----------------------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. BUGTRAQ SUMMARY
1. Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability
2. Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability
3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
4. Linker Index.PHP Cross-Site Scripting Vulnerability
5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
6. SNMPC Username/Password Remote Denial of Service Vulnerability
7. HP Tru64 Valid User Enumeration Weakness
8. Iputils Rarpd Remote Denial Of Service Vulnerability
9. NetcPlus SmartServer3 DoS Vulnerability
10. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
11. Mozilla FireFox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
12. Hunkaray Okul Portaly Haberoku.ASP SQL Injection Vulnerability
13. PHP Chunk_Split() Function Integer Overflow Vulnerability
14. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
15. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
16. Credant Mobile Guardian Shield Information Disclosure Vulnerability
17. Cisco Wireless Control System Multiple Security Vulnerabilities
18. Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
19. Agnitum Outpost Firewall Outpost_IPC_HDR Local Denial of Service Vulnerability
20. Open Solution QuickCart Index.PHP Local File Include Vulnerability
21. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
22. GD Graphics Library PNG File Processing Denial of Service Vulnerability
23. IBM Web-based System Manager Unspecified Denial of Service Vulnerability
24. Provideo Camimage Class ISSCamControl.DLL ActiveX Control Buffer Overflow Vulnerability
25. DVD X Player PLF File Buffer Overflow Vulnerability
26. PHPLive Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
27. Symantec Ghost Solution Suite UDP Packet Multiple Denial of Service Vulnerabilities
28. MadWifi Multiple Denial of Service Vulnerabilities
29. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
30. ComicSense Index.PHP SQL Injection Vulnerability
31. Mozilla Products Multiple Remote Vulnerabilities
32. APOP Protocol Insecure MD5 Hash Weakness
33. Libpng Library Remote Denial of Service Vulnerability
34. Kravchuk K-Letter Multiple Remote File Include Vulnerabilities
35. FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
36. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
37. W3M Browser InputAnswer Format String Vulnerability
38. Acme.Serve v1.7 Arbitrary File Access Vulnerability
39. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
40. Symantec Reporting Server Authentication Bypass Vulnerability
41. Symantec Reporting Server Password Information Disclosure Vulnerability
42. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
43. File Multiple Denial of Service Vulnerabilities
44. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
45. ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability
46. Wordpress XMLRPC.PHP SQL Injection Vulnerability
47. JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
48. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
49. PBLang Login.PHP Local File Include Vulnerability
50. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
51. MaraDNS Multiple Remote Denial of Service Vulnerabilities
52. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
53. E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
54. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
55. Kevin Johnson BASE Base_Main.PHP Authentication Bypass Vulnerability
56. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
57. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
58. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
59. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
60. Samba MS-RPC Remote Shell Command Execution Vulnerability
61. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
62. Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation Vulnerability
63. Sun Solaris Management Console Authentication Mechanism Remote Privilege Escalation Vulnerability
64. Util-linux Login Security Bypass Vulnerability
65. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
66. SSL-Explorer Multiple Input Validation Vulnerabilities
67. Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability
68. WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability
69. IBM Lotus Domino Agent Signature Verification Local Privilege Escalation Vulnerability
70. Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability
71. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
72. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
73. Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
74. My DataBook Diary.PHP Multiple Input Validation Vulnerabilities
75. WebSVN Filedetails.PHP Cross-Site Scripting Vulnerability
76. Movable Type Multiple Input Validation Vulnerabilities And User Enumeration Weakness
77. Quick.Cart General.PHP Local File Include Vulnerability
78. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
79. Linker Search.PHP Cross-Site Scripting Vulnerability
80. PostNuke PNPHPBB2 Module Index.PHP SQL Injection Vulnerability
81. EQDKP Listmembers.PHP SQL Injection Vulnerability
82. Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
83. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
84. PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability
85. LHA Insecure Temporary File Creation Vulnerability
86. WordPress Predictable Cookie Generation Information Disclosure Vulnerability
87. SendCard SendCard.PHP Local File Include Vulnerability
88. IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
89. F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
90. XOOPS IContent Module Spaw_Control.Class.PHP Remote File Include Vulnerability
91. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
92. Hitachi XP/W Unspecified Remote Denial of Service Vulnerability
93. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
94. Microsoft Excel Malformed String Remote Code Execution Vulnerability
95. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
96. eSellerate SDK eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability
97. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
98. IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities
99. Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
100. GDB Process_Coff_Symbol UPX File Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Judge nixes teacher's conviction on porn pop-ups
2. Zero-day sales not "fair" -- to researchers
3. Insecure plug-ins pose danger to Firefox users
4. Peer-to-peer networks co-opted for DOS attacks
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #344
VIII. SUN FOCUS LIST SUMMARY
1. SSL Cert for patchpro.sun.com Invalid?
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445
2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444
II. BUGTRAQ SUMMARY
--------------------
1. Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 24330
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24330
Summary:
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability because the scan engine fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.
2. Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability
BugTraq ID: 24331
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24331
Summary:
Multiple Computer Associates products that implement the antivirus engine are prone to a stack-based buffer-overflow vulnerability. This issue occurs because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.
4. Linker Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24277
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24277
Summary:
Codelib Linker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.
This issue also affects third-party applications using the affected API.
6. SNMPC Username/Password Remote Denial of Service Vulnerability
BugTraq ID: 24292
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24292
Summary:
SNMPc is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.
This issue is reported to affect versions of SNMPc prior to 7.0.19.
7. HP Tru64 Valid User Enumeration Weakness
BugTraq ID: 24021
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24021
Summary:
Hewlett Packard Tru64 is prone to an information-disclosure weakness.
An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks.
HP Tru64 UNIX v5.1B-3 and v5.1B-4 are vulnerable.
8. Iputils Rarpd Remote Denial Of Service Vulnerability
BugTraq ID: 23706
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
9. NetcPlus SmartServer3 DoS Vulnerability
BugTraq ID: 1965
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/1965
Summary:
SmartServer3 is an email server designed for small networks.
The POP3 and SMTP services within SmartServer3 are prone to a denial-of-service issue. Submitting an unusually long argument to the User or Pass command in the POP3 service will cause the server to stop responding and refuse any new connections. An unusually long argument submitted to the SMTP service after the 'HELO' command will cause the server to stop responding, yet will still accept new connections. In either instance, a restart of the server is required to gain normal functionality.
Successful exploits could allow attackers to execute arbitrary commands, but this has not been confirmed.
10. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/14434
Summary:
BusinessMail is affected by multiple remote buffer-overflow vulnerabilities because the software fails to perform boundary checks. Remote attackers may be able to execute machine code in the context of the server process.
BusinessMail 4.60 is reportedly vulnerable; other versions may be affected as well.
11. Mozilla FireFox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.
This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.
Firefox 2.0.0.4 and prior versions are vulnerable.
12. Hunkaray Okul Portaly Haberoku.ASP SQL Injection Vulnerability
BugTraq ID: 24288
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24288
Summary:
Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Hünkaray Okul Portalý 1.1 is vulnerable to this issue.
13. PHP Chunk_Split() Function Integer Overflow Vulnerability
BugTraq ID: 24261
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24261
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.
Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects versions of PHP prior to 5.2.3.
14. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
BugTraq ID: 23359
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23359
Summary:
PHP is prone to an email-newline-injection vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.
15. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service conditions.
16. Credant Mobile Guardian Shield Information Disclosure Vulnerability
BugTraq ID: 24139
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24139
Summary:
Credant Mobile Guardian Shield is prone to an information-disclosure vulnerability because it stores sensitive password information in plain text.
This issue affects Credant Mobile Guardian Shield 5.2.1.105 and prior versions.
17. Cisco Wireless Control System Multiple Security Vulnerabilities
BugTraq ID: 18701
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/18701
Summary:
Cisco Wireless Control System is prone to multiple security vulnerabilities.
The following issues have been disclosed:
- Authorization-bypass vulnerability due to multiple hardcoded username and password pairs
- Arbitrary file access vulnerability
- Cross-site scripting vulnerability
- Information-disclosure vulnerability
An attacker can exploit these issues to retrieve potentially sensitive information, overwrite files, perform cross-site scripting attacks, and gain unauthorized access; other attacks are also possible.
18. Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24285
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24285
Summary:
Okyanusmedya is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
19. Agnitum Outpost Firewall Outpost_IPC_HDR Local Denial of Service Vulnerability
BugTraq ID: 24284
Remote: No
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24284
Summary:
Outpost Firewall is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue to block arbitrary processes, denying service to legitimate users.
