NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2007

RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 26

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon Jun 25 2007 - 20:36:12 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM Websphere has newly reported remotely exploitable vulnerabilities;
Mac OS X WebCore and WebKit have vulnerabilities reminiscent of the type
for which Internet Explorer has earned unwanted fame; and Computer
Associates' Ingress database has critical, newly reported, remotely
exploitable vulnerabilities.

If you are interested in companies are getting the security bugs out of
software, take a peek at the end of this issue. You'll find the
fascinating agenda for the Application Security Summit.
http://www.sans.org/appsummit07/
And Wednesday is the final day for savings on SANSFire 2007's 56 courses
in Washington: http://www.sans.org/sansfire07/
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
June 25, 2007 Vol. 6. Week 26
*************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------

Third Party Windows Apps 16 (#7)
Linux 3
Unix 1
Apple 2 (#2, #8)
Novell 2 (#5, #6)
Cross Platform 11 (#1, #3, #4)
Web Application - Cross Site Scripting 12
Web Application - SQL Injection 7
Web Application 23
Network Device 13

************************* Sponsored By SANS *****************************

What application security tools work best? How can we ensure our
programmers know common security flaws and consistently eliminate them
from code we are deploying? Attend the Application Security Summit
August 15-16 and learn the answers to these and other key application
security questions. As a bonus, be the first to register for the GIAC
Certified Secure Programmer exam.
http://www.sans.org/info/9446
*************************************************************************

Table of Contents

Part I - Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Ingres Database Multiple Vulnerabilities
(2) HIGH: Apple WebCore and WebKit Multiple Vulnerabilities
(3) MODERATE: F-Secure LHA and RAR Detection Bypass
(4) MODERATE: IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
(5) MODERATE: Novell exteNd Director ActiveX Control Arbitrary Command Execution
(6) LOW: Novell XNFS Denial of Service

Other Software
(7) MODERATE: Cerulean Studios Trillian Unicode Parsing Buffer Overflow
(8) LOW: Apple AppleTV UPnP Buffer Overflow

Part II - Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
07.26.1 - HTTP Server Request Handling Remote Denial of Service
07.26.2 - Ingress Database Server Multiple Remote Vulnerabilities
07.26.3 - BugHunter HTTP Server Parse Error Information Disclosure
07.26.4 - Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download
07.26.5 - Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing
07.26.6 - AGEPhone SIP Soft Phone Message Parsing Denial of Service
07.26.7 - AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service
07.26.8 - Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow
07.26.9 - Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow
07.26.10 - AOL Instant Messenger SIP Invite Message Denial of Service
07.26.11 - RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
07.26.12 - Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service
07.26.13 - Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow
07.26.14 - Apple Safari for Windows Document.Location Denial of Service
07.26.15 - Apple Safari for Windows Corefoundation.DLL Denial of Service
07.26.16 - Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
-- Linux
07.26.17 - Gnome Evolution Data Server Array Index Memory Access
07.26.18 - GNU Emacs Image Processing Remote Denial of Service
07.26.19 - Astaro Up2Date Secure Gateway SMTP Proxy Malformed Email Remote Denial of Service
-- Unix
07.26.20 - BitchX Hook.C Remote Buffer Overflow
-- Novell
07.26.21 - Novell NetWare XNFS.NLM Remote Denial of Service
07.26.22 - Novell exteNd Director LocalExec.OCX ActiveX Control Remote Command Execution
-- Cross Platform
07.26.23 - MyServer Filename Parse Error Information Disclosure
07.26.24 - VLC Media Player Multiple Format String Vulnerabilities
07.26.25 - Altap Servant Salamander PE File Handling Buffer Overflow
07.26.26 - Xvid Avi MBCoding.C Remote Code Execution
07.26.27 - Apache Mod_Mem_Cache Information Disclosure
07.26.28 - Tidylib for PHP Library Remote Buffer Overflow
07.26.29 - WIKINDX Localization Module Unspecified Authentication Bypass
07.26.30 - F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass
07.26.31 - IBM WebSphere Application Server Unspecified Vulnerabilities
07.26.32 - MailWasher Server LDAP Unauthorized Folder Access
07.26.33 - FCKeditor Alternative Data Stream Arbitrary File Upload
-- Web Application - Cross Site Scripting
07.26.34 - NetJukeBox Multiple Cross Site Scripting Vulnerabilities
07.26.35 - MyServer Post.MSCGI Cross-Site Scripting
07.26.36 - FuseTalk ComFinish.CFM Multiple Cross Site Scripting Vulnerabilities
07.26.37 - RaidenHTTPD Unspecified Cross Site Scripting
07.26.38 - Interact Online Learning Environment Interact Multiple Cross Site Scripting Vulnerabilities
07.26.39 - Stephen Ostermiller Contact Form Unspecified Cross Site Scripting
07.26.40 - PHP Hosting Biller Index.PHP Cross Site Scripting
07.26.41 - Fuzzylime Low.PHP Cross Site Scripting
07.26.42 - Apache Tomcat Accept-Language Cross Site Scripting
07.26.43 - Utopia News Pro Login.PHP Cross Site Scripting
07.26.44 - TDizin Arama.ASP Cross-Site Scripting
07.26.45 - WordPress AndyBlue Theme Searchform.PHP Cross-Site Scripting
-- Web Application - SQL Injection
07.26.46 - PHPAccounts Index.PHP Multiple SQL Injection Vulnerabilities
07.26.47 - W1L3D4 WEBmarket Urunbak.ASP SQL Injection
07.26.48 - Solar Empire Game_Listing.PHP SQL Injection
07.26.49 - FuseTalk AuthError.CFM SQL Injection
07.26.50 - FuseTalk Index.CFM SQL Injection
07.26.51 - WSPortal Content.PHP SQL Injection
07.26.52 - BBPress BB-Edit.PHP SQL Injection
-- Web Application
07.26.53 - LMS LAN Management System Language.PHP Remote File Include
07.26.54 - SerWeb Load_Lang.PHP Remote File Include
07.26.55 - LiveCMS Multiple Input Validation Vulnerabilities
07.26.56 - NetClassifieds Multiple Input Validation Vulnerabilities
07.26.57 - FuseTalk AuthError.CFM Multiple Cross Site Scripting Vulnerabilities
07.26.58 - Wrapper.PHP for OsCommerce Local File Include
07.26.59 - PHPAccounts Index.PHP Local File Include
07.26.60 - Comersus Cart Multiple Input Validation Vulnerabilities
07.26.61 - Musoo GLOBALS[ini_array] Parameter Remote File Include Vulnerabilities
07.26.62 - Jasmine CMS Multiple Input Validation Vulnerabilities
07.26.63 - WordPress Automattic Stats Module Referer Field HTML Injection
07.26.64 - YABB Multiple Local File Include Vulnerabilities
07.26.65 - DKret Search Widget HTML Injection
07.26.66 - WEBIF.CGI OutConfig Parameter Local File Include
07.26.67 - STPHP EasyNews Pro Unspecified Script HTML Injection
07.26.68 - MiniBB Language Parameter Local File Include
07.26.69 - YourFreeScreamer Form.PHP Remote File Include
07.26.70 - WmFrog Insecure Temporary File Creation
07.26.71 - PHPListPro Addsite.PHP HTML Injection
07.26.72 - HP System Management Homepage Remote Privilege Escalation
07.26.73 - Papoo CMS Multiple HTML Injection Vulnerabilities
07.26.74 - phpListPro Topsite Entry Page HTML Injection
07.26.75 - phpMyInventory Global.Inc.PHP Remote File Include
- - -- Network Device
07.26.76 - Juniper Networks IVE OS LDAP Referrals TLS Plaintext Password
07.26.77 - D-Link DPH-540/DPH-541 Wi-Fi Phone Security Bypass
07.26.78 - Polycom SoundPoint IP 601 SIP Phone CGI Request Remote Denial of Service
07.26.79 - BlackBerry 7270 Phone SIP Stack Format String
07.26.80 - SJPhone SIP Phone Invite Transaction Denial of Service
07.26.81 - BlackBerry 7270 SIP Header Denial of Service
07.26.82 - D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header Denial of Service
07.26.83 - Avaya One-X Desktop Edition SIP Header Denial of Service
07.26.84 - Polycom SoundPoint IP 601 SIP Phone INVITE Message Remote Denial of Service
07.26.85 - Aastra 9112i SIP Phone SIP Message Denial of Service
07.26.86 - Avaya 4602SW SIP Phone Security Bypass
07.26.87 - Snom-320 SIP Remote Unauthorized Access
07.26.88 - Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access

