP3 Remote File Include
06.17.48 - Simplog Multiple SQL Injection Vulnerabilities
06.17.49 - RI Blog Multiple SQL Injection Vulnerabilities
06.17.50 - Help Center Live OSTicket Module Multiple SQL Injection Vulnerabilities
06.17.51 - Photokorn Multiple SQL Injection Vulnerabilities
06.17.52 - Invision Power Board Index.PHP CK Parameter SQL Injection
06.17.53 - DUPortal Pro Cat.ASP SQL Injection
06.17.54 - warforge.News Authcheck.PHP SQL Injection
06.17.55 - Invision Power Board Func_msg.PHP SQL Injection
-- Web Application
06.17.56 - CoreNews Multiple Input Validation Vulnerabilities
06.17.57 - My Gaming Ladder Stats.PHP Remote File Include
06.17.58 - Clansys Index.PHP Remote Code Execution
06.17.59 - SL_site Multiple Input Validation Vulnerabilities
06.17.60 - MKPortal Multiple Input Validation Vulnerabilities
06.17.61 - Scry Gallery Directory Traversal
06.17.62 - dForum Multiple Remote File Include Vulnerabilities
06.17.63 - SL_site Gallerie.PHP Information Disclosure
06.17.64 - built2go Movie Review Movie_CLS.PHP3 Remote File Include
06.17.65 - Invision Power Board Search.PHP Script Injection
06.17.66 - DCForumLite DCBoard.CGI Multiple Input Validation Vulnerabilities
06.17.67 - MySmartBB Multiple Input Validation Vulnerabilities
06.17.68 - Jupiter CMS Index.PHP Local File Include
-- Network Device
06.17.69 - Juniper JUNOSe DNS Client Denial of Service
06.17.70 - IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
06.17.71 - Multiple FITELnet Products Unspecified DNS Handling Vulnerabilities
06.17.72 - Oce 3121/3122 Printer Denial of Service

**************************** Sponsored Link: ***********************************

1) Free SANS First Wednesday Webcast this week - "Web Application
Security" Wednesday, May 03 at 1:00 PM EDT (1700 UTC/GMT)
http://www.sans.org/info.php?id=1131

********************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk

*************************
Widely Deployed Software
*************************

(1) HIGH: Firefox JavaScript Remote Code Execution Vulnerability
Affected:
Firefox version 1.5.0.2 and prior

Description: Firefox reportedly contains a buffer overflow in handling
the "iframe.contentWindow.focus()" JavaScript function. A specially
crafted webpage can exploit this flaw to execute arbitrary code on a
user's system. Proof-of-concept exploit code, which crashes Firefox, has
been publicly posted.

Status: Vendor has not confirmed, no patches available yet.

References:
http://www.securityfocus.com/archive/1/431878/30/60/threaded
PoC Exploit Code
http://www.securident.com/vuln/ff.txt
SecurityFocus BID
Not yet available.

*********************************************************************

(2) MODERATE: Multiple Vendor DNS Implementation Vulnerabilities
Affected:
Multiple vendors including Juniper, ISC BIND, MyDNS, pdnsd, FITELnet, Axis, Delegate etc.

Description: The Domain Name Service (DNS) protocol is one of the
fundamental protocols supporting the Internet and a client
implementation is virtually found on all networked systems. The DNS
server is typically in the DMZ zone for most organizations and is
exposed to the Internet. Multiple vulnerabilities have been reported in
the DNS protocol implementation of many vendors. The flaws were
discovered using the DNS PROTOS test suite that stresses a vendor's
client or server DNS implementation by sending malformed DNS requests
and responses. Successful exploitation of these flaws may cause a
denial-of-service or result in arbitrary code execution on the
system/device supporting the DNS protocol. The test suite is not
publicly available yet.

Status: Many vendors such as Juniper, MyDNS, pdnsd, Delegate and Axis
have confirmed the vulnerabilities and released patches. Other vendors
are still testing their products.

References:
UK NISCC Advisory
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
CERT Advisory
http://www.kb.cert.org/vuls/id/955777
SecurityFocus BIDs
http://www.securityfocus.com/bid/17691
http://www.securityfocus.com/bid/17692
http://www.securityfocus.com/bid/17693
http://www.securityfocus.com/bid/17710
http://www.securityfocus.com/bid/17711
http://www.securityfocus.com/bid/17712

***********************************************************************

(3) MODERATE: Internet Explorer Modal Dialog Code Execution
Affected:
Internet Explorer, all versions

Description: A security researcher has reported a flaw in Internet
Explorer that can be exploited to install arbitrary programs such as
keystroke loggers, adware or spyware on a user's system with minimal
user interaction. The problem arises because Internet Explorer contains
a race condition in handling "modal dialogs". These dialogs are used to
request user input for a security related action such as downloading a
program. By exploiting this vulnerability, a maliciously crafted webpage
can influence the modal dialog decision and compromise a client system.
Exploit code has not been publicly posted.

Status: Microsoft has fixed a particular attack vector for this
vulnerability in MS05-054. However, according to the researcher, this
patch does not fully address the vulnerability. Microsoft is aware of
the flaw. No updates are available yet. A workaround is to set the
security settings in Internet Explorer to either "enable" or "disable"
rather than prompt. This will prevent opening of modal dialog boxes. A
general workaround to prevent Internet Explorer from installing programs
is to run Internet Explorer with limited privileges. Microsoft
"DropMyRights" tool can be used for such purposes.

