WINDOWS CENTER: SecurityFocus Newsletter #408

SecurityFocus Newsletter #408
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000008yka

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Don't Be Evil
2. Persistence of data on storage media
II. BUGTRAQ SUMMARY
1. Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability
2. Liesbeth Base CMS Information Disclosure Vulnerability
3. VBZooM Multiple SQL Injection Vulnerabilitie
4. Coppermine Photo Gallery Albmgr.PHP SQL Injection Vulnerability
5. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
6. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
7. Gnome Evolution Format String Vulnerability
8. OpenOffice RTF File Parser Buffer Overflow Vulnerability
9. HP Instant Support ActiveX Control Driver Check Buffer Overflow Vulnerability
10. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
11. Libpng Library Remote Denial of Service Vulnerability
12. Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
13. PostNuke PNPHPBB2 Module Viewforum.PHP SQL Injection Vulnerability
14. MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15. GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability
16. MyCMS Multiple Input Validation Vulnerabilities
17. SuperCali Index.PHP SQL Injection Vulnerability
18. Girlserv Ads Details_News.PHP SQL Injection Vulnerability
19. Oliver Multiple Cross-Site Scripting Vulnerabilities
20. LightBlog Main.PHP Arbitrary File Upload Vulnerability
21. HP TCP/IP Services for OpenVMS User Enumeration Weakness and Security Bypass Vulnerabilities
22. ImLib BMP Image _LoadBMP Function Denial of Service Vulnerability
23. PHP Director Videos.PHP SQL Injection Vulnerability
24. GSAMBAD Insecure Temporary File Creation Vulnerability
25. PHP-Fusion ShoutBox_Panel.PHP Cross-Site Scripting Vulnerability
26. Flac123 Local__VCentry_Parse_Value() Stack Buffer Overflow Vulnerability
27. Moodle Index.PHP Cross Site Scripting Vulnerability
28. BBS100 Multiple Denial of Service Vulnerabilities
29. GIMP PSD File Integer Overflow Vulnerability
30. Asterisk SIP T.38 SDP Parsing Remote Stack Buffer Overflow Vulnerabilities
31. Microsoft Internet Explorer Zone Denial of Service Vulnerability
32. SoftNews Media Group DataLife Engine Multiple Remote File Include Vulnerabilities
33. Claroline $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities
34. LightBlog Add_Comment.PHP Cross-Site Scripting Vulnerability
35. SaPHPLesson Show.PHP SQL Injection Vulnerability
36. Free Domain CO.NR Clone Members.PHP SQL Injection Vulnerability
37. Efendy Blog Search Field Cross Site Scripting Vulnerability
38. ETicket SERVER[REQUEST_URI] Parameter Multiple HTML Injection Vulnerabilities
39. SAPHPLesson Multiple SQL Injection Vulnerabilities
40. SlackRoll Malicious Package Denial of Service Vulnerability
41. SPHPell Multiple Remote File Include Vulnerabilities
42. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
44. Buddy Zone Multiple SQL Injection Vulnerabilities
45. XCMS Multiple Local File Include Vulnerabilities
46. Ripe Website Manager Multiple Remote File Include and Information Disclosure Vulnerabilities
47. Easybe 1-2-3 Music Store Process.PHP Script SQL Injection Vulnerability
48. Fireflier-Server Insecure Temporary File Creation Vulnerability
49. HispaH Youtube Clone MSG.PHP Script SQL Injection Vulnerability
50. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
51. File(1) Command File_PrintF Integer Underflow Vulnerability
52. File Multiple Denial of Service Vulnerabilities
53. EXIF Library EXIF File Processing Integer Overflow Vulnerability
54. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
55. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
56. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
57. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
58. EKG Multiple Remote Denial of Service Vulnerabilities
59. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
60. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
61. Unicon-imc2 Environment Variable Buffer Overflow Vulnerability
62. AV Arcade Cookie[ava_userid] Authentication Bypass Vulnerability
63. Gorki Online Santrac Sitesi Uyeler.ASP Multiple HTML Injection Vulnerabilities
64. AV Arcade View_Page.PHP SQL Injection Vulnerability
65. Elite Bulletin Board Multiple Input Validation Vulnerabilities
66. Fujitsu ServerView DBASCIIAccess Remote Command Execution Vulnerability
67. Fujitsu PRIMERGY BX300 Blade Server Information Disclosure Vulnerability
68. Microsoft Windows Registry Access Local Denial of Service Vulnerability
69. ESRI ArcSDE Server Stack Buffer Overflow Vulnerability
70. ArcadeBuilder Cookie Data SQL Injection Vulnerability
71. Esqlanelapse Multiple Unspecified Vulnerabilities
72. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
73. EQDKP Login.PHP Arbitrary Variable Overwrite Vulnerability
74. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
75. British Telecommunications Consumer Webhelper Multiple Buffer Overflow Vulnerabilities
76. Axis Camera Control ActiveX Control AxisCamControl.OCX Remote Buffer Overflow Vulnerability
77. OpenSSH SCP Shell Command Execution Vulnerability
78. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
79. Util-linux Login Security Bypass Vulnerability
80. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
81. GDB DWARF Multiple Buffer Overflow Vulnerabilities
82. Sun Solaris Remote IPv6 IPSec Packet Denial of Service Vulnerability
83. OpenLDAP SLAPD Access Control Circumvention Vulnerability
84. RETIRED:Symantec Norton Personal Firewall 2006 SymEvent Driver Local Denial of Service Vulnerability
85. Xvid Avi MBCoding.C Remote Code Execution Vulnerability
86. Gnome Evolution Data Server Array Index Memory Access Vulnerability
87. Sun Java Web Start Arbitrary File Overwrite Privilege Escalation Vulnerability
88. VBZoom Forum.php SQL Injection Vulnerability
89. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
90. TotalCalendar View_Event Script SQL Injection Vulnerability
91. Retired: MiniBB Language Parameter Local File Include Vulnerability
92. Wheatblog Login SQL Injection Vulnerability
93. Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
94. WebAPP Multiple Vulnerabilities
95. WebApp.org and WebApp.net Multiple Input Validation Vulnerabilities
96. Menu Manager Module System Command Remote Command Execution Vulnerability
97. Web-App.Org and Web-App.Net Multiple Cross-Site Scripting Vulnerabilities
98. Colored Scripts Easy Message Board Remote Command Execution Vulnerability
99. Web-APP.Org WebAPP Directory Traversal Vulnerability
100. McAfee SecurityCenter Subscription Manager ActiveX Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Lawmakers worry over gov't network breaches
2. Amero case spawns effort to educate
3. Group: Anti-hacking laws can hobble Net security
4. Judge nixes teacher's conviction on porn pop-ups
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Writing ascii shellcode (\xcc)
2. PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)
3. Developing exploit for a tricky vulnerability
4. Exotic vulnerability
VII. MICROSOFT FOCUS LIST SUMMARY
1. Help debugging a problem - Virtual Server 2005
2. MS ISA 2004 Server
3. SecurityFocus Microsoft Newsletter #348
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447