This issue affects Outpost Firewall 4.0 build 1007.591.145 and build 964.582.059; other versions may also be affected.
20. Open Solution QuickCart Index.PHP Local File Include Vulnerability
BugTraq ID: 24281
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24281
Summary:
Quick.Cart is prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Quick.Cart 2.2 and prior versions are vulnerable to this issue.
21. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
BugTraq ID: 20733
Remote: No
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/20733
Summary:
Mutt creates temporary files in an insecure manner.
Attackers could exploit these issues to perform symlink attacks to overwrite arbitrary files using the privileges of the user running the vulnerable application.
Mutt 1.5.12 and prior versions are vulnerable.
22. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.
GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.
23. IBM Web-based System Manager Unspecified Denial of Service Vulnerability
BugTraq ID: 24240
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24240
Summary:
IBM Web-based System Manager (WebSM) is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory, resulting in a denial-of-service condition.
24. Provideo Camimage Class ISSCamControl.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24279
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24279
Summary:
Provideo Camimage Class ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Provideo Camimage Class 1.0.1.5; other versions may also be affected.
25. DVD X Player PLF File Buffer Overflow Vulnerability
BugTraq ID: 24278
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24278
Summary:
DVD X Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.
This issue affects DVD X Player 4.1; other versions may also be affected.
26. PHPLive Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24276
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24276
Summary:
PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PHP Live! 3.2.2 is vulnerable to this issue; other versions may also be affected.
27. Symantec Ghost Solution Suite UDP Packet Multiple Denial of Service Vulnerabilities
BugTraq ID: 24323
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24323
Summary:
Symantec Ghost Solution Suite is prone to multiple denial-of-service vulnerabilities because it fails to handle certain UDP network packets.
Successful exploits may allow remote attackers to cause denial-of-service conditions via the client or server daemons.
These issues affects Ghost Solution Suite 2.0.0 and prior versions.
28. MadWifi Multiple Denial of Service Vulnerabilities
BugTraq ID: 24114
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24114
Summary:
MadWifi is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause system crashes and deny service to legitimate users.
Versions of MadWifi prior to 0.9.3.1 are vulnerable.
29. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
BugTraq ID: 24267
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24267
Summary:
The Sun Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of a user who invokes a malicious Java applet.
30. ComicSense Index.PHP SQL Injection Vulnerability
BugTraq ID: 24329
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24329
Summary:
ComicSense is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
31. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content
Other attacks may also be possible.
32. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.
Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.
To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.
Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.
33. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.
This issue affects 'libpng' 1.2.16 and prior versions.
34. Kravchuk K-Letter Multiple Remote File Include Vulnerabilities
BugTraq ID: 24334
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24334
Summary:
Kravchuk K-letter is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application.
An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
These issues affect K-letter 1.0; other versions may also be affected.
35. FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
BugTraq ID: 24333
Remote: No
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24333
Summary:
FreeVMS backup utility is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects versions prior to FreeVMS 0.3.6
36. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24283
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24283
Summary:
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.
UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.
UPDATE - June 6 2007: The WebKit framework used by Safari is reported to be vulnerable. Builds 522 and later which are associated with the nightly WebKit build are vulnerable; other versions may also be affected.
37. W3M Browser InputAnswer Format String Vulnerability
BugTraq ID: 24332
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24332
Summary:
W3M is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attack can exploit this issue to execute arbitrary machine code in the context of the user running the affected browser. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.
Versions prior to W3M 0.5.2 are vulnerable.
38. Acme.Serve v1.7 Arbitrary File Access Vulnerability
BugTraq ID: 2809
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/2809
Summary:
Acme.Serve is a free, open source embeddable web server written in Java. It is small and intended to provide minimal functionality and is fully compatible with JavaServer.
Acme.Serve version 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.
If an attacker were to connect, they could view possibly sensitive information.
39. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
BugTraq ID: 24313
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24313
Summary:
Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.
Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.
Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.
40. Symantec Reporting Server Authentication Bypass Vulnerability
BugTraq ID: 24325
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24325
Summary:
Symantec Reporting Server is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain access to the reporting database.
41. Symantec Reporting Server Password Information Disclosure Vulnerability
BugTraq ID: 24312
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24312
Summary:
Symantec Reporting Server is prone to an information-disclosure vulnerability.