References:
Posting by Matt Murphy
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html
Microsoft DropMyRights Tool
http://msdn.microsoft.com/library/en-us/dncode/html/secure11152004.asp
Modal Dialog Box Reference
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/methods/showmodaldialog.asp
SecurityFocus BIDs
http://www.securityfocus.com/bid/17658

***********************************************************************

(4) MODERATE: PHP wordwrap() Function Buffer Overflow
Affected:
PHP version 4.4.2 and prior
PHP version 5.1.2 and prior

Description: PHP is a package installed on a large number of web servers
and used by multiple content management and bulletin board software
packages. The PHP "wordwrap()" function, which wraps a string to given
number of characters using a string break character, reportedly contains
a buffer overflow. Any PHP scripts that use this function and pass
user-input to it are vulnerable. The flaw can be exploited to execute
arbitrary code on the webserver hosting such scripts. Note that hosting
sites should upgrade the PHP packages as soon as a fix is available.

Status: Vendor not confirmed, no updates available.

References:
FrSIRT Advisory
http://www.frsirt.com/english/advisories/2006/1500
PHP wordwrap Function
http://us3.php.net/wordwrap

************************************************************************

(5) UPDATE: Internet Explorer Nested Object Tag Memory Corruption

Description: Secunia Research has verified that a variation of the
publicly reported 0-day IE vulnerability can be exploited to execute
arbitrary code on a fully patched Windows XP SP2 system. The technical
details of this attack vector have not been publicly posted. Microsoft
is reportedly working on a fix.

References:
Secunia Advisory
http://secunia.com/advisories/19762/
Previous RISK Newsletter Posting
http://www.sans.org/newsletters/risk/display.php?v=5&i=16#widely4

*********************************************************************

(6) UPDATE: Oracle Critical Patch Update April 2006

Description: NGSSoftware researchers have confirmed that one of the
exploits for Oracle publicly released last week is for a vulnerability
that yet remains unpatched.

References:
Postings by David Litchfield from NGSSoftware
http://archives.neohapsis.com/archives/bugtraq/2006-04/0539.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0592.html
http://archives.neohapsis.com/archives/bugtraq/2006-04/0597.html
Previous RISK Newsletter Posting
http://www.sans.org/newsletters/risk/display.php?v=5&i=16#widely1

*******************************************************************

*******************
Other Software
*******************

(7) HIGH: Juniper Networks SSL-VPN Client Buffer Overflow
Affected:
Juniper SSL-VPN JuniperSetup Control

Description: SSL-VPN is an access technology designed for secure remote
access. Accessing non-web applications remotely in this fashion requires
that the clients have an ActiveX control installed on their systems.
Juniper SSL-VPN client ActiveX control, JuniperSetup.ocx, contains a
stack-based buffer overflow in its "JuniperSetupDLL.dll" module. Passing
an overlong "ProductName" to this module triggers the overflow that can
be exploited to execute arbitrary code on a Juniper SSL-VPN client
software user. The technical details required to craft an exploit have
been publicly posted.

Status: Juniper confirmed, patch available.

References:
eEye Advisory
http://www.eeye.com/html/research/advisories/AD20060424.html
SecurityFocus BIDs
http://www.securityfocus.com/bid/17712

*********************************************************************

(8) HIGH: Ethereal Multiple Protocol Decoding Vulnerabilities
Affected: Ethereal version 0.8.5 through 0.10.14

Description: Ethereal is a very popular open source network sniffer and
protocol analyzer for Unix and Windows platforms. The software contains
one or more buffer overflow vulnerabilities in parsing COPS and ALCAP
protocols as well as handling Network Instruments and NetXRay/Windows
sniffer file. These buffer overflows can be exploited to execute
arbitrary code with the privileges of the ethereal process (typically
"root" when ethereal is being used as a sniffer). To exploit these
flaws, an attacker has to either inject the malicious packets into the
network traffic being sniffed by ethereal, or entice a client to open a
specially crafted packet capture file. Note that any network
applications based on ethereal protocol decoder modules may also be
affected.

Status: Vendor confirmed, upgrade to version 0.99.0, which also fixes a
number of DoS vulnerabilities in parsing other protocols.

References:
Vendor Advisory
http://www.ethereal.com/appnotes/enpa-sa-00023.html
SecurityFocus BID
http://www.securityfocus.com/bid/17682

***********************************************************************

(9) MODERATE: Asterisk JPEG Processing Buffer Overflow
Affected:
Asterisk version 1.2.6 and prior

Description: Asterisk is an open-source PBX server for UNIX-based
systems and is being deployed from small and medium to large enterprises
for VoIP services. Passing a large JPEG image to the PBX server triggers
an integer overflow that can be exploited to execute arbitrary code on
the server. A potential attack vector would be to use the Asterisk
"Sendimage" command.

Status: Asterisk has released version 1.2.7 to fix this issue.