2. Persistence of data on storage media
By Jamie Ridden
Jamie Ridden discusses the re-use of storage media and how slack space can prevent sensitive data from being completely removed.
http://www.securityfocus.com/infocus/1891

II. BUGTRAQ SUMMARY
--------------------
1. Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability
BugTraq ID: 24743
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24743
Summary:
Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful exploit will result in the complete compromise of affected devices.

2. Liesbeth Base CMS Information Disclosure Vulnerability
BugTraq ID: 24749
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24749
Summary:
Liesbeth Base CMS is prone to an information-disclosure vulnerability.

Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.

3. VBZooM Multiple SQL Injection Vulnerabilitie
BugTraq ID: 18937
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/18937
Summary:
VBZooM is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

An attacker may be able to exploit these issues to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.

4. Coppermine Photo Gallery Albmgr.PHP SQL Injection Vulnerability
BugTraq ID: 21894
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/21894
Summary:
Coppermine Photo Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Coppermine Photo Gallery versions prior to 1.4.11 are vulnerable.

5. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

6. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
BugTraq ID: 24267
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24267
Summary:
The Sun Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of a user who invokes a malicious Java applet.

7. Gnome Evolution Format String Vulnerability
BugTraq ID: 23073
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23073
Summary:
Gnome Evolution is prone to a format-string vulnerability.

This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier in a shared memo.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other versions may also be affected.

8. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

9. HP Instant Support ActiveX Control Driver Check Buffer Overflow Vulnerability
BugTraq ID: 24730
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24730
Summary:
HP Instant Support ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

10. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
BugTraq ID: 23192
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the mod_perl module.

11. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

12. Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
BugTraq ID: 24314
Remote: No
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24314
Summary:
Sun Solaris, running Gnome sessions with Assistive Technology and xscreensaver, is prone to a local arbitrary-command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands with the privileges of the user running xscreensaver.

13. PostNuke PNPHPBB2 Module Viewforum.PHP SQL Injection Vulnerability
BugTraq ID: 24760
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24760
Summary:
The PostNuke PNPHPBB2 module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

This issue affects PNPHPBB2 1.2i and prior; other versions are also affected.

14. MySQLDumper Apache Access Control Authentication Bypass Vulnerability
BugTraq ID: 24759
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24759
Summary:
MySQLDumper is prone to an authentication-bypass vulnerability due to a configuration error in the apache access control files.

An attacker can exploit this issue to remove the apache access control files, gain access to protected files and compromise the affected application.

15. GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability
BugTraq ID: 24758
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24758
Summary:
GNU glibc is prone to an integer-overflow vulnerability because it fails to properly ensure that integer math operations do not result in overflow.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected application. Failed exploit attempts will result in a denial-of-service.

Versions 2.5 and prior vulnerable to this issue.

16. MyCMS Multiple Input Validation Vulnerabilities
BugTraq ID: 24757
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24757
Summary:
MyCMS is prone to multiple input-validation vulnerabilities. These include multiple remote file-include issues, authentication-bypass and arbitrary command-execution vulnerabilities.

Successful exploits will allow remote attackers to execute arbitrary system commands and PHP script code in the context of the affected webserver, bypass authentication and compromise the vulnerable application.

These issues affect MyCMS 0.9.8 and prior.

17. SuperCali Index.PHP SQL Injection Vulnerability
BugTraq ID: 24756
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24756
Summary:
SuperCali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Version 4.0 is vulnerable; other versions may also be affected.

18. Girlserv Ads Details_News.PHP SQL Injection Vulnerability
BugTraq ID: 24755
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24755
Summary:
Girlserv ads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 1.5; prior versions may also be affected.

19. Oliver Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24754
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24754
Summary:
Oliver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

20. LightBlog Main.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 24752
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24752
Summary:
LightBlog is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.

Version 6.8 is vulnerable; other versions may also be affected.

21. HP TCP/IP Services for OpenVMS User Enumeration Weakness and Security Bypass Vulnerabilities
BugTraq ID: 24751
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24751
Summary:
The TCP/IP service for OpenVMS is prone to a user-enumeration weakness and a security-bypass vulnerability.

An attacker can exploit these issues to enumerate valid usernames and to aid in brute-force attacks.

These issues affect TCP/IP Services 5.6 for OpenVMS. Other versions may also be affected.

22. ImLib BMP Image _LoadBMP Function Denial of Service Vulnerability
BugTraq ID: 24750
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24750
Summary:
ImLib is prone to a denial-of-service vulnerability because the application fails to properly process certain BMP image files.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted BMP files.

An attacker could exploit this issue to cause denial-of-service conditions on applications using the affected library.

23. PHP Director Videos.PHP SQL Injection Vulnerability
BugTraq ID: 24729
Remote: Yes
Last Updated: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24729
Summary:
PHP Director is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Version 0.21 is vulnerable; other versions may also be affected.

24. GSAMBAD Insecure Temporary File Creation Vulnerability
BugTraq ID: 24717
Remote: No
Last Updated: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24717
Summary:
GSAMBAD creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

An attacker may leverage this issue to corrupt or overwrite arbitrary files with the privileges of an unsuspecting user that activated the affected application. Reportedly, attackers can exploit this issue to escalate privileges.

