----------------------------------------
This Issue is Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------
I. FRONT AND CENTER
1. Employee Privacy, Employer Policy
2. Surprises Inside Microsoft Vista's EULA
II. BUGTRAQ SUMMARY
1. Wireshark Multiple Protocol Dissectors Denial of Service Vulnerabilities
2. Asterisk Multiple Remote Vulnerabilities
3. WP-DB Backup For Wordpress Edit.PHP Directory Traversal Vulnerability
4. Simple Website Software Common.PHP Remote File Include Vulnerability
5. Algorithmic Research PrivateWire Online Registration Remote Buffer Overflow Vulnerability
6. FreePBX Upgrade.PHP Remote File Include Vulnerability
7. Sendmail Malformed MIME Message Denial Of Service Vulnerability
8. TextPattern Publish.PHP Remote File Include Vulnerability
9. Ascended Guestbook Embedded.PHP Remote File Include Vulnerability
10. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
11. Trolltech QT Pixmap Images Integer Overflow Vulnerability
12. MP3 Streaming DownSampler Core.Inc.PHP Remote File Include Vulnerability
13. EE Tool Ip.Inc.PHP Remote File Include Vulnerability
14. Free Image Hosting Forgot_Pass.PHP Remote File Include Vulnerability
15. Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability
16. MiraksGalerie Multiple Remote File Include Vulnerabilities
17. BBSNew Index2.PHP Remote File Include Vulnerability
18. PLS-Bannieres Bannieres.PHP SQL Injection Vulnerability
19. RETIRED: PLS-Bannieres Bannieres.PHP Remote File Include Vulnerability
20. RETIRED: Exporia Common.PHP Remote File Include Vulnerability
21. Web Wiz Forum Search.ASP SQL Injection Vulnerability
22. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
23. Xsupplicant Stack Buffer Overflow Vulnerability
24. OpenPBS Multiple Local and Remote Vulnerabilities
25. PHPTreeView TreeViewClass.PHP Remote File Include Vulnerability
26. Mono System.CodeDom.Compiler Class Insecure Temporary File Creation Vulnerability
27. Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities
28. Mozilla Network Security Services Library Remote Denial of Service Vulnerability
29. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
30. Microsoft Internet Explorer Remote Window Hijacking Vulnerability
31. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
32. OpenSSL ASN.1 Structures Denial of Service Vulnerability
33. Mozilla Firefox Range Script Object Denial of Service Vulnerability
34. Easy Web Portal Multiple Remote File Include Vulnerabilities
35. ISC BIND Multiple Remote Denial of Service Vulnerabilities
36. OpenSSL Public Key Processing Denial of Service Vulnerability
37. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
38. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
39. BytesFall Explorer Sessions.Lib.PHP SQL Injection Vulnerability
40. HP NonStop Server Unauthorized Directory Access Vulnerability
41. Multiple IBM Products Installer Insecure Temporary File Creation Vulnerability
42. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
43. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
44. LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
45. LibTIFF Sanity Checks Multiple Denial of Service Vulnerabilities
46. PHP ZendEngine ECalloc Integer Overflow Vulnerability
47. LibTIFF EstimateStripByteCounts() Denial of Service Vulnerability
48. BytesFall Explorer Multiple Unspecified SQL Injection Vulnerabilities
49. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
50. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
51. PostgreSQL Multiple Local Denial of Service Vulnerabilities
52. PunBB SQL Injection and Remote File Include Vulnerabilities
53. GNU GZip Archive Handling Multiple Remote Vulnerabilities
54. Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
55. phpFaber CMS Htmlarea.PHP Cross-Site Scripting Vulnerability
56. NmnLogger Message Drivers Unspecified Vulnerability.
57. GNU Screen Multiple Denial of Service Vulnerabilities
58. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
59. PHPProfiles Reqpath Parameter Multiple Remote File Include Vulnerabilities
60. HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability
61. MySource CMS Init_Mysource.PHP Remote File Include Vulnerability
62. Yukihiro Matsumoto Ruby CGI Module MIME Denial Of Service Vulnerability
63. Foresite CMS Index_2.PHP Cross-Site Scripting Vulnerability
64. Sophos Antivirus Multiple Denial of Service Vulnerabilities
65. E Annu Login SQL Injection Vulnerability
66. NitroTech Common.PHP Local File Include Vulnerability
67. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