References:
Posting by Emmanouel Kellinis
http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory
Vendor Homepage
http://www.asterisk.org
SecurityFocus BID
http://www.securityfocus.com/bid/17561

***********************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 17, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4995 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

______________________________________________________________________

06.17.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption
Description: Microsoft Internet Explorer is prone to a memory
corruption vulnerability. This issue is due to flawed handling of
malformed HTML content. HTML content that contains nested <OBJECT>
tags without corresponding </OBJECT> closure tags may trigger this
issue. This issue reportedly causes a NULL pointer dereference in the
"mshtml.dll" library, crashing Internet Explorer. An attacker could
exploit this issue via a malicious web page to potentially execute
arbitrary code in the context of the currently logged-in user.
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is
reportedly vulnerable to this issue.
Ref: http://www.securityfocus.com/archive/1/431796
______________________________________________________________________

06.17.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Modal Dialog Manipulation
Description: Internet Explorer is prone to a remote code execution
vulnerability through exploiting a race condition when displaying
modal security dialog boxes. This issue presents itself when web pages
attempt to cause actions to be carried out that result in a modal
security dialog to be displayed requesting permission for the action
from users. Attackers may attempt to coerce users into clicking on an
object, or pressing specific key sequences, while simultaneously
attempting an action that will result in a dialog box being displayed.
This issue may be exploited to cause users to inadvertently allow
remote code to be executed.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html
______________________________________________________________________

06.17.3 CVE: Not Available
Platform: Other Microsoft Products
Title: Internet Explorer MHTML URI Handler Information Disclosure
Description: Microsoft Internet Explorer is vulnerable to a cross
domain information disclosure issue because the browser fails to
correctly handle redirections with the "mhtml:" URI handler. See the
reference for further details.
Ref:
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/
http://www.securityfocus.com/bid/17717
______________________________________________________________________

06.17.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: iOpus Secure Email Attachments Encryption Weakness
Description: iOpus Secure Email Attachments is an application used to
create self-extracting, encrypted email attachments. It is vulnerable
to an insecure encryption weakness due to a design flaw in the
encryption algorithm used. All versions of iOpus Secure Email
Attachments are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431904
______________________________________________________________________

06.17.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Skulltag Remote Format String
Description: Skulltag is a Doom engine for Windows. It is reported
prone to a remote format string vulnerability. A client can supply a
specially-crafted version string containing format specifiers to
execute malicious code. Skulltag version 0.96f is affected.
Ref: http://www.securityfocus.com/archive/1/431872
______________________________________________________________________

06.17.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: IZArc Hostile Destination Path
Description: IZArc is a file compression/decompression application. It
contains a vulnerability in the handling of pathnames in archived
files. By specifying a path for an archived item that points outside
the expected destination directory, the creator of the archive can
cause the file to be extracted to arbitrary locations on the
filesystem. IZArc version 3.5 beta 3 is vulnerable.
Ref: http://www.securityfocus.com/bid/17664/references
______________________________________________________________________

06.17.7 CVE: CVE-2006-2007
Platform: Third Party Windows Apps
Title: Winny File Transfer Heap Overflow
Description: Winny is a peer-to-peer file sharing application. It is
vulnerable to a remote heap overflow issue because the application
fails to perform bounds checking on a "strcpy()" operation during file
transfers. Winny versions 2.0 b7.1 and earlier are vulnerable.
Ref: http://www.eeye.com/html/research/advisories/AD20060421.html
______________________________________________________________________

06.17.8 CVE: CVE-2006-1951
Platform: Third Party Windows Apps
Title: SolarWinds TFTP Server Directory Traversal
Description: TFTP Server is a TFTP protocol server for various
Microsoft Windows platforms. TFTP Server is prone to a directory
traversal vulnerability. The application does not properly sanitize
user-supplied input of directory traversal strings "../../" allowing
an attacker to specify arbitrary files for download. This may
facilitate a complete compromise of the affected computer as the
application is typically run with SYSTEM privileges.
Ref: http://www.rapid7.com/advisories/R7-0019.html
______________________________________________________________________

06.17.9 CVE: CVE-2006-2027
Platform: Third Party Windows Apps
Title: Pablo Software Solutions Quick 'n Easy FTP Server Logging
Buffer Overflow
Description: Quick 'n Easy FTP Server is a FTP server for Windows.
Quick 'n Easy FTP Server is prone to a buffer overflow vulnerability.
To exploit this issue, an administrator must visit the log viewing
portion of the application, as the issue is conjectured to be
triggered in the log display functionality. The affected portion of
the application converts the attacker-supplied log text to Unicode to
display it for the administrator, complicating exploits. Quick 'n Easy
FTP Server versions 3.0 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/431920
______________________________________________________________________

06.17.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: PowerISO Directory Traversal
Description: PowerISO is an ISO, BIN, NRG, IMG and DAA file archiving
application. It is vulnerable to a directory traversal issue when the
application processes malicious ISO and BIN archives. PowerISO version
2.9 is vulnerable.
Ref: http://secway.org/advisory/AD20060428.txt
______________________________________________________________________

06.17.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple SpeedProject Products ACE Archive Filename Handling
Buffer Overflow
Description: SpeedProject's products called Squeez and SpeedCommander
both contain support for decompressing ACE archives. Multiple
SpeedProject products are prone to a buffer-overflow vulnerability.
This issue is exposed when the application extracts an ACE archive
that contains a file with a long name. Squeez version 5.10 Build 4460
and SpeedCommander versions 10.52 Build 4450 and 11.01 Build 4450 are
affected by this issue.
Ref: http://www.securityfocus.com/archive/1/432101
______________________________________________________________________