All versions of GSAMBAD are considered to be vulnerable to this issue.

25. PHP-Fusion ShoutBox_Panel.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24733
Remote: Yes
Last Updated: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24733
Summary:
PHP-Fusion is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue affects version 6.01.10; other versions may also be affected.

26. Flac123 Local__VCentry_Parse_Value() Stack Buffer Overflow Vulnerability
BugTraq ID: 24712
Remote: Yes
Last Updated: 2007-06-29
Relevant URL: http://www.securityfocus.com/bid/24712
Summary:
The 'flac123' utility is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of a user running the application. Failed attempts will likely cause denial-of-service conditions.

This issue affects 'flac123' 0.0.9; other versions may also be affected.

27. Moodle Index.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24748
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24748
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Moodle 1.7.1; other versions may also be vulnerable.

28. BBS100 Multiple Denial of Service Vulnerabilities
BugTraq ID: 24747
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24747
Summary:
The 'bbs100' program is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the service. Other attacks may be possible as well.

Versions prior to bbs100 3.2 are affected.

29. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

30. Asterisk SIP T.38 SDP Parsing Remote Stack Buffer Overflow Vulnerabilities
BugTraq ID: 23648
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/23648
Summary:
Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.

Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.

NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'.

31. Microsoft Internet Explorer Zone Denial of Service Vulnerability
BugTraq ID: 24744
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24744
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

Remote attackers can exploit this issue to cause the application to hang when viewing arbitrary websites.

This issue affects Internet Explorer 6 and 7.

32. SoftNews Media Group DataLife Engine Multiple Remote File Include Vulnerabilities
BugTraq ID: 22913
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/22913
Summary:
DataLife Engine is prone to multiple remote file-include vulnerabilities.

An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Further reports reveals the reported vulnerable parameter is a constant and not a variable, thus can not be controlled by an attacker. This BID is being retired as the application is not vulnerable.

33. Claroline $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24742
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24742
Summary:
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Versions prior to Claroline 1.8.4 are vulnerable.

34. LightBlog Add_Comment.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24741
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24741
Summary:
LightBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to LightBlog 6 are vulnerable.

35. SaPHPLesson Show.PHP SQL Injection Vulnerability
BugTraq ID: 18117
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/18117
Summary:
SaPHPLesson is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

36. Free Domain CO.NR Clone Members.PHP SQL Injection Vulnerability
BugTraq ID: 24737
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24737
Summary:
Free Domain CO.NR Clone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Free Domain CO.NR Clone 1.0 is vulnerable; other versions may also be affected.

37. Efendy Blog Search Field Cross Site Scripting Vulnerability
BugTraq ID: 24738
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24738
Summary:
Efendy Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Efendy Blog 1.0; other versions may also be affected.

38. ETicket SERVER[REQUEST_URI] Parameter Multiple HTML Injection Vulnerabilities
BugTraq ID: 24740
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24740
Summary:
eTicket is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

This issue affects eTicket 1.5.1.1; other versions may also be affected.

39. SAPHPLesson Multiple SQL Injection Vulnerabilities
BugTraq ID: 18501
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/18501
Summary:
The saphplesson module is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

40. SlackRoll Malicious Package Denial of Service Vulnerability
BugTraq ID: 24739
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24739
Summary:
SlackRoll is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects versions prior to SlackRoll 10.

41. SPHPell Multiple Remote File Include Vulnerabilities
BugTraq ID: 24727
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24727
Summary:
SPHPell is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues are reported to affect SPHPell 1.01; other versions may also be vulnerable.

42. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
BugTraq ID: 24725
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24725
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability that can allow an attacker to access sensitive files.

This issue stems from a design error resulting from the improper handling of form fields.

All versions of Firefox are considered vulnerable.

43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

44. Buddy Zone Multiple SQL Injection Vulnerabilities
BugTraq ID: 24726
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24726
Summary:
Buddy Zone is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Buddy Zone 1.5 and prior versions are vulnerable; other versions may also be affected.