68. Vilistextum Remote Denial of Service and Buffer Overflow Vulnerabilities
69. OpenWBEM Insecure Random Number Generator Vulnerability
70. Retired: SnapGear Multiple Unspecified Denial of Service Vulnerabilities
71. Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability
72. OpenDocMan Username SQL Injection Vulnerability
73. Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
74. EQDKP Backup.PHP Authentication Bypass Vulnerability
75. Ampache Guest Account Information Disclosure Vulnerability
76. QnECMS Adminfolderpath Parameter Multiple Remote File Include Vulnerabilities
77. Pentaho BI Project Multiple Unspecified SQL Injection Vulnerabilities
78. Easy NotesManager Multiple SQL Injection Vulnerabilities
79. PHPEasyData Index.PHP SQL Injection Vulnerability
80. Techno Dreams Guestbook Guestbookview.ASP SQL Injection Vulnerability
81. FAQ Administrator FAQ_Reply.PHP Remote File Include Vulnerability
82. Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine Local Privilege Escalation Vulnerability
83. Techno Dreams Announcement MainAnnounce2.ASP SQL Injection Vulnerability
84. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
85. IG Shop Change_Pass.PHP Cross-Site Scripting Vulnerability
86. Freenews Aff_News.PHP Remote File Include Vulnerability
87. PHP My Ring Cherche.PHP SQL Injection Vulnerability
88. iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
89. Netquery NQUser.PHP Cross-Site Scripting Vulnerability
90. J-Owamp Web Interface Jowamp_ShowPage.PHP Remote File Include Vulnerability
91. ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router Information Disclosure Vulnerability
92. Sun Java System Messenger Express Cross-Site Scripting Vulnerability
93. Gepi Savebackup.PHP Remote File Include Vulnerability
94. PHP-Nuke Journal Module Search.PHP SQL Injection Vulnerability
95. Exhibit Engine Toroot Parameter Multiple Remote File Include Vulnerabilities
96. Actionpoll Multiple Remote File Include Vulnerabilities
97. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
98. Aktueldownload Haber Scripti HaberDetay.ASP SQL Injection Vulnerability
99. Netref 4 Cat_For_AFF.PHP Directory Traversal Vulnerability
100. FreeType LWFN Files Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Quantum attacks worry computer scientists
2. Bot nets likely behind jump in spam
3. Researcher attempts to shed light on security troll
4. Targeted Trojan attacks on the rise
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Engineer, Boulder
2. [SJ-JOB] Sales Representative, Boulder
3. [SJ-JOB] Security Consultant, London
4. [SJ-JOB] Security Engineer, Toledo
5. [SJ-JOB] Security System Administrator, Louisville
6. [SJ-JOB] Forensics Engineer, Warren
7. [SJ-JOB] Channel / Business Development, San Diego
8. [SJ-JOB] Sales Engineer, New York
9. [SJ-JOB] Information Assurance Engineer, Chantilly
10. [SJ-JOB] Sales Engineer, Chicago
11. [SJ-JOB] Sales Engineer, Boston
12. [SJ-JOB] Security Architect, McLean
13. [SJ-JOB] Application Security Engineer, New York
14. [SJ-JOB] Quality Assurance, Dallas
15. [SJ-JOB] Security Engineer, New York
16. [SJ-JOB] Security Engineer, New York City
17. [SJ-JOB] Product Strategist, New York
18. [SJ-JOB] Security Consultant, New York
19. [SJ-JOB] Security Researcher, Mountain View
20. [SJ-JOB] Customer Service, Westboro
21. [SJ-JOB] Security Consultant, Bangalore
22. [SJ-JOB] Quality Assurance, Dallas
23. [SJ-JOB] Security Consultant, Gurgaon
24. [SJ-JOB] Security Consultant, Hyderabad
25. [SJ-JOB] Security Consultant, Pune
26. [SJ-JOB] Security Consultant, Mumbai
27. [SJ-JOB] Privacy Officer, Warren
28. [SJ-JOB] Security Engineer, Sydney
29. [SJ-JOB] Security Architect, Cupertino
30. [SJ-JOB] Security Architect, Newport Beach
31. [SJ-JOB] Privacy Officer, LITTLE ROCK
32. [SJ-JOB] Software Engineer, Columbia
33. [SJ-JOB] Account Manager, Superior
34. [SJ-JOB] Auditor, Arlington, VA
35. [SJ-JOB] Sr. Security Analyst, Pittsburgh
V. INCIDENTS LIST SUMMARY
1. Malware/trojan attacks
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Asterisk ignoring replayed libpcap sessions
2. Call for Participation - EC2ND 2006
VII. MICROSOFT FOCUS LIST SUMMARY
1. IIS Security
2. SecurityFocus Microsoft Newsletter #314
3. FW: grant access to WINS only
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Detecting brute force attacks
2. Detecting Brute-Force and Dictionary attacks
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Employee Privacy, Employer Policy
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams and botnet attacks that are stealing millions from organizations and individuals.
