NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2006

RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 36

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Sep 11 2006 - 15:26:51 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another quiet week. The pause may give you time to get involved in
community projects to help better secure the internet. Here's a great
one:

If you are an administrator/CSO/vulnerability researcher (or have a
similar role) and are interested contributing to this years the Top-20
Internet Security Vulnerabilities project, contact the project manager,
Rohit Dhamankar (dhamankarsans.org), with your name, the organization
you represent, email and phone, and a brief description of your security
specialty. At the end of this issue, you'll find a description of the
Top20 project.

Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
September 11, 2006 Vol. 5. Week 36
*************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
- ---------------------------------------------------------------------
Platform Number of Updates and Vulnerabilities
- ---------------------------------------------------------------------
Microsoft Office 1
Third Party Windows Apps 7 (#2, #5)
Unix 4
Cross Platform 6 (#1)
Web Application - Cross Site Scripting 5
Web Application - SQL Injection 11
Web Application 48 (#3, #4)
Network Device 3
Hardware 3

****************** Sponsored By Fiberlink Communications ****************

The Hack is Back! In Fiberlink's new on-demand video/companion guide,
our ethical hacker demonstrates four advanced hacks using techniques
used to target mobile endpoints and the corporate network. Learn about
the changing security landscape, current hacking techniques used to
exploit vulnerabilities on mobile systems, and fundamental security
strategy changes that can protect your mobile enterprise from attack.
http://www.sans.org/info.php?id=1339

****************** Highlighted Training Program of the Week ************
THE PROCESS CONTROL & SCADA SECURITY SUMMIT
Don't miss this unique opportunity to hear fresh approaches to
improving SCADA and control system security that can be implemented now
at the SCADA Security Summit in Las Vegas on September 28 - 30.
http://www.sans.org/info.php?id=1330

What previous attendees said about the program:
"It didn't just concentrate on the problems; it focused on finding the
solutions." (Tracy Pettit, Nebraska Public Power District)
"Real world, hands-on, hit the ground running focus with instant
payback." (Jeff Bryner, Portland General Electric)
"It was refreshing to get away from all the 'chicken little' stuff and
take a step closer to reality. It is good to know that not all the myths
are true and that there are potential and viable solutions that can and
apparently are working." (Kimberly Lee, US Department of Defense)

*************************************************************************

Table of Contents

Part I - Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) MODERATE: ISC BIND Remote Denial of Service

Other Software
(2) CRITICAL: Ipswitch IMail Remote Buffer Overflow
(3) HIGH: Capi4HylaFax Remote Command Execution
(4) HIGH: Multiple Products Remote PHP File Include Vulnerabilities
(5) MODERATE: Retro64 CR64Loader ActiveX Control Remote Buffer Overflow

************************* Sponsored Links: ******************************

1) Register Today- SANS Internet Storm Center webcast, 9/13 at 1pm-2pm
EDT, "Internet Storm Center: The Evolving Malware Landscape"
http://www.sans.org/info.php?id=1340

*************************************************************************
Part II - Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Microsoft Office
06.36.1 - Microsoft Word 2000 Unspecified Remote Code Execution
-- Third Party Windows Apps
06.36.2 - J River Media Center Mediacenter.EXE Buffer Overflow
06.36.3 - Internet Security Systems BlackICE Local Denial of Service
06.36.4 - AuditWizard Log File Information Disclosure
06.36.5 - Microchip Data Systems ZipTV TZipTV ARJ File Handling Buffer Overflow Vulnerability
06.36.6 - Ipswitch IMail Server and Collaboration Suite Unspecified SMTP Daemon
06.36.7 - Avira AntiVir Personal Edition Classic Update.EXE Local Privilege Escalation
06.36.8 - Panda Platinum Internet Security 2006/2007 Local Privilege Escalation
-- Unix
06.36.9 - DSocks Name Variable Buffer Overflow
06.36.10 - Tor Multiple Buffer Overflow/Information Disclosure/Denial of Service Vulnerabilities
06.36.11 - GDB DWARF Multiple Buffer Overflow Vulnerabilities
06.36.12 - OpenLDAP SLAPD Access Control Circumvention
-- Cross Platform
06.36.13 - Avira AntiVir Shatter Local Buffer Overflow
06.36.14 - OpenSSL PKCS Padding RSA Signature Forgery
06.36.15 - LibTIFF TIFFFindFieldInfo Remote Buffer Overflow
06.36.16 - Compression Plus Zoo Format Stack Overflow
06.36.17 - Cerberus Helpdesk Ticket Parameter Unauthorized Access
06.36.18 - ISC BIND Multiple Remote Denial of Service Vulnerabilities
-- Web Application - Cross Site Scripting
06.36.19 - PHP iAddressBook Unspecified Cross-Site Scripting
06.36.20 - SoftBB Page Parameter Cross-Site Scripting
06.36.21 - VBZoom Profile.PHP Cross-Site Scripting
06.36.22 - PHP-Nuke MyHeadlines Module Cross-Site Scripting
06.36.23 - AckerTodo Index.PHP Cross-Site Scripting
-- Web Application - SQL Injection
06.36.24 - ZixForum ReplyNew.ASP SQL Injection
06.36.25 - 8Pixel.net SimpleBlog ID Parameter SQL Injection
06.36.26 - ICBlogger Devam.ASP SQL Injection
06.36.27 - e107 Multiple SQL Injection Vulnerabilities
06.36.28 - Autentificator Aut_Verifica.Inc.PHP SQL Injection
06.36.29 - SMF Multiple SQL Injection Vulnerabilities
06.36.30 - SSLinks Multiple SQL Injection Vulnerabilities
06.36.31 - Annuaire 1Two index.php SQL Injection
06.36.32 - Muratsoft Haber Portal Kategori.ASP SQL Injection
06.36.33 - Uni-vert PhpLeague Joueurs.PHP SQL Injection
06.36.34 - PHP-Fusion News.PHP SQL Injection
-- Web Application
06.36.35 - Alt-N MDaemon WebAdmin Component Unauthorized Access
06.36.36 - Easy Address Book Web Server Remote Format String
06.36.37 - annoncesV annonce.php Remote File Include
06.36.38 - Graphiks GrapAgenda Index.PHP Remote File Include
06.36.39 - Web Dictate Admin Authentication Bypass
06.36.40 - Amazing little picture poll Admin Login Page Authentication Bypass
06.36.41 - pHNews Comments.PHP Local File Include
06.36.42 - SoftBB Multiple Input Validation Vulnerabilities
06.36.43 - PHP-Proxima BB_Smilies.PHP Local File Include
06.36.44 - DynCMS X_Admindir Remote File Include
06.36.45 - MySpeach JScript.PHP Remote File Include
06.36.46 - YACS Multiple Remote File Include Vulnerabilities
06.36.47 - ToendaCMS Remote File Include
06.36.48 - Papoo CMS IBrowser Remote File Include
06.36.49 - IntegraMOD PHPbb_Root_Path Multiple Remote File Include Vulnerabilities
06.36.50 - MyBace Login_Check.PHP Remote File Include
06.36.51 - Ixprim CMS Theme_Manager.Class.PHP Remote File Include
06.36.52 - Revista Multiple Input Validation Vulnerabilities
06.36.53 - TikiWiki Configure Script JHot.PHP Remote Command Execution
06.36.54 - Webmin and Useradmin HTML Injection and Information Disclosure Vulnerabilities
06.36.55 - yappa-ng Admin_Module_Deldir.Inc.PHP Remote File Include
06.36.56 - In-Portal In-Link ADODB_DIR.PHP Remote File Include
06.36.57 - FlashChat Multiple Remote File Include Vulnerabilities
06.36.58 - MyBace user_daten.php Remote File Include
06.36.59 - VTiger CRM HTML Injection and Access Control Bypass Vulnerabilities
06.36.60 - GNU Mailman Multiple Security Vulnerabilities
06.36.61 - TR Forum Multiple Input Validation Vulnerabilities
06.36.62 - Timesheet Login.PHP SQL Injection
06.36.63 - C-News Commentaires.PHP Remote File Include
06.36.64 - Sponge News News.PHP Remote File Include
06.36.65 - ACGV News Article.PHP Remote File Include
06.36.66 - SZEWO PhpCommander download.php Local File Include
06.36.67 - MySource Classic PHP Code Injection
06.36.68 - Akarru Social BookMarking Engine Main_Content.PHP Remote File Include
06.36.69 - VCD-DB Comments Unspecified HTML Injection
06.36.70 - Php Download Download.PHP Directory Traversal
06.36.71 - Beautifier Core.PHP Remote File Include
06.36.72 - Premod Shadow Functions_Portal.PHP Remote File Include
06.36.73 - PHPFullAnnu home.module.php Remote File Include
06.36.74 - Bingo News BP_ncom.PHP Remote File Include
06.36.75 - ppalCart Multiple File Include Vulnerabilities
06.36.76 - ACGV News PathNews Parameter Multiple Remote File Include Vulnerabilities
06.36.77 - WMNews Multiple Remote File Include Vulnerabilities
06.36.78 - PHP-Nuke Book Catalog Module Upload.PHP Arbitrary File Upload
06.36.79 - Web-Provence SL_Site Spaw_control.class.PHP Remote File Include
06.36.80 - Fire Soft Board Demarrage.PHP Remote File Include
06.36.81 - Web Server Creator Customize.PHP Remote File Include
06.36.82 - PhpNews Multiple Remote File Include Vulnerabilities
-- Network Device
06.36.83 - SnapGear Multiple Unspecified Denial of Service Vulnerabilities
06.36.84 - Canon ImageRunner Information Disclosure
06.36.85 - Cisco IOS Multiple GRE Source Routing Vulnerabilities
-- Hardware
06.36.86 - CAPI4Hylafax Remote Arbitrary Command Execution
06.36.87 - AnywhereUSB 5 Driver Malformed String Descriptor Integer Overflow
06.36.88 - Intel PRO/Wireless Network Connection Drivers Remote Code Execution