************************* Sponsored Links: ****************************

1) SANS Web Cast featuring Dr. Eric Cole, "Correlating SIM information
to Detect Insider Threats" Register and Listen Today.
http://www.sans.org/info/9451

2) Don't miss SANS Ask The Expert: The Importance of Web Application
Security for PCI Compliance on Thursday, June 28th at 1:00 PM EDT
sponsored by Watchfire. Click here to register:
http://www.sans.org/info/9456

3) Upcoming SANS WhatWorks on Log Management sponsored by LogLogic, June
27th at 1pm EDT. Register Today.
http://www.sans.org/info/9461

*************************************************************************

PART I - Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar
at TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Ingres Database Multiple Vulnerabilities
Affected:
Ingres Database versions 3.0.3, 2.6, 2.5, 2006
Multiple Computer Associates products embed a vulnerable version of the Ingres Database

Description: The Ingres Database, a popular enterprise database engine,
contains multiple vulnerabilities. A specially crafted database request
could trigger one of a number of stack- or heap-based buffer overflows,
and exploit these overflows to execute arbitrary code with the
privileges of the vulnerable process. Additional flaws include
denial-of-service and file overwrite vulnerabilities. Note that the
vulnerable process may run with root or SYSTEM privileges. At least one
affected version of the product is open source, allowing technical
details to be extracted via source code analysis. Additional technical
details for some of these vulnerabilities is publicly available.

Status: Ingres confirmed, updates available.

References:
Computer Associates Security Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546
Next Generation Security Software Advisory
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
SecurityFocus BID
http://www.securityfocus.com/bid/24585

*************************************************************************

(2) HIGH: Apple WebCore and WebKit Multiple Vulnerabilities
Affected:
Apple MacOS X versions 10.4.9 and prior
Apple MacOS X Server versions 10.4.9 and prior

Description: Apple WebCore and WebKit, two core components of Mac OS X
used to render web content by numerous applications (including Apple's
Mail.app and Safari), contain multiple vulnerabilities. A
specially-crafted web page could trigger one of these vulnerabilities
to execute arbitrary code with the privileges of the current user or
exercise a cross-site scripting vulnerability. Other applications that
use these components may also be vulnerable.

Status: Apple confirmed, updates available. The necessary updates have
been released via Apple's Software Update facility.

References:
Apple Security Updates
http://docs.info.apple.com/article.html?artnum=305759
Apple Safari Home Page
http://www.apple.com/safari
SecurityFocus BIDs
http://www.securityfocus.com/bid/24598
http://www.securityfocus.com/bid/24597

*************************************************************************

(3) MODERATE: F-Secure LHA and RAR Detection Bypass
Affected:
Products using the F-Secure Anti-Virus Engine

Description: Products using F-Secure security engines may flag certain
LHA and RAR archive files as invalid and stop examining them for
possible viruses and other malware. These files may be crafted in such
a way that the file is still considered valid by end-user applications.
Any malware archived in such a file would bypass detection by F-Secure
products.

Status: F-Secure confirmed, updates available.

Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the responding council sites. They reported that no action was
necessary.

References:
F-Secure Security Advisory
http://www.f-secure.com/security/fsc-2007-5.shtml
Wikipedia Article on the RAR Archive File Format
http://en.wikipedia.org/wiki/RAR_%28file_format%29
Wikipedia Article on the LHA Archive File Format
http://en.wikipedia.org/wiki/LHA_%28file_format%29
SecurityFocus BID
http://www.securityfocus.com/bid/24525

*************************************************************************

(4) MODERATE: IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
Affected:
IBM WebSphere versions prior to 6.1.0 Fix Pack 9

Description: IBM WebSphere Application Server contains multiple
vulnerabilities. The exact details of these vulnerabilities are unknown,
but IBM has confirmed that security-bypass and denial-of-service
vulnerabilities exist and are remotely exploitable. No further details
are publicly available for these vulnerabilities

Status: IBM confirmed, updates available.

Council Site Actions: Two of the reporting council sites are using the
affected software. Both sites are reviewing the update from IBM and
investigating the potential impact to their site in order to determine
course of action and/or patch schedule.

References:
Product Home Page
http://www-306.ibm.com/software/info1/websphere/index.jsp
SecurityFocus BID
http://www.securityfocus.com/bid/24505

*************************************************************************

(5) MODERATE: Novell exteNd Director ActiveX Control Arbitrary Command Execution
Affected:
Novell exteNd Director version 4.1 and prior

Description: Novell exteNd Director, a popular web application
development environment, includes an ActiveX control. This ActiveX
control fails to properly validate arguments to certain methods, leading
to arbitrary command execution. A specially crafted web page that
instantiates this control could leverage this vulnerability to execute
arbitrary commands with the privileges of the current user.

Status: Novell confirmed. Users can mitigate the impact of this
vulnerability by disabling the vulnerable control via Microsoft's "kill
bit" mechanism for CLSID "2B1AA38D-2D12-11D5-AAD0-00C04FA03D78".

References:
Novell Security Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/360/3169416_f.SAL_Public.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/24493

*************************************************************************

(6) LOW: Novell XNFS Denial of Service
Affected:
Novell NetWare version 6.5 Support Pack 6 and prior

Description: Novell NetWare supports remote filesystem access via the
Network Filesystem (NFS) protocol. A specially crafted mount request for
an NFS filesystem to a Novell NetWare server could trigger a
denial-of-service vulnerability on the NetWare server. Note that this
vulnerability is exploitable even if no NFS filesystems are currently
exported from the NetWare server. Note that some technical details for
this vulnerability are publicly available.