http://www.securityfocus.com/columnists/419
2. Surprises Inside Microsoft Vista's EULA
By Scott Granneman
Scott Granneman takes a look at some big surprises in Microsoft's Vista EULA that limit what security professionals and others can do with the forthcoming operating system.
http://www.securityfocus.com/columnists/420
II. BUGTRAQ SUMMARY
--------------------
1. Wireshark Multiple Protocol Dissectors Denial of Service Vulnerabilities
BugTraq ID: 20762
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20762
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.
Wireshark versions prior to 0.99.4 are affected.
2. Asterisk Multiple Remote Vulnerabilities
BugTraq ID: 19683
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19683
Summary:
Asterisk is prone to remote buffer-overflow, format-string, and directory-traversal vulnerabilities. These issues arise because the application fails to properly bounds-check and sanitize user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting these vulnerabilities allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
3. WP-DB Backup For Wordpress Edit.PHP Directory Traversal Vulnerability
BugTraq ID: 19504
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/19504
Summary:
WP-DB Backup For Wordpress is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
4. Simple Website Software Common.PHP Remote File Include Vulnerability
BugTraq ID: 20787
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20787
Summary:
Simple Website Software is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 0.99 is vulnerable to this issue; other versions may also be affected.
5. Algorithmic Research PrivateWire Online Registration Remote Buffer Overflow Vulnerability
BugTraq ID: 18647
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/18647
Summary:
PrivateWire online registration is prone to a remote buffer-overflow vulnerability.
The application fails to properly check boundary conditions when handling GET requests.
This issue allows attackers to execute arbitrary machine code in the context of the affected application software.
Version 3.7 is vulnerable to this issue; previous versions may also be affected.
6. FreePBX Upgrade.PHP Remote File Include Vulnerability
BugTraq ID: 20785
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20785
Summary:
The configuration interface for freePBX is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.1.3 is vulnerable; other versions may also be affected.
7. Sendmail Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 18433
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multi-part MIME messages.
An attacker can exploit this issue to crash the sendmail process during delivery.
8. TextPattern Publish.PHP Remote File Include Vulnerability
BugTraq ID: 20769
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20769
Summary:
TextPattern is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
TextPattern g1.19 and prior versions are vulnerable to this issue; other versions may also be affected.
9. Ascended Guestbook Embedded.PHP Remote File Include Vulnerability
BugTraq ID: 20710
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20710
Summary:
Ascended Guestbook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Ascended Guestbook 1.0.0 and prior versions are vulnerable to this issue.
10. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
BugTraq ID: 20559
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20559
Summary:
The NVIDIA binary graphics driver is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service.
NVidia Driver for Linux versions 8774 and 8762 are vulnerable to this issue; other versions may also be affected.
11. Trolltech QT Pixmap Images Integer Overflow Vulnerability
BugTraq ID: 20599
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20599
Summary:
Qt is prone to an integer-overflow vulnerability because the library fails to do proper bounds checking on user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.
12. MP3 Streaming DownSampler Core.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 20783
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20783
Summary:
MP3 Streaming DownSampler is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
13. EE Tool Ip.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 20780
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20780
Summary:
EE Tool is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
14. Free Image Hosting Forgot_Pass.PHP Remote File Include Vulnerability
BugTraq ID: 20782
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20782
Summary:
Free Image Hosting is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
15. Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability
BugTraq ID: 20781
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20781
Summary:
Free File Hosting is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Free File Hosting 1.1 and prior versions are vulnerable.
16. MiraksGalerie Multiple Remote File Include Vulnerabilities
BugTraq ID: 18313
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/18313
Summary:
MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
17. BBSNew Index2.PHP Remote File Include Vulnerability
BugTraq ID: 20204
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20204
Summary:
bbsNew is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
18. PLS-Bannieres Bannieres.PHP SQL Injection Vulnerability
BugTraq ID: 20779
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20779
Summary:
PLS-Bannieres is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
19. RETIRED: PLS-Bannieres Bannieres.PHP Remote File Include Vulnerability
BugTraq ID: 20772
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20772
Summary:
PLS-Bannieres is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Version 1.21 is vulnerable to this issue; other versions may also be affected.