Successfully exploiting this issue would allow an attacker to obtain sensitive information that will allow the attacker to gain administrative access to the server database.
42. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
BugTraq ID: 23762
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/23762
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability. The issue is exposed when Net-SNMP is configured to communicate over TCP; Net-SNMP using UDP is unaffected.
This issue affects Net-SNMP when running in 'master agentx' mode. An attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.
43. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.
An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.
44. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
BugTraq ID: 24346
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24346
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.
An attacker may exploit this issue by enticing victims into opening a malicious file.
Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.
45. ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability
BugTraq ID: 24345
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24345
Summary:
ASP Folder Gallery is prone to an arbitrary file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the affected webserver.
46. Wordpress XMLRPC.PHP SQL Injection Vulnerability
BugTraq ID: 24344
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24344
Summary:
WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects WordPress 2.2; other versions may also be vulnerable.
47. JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
BugTraq ID: 24342
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24342
Summary:
JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
JD-Wiki 1.0.2 and earlier are vulnerable to this issue; other versions may also be affected.
48. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.
No further information is currently available. This BID will be updated as more information is disclosed.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Specific vulnerable Yahoo! Messenger versions are not known, but versions in the 8 series for Microsoft Windows are reportedly affected.
49. PBLang Login.PHP Local File Include Vulnerability
BugTraq ID: 24340
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24340
Summary:
PBLang is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Version 4.67.16.a is vulnerable to this issue; prior versions may also be affected.
50. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.
51. MaraDNS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24337
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24337
Summary:
MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.
Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.
MaraDNS versions prior to 1.2.12.06 are vulnerable.
52. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
BugTraq ID: 23927
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/23927
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in unintended overflows.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.
Versions of libexif prior to 0.6.14 are vulnerable to this issue.
53. E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24328
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24328
Summary:
E-Book Systems FlipViewer ActiveX Control is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Versions prior to FlipViewer 4.0 are vulnerable; other versions may also be affected.
54. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 24256
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24256
Summary:
HP System Management Homepage is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Versions of HP System Management Homepage (SMH) prior to 2.1.2 for Linux and Windows are affected.
55. Kevin Johnson BASE Base_Main.PHP Authentication Bypass Vulnerability
BugTraq ID: 24315
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24315
Summary:
BASE is prone to an authentication-bypass vulnerability due to a design error.
An attacker can exploit this issue to gain unauthorized access to the affected application.
This issue affects BASE 1.3.6; prior versions may also be affected.
56. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
57. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
58. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24198
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24198
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
59. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 23973
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/23973
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
This BID previously documented multiple heap-based buffer-overflow vulnerabilities affecting Samba. Each issue has been assigned its own individual record. The issues are covered in this BID and the following records:
BID 24195 - Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BID 24196 - Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BID 24197 - Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BID 24198 - Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
60. Samba MS-RPC Remote Shell Command Execution Vulnerability
BugTraq ID: 23972
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/23972
Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application.
This issue affects Samba 3.0.0 to 3.0.25rc3.
61. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24197
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24197
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
62. Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation Vulnerability
BugTraq ID: 24327
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24327
Summary:
Sun Solaris Management Console is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to gain superuser privileges. Successful attacks will result in the complete compromise of affected computers.
63. Sun Solaris Management Console Authentication Mechanism Remote Privilege Escalation Vulnerability
BugTraq ID: 24326
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24326
Summary:
Sun Solaris Management Console is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to gain superuser privileges. Successful attacks will result in the complete compromise of affected computers.
64. Util-linux Login Security Bypass Vulnerability
BugTraq ID: 24321
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24321
Summary:
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.
Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.
Versions prior to 'util-linux' 2.12 are vulnerable.
65. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds.
An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer.
Beatnik 1.0 is vulnerable; other versions may also be affected.
66. SSL-Explorer Multiple Input Validation Vulnerabilities
BugTraq ID: 24319
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24319
Summary:
SSL-Explorer is prone to multiple input-validation vulnerabilities, including HTML-injection, cross-site scripting, and directory-traversal issues, because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, and access or modify data.
67. Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 24317
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24317
Summary:
Multiple vendor products are prone to a remote buffer-overflow vulnerability in 'XFERWAN.EXE'.
The vulnerability arises in the service when handling logging requests. Specifically, a long filename can trigger an overflow condition that will corrupt memory.