Status: Novell confirmed. Updates available.

References:
Novell Security Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html
Wikipedia Article on NFS
http://en.wikipedia.org/wiki/Network_File_System_%28protocol%29
SecurityFocus BID
http://www.securityfocus.com/bid/24489

*************************************************************************

****************
Other Software
****************

(7) MODERATE: Cerulean Studios Trillian Unicode Parsing Buffer Overflow
Affected:
Cerulean Studios Trillian versions prior to 3.1.6.0

Description: Cerulean Studios Trillian, a popular instant messaging
client, contains a flaw in its handling of Unicode strings. Unicode is
an Internet-standard format for encoding characters that is designed to
handle all the world's written languages. A specially-crafted Unicode
string in a message sent to a user could trigger a buffer overflow, and
allow an attacker to execute arbitrary code with the privileges of the
current user. No user authentication is necessary to exploit this
vulnerability. While the MSN instant messaging protocol is currently the
only protocol confirmed vulnerable, it is believed that the
vulnerability could be exploited via any protocol.

Status: Cerulean Studios confirmed, updates available.

Council Site Actions: Two of the reporting council sites have a limited
user base of this software. The first site has notified their user base
and verified the software is configured with the auto update feature.
The second site does not support the application, but will notify the
limited number of users that may be using this software. They will
request that the users update to the latest version/patch.

References:
iDefense Security Advisory
http://www.securityfocus.com/archive/1/471673
Wikipedia Article on Unicode
http://en.wikipedia.org/wiki/Unicode
Vendor Home Page
http://www.ceruleanstudios.com/
SecurityFocus BID
http://www.securityfocus.com/bid/24523

*******************************************************************************

(8) LOW: Apple AppleTV UPnP Buffer Overflow
Affected:
Apple AppleTV

Description: Apple's AppleTV, a popular multimedia display device,
contains a flaw in its Universal Plug-n-Play (UPnP) implementation. UPnP
is an industry standard suite of protocols used for automatic device and
network configuration. A specially-crafted Internet Gateway Device
Standardized Device Control Protocol (IGD) request could trigger a
buffer overflow and allow an attacker to execute arbitrary code on the
vulnerable device. This vulnerability is related to a previous
vulnerability in Mac OS X discussed in an earlier issue of RISK.

Status: Apple confirmed, updates available. Note that the updates are
automatically distributed via the AppleTV's automatic update mechanism.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=305631
Previous RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=6&i=22#widely1
SecurityFocus BID
http://www.securityfocus.com/bid/24159

****************************************************************

Part II - Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
Week 26, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5465 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

07.26.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: HTTP Server Request Handling Remote Denial of Service
Description: HTTP Server is a webserver for the Microsoft Windows
operating platform. The server is exposed to a remote denial of
service issue when processing an excessive amount of sequential
client requests (40-1000) for nonexistent pages, the application
crashes. HTTP Server version 1.6.2 is affected.
Ref: http://www.securityfocus.com/bid/24576
______________________________________________________________________

07.26.2 CVE: CVE-2007-3334
Platform: Third Party Windows Apps
Title: Ingress Database Server Multiple Remote Vulnerabilities
Description: Ingress Database Server is a database server included in
CA eTrust Secure Content Manager. The application is exposed to
multiple remote issues. Ingres Corporation Ingress Database version
3.0.3, 2.6, 2.5 and Computer Associates eTrust Secure Content Manager
version 8.0 are affected.
Ref: http://www.securityfocus.com/archive/1/471950
______________________________________________________________________

07.26.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: BugHunter HTTP Server Parse Error Information Disclosure
Description: BugHunter HTTP Server is an HTTP server available for
Microsoft Windows. The application is exposed to an information
disclosure issue because of an error when parsing specially crafted
filename extensions provided by users in the URL. HTTP Server version
1.6.2 is affected.
Ref: http://www.securityfocus.com/bid/24566
______________________________________________________________________

07.26.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control
Arbitrary File Download
Description: Xunlei Web ThunderThunderServer.WebThunder.1 ActiveX
control is exposed to an arbitary file download issue that provides
the "SetBrowserWindowData", "SetConfig", "HideBrowserWindow" and
"AddTask" methods that may be combined to exploit this issue. Xunlei
Web Thunder (ThunderServer.webThunder.1) version 1.8.4.130 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.26.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing
Description: Avaya 4602SW SIP Phone and SIP call server are a
voice-over-ip solution, used on the Microsoft Windows operating
system. The application is exposed to an authentication spoofing issue
that allows an attacker to hijack communications by way of a
man-in-the-middle attack.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=299&
______________________________________________________________________

07.26.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: AGEPhone SIP Soft Phone Message Parsing Denial of Service
Description: AGEPhone SIP Soft Phone is a SIP client VOIP phone
application for Microsoft Windows operating systems. AGEPhone SIP Soft
Phone is exposed to a remote denial of service issue because the
application fails to properly handle a malformed SIP message. AGEPhone
SIP Soft Phone version 1.41.2 running on HTC HyTN wireless smartphone
using Windows Mobile 5 PPC is affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=214&
______________________________________________________________________

07.26.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service
Description: AGEPhone SIP Soft Phone is a SIP client VOIP phone
application for Microsoft Windows operating systems. The application
is exposed to a remote denial of service issue because the application
fails to properly handle a malformed SIP message. AGEPhone SIP Soft
Phone version 1.41.2 running on HTC HyTN wireless smartphone using
Windows Mobile 5 PPC is affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=215&
______________________________________________________________________

07.26.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow
Description: Avaya One-X Desktop Edition is a soft-phone application
that enables SIP-based (Session Initiation Protocol) endpoints on
computers running the Microsoft Windows operating system. One-X
Desktop Edition is exposed to a remote buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input.
Avaya One-X Desktop Edition versions 2.1.0.70 and earlier are
affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm
______________________________________________________________________

07.26.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nortel Networks PC Client Soft Phone Message Parsing Module
Buffer Overflow
Description: Nortel Networks PC Client Soft Phone is a SIP client VOIP
phone application for Microsoft Windows operating systems. The
application is exposed to a buffer overflow issue because the
application fails to properly bounds check user-supplied data prior to
copying it to an insufficiently sized memory buffer. Nortel Networks
PC Client SIP Soft Phone version 4.1 is affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=297&
______________________________________________________________________

07.26.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: AOL Instant Messenger SIP Invite Message Denial of Service
Description: AOL Instant Messenger is an instant messaging application
available for Microsoft Windows. The application is exposed to a
denial of service issue because it fails to handle specially crafted
SIP messages. AOL Instant Messenger version 6.1.32.1 is affected.
Ref: http://www.securityfocus.com/bid/24533
______________________________________________________________________