This BID is being retired because further analysis reveals that the application is not vulnerable to this issue.
20. RETIRED: Exporia Common.PHP Remote File Include Vulnerability
BugTraq ID: 20205
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20205
Summary:
Exporia is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This BID is being retired because further analysis reveals that the application is not vulnerable to this issue.
21. Web Wiz Forum Search.ASP SQL Injection Vulnerability
BugTraq ID: 20778
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20778
Summary:
Web Wiz Forum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
22. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
BugTraq ID: 20733
Remote: No
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20733
Summary:
Mutt creates temporary files in an insecure manner.
Attackers could exploit these issues to perform symlink attacks to overwrite arbitrary files using the privileges of the user running the vulnerable application.
Mutt 1.5.12 and prior versions are vulnerable.
23. Xsupplicant Stack Buffer Overflow Vulnerability
BugTraq ID: 20775
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20775
Summary:
Xsupplicant is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
Xsupplicant versions prior to 1.2.8 are reported vulnerable.
24. OpenPBS Multiple Local and Remote Vulnerabilities
BugTraq ID: 20776
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20776
Summary:
OpenPBS is prone to multiple unspecified remote and local vulnerabilities.
Exploiting these issues may allow both local and remote attackers to completely compromise affected computers because portions of the software operate with superuser privileges. Failed exploit attempts may result in denial-of-service conditions.
Very little information is currently available; this BID will be updated as more information is disclosed.
25. PHPTreeView TreeViewClass.PHP Remote File Include Vulnerability
BugTraq ID: 20764
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20764
Summary:
PHPTreeview is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
26. Mono System.CodeDom.Compiler Class Insecure Temporary File Creation Vulnerability
BugTraq ID: 20340
Remote: No
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
The Mono 'System.CodeDom.Compiler' class creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
Versions 1.0 and 2.0 are vulnerable; other versions may also be affected.
27. Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities
BugTraq ID: 20823
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20823
Summary:
Easy File Sharing Web Server is prone to information-disclosure and input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.
The issues include HTML-injection, cross-site scripting, and arbitrary information-disclosure vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, and gain access to otherwise confidential information. Successful exploits may facilitate a compromise of the underlying computer.
Version 4.0 of Easy File Sharing Web Server is vulnerable; other versions may also be affected.
28. Mozilla Network Security Services Library Remote Denial of Service Vulnerability
BugTraq ID: 18604
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory resources on affected computers. This may lead to computer hangs or panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
29. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
30. Microsoft Internet Explorer Remote Window Hijacking Vulnerability
BugTraq ID: 11855
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/11855
Summary:
Microsoft Internet Explorer is reported prone to a vulnerability that may allow a website to hijack the contents of a trusted window. This issue may allow a remote attacker to carry out phishing attacks.
This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site.
If the attack is successful, the contents of the target site's window can be spoofed, resulting in phishing attacks.
31. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.
32. OpenSSL ASN.1 Structures Denial of Service Vulnerability
BugTraq ID: 20248
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users.
33. Mozilla Firefox Range Script Object Denial of Service Vulnerability
BugTraq ID: 20799
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20799
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
An attacker may exploit this vulnerability to cause Mozilla Firefox to crash, resulting in denial-of-service conditions.
Mozilla Firefox 1.5.0.7 and prior, as well as version 2.0 are prone to this issue.
34. Easy Web Portal Multiple Remote File Include Vulnerabilities
BugTraq ID: 20825
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20825
Summary:
Easy Web Portal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.1.2 is vulnerable; other versions may also be affected.
35. ISC BIND Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 19859
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19859
Summary:
ISC BIND is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions, effectively denying service to legitimate users.
36. OpenSSL Public Key Processing Denial of Service Vulnerability
BugTraq ID: 20247
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server using OpenSSL.
37. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
BugTraq ID: 20246
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to crash, effectively denying service.
38. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
BugTraq ID: 20537
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an unspecified failure in the CHM unpacker.
Exploitation could cause the application to crash, resulting in a denial of service.
39. BytesFall Explorer Sessions.Lib.PHP SQL Injection Vulnerability
BugTraq ID: 20828
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20828
Summary:
BytesFall Explorer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 0.0.6; other versions may also be vulnerable.