45. XCMS Multiple Local File Include Vulnerabilities
BugTraq ID: 24724
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24724
Summary:
XCMS is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts within the context of the webserver process.

These issues affect XCMS 1.1; other versions may also be affected.

46. Ripe Website Manager Multiple Remote File Include and Information Disclosure Vulnerabilities
BugTraq ID: 24722
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24722
Summary:
Ripe Website Manager is prone to multiple vulnerabilities, including remote file-include issues and an information-disclosure issue, because the application fails to sufficiently sanitize user-supplied input and because of a desing error.

Exploiting these issues may allow an attacker to compromise the application and the underlying system as well as access sensitive information that may aid in further attacks.

These issues are reported to affect Ripe Website Manager 0.8.9 and earlier versions.

47. Easybe 1-2-3 Music Store Process.PHP Script SQL Injection Vulnerability
BugTraq ID: 24723
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24723
Summary:
1-2-3 Music Store is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

All versions of 1-2-3 Music Store are considered vulnerable.

48. Fireflier-Server Insecure Temporary File Creation Vulnerability
BugTraq ID: 24718
Remote: No
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24718
Summary:
Fireflier-Server application creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to remove arbitrary files from the local system.

Successfully mounting a symlink attack may allow the attacker to remove sensitive files, which may result in a denial of service. Other attacks may also be possible.

49. HispaH Youtube Clone MSG.PHP Script SQL Injection Vulnerability
BugTraq ID: 24720
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24720
Summary:
Youtube Clone script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

All versions of Youtube Clone are considered vulnerable.

50. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
BugTraq ID: 24074
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24074
Summary:
FreeType is prone to an integer-overflow vulnerability because it fails to properly validate TTF files.

An attacker may exploit this issue by enticing victims into opening maliciously crafted TTF Files.

Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects FreeType 2.3.4 and prior versions.

51. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

52. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.

An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.

53. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

54. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
BugTraq ID: 23927
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/23927
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Versions of libexif prior to 0.6.14 are vulnerable to this issue.

55. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
BugTraq ID: 24653
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24653
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.6.1, 1.5.3, and prior versions are vulnerable.

56. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
BugTraq ID: 24657
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24657
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

This issue also affects third-party applications using the affected RPC library.

Kerberos 5 'kadmind' 1.6.1 and prior versions are vulnerable.

57. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
BugTraq ID: 24655
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24655
Summary:
MIT Kerberos 5 Administration Daemon (kadmind) is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

This issue also affects third-party applications using the affected RPC library.

kadmind versions prior to krb5-1.6.1 are vulnerable.

58. EKG Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24600
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24600
Summary:
EKG is prone to multiple remote denial-of-service vulnerabilities because of design errors.

An attacker can trigger these issues to cause denial-of-service conditions to legitimate users of the application.

59. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
BugTraq ID: 24721
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24721
Summary:
phpEventCalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpEventCalendar 0.2.3 and prior versions are reported prone to this issue.

60. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 24734
Remote: No
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24734
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability because it fails to limit memory consumption by 'fast writers'.

Attackers can exploit this issue to consume memory, resulting in denial-of-service conditions.

Versions prior to 2.6.22-rc7 are vulnerable.

61. Unicon-imc2 Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 24719
Remote: No
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24719
Summary:
The 'unicon-imc2' package is affected by a local buffer-overflow vulnerability.

This issue presents itself when the affected application handles a long value supplied through an environment variable.

This issue affects unicon-imc2 3.0.4; oher versions may be affected as well.

62. AV Arcade Cookie[ava_userid] Authentication Bypass Vulnerability
BugTraq ID: 24736
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24736
Summary:
AV Arcade is prone to an authentication-bypass vulnerability because the application fails to check user privileges when accessing the administration pages.

An attacker can exploit this issue to compromise the application, which may aid in further attacks.

AV Arcade 2.1b is vulnerable; other versions may also be affected.