A remote attacker may trigger a denial-of-service condition or may execute arbitrary code with SYSTEM privileges. This may facilitate a complete compromise of affected systems.
The following versions contain the affected executable and are considered vulnerable:
Centennial Discovery 2006 Feature Pack 1
Symantec Discovery 6.5
Numara Asset Manager 8.0
Earlier versions of each application may be affected as well.
68. WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24297
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24297
Summary:
WebStudio CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
69. IBM Lotus Domino Agent Signature Verification Local Privilege Escalation Vulnerability
BugTraq ID: 24322
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24322
Summary:
IBM Lotus Domino Server is prone to a privilege-escalation vulnerability because of a design error.
An attacker can exploit this issue to gain administrative access to the database server.
Versions prior to IBM Lotus Domino 7.0.2 Fix Pack 2 (FP2) are vulnerable.
70. Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability
BugTraq ID: 24194
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24194
Summary:
Symantec Storage Foundation is prone to an authentication-bypass vulnerability.
Attackers may exploit this issue to bypass the authentication mechanism in the management console and gain access to the scheduler service socket. This will allow attackers to add arbitrary commands to be executed during normal scheduled runs, compromising affected computers.
Since the affected service is not commonly exposed to unauthorized network hosts, the attacker must have local network access to exploit this issue.
This issue affects Symantec Storage Foundation 5.0 for Windows.
71. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
BugTraq ID: 21435
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
The 'xine-lib' library running on Real media is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
72. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.
A successful attack may allow an attacker to cause denial-of-service conditions.
Versions prior to ClamAV 0.90.3 are affected.
73. Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
BugTraq ID: 24314
Remote: No
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24314
Summary:
Sun Solaris, running Gnome sessions with Assistive Technology and xscreensaver, is prone to a local arbitrary-command-execution vulnerability.
An attacker can exploit this issue to execute arbitrary commands with the privileges of the user running xscreensaver.
74. My DataBook Diary.PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 24311
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24311
Summary:
My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
75. WebSVN Filedetails.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24310
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24310
Summary:
WebSVN is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
WebSVN 2.0rc4 is affected; other versions may also be vulnerable.
76. Movable Type Multiple Input Validation Vulnerabilities And User Enumeration Weakness
BugTraq ID: 24304
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24304
Summary:
Movable Type is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. It is also prone to a username-enumeration weakness.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, cause arbitrary script code to run within the context of the webserver process that is hosting the affected software, and compromise the availability and integrity of a computer to ultimately gain remote unauthorized access by overwriting sensitive files (such as the password file).
Movable Type 3.16 is affected; other versions may also be vulnerable.
77. Quick.Cart General.PHP Local File Include Vulnerability
BugTraq ID: 24299
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24299
Summary:
Quick.Cart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Quick.Cart 2.2 is vulnerable; other versions may also be affected.
78. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
BugTraq ID: 24298
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24298
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
79. Linker Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24296
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24296
Summary:
Codelib Linker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Codelib Linker 2.0.4 is vulnerable; other versions may also be affected.
80. PostNuke PNPHPBB2 Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 24295
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24295
Summary:
The PostNuke PNPHPBB2 module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
This issue affects PNPHPBB2 1.2; prior versions are also affected.
81. EQDKP Listmembers.PHP SQL Injection Vulnerability
BugTraq ID: 24294
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24294
Summary:
EQdkp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
EQdkp 1.3.2 is vulnerable to this issue; earlier versions may also be affected.
82. Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
BugTraq ID: 24290
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24290
Summary:
Menéame is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Menéame 2 are vulnerable.
83. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
BugTraq ID: 24192
Remote: No
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24192
Summary:
Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.
84. PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability
BugTraq ID: 24111
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24111
Summary:
PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files.
An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite files in arbitrary locations.
This issue affects PEAR 1.0 to 1.5.3.
85. LHA Insecure Temporary File Creation Vulnerability
BugTraq ID: 24336
Remote: No
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24336
Summary:
The lha application creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
86. WordPress Predictable Cookie Generation Information Disclosure Vulnerability
BugTraq ID: 24309
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24309
Summary:
WordPress is prone to an information-disclosure vulnerability because it generates author cookies in a predictable manner.
Attackers can exploit this issue to view unmoderated comments which could contain potentially sensitive information.
WordPress 2.2 and prior versions are vulnerable.
