WINDOWS CENTER: SecurityFocus Newsletter #411

SecurityFocus Newsletter #411
----------------------------------------

ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation by hackers as their predecessors. When Web 2.0 applications push functionality and even code down to the client, it provides hackers with a wealth of information they can use to formulate attacks. Cross-Site Scripting, Web Application Worms and Feed Injection are attacks that have become even more dangerous when enacted against a Web 2.0 application. Learn how to secure your web apps against exploitation, download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000Cwmw

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. BUGTRAQ SUMMARY
1. Discovery and Asset Manager Local Privilege Escalation Vulnerability
2. EXIF Library EXIF File Processing Integer Overflow Vulnerability
3. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
4. Novell GroupWise Mobile Server Multiple Vulnerabilities
5. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
6. Mozilla Products Multiple Remote Vulnerabilities
7. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
8. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
9. FORMfield Secure Login.PHP Multiple Cross-Site Scripting Vulnerabilities
10. Sun Solaris TCP Loopback/Fusion Code Local Denial of Service Vulnerability
11. GDB DWARF Multiple Buffer Overflow Vulnerabilities
12. File Multiple Denial of Service Vulnerabilities
13. RCP Shell Utility Arbitrary Command Execution Vulnerability
14. Perl Net::DNS Remote Multiple Vulnerabilities
15. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
16. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
17. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
18. NVClock Local Privilege Escalation Vulnerability
19. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
20. Webbler CMS Mail A Friend Open Email Relay Vulnerability
21. Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
22. CPanel Resname Parameter Cross-Site Scripting Vulnerability
23. Panda AdminSecure Agent Remote Integer Overflow Vulnerability
24. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
25. Windows RSH daemon Stack Based Buffer Overflow Vulnerability
26. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
27. GD Graphics Library Multiple Vulnerabilities
28. ISC BIND 9 Remote Cache Poisoning Vulnerability
29. phpSysInfo Index.php Cross-Site Scripting Vulnerability
30. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
31. WordPress WP-FeedStats HTML Injection Vulnerability
32. Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability
33. Festival Insecure Command Local Privilege Escalation Vulnerability
34. BakBone NetVault Report Manager Multiple Heap Buffer Overflow Vulnerabilities
35. Microsoft Windows ARP Request Denial of Service Vulnerability
36. Mitridat Form Processor Pro Base Parameter Cross Site Scripting Vulnerability
37. iFoto Index.PHP Directory Traversal Vulnerability
38. IndexScript Show_cat.PHP SQL Injection Vulnerability
39. Clever Internet ActiveX Suite CLINetSuiteX6.OCX Arbitrary File Download Or Overwrite Vulnerability
40. ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
41. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
42. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
43. Web Yapar Multiple SQL Injection Vulnerabilities
44. Vikingboard Multiple Information Disclosure Weaknesses
45. Aruba Mobility Controllers Login Pages Cross-Site Scripting Vulnerability
46. Sun Java System Application Server JSP Source Code Disclosure Vulnerability
47. Guidance Software EnCase Forensic Multiple Denial Of Service Vulnerabilities
48. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
49. Vikingboard Multiple Cross-Site Scripting Vulnerabilities
50. Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability
51. Linux Kernel Random.C Device Reseed Weakness
52. Nukedit Login.ASP Cross-Site Scripting Vulnerability
53. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
54. CrystalPlayer Playlist File Buffer Overflow Vulnerability
55. IBM AIX Pioinit File Overwrite Code Execution Vulnerability
56. IBM LPD Command Local Privilege Escalation Vulnerability
57. IBM ARP Command Local Privilege Escalation Vulnerability
58. PhpHostBot Authorize.PHP Remote File Include Vulnerability
59. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
60. Microsoft Internet Explorer Multiple Browser URI Handler Command Injection Vulnerability
61. BSM Store Dependent Forums UserName Parameter SQL Injection Vulnerability
62. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
63. Multiple Browser URI Handlers Command Injection Vulnerabilities
64. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
65. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
66. W1L3D4 Philboard W1L3D4_Aramasonuc.ASP Cross-Site Scripting Vulnerability
67. FORMfields AdMan Login.PHP Multiple Cross-Site Scripting Vulnerabilities
68. Computer Associates ETrust Intrusion Detection Caller.DLL Remote Code Execution Vulnerability
69. Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
70. IBM AIX FTP Client Local Buffer Overflow Vulnerability
71. IBM AIX Capture Command Local Stack Based Buffer Overflow Vulnerability
72. IBM AIX Pioout Arbitrary Library Loading Code Execution Vulnerability
73. Multiple Norman Antivirus Products OLE2 File Parser Scan Bypass Vulnerability
74. X.Org LibXFont Multiple Local Integer Overflow Vulnerabilities
75. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
76. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
77. Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities
78. Sophos Antivirus Multiple Denial of Service and Memory Corruption Vulnerabilities
79. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
80. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
81. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
82. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
83. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
84. ArgoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
85. Solaris FingerD Daemon Information Disclosure Vulnerability
86. UltraDefrag FindFiles Function Buffer Overflow Vulnerability
87. Guidance Software EnCase Forensic Unspecified Denial Of Service Vulnerability
88. Drupal Cross-Site Request Forgery Vulnerability
89. SBlog Search.PHP Cross-Site Scripting Vulnerability
90. Drupal Multiple Cross-Site Scripting Vulnerabilities
91. Metyus Forum Portal Philboard_Forum.ASP SQL Injection Vulnerability
92. Vim HelpTags Command Remote Format String Vulnerability
93. Bandersnatch Multiple Input Validation Vulnerabilities
94. MLDonkey Country-Based IP Blocking Security Bypass Vulnerability
95. Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
96. ADempiere Bazaar WebUI Unspecified Authentication Bypass Vulnerability
97. Advanced Webhost Billing System Multiple Vulnerabilities
98. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
99. GIMP PSD File Integer Overflow Vulnerability
100. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
III. SECURITYFOCUS NEWS
1. Firm finds new danger in dangling pointers
2. Newsmaker: <em>DCT, MPack developer</em>
3. Spammers dump images, switch to PDF files
4. Flaw auction site highlights disclosure issues
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. 0day linux 2.6 /dev/mem rootkit found
VI. VULN-DEV RESEARCH LIST SUMMARY
1. error in my code
2. Win32/Vista IE exploitations?
VII. MICROSOFT FOCUS LIST SUMMARY
1. User Access Control
2. win2k3 active directory - firewall ports
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449

