SecurityFocus Newsletter #433
----------------------------------------
This issue is Sponsored by: Insight24
Improve Security Through Proactive Network Assessment & Risk Analysis
In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst
for Security and Risk Management, discusses how proactive network
assessment and risk analysis can decrease the number and intensity of
security threats. She will also outline key metrics you can use to
measure the effectiveness of your vulnerability management programs.
Click on the link below to view this on-demand webcast today!
http://showcase.insight24.com/?ForresterSecurityFocus
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. BUGTRAQ SUMMARY
1. BarracudaDrive Web Server Denial of Service and Multiple Input Validation Vulnerabilities
2. Websense Reporting Tools Login Page Cross-Site Scripting Vulnerability
3. autofs nodev Mount Option Privilege Escalation Vulnerability
4. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
5. Web Sihirbazi 'default.asp' Multiple SQL Injection Vulnerabilities
6. Agares Media phpAutoVideo Multiple Remote and Local File Include Vulnerabilities
7. Jupiter 'index.php' Local File Include Vulnerability
8. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
9. Joomla mosDirectory Component mosConfig_absolute_path Remote File Include Vulnerability
10. CuteNews 'search.php' Information Disclosure Vulnerability
11. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
12. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
13. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14. SimpleForum 'simpleforum.cgi' Cross-Site Scripting Vulnerability
15. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability
16. Logaholic Multiple Input Validation Vulnerabilities
17. PDFlib Multiple Remote Buffer Overflow Vulnerabilities
18. Jupiter Panel Module Privilege Escalation Vulnerability
19. MeGaCheatZ 'ItemID' Parameter Multiple SQL Injection Vulnerabilities
20. Agares Media ThemeSiteScript 'loadadminpage' Parameter Remote File Include Vulnerability
21. PHP ZLink 'go.php' SQL Injection Vulnerability
22. AdultScript 'id' Parameter Multiple SQL Injection Vulnerabilities
23. Brand039 MMSLamp 'default.php' SQL Injection Vulnerability
24. MRBS 'view_entry.php' SQL Injection Vulnerability
25. Sun Solaris NFS 'netgroups' Security Bypass Vulnerability
26. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
27. webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
28. Falt4 CMS Multiple Input Validation Vulnerabilities
29. inotify-tools C Library inotifytools_snfprintf() Local Buffer Overflow Vulnerability
30. KLab HttpLogger Unspecified Cross Site Scripting Vulnerability
31. JFreeChart Multiple HTML Injection Vulnerabilities
32. TYPO3 'indexed_search' Extension SQL Injection Vulnerability
33. wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
34. Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability
35. OpenNewsletter Compose.PHP Cross-Site Scripting Vulnerability
36. Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
37. PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
38. GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability
39. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
40. Plone Multiple Modules Script Execution Vulnerabilities
41. Feng Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities
42. SkyFex Client ActiveX Control 'start' Method Stack Buffer Overflow Vulnerability
43. ZeusCMS SQL Injection Vulnerability and Information Disclosure Vulnerability
44. 2z Project Multiple Input Validation Vulnerabilities
45. March Networks 3204 DVR Information Disclosure Vulnerability
46. OpenBiblio Multiple Input Validation Vulnerabilities
47. NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability
48. NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability
49. xml2owl 'showCode.php' Command Execution Vulnerability
50. AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities
51. HP Info Center HPInfoDLL.DLL ActiveX Control Multiple Arbitrary Code Execution Vulnerabilities
52. CoolPlayer Multiple Buffer Overflow Vulnerabilities
53. RunCMS Multiple Input Validation Vulnerabilities
54. Joovili 'picture' Parameter Multiple Local File Include Vulnerabilities
55. Libnemesi Multiple Remote Buffer Overflow Vulnerabilities
56. Extended Module Player (xmp) 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
57. Mambo Multiple Unspecified Cross Site Scripting Vulnerabilities and Unspecified Vulnerability
58. iPortalX Multiple Cross-Site Scripting Vulnerabilities
59. PDNS-Admin Authentication Bypass Vulnerability
60. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
61. Confixx Saveserver.PHP Remote File Include Vulnerability
62. Persits Software XUpload ActiveX Control Remote Buffer Overflow Vulnerability
63. Common UNIX Printing System SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability
64. pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File Creation Vulnerability
65. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