40. HP NonStop Server Unauthorized Directory Access Vulnerability
BugTraq ID: 20824
Remote: No
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20824
Summary:
HP Nonstop Server is prone to a vulnerability that may permit unauthorized access to OSS directories.
Information the attacker obtains by accessing OSS directories may aid in further attacks.
41. Multiple IBM Products Installer Insecure Temporary File Creation Vulnerability
BugTraq ID: 20300
Remote: No
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20300
Summary:
The installation process for multiple IBM products creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
IBM Informix Dynamic Server version 10.0, IBM Informix Client SDK 2.90, and IBM Informix Connect 2.90 are vulnerable to this issue.
42. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
BugTraq ID: 19288
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected library. Failed exploit attempts will likely crash the application, denying service to legitimate users.
43. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19290
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
The PixarLog Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.
This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial-of-service.
44. LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
BugTraq ID: 19287
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19287
Summary:
The libTIFF library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by submitting malformed image files.
When the libTIFF library routines process a malicious TIFF file, this could result in abnormal behavior, cause the application to become unresponsive, or possibly allow malicious code to execute.
45. LibTIFF Sanity Checks Multiple Denial of Service Vulnerabilities
BugTraq ID: 19286
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19286
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to cause a denial of service in applications using the affected library.
46. PHP ZendEngine ECalloc Integer Overflow Vulnerability
BugTraq ID: 20349
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20349
Summary:
PHP is prone to an integer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
47. LibTIFF EstimateStripByteCounts() Denial of Service Vulnerability
BugTraq ID: 19284
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of service in applications using the affected library.
48. BytesFall Explorer Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 20800
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20800
Summary:
BytesFall Explorer is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Versions prior to 0.0.7.2 are vulnerable to these issues.
49. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19282
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
The Next RLE Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.
This issue occurs because the application fails to check boundary conditions on certain RLE decoding operations.
This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service.
50. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
BugTraq ID: 18331
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper boundary checks before copying user-supplied data into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users.
51. PostgreSQL Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 20717
Remote: No
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20717
Summary:
PostgreSQL is prone to multiple local denial-of-service vulnerabilities because of various errors in the application when handling user-supplied data.
A local authenticated attacker can exploit these issues to crash the server, effectively denying service to legitimate users.
52. PunBB SQL Injection and Remote File Include Vulnerabilities
BugTraq ID: 20786
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20786
Summary:
PunBB is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may exploit these issues to execute arbitrary script code in the context of the webserver process or to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PunBB 1.2.13 and prior versions are vulnerable; other versions may also be affected.
53. GNU GZip Archive Handling Multiple Remote Vulnerabilities
BugTraq ID: 20101
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.
54. Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
BugTraq ID: 20728
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20728
Summary:
Microsoft Internet Explorer is prone to a weakness that allows attackers to spoof a popup window and address bar.
Attackers may exploit this via a malicious web page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
55. phpFaber CMS Htmlarea.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20821
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20821
Summary:
phpFaber CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 1.3.36; earlier versions may also be vulnerable.
56. NmnLogger Message Drivers Unspecified Vulnerability.
BugTraq ID: 20820
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20820
Summary:
NmnLogger is prone to an unspecified vulnerability.
The precise nature of this vulnerability is currently unavailable; this BID will be updated as more information becomes available.
57. GNU Screen Multiple Denial of Service Vulnerabilities
BugTraq ID: 20727
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20727
Summary:
GNU Screen is prone to multiple denial-of-service vulnerabilities. A remote attacker may trigger these issues and deny services to legitimate users.
GNU Screen versions prior to 4.0.3 are affected by these vulnerabilities.
58. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
BugTraq ID: 20707
Remote: No
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
59. PHPProfiles Reqpath Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 20819
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20819
Summary:
phpProfiles is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 2.1 Beta is vulnerable to these issues; other versions may also be affected.
60. HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 19495
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19495
Summary:
HP OpenView Storage Data Protector Backup Agent is prone to an arbitrary command-execution vulnerability.
Attackers can exploit this vulnerability to execute arbitrary commands in the context of the affected process. This may help them compromise the underlying system; other attacks are also possible.
61. MySource CMS Init_Mysource.PHP Remote File Include Vulnerability
BugTraq ID: 20817
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20817
Summary:
MySource CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
MySource CMS 2.16.2 and prior versions are vulnerable to this issue.
62. Yukihiro Matsumoto Ruby CGI Module MIME Denial Of Service Vulnerability
BugTraq ID: 20777
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20777
Summary:
Ruby is prone to a remote denial-of-service vulnerability because the application's CGI module fails to properly handle specific HTTP requests that contain invalid information.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected Ruby CGI Module.