63. Gorki Online Santrac Sitesi Uyeler.ASP Multiple HTML Injection Vulnerabilities
BugTraq ID: 24735
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24735
Summary:
Gorki Online Santrac Sitesi is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

64. AV Arcade View_Page.PHP SQL Injection Vulnerability
BugTraq ID: 24728
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24728
Summary:
AV Arcade is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AV Arcade 2.1b is vulnerable; other versions may also be affected.

65. Elite Bulletin Board Multiple Input Validation Vulnerabilities
BugTraq ID: 24763
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24763
Summary:
Elite Bulletin Board is prone to multiple input validation vulnerabilities because, it fails to sufficiently sanitize user-supplied input. These issues include a vulnerability that permits attackers to modify user profile information and a vulnerability that permits attackers to delete PM messages.

An attacker can exploit these issues to modify user-profiles and delete PM messages. This may lead to further attacks.

These issues affect versions prior to 1.0.10.

66. Fujitsu ServerView DBASCIIAccess Remote Command Execution Vulnerability
BugTraq ID: 24762
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24762
Summary:
Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitized user-supplied data.

Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application. Successful attacks will compromise the application and underlying webserver; other attacks are also possible.

Versions prior to 4.50.09 are vulnerable.

67. Fujitsu PRIMERGY BX300 Blade Server Information Disclosure Vulnerability
BugTraq ID: 24761
Remote: Yes
Last Updated: 2007-07-04
Relevant URL: http://www.securityfocus.com/bid/24761
Summary:
Fujitsu PRIMERGY BX300 is prone to a remote information-disclosure vulnerability because the device fails to properly authenticate users prior to granting access to sensitive information.

Exploiting this issue allows remote attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks.

68. Microsoft Windows Registry Access Local Denial of Service Vulnerability
BugTraq ID: 18995
Remote: No
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/18995
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability.

This issue occurs when a program calls certain API calls for manipulating Windows registry keys. This may crash the affected computer.

NOTE: This BID has been revised (July 3, 2007); the issue was originally thought to be a vulnerability in Symantec Norton Personal Firewall, but further investigation reveals a problem in an underlying OS API.

69. ESRI ArcSDE Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23175
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23175
Summary:
ESRI ArcSDE Server is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue on an affected computer to execute code in the context of the affected application.

ESRI ArcSDE Server versions 8.3, 9.0, and 9.1 are vulnerable to this issue.

Note: This BID was initially written as a denial-of-service issue. It has been updated to a stack-based buffer-overflow issue because of new information.

70. ArcadeBuilder Cookie Data SQL Injection Vulnerability
BugTraq ID: 24731
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24731
Summary:
ArcadeBuilder is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ArcadeBuilder 1.7 is vulnerable; other versions may also be affected.

71. Esqlanelapse Multiple Unspecified Vulnerabilities
BugTraq ID: 24732
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24732
Summary:
Esqlanelapse is prone to multiple unspecified vulnerabilities. Few technical details are currently available. We will update this BID as more information emerges.

Versions prior to Esqlanelapse 2.6 are vulnerable to these issues.

72. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
BugTraq ID: 24690
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24690
Summary:
Sun JavaDoc Tool is prone to a cross-site scripting vulnerability.

73. EQDKP Login.PHP Arbitrary Variable Overwrite Vulnerability
BugTraq ID: 24643
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24643
Summary:
EQdkp is prone to a vulnerability that permits an attacker to overwrite arbitrary variables because of a design error.

Successful exploits will result in the compromise of vulnerable applications or denial-of-service conditions; other attacks are possible.

EQdkp 1.3.2e and prior versions are vulnerable.

74. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

75. British Telecommunications Consumer Webhelper Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24219
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24219
Summary:
The British Telecommunications Consumer Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Versions of British Telecommunications Consumer Webhelper ActiveX Control prior to 2.0.0.8 are vulnerable to these issues.

76. Axis Camera Control ActiveX Control AxisCamControl.OCX Remote Buffer Overflow Vulnerability
BugTraq ID: 23816
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23816
Summary:
Axis Camera Control is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful attacks corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.

Axis Camera Control versions prior to 2.40.0.0 are vulnerable to this issue.