66. XZeroScripts XZero Community Classifieds SQL Injection Vulnerability
67. XZeroScripts XZero Community Classifieds Local File Include Vulnerability
68. XZeroScripts XZero Community Classifieds 'config.inc.php' Remote File Include Vulnerability
69. PNphpBB2 'printview.php' Local File Include Vulnerability
70. Blakord Portal Multiple SQL Injection Vulnerabilities
71. auraCMS 'admin_users.php' Access Validation Vulnerability
72. Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and Unspecified Weakness
73. Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified Cross-Site Scripting Vulnerabilities
74. ImgSvr Error Message Remote Script Execution Vulnerability
75. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
76. BadBlue Directory Traversal and Buffer Overflow Vulnerability
77. PHP MySQL Open Source Help Desk 'form.php' Code Injection Vulnerability
78. MailMachinePRO 'showMsg.php' SQL Injection Vulnerability
79. eSyndiCat Link Directory 'suggest-link.php' SQL Injection Vulnerability
80. Limbo CMS 'com_option' Parameter Cross-Site Scripting Vulnerability
81. ZyXEL P-330W Multiple Vulnerabilities
82. TeamCal Pro Multiple Remote and Local File Include Vulnerabilities
83. Total Player M3U File Denial of Service Vulnerability
84. TCPreen 'FD_SET()' Remote Buffer Overflow Vulnerability
85. Winace UUE File Handling Buffer Overflow Vulnerability
86. ADA IMGSVR Directory Traversal Vulnerability
87. ImgSvr Template Parameter Local File Include Vulnerability
88. Live for Speed Skin Name Buffer Overflow Vulnerability
89. Dokeos 'forum' and 'origin' Multiple Cross-Site Scripting Vulnerabilities
90. Dokeos 'My production' Arbitrary File Upload Vulnerability
91. Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability
92. Wireshark 0.99.6 Multiple Remote Vulnerabilities
93. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
94. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
95. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
96. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
97. Adobe Flash Player HTTP Response Splitting Vulnerability
98. Adobe Flash Player DNS Rebinding Vulnerability
99. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
100. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
III. SECURITYFOCUS NEWS
1. Senate delays vote on spy bill
2. Researchers reverse Netflix anonymization
3. Group drafts rules to nix credit-card storage
4. Task force aims to improve U.S. cybersecurity
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. overwriting SEH and debugging
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.
http://www.securityfocus.com/columnists/461
2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460
II. BUGTRAQ SUMMARY
--------------------
1. BarracudaDrive Web Server Denial of Service and Multiple Input Validation Vulnerabilities
BugTraq ID: 26805
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26805
Summary:
BarracudaDrive Web Server is prone to a denial-of-service vulnerability and multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues can allow an attacker to retrieve, view, or delete arbitrary files; inject hostile HTML or script code in the context of the application running the vulnerable software; or crash the webserver, denying service to legitimate users.
2. Websense Reporting Tools Login Page Cross-Site Scripting Vulnerability
BugTraq ID: 26793
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26793
Summary:
Websense Reporting Tools is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
3. autofs nodev Mount Option Privilege Escalation Vulnerability
BugTraq ID: 26970
Remote: No
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26970
Summary:
The 'autofs' utility is prone to a privilege-escalation vulnerability because of a flaw in its default configuration. Filesystems mounted under '/net' using the 'hosts' automount map do not have the 'nodev' mount option enabled by default.
Attackers can leverage this issue to interact with arbitrary system devices. Successful exploits will completely compromise affected computers.
4. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
BugTraq ID: 20246
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to crash, effectively denying service.
5. Web Sihirbazi 'default.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 27031
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27031
Summary:
Web Sihirbazi is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect Web Sihirbazi 5.1.1; other versions may also be affected.
6. Agares Media phpAutoVideo Multiple Remote and Local File Include Vulnerabilities
BugTraq ID: 27023
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27023
Summary:
Agares Media phpAutoVideo is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues will allow an attacker to access potentially sensitive information and execute arbitrary scripts or PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
These issues affect phpAutoVideo 2.21; other versions may also be affected.