63. Foresite CMS Index_2.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20818
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20818
Summary:
ForeSite CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
64. Sophos Antivirus Multiple Denial of Service Vulnerabilities
BugTraq ID: 20816
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20816
Summary:
Sophos Antivirus is prone to multiple denial-of-service vulnerabilities.
A remote attacker may trigger these issues to deny service to legitimate users.
65. E Annu Login SQL Injection Vulnerability
BugTraq ID: 20815
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20815
Summary:
E Annu is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
66. NitroTech Common.PHP Local File Include Vulnerability
BugTraq ID: 20810
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20810
Summary:
NitroTech is prone to a local file-include vulnerability.
An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable system in the context of the application and to execute malicious PHP code. Information obtained may aid in further attacks, including a remote compromise of the application.
NitroTech 0.0.3a is reportedly vulnerable; other versions may also be affected.
67. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
BugTraq ID: 20797
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20797
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability that results in arbitrary code execution.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Internet Explorer 6 is vulnerable to this issue; other versions may also be affected.
An exploit for this issue is reportedly in the wild.
68. Vilistextum Remote Denial of Service and Buffer Overflow Vulnerabilities
BugTraq ID: 20813
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20813
Summary:
Vilistextum is prone to multiple remote vulnerabilities. The first issue is a memory leak; the second issue is an off-by-one buffer overflow.
Exploiting these vulnerabilities may allow remote attackers to execute arbitrary machine-code in the context of the affected application or to crash the application, denying service to users.
Note that a successful exploit requires that unsuspecting victims use the affected utility to process attacker-supplied files.
Vilistextum versions prior to 2.6.9 are vulnerable to these issues.
69. OpenWBEM Insecure Random Number Generator Vulnerability
BugTraq ID: 20807
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20807
Summary:
OpenWBEM generates random numbers in an insecure manner.
An attacker can exploit this issue to gain elevated privileges on the affected server. This issue may lead to other attacks.
OpenWBEM 3.2.0 through 3.2.1 are vulnerable to this issue.
70. Retired: SnapGear Multiple Unspecified Denial of Service Vulnerabilities
BugTraq ID: 19805
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/19805
Summary:
SnapGear is prone to multiple unspecified remote denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to crash an affected device, effectively denying service to legitimate users.
These issues affect SnapGear firmware versions prior to 3.1.4u2.
This BID is being retired.
71. Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability
BugTraq ID: 20812
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20812
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to execute certain JavaScript code.
Successfully exploiting this issue will cause the affected application to crash, denying service to legitimate users. Code execution may potentially be possible, but this has not been confirmed.
Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected.
72. OpenDocMan Username SQL Injection Vulnerability
BugTraq ID: 20809
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20809
Summary:
OpenDocMan is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
OpenDocMan 1.2p3, 1.2rc3, and prior versions are vulnerable to this issue.
73. Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
BugTraq ID: 20655
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20655
Summary:
The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
74. EQDKP Backup.PHP Authentication Bypass Vulnerability
BugTraq ID: 20805
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20805
Summary:
EQDKP is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to manipulate sensitive data and gain administrative access to the affected application; this may aid in further attacks.
EQDKP 1.3.1 p1 and prior versions are vulnerable; other versions may also be affected.
75. Ampache Guest Account Information Disclosure Vulnerability
BugTraq ID: 20798
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20798
Summary:
Ampache is prone to an information-disclosure vulnerability because it fails to properly handle exceptional conditions.
An attacker can exploit this issue to gain unauthorized access to the application; this may aid in further attacks.
Ampache 3.3.2 and prior versions are vulnerable.
76. QnECMS Adminfolderpath Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 20801
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20801
Summary:
QnECMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Successfully exploiting these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 2.5.6 is vulnerable.
77. Pentaho BI Project Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 20806
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20806
Summary:
Pentaho BI Project is prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
78. Easy NotesManager Multiple SQL Injection Vulnerabilities
BugTraq ID: 20803
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20803
Summary:
Easy notesManager is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
79. PHPEasyData Index.PHP SQL Injection Vulnerability
BugTraq ID: 20790
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20790
Summary:
PHPEasyData is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PHPEasyData Pro 2.2.1 is vulnerable; other versions may also be affected.