***********************************************************************

PART I - Critical Vulnerabilities

Part I is compiled by Rob King and Rohit Dhamankar at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*************************
Widely Deployed Software
*************************

(1) MODERATE: ISC BIND Remote Denial of Service
Affected:
ISC BIND versions 9.3.x and possibly 9.2.x

Description: ISC BIND, by far the most popular Domain Name System (DNS)
server software on the internet, contains a remotely-exploitable
denial-of-service (DoS) condition. By sending a specially-crafted DNS
request including SIG or recursive queries, an attacker could cause the
server to crash. Depending on configuration, the server may or may not
automatically restart. Note that ISC does not believe that the 9.2
branch is vulnerable, but they have issued a patch anyway.

Status: ISC confirmed, updates available.

Council Site Actions: Two of the reporting council sites have responded
to this item. One site has updated their systems to 9.3.2-P1. The other
site has several dozen affected systems and will likely deploy patches
within the next several weeks. Some of their systems load all patches
from a Linux distributor and will likely be updated within approximately
a week.

References: ISC Security Advisory
http://www.isc.org/index.pl?/sw/bind/bind-security.php SecurityFocus BID
http://www.securityfocus.com/bid/19859

*******************************************************************

**************
Other Software
**************

(2) CRITICAL: Ipswitch IMail Remote Buffer Overflow
Affected:
Ipswitch Imail Server 2006

Description: Ipswitch IMail, a popular mail server solution for
Microsoft Windows, contains a remotely-exploitable buffer overflow. By
sending a specially-formatted request to the SMTP server component, an
unauthenticated attacker could trigger this buffer overflow and execute
arbitrary code with the privileges of the server software - often
SYSTEM. Note that technical details for this vulnerability have been
publicly posted.

Status: Ipswitch confirmed, updates available.

References:
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-028.html
Ipswitch Home Page
http://www.ipswitch.com
SecurityFocus BID
http://www.securityfocus.com/bid/19885

****************************************************************

(3) HIGH: Capi4HylaFax Remote Command Execution
Affected:
Capi4HylaFax versions 1.x

Description: Capi4HylaFax, a module that allows faxing via CAPI and AVM
Fritz! cards, contains a remote command execution vulnerability. By
sending a specially-crafted fax request to a vulnerable system, an
attacker could execute arbitrary code with the privileges of the HylaFax
process, often root.

Status: Vendor has not confirmed, no updates available.

References:
Secunia Security Advisory
http://archives.neohapsis.com/archives/secunia/2006-q3/0827.html
Capi4HylaFax Home Page
http://capi4linux.thepenguin.de/
SecurityFocus BID
http://www.securityfocus.com/bid/19801

****************************************************************

(4) HIGH: Multiple Products Remote PHP File Include Vulnerabilities
Affected:
phpBB with Premod Shadow version 2.x
TikiWiki version 1.x
FlashChat versions 4.6.2 and prior

Description: The following popular software packages reportedly contain
PHP remote file include vulnerabilities: the Shadow phpBB premod,
TikiWiki, and FlashChat. These flaws can be exploited by a remote
attacker to run arbitrary PHP code on the webserver hosting the
vulnerable software packages. The postings show how to craft the
malicious HTTP requests to exploit the flaws. All of these
vulnerabilities require that the PHP "register_globals" option be
enabled. The "register_globals" option is disabled by default in PHP
version 4.2.0 and later. However, many sites enable this option. Users
are advised to disable the "register_globals" option if possible, and
run web server software under a low-privilege account. Note also that
there is a bot searching for FlashChat installations.