7. Jupiter 'index.php' Local File Include Vulnerability
BugTraq ID: 27016
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27016
Summary:
Jupiter is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary local scripts and retrieve potentially sensitive information.
This issue affects Jupiter version 1.1.5e; other versions may also be vulnerable.
8. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27015
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27015
Summary:
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities. Multiple buffer-overflow vulnerabilities and a format-string vulnerability are present.
Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.
VLC version 0.8.6d is vulnerable to these issues; other versions may also be affected.
9. Joomla mosDirectory Component mosConfig_absolute_path Remote File Include Vulnerability
BugTraq ID: 27014
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27014
Summary:
The mosDirectory component for Joomla! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
mosDirectory 2.3.2 is vulnerable; other versions may also be affected.
10. CuteNews 'search.php' Information Disclosure Vulnerability
BugTraq ID: 27010
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27010
Summary:
CuteNews is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to gain access to sensitive information such as user-authentication credentials. Information obtained may lead to further attacks.
This issue affects CuteNews 1.4.5 and 1.3.1; other versions may also be affected.
11. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
BugTraq ID: 27008
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27008
Summary:
Tikiwiki CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Tikiwiki CMS versions prior to 1.9.9 are vulnerable.
12. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
BugTraq ID: 27007
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27007
Summary:
Zoom Player is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users.
This issue affects Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch.
13. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
BugTraq ID: 27006
Remote: No
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27006
Summary:
Apache Tomcat is prone to a vulnerability that can allow third-party web applications to write files to arbitrary locations with the privileges of Tomcat.
This issue occurs due to an inadequate default security policy.
Attackers can leverage this issue to write or overwrite arbitrary log file data in unauthorized locations.
Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are vulnerable.
14. SimpleForum 'simpleforum.cgi' Cross-Site Scripting Vulnerability
BugTraq ID: 27005
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27005
Summary:
SimpleForum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
SimpleForum 4.6.2 is vulnerable; other versions may also be affected.
15. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27004
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27004
Summary:
TikiWiki is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TikiWiki version 1.9.8.3 is vulnerable; prior versions may also be affected.
16. Logaholic Multiple Input Validation Vulnerabilities
BugTraq ID: 27003
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27003
Summary:
Logaholic is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability and an HTML-injection vulnerability.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
17. PDFlib Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 27001
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27001
Summary:
PDFlib is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.
PDFlib 7.02 is vulnerable; other versions may also be affected.
18. Jupiter Panel Module Privilege Escalation Vulnerability
BugTraq ID: 27000
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27000
Summary:
Jupiter is prone to a privilege-escalation vulnerability because it fails to perform adequate user-access validation.
This can be leveraged, by attackers with existing accounts, to gain full privileges on the application. Successful exploits will compromise the application.
Jupiter 1.1.5e is vulnerable; other versions may also be affected.
19. MeGaCheatZ 'ItemID' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 26999
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26999
Summary:
MeGaCheatZ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect MeGaCheatZ 1.1; other versions may be vulnerable as well.
20. Agares Media ThemeSiteScript 'loadadminpage' Parameter Remote File Include Vulnerability
BugTraq ID: 26998
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26998
Summary:
ThemeSiteScript is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ThemeSiteScript 1.0 is reported to be vulnerable; other versions may be affected as well.
21. PHP ZLink 'go.php' SQL Injection Vulnerability
BugTraq ID: 26997
Remote: Yes
Last Updated: 2007-12-23
Relevant URL: http://www.securityfocus.com/bid/26997
Summary:
PHP ZLink is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP ZLink 0.3 is reported to be vulnerable; other versions may be vulnerable as well.
22. AdultScript 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 26996
Remote: Yes
Last Updated: 2007-12-23
Relevant URL: http://www.securityfocus.com/bid/26996
Summary:
AdultScript is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect AdultScript 1.6.5 and prior versions.
23. Brand039 MMSLamp 'default.php' SQL Injection Vulnerability
BugTraq ID: 26995
Remote: Yes
Last Updated: 2007-12-23
Relevant URL: http://www.securityfocus.com/bid/26995
Summary:
MMSLamp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
All versions are considered to be vulnerable.