07.26.11 CVE: CVE-2007-2924
Platform: Third Party Windows Apps
Title: RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple
Buffer Overflow Vulnerabilities
Description: The RealNetworks GameHouse dldisplay ActiveX Control is
part of the Gamehouse audio application for use on the Microsoft
Windows operating system. The application is exposed to multiple
buffer overflow issues because the application fails to bounds check
user-supplied data before copying it into an insufficiently sized
buffer.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.26.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nortel Networks PC Client Soft Phone SIP Message Parsing Module
Denial of Service
Description: Nortel Networks PC Client Soft Phone is a SIP client VOIP
phone application for Microsoft Windows operating systems. The Nortel
Networks PC Client Soft Phone is exposed to a remote denial of service
issue because the application fails to properly handle a malformed SIP
message. Nortel Networks PC Client SIP Soft Phone version 4.1 is
affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=298&
______________________________________________________________________

07.26.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String
Heap Buffer Overflow
Description: Cerulean Studios Trillian is an instant-messaging client
that supports a number of protocols (including IRC, ICQ, MSN, Yahoo!).
The application is exposed to a heap-based buffer overflow issue
because it fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. Cerulean Studios Trillian
versions 3.1.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/471673
______________________________________________________________________

07.26.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: Apple Safari for Windows Document.Location Denial of Service
Description: Apple Safari for Windows is exposed to a denial of
service issue because it fails to properly handle user-supplied input.
The problem occurs with how the browser handles "document.location=';"
in a malicious webpage. Safari version 3.0 and 3.0.1 public beta for
Windows are affected.
Ref: http://www.securityfocus.com/bid/24499
______________________________________________________________________

07.26.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: Apple Safari for Windows Corefoundation.DLL Denial of Service
Description: Apple Safari for Windows is exposed to a denial of
service issue because it fails to properly handle user-supplied input
in the history management functions of "corefoundation.dll". Safari
version 3.0.1 public beta for Windows is affected.
Ref:
http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html
______________________________________________________________________

07.26.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: Kaspersky Internet Security 6 SSDT Hooks Multiple Local
Vulnerabilities
Description: Kaspersky Internet Security 6 is a personal security
suite for Microsoft Windows operating systems. Among other features,
it includes firewall and antivirus components. The application is
exposed to multiple local issues. Kaspersky Internet Security version
6.0.2.614 and 6.0.2.621 are affected.
Ref: http://www.securityfocus.com/archive/1/471453
______________________________________________________________________

07.26.17 CVE: CVE-2007-3257
Platform: Linux
Title: Gnome Evolution Data Server Array Index Memory Access
Description: Evolution Data Server is an email, addressbook, and
calendar application for users of the GNOME desktop. The application
is exposed to an input-validation error that may be exploited to
execute arbitrary code. Evolution Data Server versions prior to 1.11.4
are affected.
Ref: http://www.securityfocus.com/bid/24567
______________________________________________________________________

07.26.18 CVE: CVE-2007-2833
Platform: Linux
Title: GNU Emacs Image Processing Remote Denial of Service
Description: The "emacs" program is a freely available text editor.
The application is exposed to a remote denial of service issue because
it fails to handle malicious image files.
Ref: http://www.securityfocus.com/bid/24570
______________________________________________________________________

07.26.19 CVE: Not Available
Platform: Linux
Title: Astaro Up2Date Secure Gateway SMTP Proxy Malformed Email Remote
Denial of Service
Description: Astaro Up2Date is a web-security application available
for the Linux operating system. The application is exposed to a remote
denial of service issue because it fails to handle specially crafted
emails. Astaro Up2Date versions prior to 7.005 are affected.
Ref: http://www.securityfocus.com/bid/24492
______________________________________________________________________

07.26.20 CVE: Not Available
Platform: Unix
Title: BitchX Hook.C Remote Buffer Overflow
Description: BitchX is a freely available, open-source IRC client. It
is available for UNIX, Linux and other Unix-like operating systems.
The application is exposed to a buffer overflow issue that occurs
because the application fails to bounds check user-supplied date
before copying it into an insufficiently sized buffer. BitchX version
1.1-final is affected.
Ref: http://www.securityfocus.com/bid/24579
______________________________________________________________________

07.26.21 CVE: CVE-2007-3207
Platform: Novell
Title: Novell NetWare XNFS.NLM Remote Denial of Service
Description: Novell NetWare is a network operating system. The
application is exposed to a remote denial of service issue because of
inadequate boundary checks. NetWare version 6.5 SP6 is affected .
Ref:
https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html
______________________________________________________________________

07.26.22 CVE: Not Available
Platform: Novell
Title: Novell exteNd Director LocalExec.OCX ActiveX Control Remote
Command Execution
Description: Novell exteNd Director is a set of software development
tools and APIs for creating enterprise web applications. The
application is exposed to a remote command execution issue because it
fails to sanitize user-supplied data passed through an unspecified URI
parameter. Novell exteNd Director version 4.1 is affected.
Ref: http://www.kb.cert.org/vuls/id/793433
______________________________________________________________________

07.26.23 CVE: Not Available
Platform: Cross Platform
Title: MyServer Filename Parse Error Information Disclosure
Description: MyServer is a HTTP webserver application for multiple
operating systems; it is implemented in C++. The application is
exposed to an information disclosure issue because of an error when
parsing specially crafted filename extensions provided by users in the
URL. MyServer version 0.8.9 is affected.
Ref: http://www.securityfocus.com/bid/24571
______________________________________________________________________

07.26.24 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player Multiple Format String Vulnerabilities
Description: VideoLAN VLC media player is a multimedia player for
audio and video. VLC Media Player is affected by multiple format
string issues due to incorrect usage of "printf()"-type functions,
allowing format specifiers to be supplied directly to vulnerable
functions from external data. VideoLAN VLC media player versions prior
to 0.8.6c are affected.
Ref: http://www.videolan.org/sa0702.html
______________________________________________________________________

07.26.25 CVE: Not Available
Platform: Cross Platform
Title: Altap Servant Salamander PE File Handling Buffer Overflow
Description: Servant Salamander is a small and fast two-pane file
manager with open plugin architecture. The application is exposed to a
buffer overflow issue because the application fails to properly bounds
check user-supplied data before copying it into an insufficiently
sized memory buffer. Altap Salamander version 2.5 with Portable
Executable Viewer 2.02 and Servant Salamander 2.0 with Portable
Executable Viewer 1.00 are affected.
Ref: http://vuln.sg/salamander25-en.html
______________________________________________________________________

07.26.26 CVE: Not Available
Platform: Cross Platform
Title: Xvid Avi MBCoding.C Remote Code Execution
Description: Xvid is an MPEG-4 video codec used to compress video
data. The application is exposed to a remote code execution issue due
to an array indexing error. Xvid version 1.1.2 is affected.
Ref: http://www.securityfocus.com/bid/24561
______________________________________________________________________

07.26.27 CVE: CVE-2007-1862
Platform: Cross Platform
Title: Apache Mod_Mem_Cache Information Disclosure
Description: Apache is a freely available, open-source web server
software package. It is distributed and maintained by the Apache
Group. The application is exposed to a path information disclosure
issue that affects the "recall_headers" function of "mod_mem_cache".
Apache version 2.2.4 is affected.
Ref: http://www.securityfocus.com/bid/24553
______________________________________________________________________