80. Techno Dreams Guestbook Guestbookview.ASP SQL Injection Vulnerability
BugTraq ID: 20802
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20802
Summary:
Techno Dreams Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
81. FAQ Administrator FAQ_Reply.PHP Remote File Include Vulnerability
BugTraq ID: 20796
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20796
Summary:
Faq Administrator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.1b is vulnerable; other versions may also be affected.
82. Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine Local Privilege Escalation Vulnerability
BugTraq ID: 20635
Remote: No
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20635
Summary:
Kaspersky Labs Anti-Virus is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. This may facilitate a complete compromise of the affected computer.
83. Techno Dreams Announcement MainAnnounce2.ASP SQL Injection Vulnerability
BugTraq ID: 20794
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20794
Summary:
Techno Dreams Announcement is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
84. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
BugTraq ID: 20804
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20804
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the Server service fails to properly handle unexpected network traffic.
Exploiting this issue may cause affected computers to crash, denying service to legitimate users. Reports indicate that this vulnerability can be used to disable the Windows firewall.
To exploit this issue, an attacker must have the ability to send malformed network traffic from a network interface located in the LAN-side of an affected computer.
85. IG Shop Change_Pass.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20768
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20768
Summary:
iG Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 1.4; earlier versions may also be vulnerable.
86. Freenews Aff_News.PHP Remote File Include Vulnerability
BugTraq ID: 20795
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20795
Summary:
Freenews is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
87. PHP My Ring Cherche.PHP SQL Injection Vulnerability
BugTraq ID: 20792
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20792
Summary:
PHP My Ring is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Versions prior to 4.2.1 are vulnerable to this issue.
88. iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
BugTraq ID: 20838
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20838
Summary:
iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.
89. Netquery NQUser.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20837
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20837
Summary:
Netquery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
90. J-Owamp Web Interface Jowamp_ShowPage.PHP Remote File Include Vulnerability
BugTraq ID: 20836
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20836
Summary:
The J-OWAMP web interface application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
J-OWAMP web interface versions 2.1 and prior are vulnerable.
91. ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router Information Disclosure Vulnerability
BugTraq ID: 20834
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20834
Summary:
ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information disclosure vulnerability. The router's Web-Based Management interface fails to authenticate users before providing access to sensitive information.
This issue may allow an unauthenticated remote attacker to retrieve sensitive information from the affected device that may aid in further attacks.
92. Sun Java System Messenger Express Cross-Site Scripting Vulnerability
BugTraq ID: 20832
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20832
Summary:
Sun Java System Messenger Express is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Specific information regarding affected versions of Sun Java System Messenger Express is not currently available; this BID will be updated as more information is disclosed.
93. Gepi Savebackup.PHP Remote File Include Vulnerability
BugTraq ID: 20830
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20830
Summary:
Gepi is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 1.4.0 is vulnerable to this issue; other versions may also be affected.
94. PHP-Nuke Journal Module Search.PHP SQL Injection Vulnerability
BugTraq ID: 20829
Remote: Yes
Last Updated: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20829
Summary:
The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PHP-Nuke versions 7.9 and prior are vulnerable.
95. Exhibit Engine Toroot Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 20793
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20793
Summary:
Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 1.22 is vulnerable to these issues; other versions may also be affected.
96. Actionpoll Multiple Remote File Include Vulnerabilities
BugTraq ID: 20788
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20788
Summary:
Actionpoll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Version 1.1.1 is reported affected; other versions may be affected as well.
97. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
BugTraq ID: 20617
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
98. Aktueldownload Haber Scripti HaberDetay.ASP SQL Injection Vulnerability
BugTraq ID: 20784
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20784
Summary:
Aktueldownload Haber scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
99. Netref 4 Cat_For_AFF.PHP Directory Traversal Vulnerability
BugTraq ID: 20789
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20789
Summary:
Netref 4 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow a remote attacker to access sensitive data that may aid in further attacks.
Version 4 is vulnerable; other versions may also be affected.