24. MRBS 'view_entry.php' SQL Injection Vulnerability
BugTraq ID: 26977
Remote: Yes
Last Updated: 2007-12-22
Relevant URL: http://www.securityfocus.com/bid/26977
Summary:
MRBS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue was previously documented as a vulnerability in Moodle. Further reports indicate this issue affects MRBS, and the MRBS module for Moodle.
25. Sun Solaris NFS 'netgroups' Security Bypass Vulnerability
BugTraq ID: 26872
Remote: Yes
Last Updated: 2007-12-22
Relevant URL: http://www.securityfocus.com/bid/26872
Summary:
Sun Solaris is prone to a security-bypass vulnerability due to an unspecified error.
A successful attack will allow an unauthorized remote user to gain superuser access to shared NFS resources on the vulnerable system with 'netgroups' access configured.
This issue affects Sun Solaris 10 for SPARC and x86 platforms.
26. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-12-22
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
27. webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26787
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26787
Summary:
webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
webSPELL 4.01.02 is affected; other versions may also be vulnerable.
28. Falt4 CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 26786
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26786
Summary:
Falt4 Extreme CMS is prone to three input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, that occur because the application fails to adequately sanitize user-supplied input.
A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue was reported to affect Falt4 Extreme (RC4). Other versions may also be affected.
29. inotify-tools C Library inotifytools_snfprintf() Local Buffer Overflow Vulnerability
BugTraq ID: 25724
Remote: No
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/25724
Summary:
The 'inotify-tools' C library is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application using the library. Successful exploits can compromise affected applications and possibly the underlying computer. Failed exploit attempts will result in a denial of service.
Versions prior to inotify-tools 3.11 are vulnerable.
30. KLab HttpLogger Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 26810
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26810
Summary:
KLab HttpLogger is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects HttpLogger 0.8.1; other versions may also be vulnerable.
31. JFreeChart Multiple HTML Injection Vulnerabilities
BugTraq ID: 26752
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26752
Summary:
JFreeChart is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
These issues affect JFreeChart 1.0.8; other versions may be affected as well.
32. TYPO3 'indexed_search' Extension SQL Injection Vulnerability
BugTraq ID: 26871
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26871
Summary:
TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects versions prior to:
TYPO3 4.0.8 from the 3.x and 4.x branches
TYPO3 4.1.4 from the 4.1.x branch
33. wwwstats Clickstats.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 26759
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26759
Summary:
The 'wwwstats' program is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to wwwstats 3.22 are vulnerable.
34. Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability
BugTraq ID: 26735
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26735
Summary:
Drupal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Drupal 4.7.9 and 5.4 are vulnerable.
35. OpenNewsletter Compose.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26745
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26745
Summary:
OpenNewsletter is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
OpenNewsletter 2.5 is vulnerable; other versions may also be affected.
36. Drupal Shoutbox Module Multiple HTML Injection Vulnerabilities
BugTraq ID: 26736
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26736
Summary:
Drupal Shoutbox module is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content.
Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to Shoutbox 5.x-1.1 are affected by these issues.
37. PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26899
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26899
Summary:
PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
These issues affect PeerCast 0.12.17, SVN 334 and prior versions.
38. GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability
BugTraq ID: 26445
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26445
Summary:
GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca()' function.
Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code, but this has not been confirmed.
GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected.
39. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.
A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
40. Plone Multiple Modules Script Execution Vulnerabilities
BugTraq ID: 26354
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/26354
Summary:
Plone is affected by multiple script-execution vulnerabilities.
Exploiting these issues may allow remote attackers to execute arbitrary Python code in the context of the application. This may facilitate remote unauthorized access to an affected computer.
These versions are affected:
Plone 2.5.4 and prior versions of the 2.5 branch
Plone 3.0.2 and prior versions of the 3.0 branch
41. Feng Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities
BugTraq ID: 27049
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27049
Summary:
Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the server application. Attackers may also crash the application, denying service to legitimate users.
Feng version 0.1.15 is vulnerable to these issues; other versions may also be affected.