06.17.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Juniper SSL-VPN Client ActiveX Control Remote Buffer Overflow
Description: Juniper provides an SSL-VPN client in the form of an
ActiveX control for Microsoft Windows. It is prone to a buffer
overflow vulnerability due to the use of unbounded memory-copy
operations in the "JuniperSetupDLL.dll" library, which is loaded from
the "JuniperSetup.ocx" ActiveX control. Arbitrary code would be
executed in the context of the client application.
Ref: http://www.securityfocus.com/archive/1/432155
______________________________________________________________________

06.17.13 CVE: CVE-2006-1952
Platform: Third Party Windows Apps
Title: WinAgents TFTP Server Directory Traversal
Description: WinAgents TFTP Server is a TFTP protocol server. It is
vulnerable to a directory traversal issue due to insufficient
sanitization of ".../.../" strings. WinAgents TFTP Server versions
3.1 and earlier are vulnerable.
Ref: http://www.rapid7.com/advisories/R7-0020.html
______________________________________________________________________

06.17.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: MagicISO Directory Traversal
Description: MagicISO is an ISO and BIN file archiving application. It
is vulnerable to a directory traversal issue when the application
processes malicious ISO and BIN archives. MagicISO version 5.0 Build
0166 is vulnerable.
Ref: http://secway.org/advisory/AD20060428.txt
______________________________________________________________________

06.17.15 CVE: Not Available
Platform: Mac Os
Title: Apple Safari Web Browser Rowspan Denial of Service
Description: Apple Safari web browser is prone to a denial of service
vulnerability. The problem occurs when malicious HTML containing an
excessively large "rowspan" value is viewed. An attacker can exploit
this issue to consume excessive system resources and eventually crash
an affected browser. Apple Safari versions 2.0.3 and earlier are
affected.
Ref: http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt
______________________________________________________________________

06.17.16 CVE: CVE-2006-1513
Platform: Linux
Title: ABC2PS ABC Music Files Remote Buffer Overflow
Description: ABC2PS is a translator application for converting ABC
music description files into PostScript. It is vulnerable to a remote
buffer overflow issue due to insufficient boundary checks before
copying user-supplied data into process buffers. ABC2PS version 1.3.3
is vulnerable.
Ref: http://www.securityfocus.com/bid/17689
______________________________________________________________________

06.17.17 CVE: Not Available
Platform: Linux
Title: abcMIDI ABC Music Files Remote Buffer Overflow
Description: abcMIDI is a package that contains the "yaps" program,
which is a translator application for converting ABC music description
files into PostScript. It is prone to a remote buffer overflow
vulnerability when the application handles a specially-crafted ABC
music description file.
Ref: http://www.securityfocus.com/bid/17704
______________________________________________________________________

06.17.18 CVE: CVE-2006-2064
Platform: Solaris
Title: Solaris PKCS#11 Library Local Privilege Escalation
Description: Sun Solaris support PKCS#11 (Public Key Cryptography
Standards, standard number 11, a cryptographic token API). It is
vulnerable to a local privilege escalation issue due to a failure of
the PKCS#11 library to properly utilize non-reentrant functions. Sun
Solaris versions 10 and 10_x86 are vulnerable.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102316-1
______________________________________________________________________

06.17.19 CVE: CVE-2006-0048
Platform: Unix
Title: Tcpick Write.C Remote Denial of Service
Description: Tcpick is a TCP stream sniffer, tracker and capturer. It
is susceptible to a remote denial of service vulnerability. This issue
is due to the application's failure to properly handle
specially-crafted packets. The problem occurs in "write.c" when the
application is running with the "-yP" option.
Ref:
http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151
______________________________________________________________________

06.17.20 CVE: Not Available
Platform: Unix
Title: Fenice Remote Buffer Overflow and Denial of Service
Vulnerabilities
Description: Fenice is an Open Media Streaming server application. It
is vulnerable to multiple remote issues such as a buffer overflow and
denial of service. See the reference for further details. Fenice
version 1.10 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431870
______________________________________________________________________

06.17.21 CVE: Not Available
Platform: Unix
Title: DeleGate DNS Response Denial of Service
Description: DeleGate is prone to a remote denial of service
vulnerability. The application fails to properly handle malformed DNS
responses. An attacker can exploit this issue to crash the affected
service, effectively denying service to legitimate users. The vendor
has addressed this issue in versions 8.11.6 and 9.0.6.
Ref: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
______________________________________________________________________

06.17.22 CVE: Not Available
Platform: Unix
Title: Paul A. Rombouts PDNSD DNS Query Denial of Service
Description: The pdnsd DNS server is prone to a remote denial of
service vulnerability. The application fails to properly handle
malformed DNS queries. The problem occurs when unsupported DNS QTYPE
or QCLASS queries are sent to the affected DNS server. When the
affected server handles these packets, a memory leak occurs. The
vendor has addressed this issue in version 1.2.4-par.
Ref: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
______________________________________________________________________