100. FreeType LWFN Files Buffer Overflow Vulnerability
BugTraq ID: 18034
Remote: Yes
Last Updated: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is due to an integer-overflow that results in a buffer being overrun with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Quantum attacks worry computer scientists
By: Robert Lemos
Malicious software and viruses could inhabit the weird world of quantum computing, a fact that has convinced some researchers to study how to defend against non-classical attacks.
http://www.securityfocus.com/news/11421
2. Bot nets likely behind jump in spam
By: Robert Lemos
A significant rise in the global volume of spam in the past two months worries security analysts and suggests that bot-net-based bulk e-mail operations are rapidly becoming the norm.
http://www.securityfocus.com/news/11420
3. Researcher attempts to shed light on security troll
By: Robert Lemos
A security consultant claims to have identified a group of people that taunted researchers and hackers on the Full Disclosure mailing list, arguing that the group is linked to the retired hacker known as Gobbles.
http://www.securityfocus.com/news/11419
4. Targeted Trojan attacks on the rise
By: Robert Lemos
Attacks crafted to escape detection by antivirus software are increasingly being used to gain entrance into corporate networks.
http://www.securityfocus.com/news/11418
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Engineer, Boulder
http://www.securityfocus.com/archive/77/450129
2. [SJ-JOB] Sales Representative, Boulder
http://www.securityfocus.com/archive/77/450149
3. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/450128
4. [SJ-JOB] Security Engineer, Toledo
http://www.securityfocus.com/archive/77/450130
5. [SJ-JOB] Security System Administrator, Louisville
http://www.securityfocus.com/archive/77/450131
6. [SJ-JOB] Forensics Engineer, Warren
http://www.securityfocus.com/archive/77/450132
7. [SJ-JOB] Channel / Business Development, San Diego
http://www.securityfocus.com/archive/77/450148
8. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/450006
9. [SJ-JOB] Information Assurance Engineer, Chantilly
http://www.securityfocus.com/archive/77/450009
10. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/450010
11. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/450007
12. [SJ-JOB] Security Architect, McLean
http://www.securityfocus.com/archive/77/450008
13. [SJ-JOB] Application Security Engineer, New York
http://www.securityfocus.com/archive/77/449877
14. [SJ-JOB] Quality Assurance, Dallas
http://www.securityfocus.com/archive/77/449878
15. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/449879
16. [SJ-JOB] Security Engineer, New York City
http://www.securityfocus.com/archive/77/449880
17. [SJ-JOB] Product Strategist, New York
http://www.securityfocus.com/archive/77/449881
18. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/449789
19. [SJ-JOB] Security Researcher, Mountain View
http://www.securityfocus.com/archive/77/449791
20. [SJ-JOB] Customer Service, Westboro
http://www.securityfocus.com/archive/77/449792
21. [SJ-JOB] Security Consultant, Bangalore
http://www.securityfocus.com/archive/77/449798
22. [SJ-JOB] Quality Assurance, Dallas
http://www.securityfocus.com/archive/77/449799
23. [SJ-JOB] Security Consultant, Gurgaon
http://www.securityfocus.com/archive/77/449790
24. [SJ-JOB] Security Consultant, Hyderabad
http://www.securityfocus.com/archive/77/449788
25. [SJ-JOB] Security Consultant, Pune
http://www.securityfocus.com/archive/77/449763
26. [SJ-JOB] Security Consultant, Mumbai
http://www.securityfocus.com/archive/77/449764
27. [SJ-JOB] Privacy Officer, Warren
http://www.securityfocus.com/archive/77/449761
28. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/449760
29. [SJ-JOB] Security Architect, Cupertino
http://www.securityfocus.com/archive/77/449762
30. [SJ-JOB] Security Architect, Newport Beach
http://www.securityfocus.com/archive/77/449653
31. [SJ-JOB] Privacy Officer, LITTLE ROCK
http://www.securityfocus.com/archive/77/449651
32. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/449652
33. [SJ-JOB] Account Manager, Superior
http://www.securityfocus.com/archive/77/449654
34. [SJ-JOB] Auditor, Arlington, VA
http://www.securityfocus.com/archive/77/449655
35. [SJ-JOB] Sr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/449650
V. INCIDENTS LIST SUMMARY
---------------------------
1. Malware/trojan attacks
http://www.securityfocus.com/archive/75/449563
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Asterisk ignoring replayed libpcap sessions
http://www.securityfocus.com/archive/82/449978
2. Call for Participation - EC2ND 2006
http://www.securityfocus.com/archive/82/449794
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IIS Security
http://www.securityfocus.com/archive/88/449921
2. SecurityFocus Microsoft Newsletter #314
http://www.securityfocus.com/archive/88/449648
3. FW: grant access to WINS only
http://www.securityfocus.com/archive/88/449647
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Detecting brute force attacks
http://www.securityfocus.com/archive/91/449686
2. Detecting Brute-Force and Dictionary attacks
http://www.securityfocus.com/archive/91/449157
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
No comments:
Post a Comment