07.26.28 CVE: Not Available
Platform: Cross Platform
Title: Tidylib for PHP Library Remote Buffer Overflow
Description: Tidylib for PHP is a callable C library version of HTML
Tidy, for use with the PHP programming language. The library is
exposed to a remote buffer overflow issue because it fails to perform
boundary checks before copying user-supplied data to insufficiently
sized memory buffers. Tidylib for PHP version 040603 is affected.
Ref: http://www.securityfocus.com/bid/24527
______________________________________________________________________

07.26.29 CVE: Not Available
Platform: Cross Platform
Title: WIKINDX Localization Module Unspecified Authentication Bypass
Description: WIKINDX localization is a plug-in module localization for
the WIKINDX application. It is a multi-user capable bibliography
application for storing and searching references, notes and citations.
The application is exposed to an unspecified authentication bypass
issue. WIKINDX Localization Module versions prior to 1.2 are affected.
Ref: http://www.securityfocus.com/bid/24508
______________________________________________________________________

07.26.30 CVE: Not Available
Platform: Cross Platform
Title: F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan
Bypass
Description: Multiple F-Secure Anti-Virus products are exposed to an
issue that may allow certain compressed archives to bypass the scan
engine, due to a failure of the application to properly handle certain
compressed archives file header fields.
Ref: http://www.f-secure.com/security/fsc-2007-5.shtml
______________________________________________________________________

07.26.31 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Unspecified Vulnerabilities
Description: IBM WebSphere Application Server is exposed to multiple
unspecified issues.
Very little information is known about theses issue though some of
these issues may lead to denial of service conditions and allow
attackers to bypass certain restrictions. IBM WebSphere Application
Server versions prior to 6.1.0 Fix Pack 9 are affected.
Ref: http://www.securityfocus.com/bid/24505
______________________________________________________________________

07.26.32 CVE: Not Available
Platform: Cross Platform
Title: MailWasher Server LDAP Unauthorized Folder Access
Description: MailWasher Server is an application used to filter spam.
The application is exposed to an unauthorized folder access issue
because it fails to perform user authentication in a proper manner.
MailWasher Server versions prior to 2.2.1 are affected.
Ref: http://www.securityfocus.com/bid/24507
______________________________________________________________________

07.26.33 CVE: Not Available
Platform: Cross Platform
Title: FCKeditor Alternative Data Stream Arbitrary File Upload
Description: FCKeditor is a text editor implemented in HTML and
Javascript. The application is exposed to an arbitrary file upload
issue because the application fails to sufficiently sanitize
user-supplied input. FCKeditor version 2.4.3 is affected.
Ref: http://www.securityfocus.com/bid/24510
______________________________________________________________________

07.26.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NetJukeBox Multiple Cross Site Scripting Vulnerabilities
Description: netjukebox is a web-based media player. The application
is exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. netjukebox version 4.01b is
affected.
Ref: http://www.securityfocus.com/bid/24577
______________________________________________________________________

07.26.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyServer Post.MSCGI Cross-Site Scripting
Description: MyServer is a HTTP webserver application for multiple
operating systems; it is implemented in C++. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "post.mscgi" script. MyServer
version 0.8.9 is affected.
Ref: http://www.securityfocus.com/bid/24583
______________________________________________________________________

07.26.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FuseTalk ComFinish.CFM Multiple Cross Site Scripting
Vulnerabilities
Description: FuseTalk is a web-based discussion forum implemented in
ColdFusion. The applicaton is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied input
to the "FTVAR_SCRIPTRUN" parameter of the "
blog/include/common/comfinish.cfm" and
"forum/include/common/comfinish.cfm" scripts. FuseTalk version 2.0,
3.0 and 4.0 are affected.
Ref: http://www.securityfocus.com/archive/1/471846
______________________________________________________________________

07.26.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RaidenHTTPD Unspecified Cross Site Scripting
Description: RaidenHTTPD is a web server application. RaidenHTTPD is
exposed to an unspecified cross-site scripting issue because it fails
to sufficiently sanitize user-supplied data. RaidenHTTPD version
2.0.13 is affected.
Ref: http://www.securityfocus.com/bid/24568
______________________________________________________________________

07.26.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Interact Online Learning Environment Interact Multiple Cross
Site Scripting Vulnerabilities
Description: Interact is an open-source learning environment available
for various operating systems. The application is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied input. Interact version 2.4 beta 1 is affected.
Ref: http://www.securityfocus.com/bid/24573
______________________________________________________________________

07.26.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Stephen Ostermiller Contact Form Unspecified Cross Site
Scripting
Description: Contact Form is an application that allows users to send
emails through a web interface. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. Contact Form version 2.00.02 is affected.
Ref: http://www.securityfocus.com/bid/24559
______________________________________________________________________

07.26.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Hosting Biller Index.PHP Cross Site Scripting
Description: PHP Hosting Biller is a web-based application to manage a
web hosting service. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "index.php" script. PHP Hosting Biller
version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/471642
______________________________________________________________________

07.26.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Fuzzylime Low.PHP Cross Site Scripting
Description: Fuzzylime is a web-based forum application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "fromaction"
parameter of the "low.php" script. Fuzzylime versions 1.01b and
earlier are affected.
Ref: http://www.securityfocus.com/bid/24522
______________________________________________________________________

07.26.42 CVE: CVE-2007-1358
Platform: Web Application - Cross Site Scripting
Title: Apache Tomcat Accept-Language Cross Site Scripting
Description: Apache Tomcat is a java-based web server application for
multiple operating systems. The software is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input.
Ref: http://www.securityfocus.com/bid/24524
______________________________________________________________________

07.26.43 CVE: CVE-2007-3129
Platform: Web Application - Cross Site Scripting
Title: Utopia News Pro Login.PHP Cross Site Scripting
Description: Utopia News Pro is a Web Based newsreader application.
The application is exposed to a cross site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "password"
parameter of the "login.php" script. Utopia News Pro version 1.4.0 is
affected.
Ref: http://www.netvigilance.com/advisory0034
______________________________________________________________________

07.26.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TDizin Arama.ASP Cross-Site Scripting
Description: TDizin is a web application implemented in ASP. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "ara"
parameter of the "arama.asp" script.
Ref: http://www.securityfocus.com/bid/24515
______________________________________________________________________

07.26.45 CVE: CVE-2007-3239
Platform: Web Application - Cross Site Scripting
Title: WordPress AndyBlue Theme Searchform.PHP Cross-Site Scripting
Description: The AndyBlue theme is an addon for the WordPress
publishing platform. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the "index.php" script, which is then passed to unspecified
parameters of the "searchform.php" script. The AndyBlue theme for
WordPress version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/24490
______________________________________________________________________

07.26.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPAccounts Index.PHP Multiple SQL Injection Vulnerabilities
Description: PHP Accounts is a web-based accounting application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. PHP Accounts
version 0.5 is affected.
Ref: http://www.securityfocus.com/bid/24574
______________________________________________________________________