Status:
phpBB has not confirmed, no updates available.
TikiWiki has not confirmed, no updates available.
FlashChat has not confirmed, no updates available.

References:
Secunia Advisory (phpBB)
http://archives.neohapsis.com/archives/secunia/2006-q3/0893.html
Secunia Advisory (TikiWiki)
http://archives.neohapsis.com/archives/secunia/2006-q3/0840.html
SANS Internet Storm Center Handler's Diary Entry (TikiWiki)
http://www.incidents.org/diary.php?storyid=1672
Posting by NeXtMaN (FlashChat)
http://archives.neohapsis.com/archives/bugtraq/2006-09/0050.html
SANS Internet Storm Center Handler's Diary Entry (FlashChat)
http://www.incidents.org/diary.php?storyid=1670
phpBB Home Page
http://www.phpbb.com
TikiWiki Home Page
http://www.tikiwiki.org
FlashChat Home Page
http://www.tufat.com/script2.htm
SecurityFocus BIDs
http://www.securityfocus.com/bid/19846 (flashChat)
http://www.securityfocus.com/bid/19809 (phpBB)
http://www.securityfocus.com/bid/19888 (phpBB)
http://www.securityfocus.com/bid/19819 (tikiWiki)

******************************************************************

(5) MODERATE: Retro64 CR64Loader ActiveX Control Remote Buffer Overflow
Affected:
Retro64 CR64Loader ActiveX Component

Description: The Retro64 CR64Loader ActiveX component, part of various
Retro64 video game products, contains a remotely-exploitable buffer
overflow. A specially-crafted web page that instantiates this component
could trigger this buffer overflow, and execute arbitrary code with the
privileges of the current user. Note that re-usable exploit code to
leverage similar flaws is publicly available. Flaws similar to this have
been widely exploited in the past.

Status: Vendor has not confirmed, no updates available. Users may be
able to mitigate the impact of this vulnerability by disabling the
ActiveX component via Microsoft's "kill bit" mechanism for CLSID
"{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}".

Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary. Once
council site did comment that it was likely that at least a few systems
at their have this ActiveX control, but they have no plans to respond
because they have no realistic way to identify the affected user
population.

References:
Retro64 Home Page
http://www.retro64.com
Microsoft Knowledge Base Article (outlines the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/19810

****************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5156 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

06.36.1 CVE: CVE-2006-4534
Platform: Microsoft Office
Title: Microsoft Word 2000 Unspecified Remote Code Execution
Description: Microsoft Word is vulnerable to an unspecified remote
code execution issue when opening a malicious Word document. See the
advisory for futher details.
Ref: http://www.microsoft.com/technet/security/advisory/925059.mspx
______________________________________________________________________

06.36.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: J River Media Center Mediacenter.EXE Buffer Overflow
Description: Media Center is an application that allows you to play PC
music, videos and view various images. Media Center and various Media
center plugins are prone to a buffer overflow vulnerability. This
issue resides in the "Mediacenter.exe" file. Version 11.0.309 is
vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/19853
______________________________________________________________________

06.36.3 CVE: CVE-2006-3999
Platform: Third Party Windows Apps
Title: Internet Security Systems BlackICE Local Denial of Service
Description: Internet Security Systems BlackICE is a firewall/IDS
application. It is vulnerable to a local denial of service issue due
improper validation of the third argument of the "NtOpenSection"
before it is used in "RapDrv.sys". Internet Security Systems BlackICE
versions 3.6.cpn, 3.6.cpj, and 3.6.cpiE are vulnerable.
Ref:
http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php
______________________________________________________________________

06.36.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: AuditWizard Log File Information Disclosure
Description: AuditWizard is a system inventory auditing application
for Windows. It is prone to a local information disclosure
vulnerability because the application fails to properly ensure that
sensitive information is not disclosed to local users. The vendor may
have reissued version 6.3.2 with fixes that address this issue.
Ref: http://www.securityfocus.com/bid/19860
______________________________________________________________________

06.36.5 CVE: CVE-2006-2482
Platform: Third Party Windows Apps
Title: Microchip Data Systems ZipTV TZipTV ARJ File Handling Buffer
Overflow Vulnerability
Description: ZipTV is a file compression and decompression suite. The
TZipTV component of ZipTV is used to view archives. The TZipTV
component is vulnerable to a buffer overflow issue when handling
malformed ARJ archives with excessively large ARJ header blocks. ZipTV
for Delphi 7 version 2006.1.26 and ZipTV for C++ Builder version
2006-1.16 are vulnerable.
Ref: http://secunia.com/secunia_research/2006-50/advisory/
______________________________________________________________________

06.36.6 CVE: CVE-2006-3552
Platform: Third Party Windows Apps
Title: Ipswitch IMail Server and Collaboration Suite Unspecified SMTP
Daemon
Description: Ipswitch IMail is an email server that serves clients
their mail via a web interface. Ipswitch Collaboration Suite (ICS) is
an application suite that includes IMail Server and IMail Anti-Virus.
Ipswitch IMail Server / Collaboration Suite are prone to an
unspecified vulnerability that may allow for remote arbitrary code
execution. Ipswitch Collaboration 2006 Suite Premium and Standard
Editions, IMail, IMail Plus, and IMail Secure are reported to be
vulnerable.
Ref: http://www.ipswitch.com/support/ics/updates/ics20061.asp
______________________________________________________________________

06.36.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Avira AntiVir Personal Edition Classic Update.EXE Local
Privilege Escalation
Description: AntiVir Personal Edition Classic is prone to a local
privilege escalation vulnerability. This issue is due to a failure in
the application to sanitize user-supplied input to the progress bar
control of the "update.exe" process. AntiVir Personal Edition Classic
version 7 is vulnerable.
Ref: http://www.securityfocus.com/bid/19889
______________________________________________________________________

06.36.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Panda Platinum Internet Security 2006/2007 Local Privilege
Escalation
Description: Panda Platinum Internet Security is an Internet security
application suite that includes antivirus, antispyware, firewall,
identity protection, antispam and parental control software packages.
The application is prone to a local privilege escalation vulnerability
deriving from a design error. Specifically, this vulnerability arises
because the application assigns insecure file permissions to certain
directories upon installation. Attackers may exploit this
vulnerability to overwrite executables with arbitrary code in the
affected directories to be executed with LocalSystem level privileges.
Panda Platinum Internet Security versions 2006 10.02.01 and 2007
11.00.00 are affected by this vulnerability.
Ref: http://www.securityfocus.com/archive/1/445479
______________________________________________________________________

06.36.9 CVE: Not Available
Platform: Unix
Title: DSocks Name Variable Buffer Overflow
Description: Dsocks is a client wrapper application to allow anonymous
web browsing using the Tor DNS proxy. The application is prone to a
remote buffer overflow vulnerability. Successful exploits may allow an
attacker to execute arbitrary code in the context of the user running
the application.
Ref: http://www.securityfocus.com/archive/1/445200
______________________________________________________________________