42. SkyFex Client ActiveX Control 'start' Method Stack Buffer Overflow Vulnerability
BugTraq ID: 27059
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27059
Summary:
SkyFex Client is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
SkyFex Client 1.0.2.77 is vulnerable; other versions may also be affected.
43. ZeusCMS SQL Injection Vulnerability and Information Disclosure Vulnerability
BugTraq ID: 27058
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27058
Summary:
ZeusCMS is prone to an SQL-injection vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.
A successful attack could allow an attacker to gain access to sensitive information, compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
ZeusCMS 0.3 is vulnerable; other versions may also be affected.
44. 2z Project Multiple Input Validation Vulnerabilities
BugTraq ID: 27057
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27057
Summary:
2z Project is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include HTML-injection issues, a cross-site scripting issue and an arbitrary file upload issue.
Attackers can exploit these issues to have arbitrary HTML and script code execute in the context of the affected site. Successful exploits could compromise the application, allow the theft of cookie-based authentication credentials or control of how the site is rendered to the user; other attacks are also possible.
2z Project 0.9.6.1 is vulnerable; other versions may also be affected.
45. March Networks 3204 DVR Information Disclosure Vulnerability
BugTraq ID: 27054
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27054
Summary:
March Networks 3204 Digital Video Recorder (DVR) is prone to an information-disclosure vulnerability.
Reports indicate that access to the logfiles is not restricted.
A successful exploit may allow attackers to gain access to sensitive information, which may aid them in carrying out further attacks.
46. OpenBiblio Multiple Input Validation Vulnerabilities
BugTraq ID: 27053
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27053
Summary:
OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts and retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
These issues affect Openbiblio version 0.5.2-pre4 and prior.
47. NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability
BugTraq ID: 27052
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27052
Summary:
FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
All versions of FaqMasterFlexPlus are considered to be vulnerable.
48. NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27051
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27051
Summary:
FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
All versions of FaqMasterFlexPlus are considered to be vulnerable.
49. xml2owl 'showCode.php' Command Execution Vulnerability
BugTraq ID: 27050
Remote: Yes
Last Updated: 2007-12-28
Relevant URL: http://www.securityfocus.com/bid/27050
Summary:
xml2owl is prone to a vulnerability that allows attackers to execute arbitrary PHP commands.
An attacker may leverage this issue to run arbitrary PHP commands with the privileges of the server process. This can compromise the application and possibly the underlying server.
This issue affects xml2owl 0.1.1; other versions may be vulnerable as well.
50. AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 27026
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27026
Summary:
AOL Picture Editor 'YGPPicEdit.dll' ActiveX control is prone to multiple vulnerabilities that attackers can exploit to run arbitrary code. The issues stem from various buffer-overflow conditions.
An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.
Successfully exploiting these issues may allow remote attackers to crash the affected application using the ActiveX control (typically Internet Explorer), denying service to legitimate users. Reports indicate that this issue may not be exploited to execute arbitrary code.
AOL Picture Editor 'YGPPicEdit.dll' version 9.5.1.8 is vulnerable; other versions may also be affected.
51. HP Info Center HPInfoDLL.DLL ActiveX Control Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 26823
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/26823
Summary:
HP Info Center ActiveX control is prone to multiple vulnerabilities that attackers can exploit to run arbitrary code. The issues stem from insecure methods used within 'HPInfoDLL.dll'.
An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.
Successfully exploiting these issues allows remote attackers to edit registry key information and execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
HP Info Center 1.0.1.1 with 'HPInfoDLL.dll' ActiveX control 1.0 is vulnerable; other versions may also be affected. Note that multiple HP laptop models ship with this software.
52. CoolPlayer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21396
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/21396
Summary:
CoolPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.
CoolPlayer 215 and prior versions are vulnerable to this issue; other versions may also be affected.
UPDATE (December 27, 2007): Reports indicate that CoolPlayer 217 is still vulnerable to this issue. Since the vendor released 216 to address the issue, the fix may have been inadequate or 217 may have reintroduced the issue. However, this has not been confirmed. This BID will be updated when further information is available.