07.26.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: W1L3D4 WEBmarket Urunbak.ASP SQL Injection
Description: WEBmarket is a e-commerce application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "urunbak.asp"
script before using it in an SQL query. WEBmarket version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/24550
______________________________________________________________________

07.26.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Solar Empire Game_Listing.PHP SQL Injection
Description: Solar Empire is a browser-based strategy game. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the
"$_SERVER[HTTP_USER_AGENT]" parameter of the "game_listing.php" script
before using it in an SQL query. Solar Empire version 2.9.1.1 is
affected.
Ref: http://www.securityfocus.com/bid/24519
______________________________________________________________________

07.26.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FuseTalk AuthError.CFM SQL Injection
Description: FuseTalk is a web-based discussion forum implemented in
ColdFusion. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input to the
"errorcode" parameter of the "autherror.cfm" script before using it in
an SQL query. FuseTalk version 2.0 and 3.0 are affected.
Ref: http://www.securityfocus.com/archive/1/471726
______________________________________________________________________

07.26.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FuseTalk Index.CFM SQL Injection
Description: FuseTalk is a web-based discussion forum implemented in
ColdFusion. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input to the
"FTVAR_SUBCAT" parameter of the "index.cfm" script before using it in
an SQL query. FuseTalk version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/24498
______________________________________________________________________

07.26.51 CVE: CVE-2007-3128
Platform: Web Application - SQL Injection
Title: WSPortal Content.PHP SQL Injection
Description: WSPortal is a content management application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "page" parameter of the
"content.php" script before using it in an SQL query. WSPortal version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/24513
______________________________________________________________________

07.26.52 CVE: CVE-2007-3244
Platform: Web Application - SQL Injection
Title: BBPress BB-Edit.PHP SQL Injection
Description: bbPress is a web-based forum application. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "post_content" parameter of the
"bb-edit.php" script before using it in SQL queries. bbPress version
0.8 is affected.
Ref: http://www.securityfocus.com/bid/24488
______________________________________________________________________

07.26.53 CVE: Not Available
Platform: Web Application
Title: LMS LAN Management System Language.PHP Remote File Include
Description: LMS is a LAN management system. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "_LIB_DIR" parameter
of the "lib/language.php" script. LMS version 1.9.6 is affected.
Ref: http://www.securityfocus.com/bid/24578
______________________________________________________________________

07.26.54 CVE: Not Available
Platform: Web Application
Title: SerWeb Load_Lang.PHP Remote File Include
Description: SerWeb is a self-provisioning web interface for SER SIP
Server. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"_SERWEB[serwebdir]" parameter of the "load_lang.php" script. SerWeb
version 0.9.4 is affected.
Ref: http://www.securityfocus.com/bid/24581
______________________________________________________________________

07.26.55 CVE: Not Available
Platform: Web Application
Title: LiveCMS Multiple Input Validation Vulnerabilities
Description: LiveCMS is a content manager. The application is exposed
to multiple issues which include: input validation issue because it
fails to sanitize user-supplied input; an SQL injection issue that
resides in the "cid" parameter of the "categoria.php" script; an
HTML-injection issue that resides in the article names input box; and
an arbitrary file upload issue occurs when uploading small image
attachments accompanying articles. LiveCMS version 3.4 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/24580
______________________________________________________________________

07.26.56 CVE: Not Available
Platform: Web Application
Title: NetClassifieds Multiple Input Validation Vulnerabilities
Description: NetClassifieds is a PHP-based application for managing
classified ads. The application is exposed to multiple input
validation issues which include: SQL injection that affect the "CatID"
and "s_user_id" parameters of the "ViewCat.php" script and cross-site
scripting issues that affect various unspecified forms of the
"Common.php", "imageresizer.php", and "Mysql_db.php" scripts.
NetClassifieds Free, Standard, Professional, and Premium editions are
affected.
Ref: http://www.securityfocus.com/bid/24584
______________________________________________________________________

07.26.57 CVE: Not Available
Platform: Web Application
Title: FuseTalk AuthError.CFM Multiple Cross Site Scripting
Vulnerabilities
Description: FuseTalk is a web-based discussion forum implemented in
ColdFusion. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input to the "FTVAR_LINKP" and "FTVAR_URLP" parameters
of the "/forum/include/error/autherror.cfm" script. FuseTalk version
2.0, 3.0 and 4.0 are affected.
Ref: http://www.securityfocus.com/bid/24564
______________________________________________________________________

07.26.58 CVE: Not Available
Platform: Web Application
Title: Wrapper.PHP for OsCommerce Local File Include
Description: Wrapper.php for OsCommerce is a web based image
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"file" parameter when used by the "wrapper.php" script.
Ref: http://www.securityfocus.com/bid/24565
______________________________________________________________________

07.26.59 CVE: Not Available
Platform: Web Application
Title: PHPAccounts Index.PHP Local File Include
Description: PHP Accounts is a web-based accounting application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "index.php" script. PHP Accounts version 0.5 is affected.
Ref: http://www.securityfocus.com/bid/24572
______________________________________________________________________

07.26.60 CVE: Not Available
Platform: Web Application
Title: Comersus Cart Multiple Input Validation Vulnerabilities
Description: Comersus Cart is a set of ASP scripts creating an online
shopping cart. It works on a database of your choosing, defaulting to
Microsoft Access. The application is exposed to multiple input
validation issues: an SQL injection issue due to the application
failing to properly sanitize user-supplied input to the "idProduct"
parameter of the "/store/comersus_optReviewReadExec.asp" script; and
multiple cross-site scripting issues due to the application failing to
properly sanitize user-supplied input to the "redirectURL" parameter
of the "/store/comersus_customerAuthenticateForm.asp" and the
'message' parameter of the "store/comersus_message.asp" script.
Comersus Cart version 7.0.7 is affected.
Ref: http://www.securityfocus.com/archive/1/471837
______________________________________________________________________

07.26.61 CVE: Not Available
Platform: Web Application
Title: Musoo GLOBALS[ini_array] Parameter Remote File Include
Vulnerabilities
Description: Madirish Webmail is a web-based email application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"GLOBALS["ini_array"]["EXTLIB_PATH"]" parameter of the "/msDb.php",
"/modules/MusooTemplateLite.php" and "/modules/SoundImporter.php"
scripts. Musoo version 0.21 is affected.
Ref: http://www.securityfocus.com/bid/24554
______________________________________________________________________

07.26.62 CVE: Not Available
Platform: Web Application
Title: Jasmine CMS Multiple Input Validation Vulnerabilities
Description: Jasmine CMS is a content management system. The
application is exposed to multiple input validation issues which
include:- multiple SQL injection issues in the "login_username"
parameter of the "login.php" script and the "item" parameter of the
"news.php" script; and a local file include issue in the "u" parameter
of the "admin/plugin_manager.php" script. Jasmine CMS version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/24546
______________________________________________________________________