06.36.10 CVE: Not Available
Platform: Unix
Title: Tor Multiple Buffer Overflow/Information Disclosure/Denial of
Service Vulnerabilities
Description: Tor is an implementation of second generation Onion
Routing, a connection oriented anonymizing communication service. Tor
is affected by multiple vulnerabilities. Please refer to the provided
link for further details.
Ref: http://archives.seul.org/or/announce/May-2006/msg00000.html
______________________________________________________________________

06.36.11 CVE: CVE-2006-4146
Platform: Unix
Title: GDB DWARF Multiple Buffer Overflow Vulnerabilities
Description: GDB, the GNU Project Debugger, is a debugging application
for programs written in C, C++ and other languages. DWARF is a
standardized method to insert debugging information into ELF
executable files. The application is prone to multiple buffer overflow
vulnerabilities due to insufficient bounds checking when handling
DWARF and DWARF2 data in both "dwarfread.c" and "dwarfread2.c".
Arbitrary data in location description blocks (DW_FORM_block) which is
in excess of 64 bytes will overwrite current stack frame data.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204845
______________________________________________________________________

06.36.12 CVE: CVE-2006-4600
Platform: Unix
Title: OpenLDAP SLAPD Access Control Circumvention
Description: OpenLDAP is an open source implementation of the LDAP
protocol. slapd is the stand alone LDAP daemon. It is prone to an
access control circumvention vulnerability. This issue arises because
the application does not properly process an access control list that
is used to allow users to add or delete their own domain name.
Versions prior to 2.3.25 are vulnerable.
Ref:
http://www.openldap.org/lists/openldap-announce/200608/msg00000.html
______________________________________________________________________

06.36.13 CVE: Not Available
Platform: Cross Platform
Title: Avira AntiVir Shatter Local Buffer Overflow
Description: Avira AntiVir is anti-virus software. It is prone to an
unspecified "shatter style" local buffer overflow vulnerability.
Version 6.35.00.00 is reported to be vulnerable; other versions may be
vulnerable as well.
Ref: http://www.securityfocus.com/bid/19843
______________________________________________________________________

06.36.14 CVE: Not Available
Platform: Cross Platform
Title: OpenSSL PKCS Padding RSA Signature Forgery
Description: OpenSSL is an open-source implementation of the SSL
protocol. OpenSSL is susceptible to a vulnerability that may allow an
RSA signature to be forged. It is possible to forge a PKCS #1 v1.5
signature when an RSA key with exponent 3 is used. All versions of
OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this
vulnerability. Updates are available.
Ref: http://www.securityfocus.com/bid/19849
______________________________________________________________________

06.36.15 CVE: Not Available
Platform: Cross Platform
Title: LibTIFF TIFFFindFieldInfo Remote Buffer Overflow
Description: LibTIFF is a library for reading and manipulating Tag
Image File Format (TIFF) files. It is freely available for UNIX and
UNIX-like operating systems as well as Microsoft Windows. It is
exposed to a buffer overflow issue because due to improper boundary
checks before copying user-supplied data into a finite-sized buffer.
This issue is known to affect versions of LibTIFF included with Sony
PSP devices running firmware versions 2.0 through 2.8.
Ref: http://www.psp-hacks.com/forums/about39614.html
______________________________________________________________________

06.36.16 CVE: Not Available
Platform: Cross Platform
Title: Compression Plus Zoo Format Stack Overflow
Description: The Compression Plus is a compression toolkit that
supports several compressed archival formats. It is susceptible to a
stack based buffer overflow vulnerability. This issue occurs when the
affected application attempts to process malicious ZOO files. Versions
5 and prior of Compression Plus are reported vulnerable.
Ref: http://www.securityfocus.com/bid/19796
______________________________________________________________________

06.36.17 CVE: Not Available
Platform: Cross Platform
Title: Cerberus Helpdesk Ticket Parameter Unauthorized Access
Description: Cerberus Helpdesk is an email management application.
Insufficient sanitization of the "ticket" parameter when viewing
tickets in the Client Support Center exposes the application to an
unauthorized access issue. Cerberus Helpdesk version 3.2, build 317 is
affected.
Ref: http://www.securityfocus.com/bid/19797
______________________________________________________________________

06.36.18 CVE: CVE-2006-4095, CVE-2006-4096
Platform: Cross Platform
Title: ISC BIND Multiple Remote Denial of Service Vulnerabilities
Description: ISC BIND is prone to multiple denial of service issues.
All current versions are affected. Please check the attached advisory
for details.
Ref: http://www.securityfocus.com/bid/19859
______________________________________________________________________

06.36.19 CVE: CVE-2006-4460
Platform: Web Application - Cross Site Scripting
Title: PHP iAddressBook Unspecified Cross-Site Scripting
Description: PHP iAddressBook is an online address book implemented in
PHP. It is prone to a cross-site scripting vulnerability because it
fails to properly sanitize user-supplied input to unspecified
parameters and scripts. Versions 0.95 and prior are vulnerable.
Ref: http://wacha.ch/wiki/addressbook:changelog#version_0.96_2006-09-02
______________________________________________________________________

06.36.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SoftBB Page Parameter Cross-Site Scripting
Description: SoftBB is a web-based bulletin board. Insufficient
sanitization of the "page" parameter of the "index.php" script exposes
the application to a cross-site scripting issue.
Ref: http://www.securityfocus.com/bid/19847
______________________________________________________________________

06.36.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VBZoom Profile.PHP Cross-Site Scripting
Description: VBZooM is a forum application. It is prone to a
cross-site scripting vulnerability due to insufficient input
sanitization of the "UserID" parameter of the "index.php" script.
Version 1.11 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19803
______________________________________________________________________

06.36.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP-Nuke MyHeadlines Module Cross-Site Scripting
Description: MyHeadlines is a module for PHP-Nuke, which acts as a RSS
reader. MyHeadlines is vulnerable to a cross-site scripting issue due
to insufficient sanitization of user-supplied input to the "myh_op"
parameter of the "modules.php" script. MyHeadlines version 4.3.1 is
vulnerable.
Ref: http://www.securityfocus.com/bid/19825
______________________________________________________________________

06.36.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AckerTodo Index.PHP Cross-Site Scripting
Description: AckerTodo is a list manager. It is vulnerable to a
cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "task_id" parameter of the "index.php"
script. AckerTodo version 4.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/445465
______________________________________________________________________

06.36.24 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZixForum ReplyNew.ASP SQL Injection
Description: ZixForum is a web-based forum application. Insufficient
sanitization of the "RepId" parameter of the "ReplyNew.asp" script
exposes the application to an SQL injection issue. ZixForum version
1.12 is affected.
Ref: http://www.securityfocus.com/bid/19855
______________________________________________________________________