53. RunCMS Multiple Input Validation Vulnerabilities
BugTraq ID: 27019
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27019
Summary:
RunCMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include multiple SQL-injection, cross-site scripting, HTML-injection, and PHP code injection vulnerabilities.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker with administrative privileges to the application can also inject malicious PHP code that will be executed with the privileges of the web-server.
These issues affect RunCMS 1.6; other versions may also be affected.
54. Joovili 'picture' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 27056
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27056
Summary:
Joovili is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues to execute arbitrary local scripts and retrieve potentially sensitive information.
These issues affect Joovili 3.0.6 and prior. Joovili 2.x versions are also vulnerable to these issues.
55. Libnemesi Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 27048
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27048
Summary:
Libnemesi is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.
Libnemesi 0.6.4-rc1 is vulnerable; other versions may also be affected.
56. Extended Module Player (xmp) 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 27047
Remote: No
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27047
Summary:
Extended Module Player (xmp) is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks prior to copying user-supplied input into an insufficiently sized buffer.
These issues occur when the application handles specially crafted OXM and DTT files.
Attackers can exploit these issues to execute arbitrary code that could compromise the affected computer. Failed attacks will likely cause denial-of-service conditions.
Extended Media Player 2.5.1 is vulnerable; other versions may also be affected.
57. Mambo Multiple Unspecified Cross Site Scripting Vulnerabilities and Unspecified Vulnerability
BugTraq ID: 27046
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27046
Summary:
Mambo is prone to multiple unspecified cross-site scripting vulnerabilities and an unspecified vulnerability.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Very little information is known about the unspecified vulnerability; we will update this BID as soon as more information becomes available.
Mambo versions prior to 4.6.3 are vulnerable.
58. iPortalX Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27044
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27044
Summary:
iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
All versions are considered to be vulnerable.
59. PDNS-Admin Authentication Bypass Vulnerability
BugTraq ID: 27036
Remote: Yes
Last Updated: 2007-12-27
Relevant URL: http://www.securityfocus.com/bid/27036
Summary:
PDNS-Admin is prone to an authentication-bypass vulnerability that allows users to create new domains without permission.
Attackers can exploit this issue to perform unauthorized actions with the application.
This issue affects PDNS-Admin 1.1.2; other versions may also be affected.
60. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects the following:
- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0
- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.
61. Confixx Saveserver.PHP Remote File Include Vulnerability
BugTraq ID: 25036
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/25036
Summary:
Confixx is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Confixx PRO 3.3.1; other versions may also be vulnerable.
62. Persits Software XUpload ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 27025
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27025
Summary:
XUpload is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker may exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
XUpload 2.1.0.1 is vulnerable to this issue; other versions may also be affected. Reports indicate that XUpload 3.0 is not affected by this vulnerability.
63. Common UNIX Printing System SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability
BugTraq ID: 26917
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/26917
Summary:
Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects CUPS 1.2 and 1.3, prior to 1.3.5; other versions may also be vulnerable.
64. pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File Creation Vulnerability
BugTraq ID: 26919
Remote: No
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/26919
Summary:
The 'pdftops.pl' script is prone to a security vulnerability because it creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symlink attacks.
Successfully mounting a symlink attack may allow the attacker to overwrite, delete, or corrupt sensitive files in the context of the affected application, which may result in a denial of service. Other attacks may also be possible.
This issue affects versions prior to pdftops.pl 1.20.
65. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
BugTraq ID: 27043
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.
An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.
66. XZeroScripts XZero Community Classifieds SQL Injection Vulnerability
BugTraq ID: 27042
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27042
Summary:
XZero Community Classifieds is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
XZero Community Classifieds 4.95.11 and prior versions are affected by this issue.
67. XZeroScripts XZero Community Classifieds Local File Include Vulnerability
BugTraq ID: 27041
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27041
Summary:
XZero Community Classifieds is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary local scripts and retrieve potentially sensitive information.
XZero Community Classifieds 4.95.11 and prior versions are affected by this issue.
68. XZeroScripts XZero Community Classifieds 'config.inc.php' Remote File Include Vulnerability
BugTraq ID: 27040
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27040
Summary:
XZero Community Classifieds is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects XZero Community Classifieds 4.95.11 and prior versions.