07.26.63 CVE: Not Available
Platform: Web Application
Title: WordPress Automattic Stats Module Referer Field HTML Injection
Description: The Automattic Stats module for WordPress is a module for
wordpress that tracks webpage statistics. The application is exposed
to an HTML injection issue because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
This issue resides in the "referer" field. The Automattic Stats module
version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/471734
______________________________________________________________________

07.26.64 CVE: Not Available
Platform: Web Application
Title: YABB Multiple Local File Include Vulnerabilities
Description: YaBB is a web-based bulletin board application
implemented in Perl. The application is exposed to multiple local file
include issues because it fails to sufficiently sanitize user-supplied
input. YaBB versions 2.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/471733
______________________________________________________________________

07.26.65 CVE: Not Available
Platform: Web Application
Title: DKret Search Widget HTML Injection
Description: dKret is a Wordpress theme. The application is exposed to
an HTML injection issue because it fails to properly sanitize
user-supplied input to the "Search" widget of the application. dKret
versions prior to 2.6 are affected.
Ref: http://www.securityfocus.com/bid/24518
______________________________________________________________________

07.26.66 CVE: Not Available
Platform: Web Application
Title: WEBIF.CGI OutConfig Parameter Local File Include
Description: WEBIF.CGI is a bibliography application implemented in
CGI. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "outconfig"
parameter when used by the "webif.cgi" script.
Ref: http://www.securityfocus.com/bid/24516
______________________________________________________________________

07.26.67 CVE: Not Available
Platform: Web Application
Title: STPHP EasyNews Pro Unspecified Script HTML Injection
Description: STphp EasyNews Pro is a web-based news management
application. The application is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. STphp EasyNews Pro version 4.0 is
affected.
Ref: http://www.securityfocus.com/bid/24512
______________________________________________________________________

07.26.68 CVE: Not Available
Platform: Web Application
Title: MiniBB Language Parameter Local File Include
Description: miniBB is a web-based bulletin board. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language" parameter when used by
the "index.php" script. miniBB version 2.0.5 is affected.
Ref: http://www.securityfocus.com/bid/24503
______________________________________________________________________

07.26.69 CVE: Not Available
Platform: Web Application
Title: YourFreeScreamer Form.PHP Remote File Include
Description: YourFreeScreamer is a web-based Shoutbox/Guestbook
application. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"serverPath" parameter of the "form.php" script. YourFreeScreamer
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/24500
______________________________________________________________________

07.26.70 CVE: Not Available
Platform: Web Application
Title: WmFrog Insecure Temporary File Creation
Description: WmFrog is a graphical weather monitor application
designed to show the current weather patterns through a graphical
interface in an XFree86 desktop environment.
The "wmapps" file in the application creates temporary files in an
insecure manner. WmFrog versions prior to 0.2.0 are affected.
Ref: http://www.securityfocus.com/bid/24504
______________________________________________________________________

07.26.71 CVE: Not Available
Platform: Web Application
Title: PHPListPro Addsite.PHP HTML Injection
Description: phpListPro is a top-list application. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the "site_address" parameter of the
"addform.php" script. phpListPro version 2.0.1 is affected.
Ref: http://www.securityfocus.com/bid/24509
______________________________________________________________________

07.26.72 CVE: Not Available
Platform: Web Application
Title: HP System Management Homepage Remote Privilege Escalation
Description: HP System Management Homepage is a web-based interface
used to manage ProLiant and Integrity servers running Windows or
Linux. The application is exposed to a privilege escalation issue
because the application handles all Novell eDirectory members as users
in the superuser group. HP System Management Homepage versions prior
to 2.1.9 that are running on Linux with Novell's eDirectory services
are affected.
Ref: http://www.securityfocus.com/bid/24486
______________________________________________________________________

07.26.73 CVE: Not Available
Platform: Web Application
Title: Papoo CMS Multiple HTML Injection Vulnerabilities
Description: Papoo CMS is a content management system. The application
is exposed to multiple HTML-injection issues because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Papoo CMS version 3.6 is affected.
Ref: http://www.securityfocus.com/archive/1/471490
______________________________________________________________________

07.26.74 CVE: Not Available
Platform: Web Application
Title: phpListPro Topsite Entry Page HTML Injection
Description: phpListPro is a top list application. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the form used to add new web sites.
phpListPro version 2.0.1 is affected.
Ref: http://www.securityfocus.com/bid/24495
______________________________________________________________________

07.26.75 CVE: Not Available
Platform: Web Application
Title: phpMyInventory Global.Inc.PHP Remote File Include
Description: phpMyInventory is a web-based inventory tracking
application. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"strIncludePrefix" parameter of the "includes/global.inc.php" script.
phpMyInventory version 2.8 is affected.
Ref: http://www.securityfocus.com/bid/24496
______________________________________________________________________

07.26.76 CVE: Not Available
Platform: Network Device
Title: Juniper Networks IVE OS LDAP Referrals TLS Plaintext Password
Description: Juniper IVE (Instant Virtual Extranet) OS is an operating
system used by Juniper devices. The application is exposed to a
password disclosure issue when used with TLS. This issue arises when a
connection to a slave is established using Start TLS enabled. Juniper
IVE OS 5.4 and 6.0 are affected.
Ref: http://www.securityfocus.com/bid/24575
______________________________________________________________________

07.26.77 CVE: Not Available
Platform: Network Device
Title: D-Link DPH-540/DPH-541 Wi-Fi Phone Security Bypass
Description: The D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless
Voice over IP (VoIP) home/business phone. The phone is exposed to a
security bypass issue because it accepts SIP requests from random
source IP addresses.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&
______________________________________________________________________

07.26.78 CVE: Not Available
Platform: Network Device
Title: Polycom SoundPoint IP 601 SIP Phone CGI Request Remote Denial
of Service
Description: Polycom SoundPoint IP 601 SIP phones are multi-line
SIP-capable phones. The phones are exposed to a denial of service
issue due to a failure of the devices to properly bounds check
user-supplied input prior to copying it to an insufficiently sized
memory buffer. Phones with firmware versions in the 3.0 series are
affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=273&
______________________________________________________________________

07.26.79 CVE: Not Available
Platform: Network Device
Title: BlackBerry 7270 Phone SIP Stack Format String
Description: BlackBerry 7270 is a wireless, hand-held communication
device. The device is exposed to a remote format-string issue that
affects the "From" field of "SIP INVITE" message headers. When a
malicious message is processed, the phone will be unable to send or
receive further calls until it has been reset. BlackBerry 7270 with
BlackBerry Device Software versions 4.0.1.83 and earlier are affected.
Ref: http://www.securityfocus.com/bid/24548
______________________________________________________________________

07.26.80 CVE: Not Available
Platform: Network Device
Title: SJPhone SIP Phone Invite Transaction Denial of Service
Description: The SJPhone SIP Phone is a Voice Over IP (VOIP) client
application. The application is exposed to a denial of service issue
because the application fails to handle specially crafted SIP
messages.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&
______________________________________________________________________