2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448

II. BUGTRAQ SUMMARY
--------------------
1. Discovery and Asset Manager Local Privilege Escalation Vulnerability
BugTraq ID: 25000
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25000
Summary:
Centennial Discovery, Symantec Discovery, and Numara Asset Manager are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code by replacing a DLL file in a directory with a malicious file of the same name. This can result in privilege escalation that may lead to a complete compromise.

Numara Asset Manager 8.0, Centennial Discovery 2006 Feature Pack 1, and Symantec Discovery 6.5 are reported affected by this issue; other versions may be vulnerable as well.

2. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

3. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.6 and prior versions.

4. Novell GroupWise Mobile Server Multiple Vulnerabilities
BugTraq ID: 23889
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/23889
Summary:
Novell GroupWise Mobile Server powered by Nokia Intellisync Mobile Suite is reported prone to multiple vulnerabilities. Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own.

Successful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 are vulnerable.

5. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

6. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

7. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
BugTraq ID: 23082
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/23082
Summary:
Mozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information.

A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.

8. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

9. FORMfield Secure Login.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25024
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25024
Summary:
FORMfields Secure is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect Secure 1.0.20070629; other versions may also be affected.

10. Sun Solaris TCP Loopback/Fusion Code Local Denial of Service Vulnerability
BugTraq ID: 24685
Remote: No
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24685
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

An unprivileged local attacker may exploit this issue to exhaust all available kernel memory. This will cause the system to hang, resulting in denial-of-service conditions.

Solaris 10 SPARC and x86 are affected by this issue.

11. GDB DWARF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19802
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of insufficient bounds-checking when handling DWARF and DWARF2 data.

Attackers could leverage this issue to run arbitrary code outside of a restricted environment; this may lead to privilege escalation.

12. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.

An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.

13. RCP Shell Utility Arbitrary Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
The RCP shell utility is prone to an arbitrary command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of RCP.

NOTE: OpenSSH SCP is a fork of RCP and is known to also be affected by this issue.