77. OpenSSH SCP Shell Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of SCP.

This issue reportedly affects OpenSSH 4.2; other versions may also be affected.

78. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
BugTraq ID: 23437
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23437
Summary:
Opera Web Browser is prone to an information-disclosure vulnerability when running Adobe Flash Player.

An attacker can exploit this issue to access potentially sensitive information.

These versions are vulnerable:

Opera Web Browser prior to 9.20 for Linux, Solaris, and FreeBSD
Adobe Flash Player prior to 9.0.28.0

This issue also affects the Konqueror web browser.

79. Util-linux Login Security Bypass Vulnerability
BugTraq ID: 24321
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24321
Summary:
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.

Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.

Versions prior to 'util-linux' 2.12 are vulnerable.

80. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

81. GDB DWARF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19802
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of insufficient bounds-checking when handling DWARF and DWARF2 data.

Attackers could leverage this issue to run arbitrary code outside of a restricted environment; this may lead to privilege escalation.

82. Sun Solaris Remote IPv6 IPSec Packet Denial of Service Vulnerability
BugTraq ID: 24473
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24473
Summary:
Sun Solaris is prone to a denial-of-service vulnerability because the operating system fails to handle exceptional conditions.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

83. OpenLDAP SLAPD Access Control Circumvention Vulnerability
BugTraq ID: 19832
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP slapd is prone to a vulnerability that allows attackers to circumvent access controls.

An attacker may be able to modify any domain name regardless of the owner.

Versions prior to 2.3.25 are vulnerable.

84. RETIRED:Symantec Norton Personal Firewall 2006 SymEvent Driver Local Denial of Service Vulnerability
BugTraq ID: 22961
Remote: No
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/22961
Summary:
Norton Personal Firewall 2006 is prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver.

A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users.

This issue is reportedly a regression from the vulnerability described in BID 20051 (Symantec Multiple Products SymEvent Driver Local Denial of Service Vulnerability). Symantec is currently investigating this issue; this BID will be updated as more information becomes available.

NOTE: This BID is being retired because it is already covered in BID 20051.

85. Xvid Avi MBCoding.C Remote Code Execution Vulnerability
BugTraq ID: 24561
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24561
Summary:
Xvid is prone to a remote code-exexcution vulnerability due to an array-indexing error.

Attackers can exploit this issue to execute arbitrary code on an unsuspecting user's computer.

Xvid 1.1.2 is vulnerable; other versions may also be affected.

86. Gnome Evolution Data Server Array Index Memory Access Vulnerability
BugTraq ID: 24567
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24567
Summary:
Evolution is prone to an input-validation error that attackers may exploit to execute arbitrary code. The vulnerability stems from an input-validation error for a critical array index value.

Versions prior to Evolution Data Server 1.11.4 are vulnerable.

87. Sun Java Web Start Arbitrary File Overwrite Privilege Escalation Vulnerability
BugTraq ID: 24695
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24695
Summary:
Java Web Start is prone to a vulnerability that can result in privilege escalation.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.

This issue affects these versions:

Java Web Start in JDK and JRE 5.0 Update 11 (and prior versions)
Java Web Start in SDK and JRE 1.4.2_13 (and prior versions)

88. VBZoom Forum.php SQL Injection Vulnerability
BugTraq ID: 18472
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/18472
Summary:
VBZooM is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

89. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
BugTraq ID: 24436
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24436
Summary:
Firebird SQL is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.

Firebird SQL 2.0 is vulnerable; previous versions may also be affected.

90. TotalCalendar View_Event Script SQL Injection Vulnerability
BugTraq ID: 24716
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24716
Summary:
TotalCalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TotalCalendar 2.402 is reported vulnerable; other versions may also be affected.

91. Retired: MiniBB Language Parameter Local File Include Vulnerability
BugTraq ID: 24503
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24503
Summary:
miniBB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

miniBB 2.0.5 is vulnerable to this issue; prior versions may also be affected.

NOTE: Further analysis reveals that this issue is not exploitable. Therefore, this BID is being retired.