06.17.23 CVE: CVE-2006-1998, CVE-2006-1999
Platform: Cross Platform
Title: OpenTTD Multiple Denial of Service Vulnerabilities
Description: OpenTTD is a multiplayer role-playing game for multiple
operating systems and is an open source clone of Transport Tycoon
Deluxe. OpenTTD is prone to multiple remote denial of service
vulnerabilities.
Ref: http://aluigi.altervista.org/adv/openttdx-adv.txt
______________________________________________________________________

06.17.24 CVE: CVE-2006-2017
Platform: Cross Platform
Title: Dnsmasq Broadcast Reply Denial of Service
Description: Dnsmasq is a DHCP and DNS server. It is vulnerable to a
remote denial of service issue due to a design error in the
application when receiving a DHCP client broadcast reply request.
Dnsmasq version 2.29 is vulnerable.
Ref: http://thekelleys.org.uk/dnsmasq/CHANGELOG
______________________________________________________________________

06.17.25 CVE: Not Available
Platform: Cross Platform
Title: Blender BVF File Import Python Code Execution
Description: Blender is a 3D modeling application. It is vulnerable to
a Python code execution issue due to insufficient sanitization of
user-supplied input of the "eval" statements. Blender version 2.36 is
vulnerable.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895
______________________________________________________________________

06.17.26 CVE: CVE-2006-0580
Platform: Cross Platform
Title: Lotus Domino Unspecified LDAP Denial of Service
Description: IBM Lotus Domino Server is an application framework for
web-based collaborative software. It is vulnerable to an unspecified
denial of service issue when malformed data is sent to the LDAP server
on TCP port 389. IBM Lotus Domino version 7.0 is vulnerable.
Ref: http://www.gleg.net/flash/protover_lotus.html
______________________________________________________________________

06.17.27 CVE: Not Available
Platform: Cross Platform
Title: Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
Description: Symantec AntiVirus Scan Engine is a TCP/IP server and
programming interface that enables third parties to incorporate
support for Symantec content-scanning technologies into their
proprietary applications. It is susceptible to multiple remote
vulnerabilities. The first issue is due to the application's failure
to properly authenticate web-based user logins. The second issue is
due to the application's use of a static private DSA encryption key
for SSL communication. The third issue is due to the application's
failure to properly secure files containing potentially sensitive
information from remote access. Version 5.0 of Symantec AntiVirus Scan
Engine is affected by these vulnerabilities.
Ref: http://www.symantec.com/avcenter/security/Content/2006.04.21.html
______________________________________________________________________

06.17.28 CVE: Not Available
Platform: Cross Platform
Title: 1 Event Publisher Information Disclosure
Description: 1 Event Publisher is an event-management application.
The application fails to secure access to the "eventpublisher.txt"
file, allowing an attacker to obtain sensitive information from a log
of private user comments. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17647
______________________________________________________________________

06.17.29 CVE: CVE-2006-1931
Platform: Cross Platform
Title: Ruby WEBrick HTTP Server Denial of Service
Description: Ruby is an object-oriented scripting language. It is
vulnerable to a denial of service issue in the WEBrick HTTP server due
to the use of blocking sockets. Ruby versions 1.8.2 and earlier are
vulnerable.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
______________________________________________________________________

06.17.30 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
Description: Mozilla Firefox is prone to a buffer overflow
vulnerability. This issue occurs when the browser renders JavaScript
using the "js320.dll" and "xpcom_core.dll'"libraries. Specifically, a
malformed "iframe.contentWindow.focus()" call can cause an overflow to
occur. This could lead to a failure of the browser or potential
arbitrary code execution in the context of the current user. Firefox
versions 1.5.0.2 and earlier running on Windows and Linux are
affected.
Ref: http://www.securityfocus.com/bid/17671
______________________________________________________________________

06.17.31 CVE: CVE-2006-1997
Platform: Cross Platform
Title: Sybase Pylon Anywhere Unauthorized Access
Description: Sybase Pylon Anywhere is an application that allows users
to access Microsoft Exchange and Lotus Notes information remotely from
a PDA or smartphone. It is vulnerable to an unspecified access
validation issue. Pylon Anywhere versions 6.4.9 and earlier are
vulnerable.
Ref: http://www.sybase.com/detail?id=1040213
______________________________________________________________________

06.17.32 CVE: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934,
CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938,
CVE-2006-1939, CVE-2006-1940
Platform: Cross Platform
Title: Ethereal Multiple Protocol Dissector Vulnerabilities
Description: Ethereal is a multi-platform network protocol sniffer and
analyzer. Several vulnerabilities have been reported in various
protocol dissectors. Ethereal could crash while reading a malformed
sniffer capture, an invalid display filter and a specially-crafted
statistics counter. These issues could allow remote attackers to
execute arbitrary machine code in the context of the vulnerable
application. Various vulnerabilities affect differing versions of
Ethereal from 0.8.5 through to 0.10.14.
Ref: http://www.ethereal.com/appnotes/enpa-sa-00023.html
______________________________________________________________________

06.17.33 CVE: Not Available
Platform: Cross Platform
Title: ISC BIND TSIG Zone Transfer Denial of Service
Description: ISC BIND is prone to a remote denial of service
vulnerability. This issue is due to a failure in the application to
properly handle malformed TSIG (Secret Key Transaction Authentication
for DNS) replies. This issue is triggered when BIND is configured with
TSIG enabled, and it attempts to parse malformed TSIG messages during
zone transfers.
Ref: http://www.securityfocus.com/bid/17692
______________________________________________________________________