87. SendCard SendCard.PHP Local File Include Vulnerability
BugTraq ID: 24308
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24308
Summary:
Sendcard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
This issue affects Sendcard 3.4.1; prior versions are also affected.
88. IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 24307
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24307
Summary:
The webserver included with IBM Lotus Domino is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain HTTP requests.
Successfully exploiting this issue allows remote attackers to crash affected webservers, denying further service to legitimate users.
This issue is a regression introduced in version 6.0 of Lotus Domino.
89. F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
BugTraq ID: 24306
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24306
Summary:
F5 Firepass 4100 SSL VPN is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands on the affected device. Successful attacks will compromise the device.
90. XOOPS IContent Module Spaw_Control.Class.PHP Remote File Include Vulnerability
BugTraq ID: 24302
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24302
Summary:
XOOPS iContent is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
91. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
BugTraq ID: 24287
Remote: No
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24287
Summary:
The 'sudo' utility and the 'ptrace' call are prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
92. Hitachi XP/W Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 24262
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24262
Summary:
Hitachi XP/W are prone to a remote denial-of-service vulnerability.
Successful exploits may allow attackers to crash affected servers, effectively denying further service to legitimate users.
93. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
BugTraq ID: 21925
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/21925
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers.
94. Microsoft Excel Malformed String Remote Code Execution Vulnerability
BugTraq ID: 21877
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/21877
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which could result in the compromise of affected computers.
95. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
BugTraq ID: 21856
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/21856
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application, which can result in the compromise of affected computers.
96. eSellerate SDK eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24300
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24300
Summary:
eSellerate SDK ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects eSellerate SDK 3.6.5.0; other versions may also be affected.
97. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
BugTraq ID: 24303
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24303
Summary:
Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.
An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks.
This issue was introduced as part of the fix for BID 24191 (Mozilla Firefox Resource Directory Traversal Vulnerability) in Firefox 2.0.0.4.
98. IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 23264
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23264
Summary:
IBM Tivoli Provisioning Manager for OS Deployment is prone to multiple stack-based buffer-overflow issues because the software fails to bounds-check user-supplied input.
An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges or to crash services. Successful attacks may result in the complete compromise of affected computers.
IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.116 is vulnerable; other versions may also be affected.
99. Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
BugTraq ID: 24293
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24293
Summary:
Mozilla Firefox is prone to a security-mechanism-bypass vulnerability because it fails to adequately prevent action prompt options from being selected before a delay timer has finished counting down.
Attackers can exploit this issue to initiate downloads or run files on a user's computer without their knowledge or consent. Successful attacks can allow arbitrary code to run with the privileges of the user running the application.
This issue is reportedly being tracked by Bugzilla Bug 376473.
Firefox 2.0.0.4 and prior versions are vulnerable.
100. GDB Process_Coff_Symbol UPX File Buffer Overflow Vulnerability
BugTraq ID: 24291
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24291
Summary:
GDB is prone to a buffer-overflow vulnerability because it fails to properly check bounds when handling specially crafted executable files.
Attackers could leverage this issue to run arbitrary code outside of a restricted environment, which may lead to privilege escalation. Symantec has not confirmed code execution.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Judge nixes teacher's conviction on porn pop-ups
By: Robert Lemos
A Connecticut judge grants a new trial for substitute teacher Julie Amero, saying that forensics information discovered after her conviction has direct bearing on her case.
http://www.securityfocus.com/news/11469
2. Zero-day sales not "fair" -- to researchers
By: Robert Lemos
A security analyst tries his hand at selling two vulnerabilities and finds that economics and time are against him.
http://www.securityfocus.com/news/11468
3. Insecure plug-ins pose danger to Firefox users
By: Robert Lemos
A security researcher warns that an insecure update mechanism for some of the open-source browser's third-party add-ons could allow an attacker the ability to install malicious code.
http://www.securityfocus.com/news/11467
4. Peer-to-peer networks co-opted for DOS attacks
By: Robert Lemos
Attackers compromise the hub servers of the DC++ peer-to-peer network, turning hundreds of thousands of clients into hard-to-stop distributed denial-of-service attacks.
http://www.securityfocus.com/news/11466
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #344
http://www.securityfocus.com/archive/88/470135
VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. SSL Cert for patchpro.sun.com Invalid?
http://www.securityfocus.com/archive/92/470584
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
No comments:
Post a Comment