07.26.81 CVE: Not Available
Platform: Network Device
Title: BlackBerry 7270 SIP Header Denial of Service
Description: BlackBerry 7270 is a wireless, hand-held communication
device. The device gets exposed to a remote denial of service issue
when the device handles a malformed "SIP INVITE" message. BlackBerry
7270 with BlackBerry Device Software Versions 4.0.1.83 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/24545
______________________________________________________________________

07.26.82 CVE: Not Available
Platform: Network Device
Title: D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header Denial of
Service
Description: D-Link DPH-540/DPH-541 Wi-Fi phone is a wireless Voice
over IP (VoIP) home and business phones. This Wi-Fi phone is exposed
to a remote denial of service issue when the phone handles a malformed
SDP header in a "SIP INVITE" message.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&
______________________________________________________________________

07.26.83 CVE: Not Available
Platform: Network Device
Title: Avaya One-X Desktop Edition SIP Header Denial of Service
Description: Avaya One-X Desktop Edition is a soft-phone application
that enables SIP-based (Session Initiation Protocol) endpoints on
computers running the Microsoft Windows operating system. The phone
gets exposed to a remote denial of service issue when the phone
handles a malformed SIP header data. Avaya One-X Desktop Edition
versions 2.1.0.70 and earlier are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm
______________________________________________________________________

07.26.84 CVE: Not Available
Platform: Network Device
Title: Polycom SoundPoint IP 601 SIP Phone INVITE Message Remote
Denial of Service
Description: Polycom SoundPoint IP 601 SIP phones are multi-line
SIP-capable phones. The phones are exposed to a denial of service
issue due to a failure of the devices to properly bounds check
user-supplied input prior to copying it to an insufficiently sized
memory buffer. Phones with firmware versions in the 3.0 series running
with the SIP application version 1.6.3.0067 are affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=272&
______________________________________________________________________

07.26.85 CVE: Not Available
Platform: Network Device
Title: Aastra 9112i SIP Phone SIP Message Denial of Service
Description: Aastra 9112i SIP Phone is a Voice Over IP (VOIP) phone.
The application is exposed to a denial of service issue because the
application fails to handle specially crafted SIP messages. Firmware
version 1.4.0.1049, Boot version: 1.1.0.10 are affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=277&
______________________________________________________________________

07.26.86 CVE: Not Available
Platform: Network Device
Title: Avaya 4602SW SIP Phone Security Bypass
Description: The Avaya 4602SW is a SIP-based IP phone used in
conjunction with a SIP call server on the Microsoft Windows operating
system. The Avaya 4602SW SIP Phone is exposed to a security bypass
issue because it accepts SIP "INVITE" requests from random source IP
addresses. The Avaya 4602 SW IP Phone (Model 4602D02A) is affected.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=300&
______________________________________________________________________

07.26.87 CVE: Not Available
Platform: Network Device
Title: Snom-320 SIP Remote Unauthorized Access
Description: The Snom-320 is a remotely manageable SIP VoIP business
telephone. The application is exposed to a remote unauthorized access
issue that may lead to information disclosure.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&
______________________________________________________________________

07.26.88 CVE: Not Available
Platform: Network Device
Title: Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access
Description: The Snom-320 is a remotely manageable SIP VoIP business
telephone. The Snom-320 SIP VoIP phone is exposed to a remote issue
that may permit arbitrary dialing of the phone. The problem occurs
with how the device handles GET requests to TCP port 1800.
Ref:
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=276&
______________________________________________________________________

(c) 2007. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

Agenda for the Application Security Summit, Aug. 15-16, Washington DC
Expert Briefings:

1. Expert Briefing: The Three Programming Errors that Caused More than
90% of all Critical Vulnerabilities Reported in 2006.
Surprisingly nearly all critical vulnerabilities reported during 2006
were caused by just three types of programming errors. You'll learn
what they are, how they happen and how to fix them in this briefing.
Rohit Dhamankar, editor RISK, and Senior Engineer, TippingPoint

2. Expert Briefing: New Frontiers of Web Hacking: AJAX Vulnerabilities,
Deep SQL Injection, Cross Site Reference Forgery, and More
An eye-opening briefing on a series of the newest attacks enabling
criminals to compromise web-application (leaders from the application
security field)

3. Expert Panel: Application Security and PCI Compliance - What It Means
The credit card industry has changed its standards requiring every
organization that processes credit cards to upgrade application
security, In this expert panel you'll learn what PCI requires and how
to meet the requirements.

User Panels: Key questions User Are Asking

4. User Panel: Validating Application Security: Choosing the Right
Combination of Tools for Your Application Security Tool Box?
Can application firewalls replace application scanners? Do application
scanners do a better job that source code analyzers. How bad are the
false positives? In this panel users of experienced users of the
various tools will share their experiences and try to reach consensus
on the right tools for an application security toolbox.

5. User Panel: Essential of a comprehensive application security program?
Some organizations start their application security initiative without
a comprehensive picture of the elements they will be putting in place
as part of that program. This panel of very experienced users
illuminates the elements you may have missed in your planning and
explains why they matter.

6. User Panel: Justifying, planning, launching and organizing an
application security program
This panel will address questions such as: What are the costs of an
application security program and how are the benefits best presented to
management? Who should be in charge and what are the first steps to get
a program solidly on track?

7. User Panel: Promising Practices in Building the Partnership
Between Security Staff and the Developers (building into SDLC, when to
use code reviews)
In this panel users focus squarely on the ultimate goal - moving beyond
application testing by the security group to get the programmers to
embrace the tools or at least to get them to fix the problems willingly
and quickly. This panel also looks at where application security best
fits in the SDLC.

8. User Panel: Training and testing our application developers and testers
Are the courses being offered by web security experts actually working?
How do you know? In this panel users and experts will discuss the
various training alternatives open to application developers and review
the new international certification examinations that were launched this
summer to measure application security skills in each major programming
language.

9. User Panel: Innovative uses of procurement to improve application security
Innovative CIOs have discovered that the most powerful weapon in the
application security arsenal is the language the use in their
procurements. In fact they have discovered that when they don't include
explicit application security requirements in their procurement
documents and contracts, the cost of better security rises
exponentially. This panel will review ways to use procurement language
effectively.

10. User Panel: Trust but Verify: Managing application security when
applications development projects are outsourced
Expanding on the procurement panel topics, this panel explores the
unique character of outsourced development and looks at what special
programs help ensure outsourced application development meet high
security standards.

Vendor panels

11. Vendor Panel: Implementation lessons learned. When uses deploy
application security tools, they often make mistakes that lessen the
value of the tools. In this panel technical experts from application
security tool vendors share the most common mistakes and tell how to
avoid them.

12. Vendor Panel: Tools shootout
A great chance to pick the application security vendors you'll want on
your short list of products to consider.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGgGCj+LUG5KFpTkYRAjnVAJ0cw0NhR20LzKu/6SuosHZLGNC+dgCeKlxN
YKWa8Dyh4qfQDDjKG08mbMc=
=KXt2
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]