06.17.34 CVE: Not Available
Platform: Cross Platform
Title: Oracle 10g DBMS_EXPORT_EXTENSION SQL Injection
Description: Oracle 10g products are prone to a SQL injection
vulnerability. This issue exists in the "GET_DOMAIN_INDEX_METADATA"
function of the "DBMS_EXPORT_EXTENSION" package. Due to improper input
validation, a remote attacker with access to the database can elevate
their privilege level to those of the DBA. This vulnerability has not
been patched.
Ref: http://www.securityfocus.com/archive/1/432078
______________________________________________________________________

06.17.35 CVE: Not Available
Platform: Cross Platform
Title: Multiple Hitachi JP1 Products Denial of Service
Description: Multiple JP1 products are prone to a denial of service
vulnerability. These issues occur when the affected applications
receive requests or data unexpectedly. An attacker can exploit this
issue to cause affected products to become unresponsive, resulting in
a denial of service to legitimate users. Specific models and versions
are listed in the reference link.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html
______________________________________________________________________

06.17.36 CVE: Not Available
Platform: Cross Platform
Title: PowerDNS Malformed EDNS0 Packet Remote Denial of Service
Description: PowerDNS is a nameserver application. It is vulnerable to
a denial of service issue due to insufficient handling of malformed
EDNSO packets. PowerDNS version 3.0 is vulnerable.
Ref: http://wiki.powerdns.com/projects/trac/changeset/760
______________________________________________________________________

06.17.37 CVE: Not Available
Platform: Cross Platform
Title: BL4 SMTP Server Buffer Overflow
Description: BL4 SMTP Server is a Mail Transfer Agent (MTA) server for
Linux and Unix-like operating systems. It is susceptible to a remote
buffer overflow vulnerability in its SMTP service when attackers
repeatedly send more than 2100 bytes of data as an argument to the
"HELO", "MAIL FROM" and "RCPT TO" commands. BL4 SMTP Server versions
prior to 0.1.5 are affected.
Ref: http://www.securityfocus.com/archive/1/432329
______________________________________________________________________

06.17.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Scry Gallery Index.PHP Cross-Site Scripting
Description: Scry Gallery is an image gallery application.
Insufficient sanitization of the "p" parameter in the "index.php"
script exposes the application to a cross-site scripting issue. Scry
Gallery version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/17668
______________________________________________________________________

06.17.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Simplog ImageList.PHP Cross-Site Scripting
Description: Simplog is a weblog application. Insufficient
sanitization of the "imagedir" parameter in the "imagelist.php" script
exposes the application to a cross-site scripting issue. Simplog
version 0.9.3 is affected.
Ref: http://www.securityfocus.com/bid/17653
______________________________________________________________________

06.17.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: 1 Event Publisher Multiple HTML Injection Vulnerabilities
Description: 1 Event Publisher is an event notification, application
implemented in Perl. 1 Event Publisher is prone to multiple HTML
injection vulnerabilities. 1 Event Publisher 2003.12.18 is affected.
Ref: http://www.securityfocus.com/bid/17646
______________________________________________________________________

06.17.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LogMethods A2Z.JSP Cross-Site Scripting
Description: LogMethods is a bookmark portal application. Insufficient
sanitization of the "kwd" parameter in the "/lms/a2z.jsp" script
exposes the application to a cross-site scripting issue. LogMethods
versions 0.9 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17675
______________________________________________________________________

06.17.42 CVE: CVE-2006-2051
Platform: Web Application - Cross Site Scripting
Title: NextAge Shopping Cart Multiple HTML Injection Vulnerabilities
Description: NextAge Shopping Cart is a shopping cart application
implemented in PHP. NextAge Shopping Cart is prone to multiple HTML
injection vulnerabilities.
Ref: http://www.securityfocus.com/archive/1/431983
______________________________________________________________________

06.17.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Instant Photo Gallery Multiple Cross-Site Scripting
Vulnerabilities
Description: Instant Photo Gallery is a web-based photo album
application. It is vulnerable to multiple cross-site scripting issues
due to insufficient sanitization of user-supplied input to the
"member.php", "portfolio.php" and "portfolio_photo_popup.php" scripts.
Instant Photo Gallery version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432024
______________________________________________________________________

06.17.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CuteNews Multiple Cross-Site Scripting Vulnerabilities
Description: CuteNews is a news reader application. Insufficient
sanitization of the "mod" and "source" parameters of the "index.php"
script exposes the application to multiple cross-site scripting
issues. CuteNews version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/17700
______________________________________________________________________

06.17.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FarsiNews Multiple Cross-Site Scripting Vulnerabilities
Description: FarsiNews is a news reader application implemented in
PHP. It is prone to multiple cross-site scripting vulnerabilities.
Ref: http://www.securityfocus.com/archive/1/432109
______________________________________________________________________

06.17.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DevBB Member.PHP Cross-Site Scripting
Description: DevBB is a web-based bulletin board application. It is
vulnerable to a cross-site scripting issue due to insufficient
sanitization of user-supplied input to the "member" parameter of the
"member.php" script. DevBB version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432096
______________________________________________________________________