06.36.25 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 8Pixel.net SimpleBlog ID Parameter SQL Injection
Description: SimpleBlog is a web log application. It is exposed to an
SQL injection issue due to insufficient sanitization of user-supplied
input to the "id" parameter of the "default.asp" script. Version 2.3
is affected.
Ref: http://www.securityfocus.com/bid/19848
______________________________________________________________________

06.36.26 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ICBlogger Devam.ASP SQL Injection
Description: ICBlogger is a web log application. It is vulnerable to
an SQL injection issue due to insufficient sanitization of
user-supplied input to the "YID" parameter of the "devam.asp" script.
ICBlogger version 2.0 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/445002
______________________________________________________________________

06.36.27 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 Multiple SQL Injection Vulnerabilities
Description: e107 is a content management system implemented in PHP.
It is prone to multiple SQL injection vulnerabilities because it fails
to properly sanitize user-supplied input to multiple scripts and
parameters. Version 0.7.5 is vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/19812
______________________________________________________________________

06.36.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Autentificator Aut_Verifica.Inc.PHP SQL Injection
Description: Autentificator is a script that allow administrators to
control access to certain web pages. It is affected by an SQL
injection issue due to insufficient sanitization of the "user"
parameter of the "aut_verifica.inc.php" script. Autentificator version
2.01 is affected.
Ref: http://www.securityfocus.com/bid/19813
______________________________________________________________________

06.36.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SMF Multiple SQL Injection Vulnerabilities
Description: SMF is a web forum. It is exposed to multiple SQL
injection issues due to insufficient sanitization of user-supplied to
different parameters of "ManagedBoards.php" and "Subs-Boards.php".
Version 1.1 RC3 is affected.
Ref: http://www.securityfocus.com/bid/19814
______________________________________________________________________

06.36.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SSLinks Multiple SQL Injection Vulnerabilities
Description: SSLinks is an application for administrating website link
exchanges. It is vulnerable to multiple SQL injection issus because it
fails to properly sanitize user-supplied input to the "go" and "rate"
parameters of the "global.inc.php" scripts. SSLinks versions 1.22 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/19815
______________________________________________________________________

06.36.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Annuaire 1Two index.php SQL Injection
Description: Annuaire 1Two is a web directory script. It is prone to
an SQL injection vulnerability due to insufficient input sanitization
of the "password" parameter of the "index.php" script. Version 1.1.0
is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19817
______________________________________________________________________

06.36.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Muratsoft Haber Portal Kategori.ASP SQL Injection
Description: Haber Portal is a web portal script implemented in ASP.
It is prone to an SQL injection vulnerability because it fails to
properly sanitize user-supplied input to the "kat" parameter of the
"kategori.asp" script. Version 3.6 is vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/19821
______________________________________________________________________

06.36.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Uni-vert PhpLeague Joueurs.PHP SQL Injection
Description: Uni-vert PhpLeague is a sport score management tool. It
is prone to an SQL injection vulnerability because it fails to
sufficiently sanitize user-supplied data to the "id_joueur" parameter
of the "consult/joueurs.php" script. Versions 0.82b and 0.82 are
vulnerable.
Ref: http://www.securityfocus.com/bid/19880
______________________________________________________________________

06.36.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion News.PHP SQL Injection
Description: PHP-Fusion is a website management application.
Insufficient sanitization of the "_SERVER[REMOTE_ADDR]" parameter of
the "news.php" script exposes the application to a SQL injection
issue. PHP-Fusion version 6.01.4 is affected.
Ref: http://www.securityfocus.com/bid/19908
______________________________________________________________________

06.36.35 CVE: Not Available
Platform: Web Application
Title: Alt-N MDaemon WebAdmin Component Unauthorized Access
Description: WebAdmin is an adminstrative component for the MDaemon
mail server. The MDaemon WebAdmin component is vulnerable to an
unauthorized access issue because the application does not prevent
domain administrators from accessing unauthorized email accounts.
Alt-N MDaemon WebAdmin Component versions prior to 3.2.6 are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/445153
______________________________________________________________________

06.36.36 CVE: Not Available
Platform: Web Application
Title: Easy Address Book Web Server Remote Format String
Description: Easy Address Book Web Server is a web-based address book
application. It is vulnerable to a remote format string issue due to a
failure of the application to properly sanitize user-supplied data
prior to including it in the format specifier argument to a formatted
printing function. Easy Address Book Web Server version 1.2 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/445262
______________________________________________________________________

06.36.37 CVE: Not Available
Platform: Web Application
Title: annoncesV annonce.php Remote File Include
Description: annoncesV is a web-based news script. It is prone to a
remote file include vulnerability due to insufficient input
sanitization of the "page" parameter of the "annonce.php" script.
Version 1.1 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19854
______________________________________________________________________

06.36.38 CVE: Not Available
Platform: Web Application
Title: Graphiks GrapAgenda Index.PHP Remote File Include
Description: GrapAgenda is a web-based agenda tool. It is exposed to a
remote file include issue due to insufficient sanitization of
user-supplied input to the "page" parameter of the "index.php" script.
Version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/19857
______________________________________________________________________

06.36.39 CVE: Not Available
Platform: Web Application
Title: Web Dictate Admin Authentication Bypass
Description: Web Dictate is a web-based dictation application. It is
prone to an authentication bypass vulnerability, due to a failure to
check for "null" passwords. Version 1.02 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19836
______________________________________________________________________

06.36.40 CVE: Not Available
Platform: Web Application
Title: Amazing little picture poll Admin Login Page Authentication
Bypass
Description: Amazing little picture poll is a voting poll application.
It is prone to an authentication bypass vulnerability. This issue
occurs because the application fails to check for null passwords
before authenticating a valid user. An attacker can exploit this issue
to gain administrative access to the effected application. Version 1.3
is vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/19837
______________________________________________________________________

06.36.41 CVE: Not Available
Platform: Web Application
Title: pHNews Comments.PHP Local File Include
Description: pHNews is a web-based content management system
implemented in PHP. It is prone to a local file include vulnerability
because it fails to properly sanitize user-supplied input to the
"templates_dir" parameter of the "modules/comments.php" script.
Ref: http://www.securityfocus.com/bid/19838
______________________________________________________________________

06.36.42 CVE: Not Available
Platform: Web Application
Title: SoftBB Multiple Input Validation Vulnerabilities
Description: SoftBB is a web-based bulletin board. It is affected by
multiple security issues including SQL injection and remote file
include. SoftBB version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/19839
______________________________________________________________________

06.36.43 CVE: Not Available
Platform: Web Application
Title: PHP-Proxima BB_Smilies.PHP Local File Include
Description: PHP-Proxima is an add-on for PHP-Nuke. It is exposed to a
local file include issue due to insufficient sanitization of
user-supplied input to the "name" parameter of the
"modules/Forums/bb_smilies.php" script. PHP-Proxima version 6.0 is
affected.
Ref: http://www.securityfocus.com/bid/19840
______________________________________________________________________