14. Perl Net::DNS Remote Multiple Vulnerabilities
BugTraq ID: 24669
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24669
Summary:
The Perl Net::DNS module is prone to a remote denial-of-service vulnerability and a cache-poisoning issue.

Successful exploits may allow remote attackers to cause denial-of-service conditions or to manipulate cache data, potentially facilitating man-in-the-middle and site-impersonation attacks.

Versions prior to Perl Net::DNS 0.60. are reported vulnerable.

15. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

16. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

17. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

18. NVClock Local Privilege Escalation Vulnerability
BugTraq ID: 25052
Remote: No
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25052
Summary:
NVClock is prone to a privilege-escalation vulnerability.

An attacker can exploit this issue to gain unauthorized access to local resources or gain escalated privileges on affected computers. Presumably, this utility runs with superuser privileges.

NVClock 0.7 is reported vulnerable; other versions may be affected as well.

19. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.

20. Webbler CMS Mail A Friend Open Email Relay Vulnerability
BugTraq ID: 25045
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25045
Summary:
The 'webbler' is prone to an open-email-relay vulnerability.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.

This issue affects webbler 3.1.3; prior versions may also be affected.

21. Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 25048
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25048
Summary:
Borland InterBase is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

22. CPanel Resname Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 25047
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25047
Summary:
cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

cPanel 10.9.1 is vulnerable to this issue.

23. Panda AdminSecure Agent Remote Integer Overflow Vulnerability
BugTraq ID: 25046
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25046
Summary:
Panda Software AdminSecure is prone to a remote integer-overflow vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploits will likely cause denial-of-service conditions.

24. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

25. Windows RSH daemon Stack Based Buffer Overflow Vulnerability
BugTraq ID: 25044
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25044
Summary:
Windows RSH daemon ('rshd') is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Windows rshd 1.8; other versions may also be affected.

26. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25043
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25043
Summary:
Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the device, denying service to legitimate users.

These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected.

27. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

28. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions up to BIND 9.4.1 are vulnerable to this issue.

29. phpSysInfo Index.php Cross-Site Scripting Vulnerability
BugTraq ID: 25090
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25090
Summary:
phpSysInfo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

phpSysInfo 2.5.3 is reported vulnerable; other versions may be affected as well.

30. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25086
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25086
Summary:
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.

31. WordPress WP-FeedStats HTML Injection Vulnerability
BugTraq ID: 25085
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25085
Summary:
The WP-FeedStats plugin for WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

This issue affects versions prior to WP-FeedStats 2.4.

32. Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability
BugTraq ID: 25070
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25070
Summary:
Sun Solaris Low Bandwidth X Proxy ('lbxproxy') is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain unauthorized read access to sensitive files. Information harvested may aid in further attacks.

Sun Solaris 8, 9, and 10 are reported vulnerable.

33. Festival Insecure Command Local Privilege Escalation Vulnerability
BugTraq ID: 25069
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25069
Summary:
Festival is prone to a privilege-escalation vulnerability.

Local attackers can exploit this issue to gain superuser privileges on computers running the affected application.

This issue affects Festival 1.95 (2.0 beta) and prior versions.

34. BakBone NetVault Report Manager Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 25068
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25068
Summary:
NetVault Report Manager is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects NetVault Report Manager 3.5 prior to update 4.

35. Microsoft Windows ARP Request Denial of Service Vulnerability
BugTraq ID: 25066
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25066
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability due to its inefficient handling of malicious ARP requests.

Attackers can exploit this issue to consume excessive CPU resources, denying service to legitimate users for the duration of the attack.

Microsoft Windows XP SP2 and Vista are vulnerable to this issue; other Microsoft operating systems and versions may also be affected.

36. Mitridat Form Processor Pro Base Parameter Cross Site Scripting Vulnerability
BugTraq ID: 25067
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25067
Summary:
Mitridat Form Processor Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

37. iFoto Index.PHP Directory Traversal Vulnerability
BugTraq ID: 25065
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25065
Summary:
iFoto is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker can exploit this issue to view the directory structure of the affected computer within the context of the webserver.

This issue affects iFoto 1.0; other versions may also be affected.

38. IndexScript Show_cat.PHP SQL Injection Vulnerability
BugTraq ID: 25064
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25064
Summary:
IndexScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IndexScript 2.8 is vulnerable; other versions may also be affected.