69. PNphpBB2 'printview.php' Local File Include Vulnerability
BugTraq ID: 27039
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27039
Summary:
PNphpBB2 is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary local scripts and retrieve potentially sensitive information.
This issue affects PNphpBB2 1.2i and prior versions.
70. Blakord Portal Multiple SQL Injection Vulnerabilities
BugTraq ID: 27038
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27038
Summary:
Blakord Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect Blakord Portal 1.3.a and prior versions.
71. auraCMS 'admin_users.php' Access Validation Vulnerability
BugTraq ID: 27037
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27037
Summary:
auraCMS is prone to an access validation vulnerability that can be leveraged to create unauthorized administrative user accounts.
Successful exploits will compromise the application and possibly the underlying computer.
auraCMS 2.2 is vulnerable; other versions may also be affected.
72. Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and Unspecified Weakness
BugTraq ID: 27035
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27035
Summary:
Gallery is prone to multiple remote issues including:
- An arbitrary file-upload vulnerability
- A local file-include vulnerability
- Multiple cross-site scripting vulnerabilities
- Multiple information-disclosure vulnerabilities
- Multiple unspecified vulnerabilities
- A security vulnerability that allows attackers to perform phishing attacks
- An unspecified weakness
An attacker can exploit these issues to compromise the affected application, execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, gain access to sensitive information and gain unauthorized access to the application. Other attacks are also possible.
These issues affect Gallery versions prior to 2.2.4.
73. Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 27034
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27034
Summary:
Adobe Dreamweaver and Acrobat Connect include pre-generated SWF files that are prone to cross-site scripting vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The affected SWF files are included with Dreamweaver CS3 and Acrobat Connect. However, the applications themselves are not affected.
74. ImgSvr Error Message Remote Script Execution Vulnerability
BugTraq ID: 27033
Remote: Yes
Last Updated: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27033
Summary:
ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects ImgSvr 0.6.21; other versions may also be vulnerable.
75. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
BugTraq ID: 25343
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/25343
Summary:
Olate Download is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain administrative access to the affected application. Successfully exploiting this issue will result in the remote compromise of the affected application.
Versions prior to Olate Download 3.4.2 are vulnerable.
76. BadBlue Directory Traversal and Buffer Overflow Vulnerability
BugTraq ID: 26803
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/26803
Summary:
BadBlue is prone to a directory-traversal vulnerability and a buffer-overflow vulnerability.
An attacker can exploit these issues to upload arbitrary files outside the destination folder (and potentially overwrite existing files), execute arbitrary code within the context of the affected application, or crash the affected application.
BadBlue 2.72b is vulnerable; prior versions may also be affected.
77. PHP MySQL Open Source Help Desk 'form.php' Code Injection Vulnerability
BugTraq ID: 27032
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27032
Summary:
PHP MySQL Open Source Help Desk (PMOS) is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PMOS 2.4 and prior versions are reported to be vulnerable.
78. MailMachinePRO 'showMsg.php' SQL Injection Vulnerability
BugTraq ID: 27030
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27030
Summary:
MailMachinePRO is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MailMachinePRO 2.2.4 is reported to be vulnerable; other versions may be vulnerable as well.
79. eSyndiCat Link Directory 'suggest-link.php' SQL Injection Vulnerability
BugTraq ID: 27029
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27029
Summary:
eSyndiCat Link Directory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
All versions are considered to be vulnerable.
80. Limbo CMS 'com_option' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27027
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27027
Summary:
Limbo CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Limbo CMS 1.0.4.2 is vulnerable; other versions may also be affected.
81. ZyXEL P-330W Multiple Vulnerabilities
BugTraq ID: 27024
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27024
Summary:
ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the web-based administrative interface of the device.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The cross-site request forgery issues may be leveraged to let an attacker perform actions in the context of a device administrator, which can compromise the device.
82. TeamCal Pro Multiple Remote and Local File Include Vulnerabilities
BugTraq ID: 27022
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27022
Summary:
TeamCal Pro is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues will allow an attacker to access potentially sensitive information and execute arbitrary scripts or PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
83. Total Player M3U File Denial of Service Vulnerability
BugTraq ID: 27021
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27021
Summary:
Total Player is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.