92. Wheatblog Login SQL Injection Vulnerability
BugTraq ID: 24715
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24715
Summary:
Wheatblog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Wheatblog 1.1 is reported vulnerable; other versions may also be affected.

93. Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
BugTraq ID: 23634
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/23634
Summary:
Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts.

An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.

WebSpeed 3.1a, 3.1d, and 3.1e are vulnerable; other versions may also be affected.

NOTE: Further reports suggest that this issue affects only the 'Development Mode' of the application. This mode is not intended to be used in production systems. This issue is also present when the 'tty' directory is installed.

94. WebAPP Multiple Vulnerabilities
BugTraq ID: 22691
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/22691
Summary:
WebAPP is prone to multiple vulnerabilities, including cross-site scripting issues, arbitrary-file-upload issues, remote script-code-execution issues, and a privilege-escalation issue.

Attackers could exploit these issues to steal cookie-based authentication credentials from legitimate users of the site and compromise the application and the underlying system; other attacks are also possible.

This issue affects versions prior to WebAPP 0.9.9.6.

95. WebApp.org and WebApp.net Multiple Input Validation Vulnerabilities
BugTraq ID: 24714
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24714
Summary:
WebAPP.org and WebAPP.net are prone to multiple input-validation vulnerabilities because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to obtain sensitive information, execute arbitrary script code in the context of the affected application, steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.

96. Menu Manager Module System Command Remote Command Execution Vulnerability
BugTraq ID: 24453
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24453
Summary:
The Menu Manager module for WebAPP is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary system commands within the context of the affected webserver.

This issue affects Menu Manager Module 1.5 running on WebAPP prior to 0.9.9.7.

97. Web-App.Org and Web-App.Net Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 17359
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/17359
Summary:
Web-App.Org and Web-App.Net are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

98. Colored Scripts Easy Message Board Remote Command Execution Vulnerability
BugTraq ID: 13637
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/13637
Summary:
Colored Scripts Easy Message Board is prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input.

99. Web-APP.Org WebAPP Directory Traversal Vulnerability
BugTraq ID: 11028
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/11028
Summary:
WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.

An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks.

100. McAfee SecurityCenter Subscription Manager ActiveX Buffer Overflow Vulnerability
BugTraq ID: 19265
Remote: Yes
Last Updated: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/19265
Summary:
McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user.

This issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Lawmakers worry over gov't network breaches
By: Robert Lemos
Hearings on the Hill reveal a significant number of security breaches at the Departments of Commerce, Defense, Homeland Security, State and Energy.
http://www.securityfocus.com/news/11472

2. Amero case spawns effort to educate
By: Robert Lemos
Following a judge's ruling to throw out a verdict based on faulty digital forensics, a group of security professionals, legal experts and educators look to the future.
http://www.securityfocus.com/news/11471

3. Group: Anti-hacking laws can hobble Net security
By: Robert Lemos
A working group of security researchers, digital-rights activists and government prosecutors discuss whether bug hunters can find vulnerabilities in Web sites without violating laws.
http://www.securityfocus.com/news/11470

4. Judge nixes teacher's conviction on porn pop-ups
By: Robert Lemos
A Connecticut judge grants a new trial for substitute teacher Julie Amero, saying that forensics information discovered after her conviction has direct bearing on her case.
http://www.securityfocus.com/news/11469

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Writing ascii shellcode (\xcc)
http://www.securityfocus.com/archive/82/472801

2. PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)
http://www.securityfocus.com/archive/82/472810

3. Developing exploit for a tricky vulnerability
http://www.securityfocus.com/archive/82/472526

4. Exotic vulnerability
http://www.securityfocus.com/archive/82/472390

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Help debugging a problem - Virtual Server 2005
http://www.securityfocus.com/archive/88/472718

2. MS ISA 2004 Server
http://www.securityfocus.com/archive/88/472717

3. SecurityFocus Microsoft Newsletter #348
http://www.securityfocus.com/archive/88/472425

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000008yka

News

Wednesday, July 04, 2007

SecurityFocus Newsletter #408

No comments:

WINDOWS CENTER

Blog Archive