06.36.44 CVE: Not Available
Platform: Web Application
Title: DynCMS X_Admindir Remote File Include
Description: DynCMS is a content-management system that is implemented
in PHP. It is prone to a remote file include vulnerability because it
fails to properly sanitize user-supplied input to the "x_admindir"'
parameter of the "0_admin/modules/Wochenkarte/frontend/index.php"
script.
Ref: http://www.securityfocus.com/bid/19846
______________________________________________________________________

06.36.45 CVE: Not Available
Platform: Web Application
Title: MySpeach JScript.PHP Remote File Include
Description: MySpeach is a web-based chat application. It is
vulnerable to a remote file include issue due to insufficient
sanitization of user-supplied input to the "my_ms[root]" parameter of
the "jscript.php" script. MySpeach versions 3.0.2 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/19851
______________________________________________________________________

06.36.46 CVE: Not Available
Platform: Web Application
Title: YACS Multiple Remote File Include Vulnerabilities
Description: Yet Another Community System (YACS) is a web-based CMS.
It is exposed to multiple remote file include issues due to
insufficient sanitization of user-supplied input to the
"context[path_to_root]" parameter of various scripts. YACS Version
6.6.1 is affected.
Ref: http://www.securityfocus.com/bid/19799
______________________________________________________________________

06.36.47 CVE: Not Available
Platform: Web Application
Title: ToendaCMS Remote File Include
Description: ToendaCMS is a content management solution. Insufficient
sanitization of the "tcms_administer_site" parameter of the
"inc/database.php" script exposes the application to a remote file
include issue. ToendaCMS 1.0.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/19806
______________________________________________________________________

06.36.48 CVE: Not Available
Platform: Web Application
Title: Papoo CMS IBrowser Remote File Include
Description: Papoo CMS is a content management system. It is exposed
to a remote file include issue due to insufficient sanitization of
user-supplied input to the "tinyMCE_imglib_include" variable of the
"ibrowser.php" script. Version 3.0.2 is affected.
Ref: http://www.securityfocus.com/bid/19807
______________________________________________________________________

06.36.49 CVE: Not Available
Platform: Web Application
Title: IntegraMOD PHPbb_Root_Path Multiple Remote File Include
Vulnerabilities
Description: IntegraMOD is an integrated modification application for
PHPBB. It is exposed to multiple remote file include issue due to
insufficient sanitization of user-supplied input to the
"phpbb_root_path" parameter of the "includes/functions_mod_user.php"
and "includes/functions.php" scripts. IntegraMOD 2.0 rc2 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/19809
______________________________________________________________________

06.36.50 CVE: Not Available
Platform: Web Application
Title: MyBace Login_Check.PHP Remote File Include
Description: MyBace is an internet homepage content management system.
The application is prone to a remote file include vulnerability
because it fails to sufficiently sanitize user-supplied input to the
"hauptverzeichniss" parameter of the "includes/login_check.php"
script. MyBace Light is vulnerable.
Ref: http://www.securityfocus.com/archive/1/445185
______________________________________________________________________

06.36.51 CVE: Not Available
Platform: Web Application
Title: Ixprim CMS Theme_Manager.Class.PHP Remote File Include
Description: Ixprim is a content management system. Insufficient
sanitization of the "GLOBAL" parameter of the
"Theme_Manager.class.php" script exposes the application to a remote
file include issue. Ixprim version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/19816
______________________________________________________________________

06.36.52 CVE: Not Available
Platform: Web Application
Title: Revista Multiple Input Validation Vulnerabilities
Description: Revista is a Spanish magazine editor. It is prone to
multiple input validation vulnerabilities because the application
fails to properly sanitize user-supplied input. The issues include
multiple cross-site scripting and SQL injections. Version 1.1.2 is
vulnerable to this issue.
Ref: http://www.securityfocus.com/archive/1/445007
______________________________________________________________________

06.36.53 CVE: Not Available
Platform: Web Application
Title: TikiWiki Configure Script JHot.PHP Remote Command Execution
Description: TikiWiki is a Wiki implemented in PHP. It is prone to a
command execution vulnerability. The application fails to sanitize
user-input in the "cmd" parameter of the "jhot.php" script. Attackers
could exploit this to execute arbitrary system commands with the
privileges of the webserver process. Versions 1.9.4 and prior are
vulnerable to these issues; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/
______________________________________________________________________

06.36.54 CVE: Not Available
Platform: Web Application
Title: Webmin and Useradmin HTML Injection and Information Disclosure
Vulnerabilities
Description: Webmin is a web-based UNIX/Linux system administration
tool. It is affected by HTML injection and information disclosure
issues due to insufficient sanitization of user-supplied input.
Usermin versions prior to 1.226 and Webmin versions prior to 1.296 are
vulnerable to this issue.
Ref: http://www.securityfocus.com/bid/19820
______________________________________________________________________

06.36.55 CVE: Not Available
Platform: Web Application
Title: yappa-ng Admin_Module_Deldir.Inc.PHP Remote File Include
Description: yappa-ng is a photo album. Insufficient sanitization of
the "config[path_src_include]" parameter of the
"admin_module_deldir.inc.php" script exposes the application to a
remote file include issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/19823
______________________________________________________________________

06.36.56 CVE: Not Available
Platform: Web Application
Title: In-Portal In-Link ADODB_DIR.PHP Remote File Include
Description: In-Portal In-Link is a directory management application.
It is exposed to a remote file include issue due to insufficient
sanitization of user-supplied input to the "$ADODB_DIR" parameter of
the "adodb-postgres.inc.php" script. Version 2.3.4 is affected.
Ref: http://www.securityfocus.com/bid/19824
______________________________________________________________________

06.36.57 CVE: Not Available
Platform: Web Application
Title: FlashChat Multiple Remote File Include Vulnerabilities
Description: FlashChat is a web-based chatroom application.
Insufficient sanitization of the "dir[inc]" parameter of the
"aedating4CMS.php" and "aedatingCMS2.php" scripts exposes the
application to a remote file include issue. FlashChat version 4.5.7 is
affected.
Ref: http://www.securityfocus.com/bid/19826
______________________________________________________________________

06.36.58 CVE: Not Available
Platform: Web Application
Title: MyBace user_daten.php Remote File Include
Description: MyBace is an internet homepage content management system.
It is prone to a remote file include vulnerability due to insufficient
input sanitization of the "template_back" parameter of the
"admin/login/content/user_daten.php" script. MyBace Light is reported
to be vulnerable.
Ref: http://www.securityfocus.com/bid/19830
______________________________________________________________________