06.17.47 CVE: CVE-2006-2009
Platform: Web Application - SQL Injection
Title: PHPMyAgenda Agenda.PHP3 Remote File Include
Description: phpMyAgenda is a web application for managing events. It
is implemented in PHP. phpMyAgenda is prone to a remote file include
vulnerability. phpMyAgenda 3.0 Final and prior versions are affected.
Ref: http://www.securityfocus.com/archive/1/431862
______________________________________________________________________

06.17.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simplog Multiple SQL Injection Vulnerabilities
Description: Simplog is a web-based news application written in PHP.
It is prone to multiple SQL injection vulnerabilities due to improper
sanitization of user-supplied input. Simplog versions 0.9.3 and
earlier are vulnerable to these issues.
Ref: http://www.securityfocus.com/archive/1/431760
______________________________________________________________________

06.17.49 CVE: CVE-2006-2004
Platform: Web Application - SQL Injection
Title: RI Blog Multiple SQL Injection Vulnerabilities
Description: RI Blog is a weblog application. The application is prone
to multiple SQL injection vulnerabilities because it fails to properly
sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/17654
______________________________________________________________________

06.17.50 CVE: CVE-2006-2039
Platform: Web Application - SQL Injection
Title: Help Center Live OSTicket Module Multiple SQL Injection
Vulnerabilities
Description: Help Center Live is a helpdesk application implemented in
PHP. The application is prone to multiple SQL injection
vulnerabilities because it fails to properly sanitize user-supplied
input.
Ref: http://www.securityfocus.com/bid/17676
______________________________________________________________________

06.17.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Photokorn Multiple SQL Injection Vulnerabilities
Description: Photokorn is a photo album application. Insufficient
sanitization of user-supplied input to various php scripts exposes the
application to multiple SQL injection issues. Photokorn versions 1.542
and earlier are affected.
Ref: http://www.securityfocus.com/bid/17683
______________________________________________________________________

06.17.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Index.PHP CK Parameter SQL Injection
Description: Invision Power Board is web forum software. It is prone
to an SQL injection vulnerability due to insufficient sanitization of
user-supplied input to the "ck" parameter of the "index.php" script.
Invision Board versions 2.1.5 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/431990
______________________________________________________________________

06.17.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DUPortal Pro Cat.ASP SQL Injection
Description: DUportal Pro is a web portal application. DUportal Pro is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "iCat" parameter of the "cat.asp"
script. DUportal Pro version 3.4 is vulnerable.
Ref: http://www.aria-security.net/advisory/duportal.txt
______________________________________________________________________

06.17.54 CVE: CVE-2006-1817
Platform: Web Application - SQL Injection
Title: warforge.News Authcheck.PHP SQL Injection
Description: warforge.NEWS is a news reader application implemented in
PHP. It is prone to an SQL injection vulnerability due to improper
sanitization of user-supplied input to the "authusername" cookie
parameter of the "authcheck.php" script. warforge.NEWS version 1.0 is
affected.
Ref: http://evuln.com/vulns/125/summary.html
______________________________________________________________________

06.17.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Func_msg.PHP SQL Injection
Description: Invision Power Board is web forum software. It is prone
to an SQL injection vulnerability due to insufficient sanitization of
user-supplied input to the "to_by_id" parameter of the "func_msg.php"
script. Invision Power Board version 2.1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/432248
______________________________________________________________________

06.17.56 CVE: CVE-2006-1212
Platform: Web Application
Title: CoreNews Multiple Input Validation Vulnerabilities
Description: CoreNews is a web-based news application implemented in
PHP. It is vulnerable to multiple input validation issues such as a
remote file include issue and SQL injections. CoreNews versions 2.0.1
and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431761
______________________________________________________________________

06.17.57 CVE: CVE-2006-2002
Platform: Web Application
Title: My Gaming Ladder Stats.PHP Remote File Include
Description: My Gaming Ladder is a ladder and tournament web
application. It is vulnerable to a remote file include issue due to
insufficient sanitization of user-supplied input to the "dir[base]"
parameter of the "stats.php" script. My Gaming Ladder version 7.0 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/431902
______________________________________________________________________

06.17.58 CVE: Not Available
Platform: Web Application
Title: Clansys Index.PHP Remote Code Execution
Description: Clansys is a web-based application. Insufficient
sanitization of the "page" parameter in the "index.php" script exposes
the application to a remote code execution issue. All current versions
are affected.
Ref: http://www.securityfocus.com/bid/17660
______________________________________________________________________

06.17.59 CVE: Not Available
Platform: Web Application
Title: SL_site Multiple Input Validation Vulnerabilities
Description: SL_site is a shopping cart and billing application
implemented in PHP. It is prone to multiple input validation
vulnerabilities because the application fails to properly sanitize
user-supplied input. SQL Injection and cross-site scripting attacks
are possible.
Ref: http://www.securityfocus.com/bid/17667
______________________________________________________________________