This issue is reported to affect Total Player 3.0; other versions may also be vulnerable.
84. TCPreen 'FD_SET()' Remote Buffer Overflow Vulnerability
BugTraq ID: 27018
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27018
Summary:
TCPreen is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks may compromise affected computers. Failed exploit attempts will result in a denial of service.
Versions of TCPreen prior to 1.4.4 are vulnerable.
85. Winace UUE File Handling Buffer Overflow Vulnerability
BugTraq ID: 27017
Remote: Yes
Last Updated: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27017
Summary:
Winace is prone to a buffer-overflow vulnerability when handling malicious UUE files.
A successful attack can allow a remote attacker to corrupt process memory by triggering a heap-overflow condition when the application handles excessive data in the archive.
This vulnerability affects Winace versions prior to 2.69.
86. ADA IMGSVR Directory Traversal Vulnerability
BugTraq ID: 10048
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/10048
Summary:
Reportedly ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue is due to a failure of the application to properly sanitize user-supplied URI data.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
87. ImgSvr Template Parameter Local File Include Vulnerability
BugTraq ID: 24853
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/24853
Summary:
ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input.
Attackers may exploit this issue to access files that may contain sensitive information.
UPDATE (December 24, 2007): According to the vendor this issue was addressed in ImgSvr 0.6.21 however reports indicate that this version is still vulnerable.
88. Live for Speed Skin Name Buffer Overflow Vulnerability
BugTraq ID: 26066
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26066
Summary:
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
UPDATE (December 24, 2007): The recently released Y patch does not address this issue. Please see the references for further information.
89. Dokeos 'forum' and 'origin' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26992
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26992
Summary:
Dokeos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect Dokeos 1.8.4 and earlier.
90. Dokeos 'My production' Arbitrary File Upload Vulnerability
BugTraq ID: 26940
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26940
Summary:
Dokeos is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input.
NOTE: To exploit this issue, an attacker must have authenticated access to the affected application.
An attacker can exploit this issue to upload arbitrary files and execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Dokeos 1.8.4; other versions may also be affected.
91. Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability
BugTraq ID: 26797
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26797
Summary:
Microsoft Message Queuing (MSMQ) is prone to a stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue is exploitable remotely on all Windows 2000 systems and locally on Windows XP, provided that the affected component is installed.
92. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
Versions prior to Wireshark 0.99.7 are affected.
93. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.
An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.
94. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26951
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.
NOTE: This issue was originally covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).
95. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.
Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.
96. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.
An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned to this BID because of new technical details.
97. Adobe Flash Player HTTP Response Splitting Vulnerability
BugTraq ID: 26969
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.
A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).
98. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.
Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.
99. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
BugTraq ID: 26965
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.
Very few technical details are currently available. We will update this BID as more information emerges.
NOTE: This issue occurs only when the application is running on a Linux operating system.
Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.
This issue was previously covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).
100. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Last Updated: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Senate delays vote on spy bill
By: Robert Lemos
A bill that would modernize the United States' legal framework for eavesdropping and grant telecommunications companies retroactive immunity for wiretapping customers will have to wait until January.
http://www.securityfocus.com/news/11498
2. Researchers reverse Netflix anonymization
By: Robert Lemos
Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information.
http://www.securityfocus.com/news/11497
3. Group drafts rules to nix credit-card storage
By: Robert Lemos
The organization responsible for technical and best-practice standards in the payment industry plans to require the makers of merchant software to certify that their programs do not store sensitive data.
http://www.securityfocus.com/news/11496
4. Task force aims to improve U.S. cybersecurity
By: Robert Lemos
A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve cybersecurity by the time the next president takes office.
http://www.securityfocus.com/news/11494
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. overwriting SEH and debugging
http://www.securityfocus.com/archive/82/485386
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Insight24
Improve Security Through Proactive Network Assessment & Risk Analysis
In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst
for Security and Risk Management, discusses how proactive network
assessment and risk analysis can decrease the number and intensity of
security threats. She will also outline key metrics you can use to
measure the effectiveness of your vulnerability management programs.
Click on the link below to view this on-demand webcast today!
http://showcase.insight24.com/?ForresterSecurityFocus