06.36.59 CVE: Not Available
Platform: Web Application
Title: VTiger CRM HTML Injection and Access Control Bypass
Vulnerabilities
Description: VTiger is an open source customer relationship management
system (CRM) implemented in PHP. It is prone to multiple HTML
injection and access control bypass issues due to insufficient
sanitization of user-supplied input to various parameters of multiple
scripts. VTiger CRM version 4.2.4 is reportedly affected by these
issues.
Ref: http://www.securityfocus.com/bid/19829
______________________________________________________________________

06.36.60 CVE: Not Available
Platform: Web Application
Title: GNU Mailman Multiple Security Vulnerabilities
Description: Mailman is prone to multiple security issues including
cross-site scripting, MIME Header handling errors, denial of service
and log spoofing. Mailman versions later than version 2.0 and prior to
2.1.9rc1 are affected.
Ref: http://www.securityfocus.com/bid/19831
______________________________________________________________________

06.36.61 CVE: Not Available
Platform: Web Application
Title: TR Forum Multiple Input Validation Vulnerabilities
Description: TR Forum is a web forum application. It is vulnerable to
multiple input validation issues such as SQL injection and
authentication bypass. This is due to insufficient sanitization of
user-supplied input to various scripts. TR Forum version 2.0 is
vulnerable.
Ref: http://www.securityfocus.com/bid/19834
______________________________________________________________________

06.36.62 CVE: Not Available
Platform: Web Application
Title: Timesheet Login.PHP SQL Injection
Description: Timesheet is a web-based application for tracking project
hours. It is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied data to the "username" parameter of the
"login.php" script. Timesheet version 1.2.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/19856
______________________________________________________________________

06.36.63 CVE: Not Available
Platform: Web Application
Title: C-News Commentaires.PHP Remote File Include
Description: C-News is a web-based news script. It is prone to a
remote file include vulnerability due to insufficient input
sanitization of the "path" parameter of the "commentaires.php" script.
Version 1.0.1 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19861
______________________________________________________________________

06.36.64 CVE: Not Available
Platform: Web Application
Title: Sponge News News.PHP Remote File Include
Description: Sponge News is a web-based news application. It is prone
to a remote file include vulnerability because it fails to properly
sanitize user-supplied input to the "sndir" parameter of the
"news.php" script. This issue affects Sponge News 2.2 and prior.
Ref: http://www.securityfocus.com/bid/19862
______________________________________________________________________

06.36.65 CVE: Not Available
Platform: Web Application
Title: ACGV News Article.PHP Remote File Include
Description: ACGV News is a news supplement manager. It is prone to a
remote file include vulnerability because it fails to sufficiently
sanitize user-supplied input to the "PathNews" parameter of the
"article.php" script. ACGV News 0.9.1 and prior are vulnerable.
Ref: http://www.securityfocus.com/bid/19863
______________________________________________________________________

06.36.66 CVE: Not Available
Platform: Web Application
Title: SZEWO PhpCommander download.php Local File Include
Description: PhpCommander is web-based account manager, implemented in
PHP. It is prone to a local file include vulnerability due to
insufficient sanitization of the "Directory" parameter of the
"download.php" script. Version 3.0 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19867
______________________________________________________________________

06.36.67 CVE: Not Available
Platform: Web Application
Title: MySource Classic PHP Code Injection
Description: MySource Classic is a content management system
application. It is prone to an injection vulnerability due to
insufficient input sanitization of the site's "Equation" attribute.
Version 2.14.6 is reported to be vulnerable.
Ref: http://classic.squiz.net/download/changelogs/change_log_2.14.8
______________________________________________________________________

06.36.68 CVE: Not Available
Platform: Web Application
Title: Akarru Social BookMarking Engine Main_Content.PHP Remote File
Include
Description: Akarru Social BookMarking Engine is a bookmark management
application.It is prone to a remote file include vulnerability because
it fails to properly sanitize user-supplied input to the "bm_content"
parameter of the "main_content.php" script. This issue affects Akarru
Social BookMarking Engine version 0.4.3.34.
Ref: http://www.securityfocus.com/bid/19870
______________________________________________________________________

06.36.69 CVE: Not Available
Platform: Web Application
Title: VCD-DB Comments Unspecified HTML Injection
Description: VCD-db is a media content management Web application. It
is prone to an unspecified HTML injection vulnerability due to
improper sanitization of user-supplied input to unspecific fields and
scripts. This issue affects versions prior to 0.983.
Ref: http://www.securityfocus.com/bid/19871
______________________________________________________________________

06.36.70 CVE: Not Available
Platform: Web Application
Title: Php Download Download.PHP Directory Traversal
Description: Php download is affected by a directory traversal issue
due to insufficient sanitization of the "file" parameter of the
"download.php" script. All current versions are affected.
Ref: http://www.securityfocus.com/bid/19872
______________________________________________________________________

06.36.71 CVE: Not Available
Platform: Web Application
Title: Beautifier Core.PHP Remote File Include
Description: Beautifier is a web-based content management system. It
is exposed to a remote file include issue due to insufficient
sanitization of user-supplied input to the "BEAUT_PATH" parameter of
"core.php". This issue affects version 0.1.
Ref: http://www.securityfocus.com/bid/19873
______________________________________________________________________

06.36.72 CVE: Not Available
Platform: Web Application
Title: Premod Shadow Functions_Portal.PHP Remote File Include
Description: Premod Shadow is a modification for PHPBB. The
application is vulnerable to a remote file include issue due to
insufficient sanitization of user-supplied input to the
"phpbb_root_path" parameter of the "includes/functions_portal.php"
script. Premod Shadow version 2.7.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/19874
______________________________________________________________________

06.36.73 CVE: Not Available
Platform: Web Application
Title: PHPFullAnnu home.module.php Remote File Include
Description: phpFullAnnu is a content management system implemented in
PHP. It is prone to a remote file include vulnerability due to
insufficient input sanitization of the "repmod" variable of the
"home.module.php" script. Versions 5.1 and prior are reported to be
vulnerable.
Ref: http://www.securityfocus.com/bid/19875
______________________________________________________________________

06.36.74 CVE: Not Available
Platform: Web Application
Title: Bingo News BP_ncom.PHP Remote File Include
Description: Bingo News is a news reader application. It is prone to a
remote file include vulnerability due to insufficient sanitization of
the "bnrep" parameter of the "bp_ncom.php" script. Version 3.01 is
reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19877
______________________________________________________________________

06.36.75 CVE: Not Available
Platform: Web Application
Title: ppalCart Multiple File Include Vulnerabilities
Description: ppalCart is affected by multiple file include issues due
to insufficient sanitization of user-supplied input. ppalCart version
2.5 EE is affected.
Ref: http://www.securityfocus.com/bid/19881
______________________________________________________________________