06.17.60 CVE: Not Available
Platform: Web Application
Title: MKPortal Multiple Input Validation Vulnerabilities
Description: MKPortal is a content management system for the vBulletin
package. It is prone to multiple input validation vulnerabilities
because the application fails to properly sanitize user-supplied
input. MKPortal version 1.1 in conjunction with vBulletin 3.5.4 is
vulnerable to these issues.
Ref: http://www.securityfocus.com/archive/1/431759
______________________________________________________________________

06.17.61 CVE: CVE-2006-1995
Platform: Web Application
Title: Scry Gallery Directory Traversal
Description: Scry Gallery is an image gallery application. It is
vulnerable to a directory traversal issue due to insufficient
sanitization of user-supplied input to the "p" parameter of the
"index.php" script. Scry Gallery version 1.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431716
______________________________________________________________________

06.17.62 CVE: CVE-2006-1994
Platform: Web Application
Title: dForum Multiple Remote File Include Vulnerabilities
Description: dForum is a web-based forum application. It is vulnerable
to multiple remote file include issues due to insufficient
sanitization of user-supplied input to the "DFORUM_PATH" variable in a
variety of scripts. dForum version 1.5 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/431758
______________________________________________________________________

06.17.63 CVE: CVE-2006-2014
Platform: Web Application
Title: SL_site Gallerie.PHP Information Disclosure
Description: SL_site is a shopping cart and billing application
implemented in PHP. SL_site is prone to an information disclosure
vulnerability. This may be exploited by using directory traversal
sequences "../" in the "rep" parameter of the "gallerie.php" script.
Ref: http://www.securityfocus.com/bid/17672
______________________________________________________________________

06.17.64 CVE: Not Available
Platform: Web Application
Title: built2go Movie Review Movie_CLS.PHP3 Remote File Include
Description: built2go Movie Review is a web application for reviewing
movies. It is prone to a remote file include vulnerability due to
insufficient sanitization of user-supplied input to the "full_path"
parameter of the "movie_cls.php" script. built2go Movie Review
versions 2B and earlier are affected.
Ref: http://www.securityfocus.com/bid/17679
______________________________________________________________________

06.17.65 CVE: Not Available
Platform: Web Application
Title: Invision Power Board Search.PHP Script Injection
Description: Invision Power Board is a web log application. It is
vulnerable to a PHP script execution issue because a malicious user
can inject script code into a message posting and use a flaw in the
"search.php" script to execute it. Invision Power Board versions 2.1.5
and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/431990
______________________________________________________________________

06.17.66 CVE: Not Available
Platform: Web Application
Title: DCForumLite DCBoard.CGI Multiple Input Validation
Vulnerabilities
Description: DCForumLite is a forum application implemented in Perl.
It is prone to multiple input validation vulnerabilities because the
application fails to properly sanitize user-supplied input. DCForum
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/17697
______________________________________________________________________

06.17.67 CVE: Not Available
Platform: Web Application
Title: MySmartBB Multiple Input Validation Vulnerabilities
Description: MySmartBB is a bulletin board application. Insufficient
sanitization of the "id" and "username" parameters of the "misc.php"
script exposes the application to cross-site scripting and SQL
injection issues. MySmartBB version 1.1.3 is affected.
Ref: http://www.securityfocus.com/bid/17707
______________________________________________________________________

06.17.68 CVE: Not Available
Platform: Web Application
Title: Jupiter CMS Index.PHP Local File Include
Description: Jupiter CMS is a web-based image gallery application
implemented in PHP. It is prone to a local file include vulnerability.
Versions 1.1.5 and prior are vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/17716
______________________________________________________________________

06.17.69 CVE: Not Available
Platform: Network Device
Title: Juniper JUNOSe DNS Client Denial of Service
Description: Juniper JUNOSe is affected by a denial of service issue
when handling malformed DNS datagrams. The issue exposes itself when
malformed DNS datagrams are sent to the service. Please check the
attached advisory for a list of affected versions.
Ref: http://www.securityfocus.com/bid/17693
______________________________________________________________________

06.17.70 CVE: CVE-2006-2043, CVE-2006-2044, CVE-2006-2045
Platform: Network Device
Title: IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities
Description: IP3 Networks NetAccess NA75 devices are rack mounted
network devices that are designed for hotels and hotspots. IP3
Networks NetAccess NA75 devices are susceptible to multiple local
vulnerabilities. These issues are present in version 4.0.34 of the
device's firmware.
Ref: http://www.securityfocus.com/archive/1/432007
______________________________________________________________________

06.17.71 CVE: Not Available
Platform: Network Device
Title: Multiple FITELnet Products Unspecified DNS Handling
Vulnerabilities
Description: FITELNet products are DNS related. They are vulnerable to
multiple unspecified DNS issues such as memory corruption, buffer
overflow and denial of service. See advisory for further details.
Ref: http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
______________________________________________________________________

06.17.72 CVE: Not Available
Platform: Network Device
Title: Oce 3121/3122 Printer Denial of Service
Description: The Oce 3121/3122 printer is affected by a remote denial
of service issue when the embedded web server receives long URI
requests. Oce 3121/3122 printers are affected.
Ref: http://www.securityfocus.com/bid/17715
______________________________________________________________________

(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEVmI7+LUG5KFpTkYRAiBmAJ48AYnrumoG1pkLlL/9W8U9tJeIjQCfSGPK
CVvzgZYruXK1RdH4TZBpwfc=
=GLTG
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]