39. Clever Internet ActiveX Suite CLINetSuiteX6.OCX Arbitrary File Download Or Overwrite Vulnerability
BugTraq ID: 25063
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25063
Summary:
Clever Internet ActiveX Suite ActiveX control is prone to an arbitrary file-overwrite vulnerability due to a design error.

An attacker can exploit this issue to overwrite or download arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions or to access sensitive information; other consequences are possible.

This issue affects Clever Internet ActiveX Suite 6.2; other versions may also be affected.

40. ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
BugTraq ID: 25076
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25076
Summary:
ISC's BIND 9 is prone to a security-bypass vulnerability.

An attacker can exploit this issue to query cached content from a DNS server or make recursive queries to a DNS server, thus obtaining sensitive information.

Versions up to BIND 9.4.1 are vulnerable to this issue.

41. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

42. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a denial-of-service issue and multiple memory-corruption issues.

An attacker can exploit these issues to execute arbitrary code within the context of the application or cause the affected application to crash.

These issues affect libvorbis 1.1.2; other versions of the library may also be affected.

43. Web Yapar Multiple SQL Injection Vulnerabilities
BugTraq ID: 25061
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25061
Summary:
Web Yapar is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

44. Vikingboard Multiple Information Disclosure Weaknesses
BugTraq ID: 25060
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25060
Summary:
Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system.

Vikingboard 0.1.2 is vulnerable; other versions may also be affected.

45. Aruba Mobility Controllers Login Pages Cross-Site Scripting Vulnerability
BugTraq ID: 25059
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25059
Summary:
Aruba Mobility Controllers' management interface is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS.

46. Sun Java System Application Server JSP Source Code Disclosure Vulnerability
BugTraq ID: 25058
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25058
Summary:
Sun Java System Application Server on Microsoft Windows is prone to a vulnerability that may allow remote attackers to obtain sensitive JSP source code, which may aid them in further attacks.

47. Guidance Software EnCase Forensic Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25100
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25100
Summary:
Guidance Software EnCase Forensic is prone to multiple denial-of-service vulnerabilities because it fails to handle specially-crafted and malformed NTFS file systems.

Attackers can exploit this issue to crash the application or cause it to hang. This can delay and complicate forensic investigations.

48. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
BugTraq ID: 25079
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25079
Summary:
T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications that utilize the affected library. Failed exploit attempts will likely trigger crashes, denying service to legitimate users.

Insufficient information is available to determine affected versions of T1lib.

49. Vikingboard Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25056
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25056
Summary:
Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Vikingboard 0.1.2 is vulnerable; other versions may also be affected.

50. Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability
BugTraq ID: 25049
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25049
Summary:
Multiple Computer Associates products are prone to a denial-of-service vulnerability because the applications fail to handle malformed CHM files.

Successfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users.

This issue affects applications that use the 'arclib.dll' library versions prior to 7.3.0.9.

51. Linux Kernel Random.C Device Reseed Weakness
BugTraq ID: 25029
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25029
Summary:
The Linux kernel is prone to a weakness related to reseeding in the random device driver.

Linux kernel versions prior to 2.4.34.6 are vulnerable to this issue.

'Random.c' uses incorrect data to reseed the random number generator.

The impact of a successful exploit depends on how the application uses the random number generator.

52. Nukedit Login.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 25081
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25081
Summary:
Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

53. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
BugTraq ID: 24811
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24811
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

54. CrystalPlayer Playlist File Buffer Overflow Vulnerability
BugTraq ID: 25083
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25083
Summary:
CrystalPlayer is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the application. Successfully exploiting this issue will result in a compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects CrystalPlayer 1.98; other versions may also be vulnerable.

55. IBM AIX Pioinit File Overwrite Code Execution Vulnerability
BugTraq ID: 25080
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25080
Summary:
IBM AIX is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This issue occurs because of insecure permissions on boot files.

Successful attacks will completely compromise affected computers.

56. IBM LPD Command Local Privilege Escalation Vulnerability
BugTraq ID: 25078
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25078
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability that stems from a buffer overflow in a setuid-superuser command.

Successfully exploiting this issue allows local attackers to execute arbitrary machine code with superuser privileges, facilitating the complete compromise of affected computers.

AIX 5.2 and 5.3 are affected.