06.36.76 CVE: Not Available
Platform: Web Application
Title: ACGV News PathNews Parameter Multiple Remote File Include
Vulnerabilities
Description: ACGV News is a news supplement manager. It is exposed to
multiple remote file include issues due to insufficient sanitization
of user-supplied input to the "PathNews" parameter of the "header.php"
and "news.php" scripts. ACGV News versions 0.9.1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/19882
______________________________________________________________________

06.36.77 CVE: Not Available
Platform: Web Application
Title: WMNews Multiple Remote File Include Vulnerabilities
Description: WMNews is a web-based news manager. It is prone to
multiple remote file include vulnerabilities due to insufficient
sanitization of the "ide" parameter of the "article.php" script and
the "pwfile" parameter of several scripts. Version 0.5 is reported to
be vulnerable.
Ref: http://www.securityfocus.com/bid/19886
______________________________________________________________________

06.36.78 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke Book Catalog Module Upload.PHP Arbitrary File Upload
Description: Book Catalog is a book archival and organization tool.
Insufficient sanitization of user-supplied input of the "upload.php"
script exposes the application to an arbitrary file upload issue.
PHP-Nuke version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/19890
______________________________________________________________________

06.36.79 CVE: Not Available
Platform: Web Application
Title: Web-Provence SL_Site Spaw_control.class.PHP Remote File Include
Description: Web-Provence SL_Site is a simple content management
application. It is exposed to a remote file include vulnerability due
to insufficient sanitization of user-supplied input to the "spaw_root"
parameter of "spaw_control.class.php". This issue affects versions 1.0
and earlier.
Ref: http://www.securityfocus.com/bid/19892
______________________________________________________________________

06.36.80 CVE: Not Available
Platform: Web Application
Title: Fire Soft Board Demarrage.PHP Remote File Include
Description: Fire Soft Board is a web forum application. It is prone
to a remote file include vulnerability because it fails to
sufficiently sanitize user-supplied input to the "racine" parameter of
the "demarrage.php" script. Version RC3 is vulnerable.
Ref: http://www.securityfocus.com/bid/19899
______________________________________________________________________

06.36.81 CVE: Not Available
Platform: Web Application
Title: Web Server Creator Customize.PHP Remote File Include
Description: Web Server Creator is affected by a remote file include
issue due to insufficient sanitization of the "l" parameter of the
"customize.php" script. Web Server Creator version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/19896
______________________________________________________________________

06.36.82 CVE: Not Available
Platform: Web Application
Title: PhpNews Multiple Remote File Include Vulnerabilities
Description: WMNews is a web-based news manager. It is prone to
multiple remote file include vulnerabilities due to insufficient
sanitization of the "Include" parameter of the "lib.inc.php" and
"variables.php" scripts. Version 1.0 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/19904
______________________________________________________________________

06.36.83 CVE: Not Available
Platform: Network Device
Title: SnapGear Multiple Unspecified Denial of Service Vulnerabilities
Description: SnapGear is a internet security appliance for small
businesses. It is prone to multiple unspecified remote denial of
service vulnerabilities. These issues are reportedly due to multiple
unspecified window replay problems for IPSec and an unspecified
anti-virus issue. This issue affects SnapGear firmware version 3
series.
Ref: http://www.securityfocus.com/bid/19805
______________________________________________________________________

06.36.84 CVE: Not Available
Platform: Network Device
Title: Canon ImageRunner Information Disclosure
Description: The Canon ImageRunner multi-function device is a network
based printer and photocopier. It is vulnerable to an information
disclosure issue because the remote UI web interface exposes clear
text username and password entries when exporting address book
entries. Canon iR C3220 and ImageRunner models 5020, iR9070, iR C6800,
iR C6870 and iR 8500 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/445302
______________________________________________________________________

06.36.85 CVE: Not Available
Platform: Network Device
Title: Cisco IOS Multiple GRE Source Routing Vulnerabilities
Description: Cisco IOS is prone to multiple vulnerabilities because
the application fails to perform boundary checks on user-supplied data
prior to using it to create network packets. The issues present
themselves when the device handles malicious GRE packets with
oversized header offset values, and the improper handling of the
255.255.255.255 source route entry in the device's routing table. A
successful attack can allow an attacker to bypass security
restrictions or possibly crash the Cisco IOS operating system. Cisco
IOS Version C3550 IOS 12.1(19) is reported to be vulnerable.
Ref: http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml
______________________________________________________________________

06.36.86 CVE: Not Available
Platform: Hardware
Title: CAPI4Hylafax Remote Arbitrary Command Execution
Description: CAP4Hylafax is an application that allows you to send and
receive faxes through a CAPI 2.0 device. It is exposed to an arbitrary
command execution issue due insufficient sanitization of user-supplied
input. CAPIHylafax version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/19801
______________________________________________________________________

06.36.87 CVE: Not Available
Platform: Hardware
Title: AnywhereUSB 5 Driver Malformed String Descriptor Integer
Overflow
Description: AnywhereUBS/5 driver is a driver that provides five USB
ports. It is exposed to an integer overflow issue due to the driver's
failure to ensure integer values are not overrun. Version 1.80.00 is
affected.
Ref: http://www.securityfocus.com/bid/19833/info
______________________________________________________________________

06.36.88 CVE: Not Available
Platform: Hardware
Title: Intel PRO/Wireless Network Connection Drivers Remote Code
Execution
Description: Intel PRO/Wireless Network Connection drivers are the
integrated wireless LAN solution for Intel Centrino mobile technology.
The drivers are exposed to a remote code execution vulnerability that
is likely a result from a race condition error. Refer to the link
below for further details.
Ref: http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
______________________________________________________________________

SANS CRITICAL INTERNET THREATS 2006
=====================================

SANS Critical Internet Threats research is undertaken annually and
provides the basis for the SANS "Top-20" report. The "Top-20" report
describes the most serious internet security threats in detail, and
provides the steps to identify and mitigate these threats.

The "Top-20" began its life as a research study undertaken jointly
between the SANS Institute and the National Infrastructure Protection
Centre (NIPC) at the FBI. Today thousands of organizations from all
spheres of industry are using the "Top-20" as a definitive list to
prioritize their security efforts.

The 2006 Top-20 will once again create the experts' consensus on threats
- - the result of a process that brings together security experts,
leaders, researchers and visionaries from the most security-conscious
federal agencies in the US, UK and around the world; the leading
security software vendors and consulting firms; the university-based
security programs; many other user organizations; and the SANS
Institute.

For reference a copy of the 2005 paper is available online:
http://www.sans.org/top20.htm.
*A list of participants may be found in the Appendix.

(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFBabo+LUG5KFpTkYRAj+dAJ42HCcLxZEmPiDvdojcVfGNRPjwyQCePrjy
NJFEqZBLV505vAKTG9cg9P8=
=vWjK
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]