57. IBM ARP Command Local Privilege Escalation Vulnerability
BugTraq ID: 25071
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25071
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability that stems from a buffer overflow in a setuid-superuser command.

Successfully exploiting this issue allows local attackers to execute arbitrary machine code with superuser privileges, facilitating the complete compromise of affected computers.

AIX 5.2 and 5.3 are affected.

58. PhpHostBot Authorize.PHP Remote File Include Vulnerability
BugTraq ID: 25073
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25073
Summary:
PhpHostBot is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

59. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

60. Microsoft Internet Explorer Multiple Browser URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.

An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.

Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

61. BSM Store Dependent Forums UserName Parameter SQL Injection Vulnerability
BugTraq ID: 25072
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25072
Summary:
BSM Store Dependent Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Dependent Forums 1.02 is vulnerable; other versions may also be affected.

62. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
BugTraq ID: 24831
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24831
Summary:
Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data.

Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks.

Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks.

This issue is being tracked by Mozilla's Bugzilla Bug 387333.

63. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

64. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.

65. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

66. W1L3D4 Philboard W1L3D4_Aramasonuc.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 25055
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25055
Summary:
W1L3D4 Philboard is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

W1L3D4 Philboard 0.3 is vulnerable; other versions are also affected.

67. FORMfields AdMan Login.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25057
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25057
Summary:
FORMfields AdMan is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

These issues affect AdMan 1.0.20051202; other versions may also be affected.

68. Computer Associates ETrust Intrusion Detection Caller.DLL Remote Code Execution Vulnerability
BugTraq ID: 25050
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25050
Summary:
Computer Associates eTrust Intrusion Detection is prone to a remote code-execution vulnerability.

69. Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25051
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25051
Summary:
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.

This issue affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and NetWare.

70. IBM AIX FTP Client Local Buffer Overflow Vulnerability
BugTraq ID: 25077
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25077
Summary:
The IBM AIX FTP application is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

A non-privileged user may trigger this vulnerability in order to execute code with superuser privileges. Failed exploit attempts will likely result in a denial of service.

IBM AIX versions 5.2 and 5.3 are vulnerable.

71. IBM AIX Capture Command Local Stack Based Buffer Overflow Vulnerability
BugTraq ID: 25075
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25075
Summary:
IBM AIX is prone to a local, stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input to a program that is installed setuid-superuser.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Failed attacks will likely cause denial-of-service conditions.

72. IBM AIX Pioout Arbitrary Library Loading Code Execution Vulnerability
BugTraq ID: 25084
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25084
Summary:
IBM AIX is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This is due to insecure permissions shared libraries.

Successful attacks will completely compromise affected computers.

73. Multiple Norman Antivirus Products OLE2 File Parser Scan Bypass Vulnerability
BugTraq ID: 25020
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25020
Summary:
Multiple Norman Antivirus products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

An attacker may exploit this issue by sending maliciously crafted OLE2 '.doc' files to victims.

Successful exploits will allow attackers to distribute files containing malicious code that will not be detected by the antivirus application.

74. X.Org LibXFont Multiple Local Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect libXfont 1.2.2; other versions may also be vulnerable.

75. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

76. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

77. Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24962
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24962
Summary:
Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.

Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash.

Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected.

78. Sophos Antivirus Multiple Denial of Service and Memory Corruption Vulnerabilities
BugTraq ID: 20816
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/20816
Summary:
Sophos Antivirus is prone to multiple denial-of-service and memory corruption vulnerabilities.

A remote attacker may trigger these issues to deny service to legitimate users or execute arbitrary machine code in the context of the vulnerable application. This may result in a complete compromise of affected computers.

79. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24165
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24165
Summary:
Sun Java System Web Proxy Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Web Proxy Server 4.0.3; prior versions may also be affected.

80. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 24967
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24967
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users.

These issues affect versions prior to lighttpd 1.4.16.

81. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
BugTraq ID: 24657
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24657
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

This issue also affects third-party applications using the affected RPC library.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.6.1 and prior versions are vulnerable.

82. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
BugTraq ID: 24653
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24653
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Kerberos 5 'kadmind' 1.6.1, 1.5.3, and prior versions are vulnerable.

83. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
BugTraq ID: 24655
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/24655
Summary:
MIT Kerberos 5 Administration Daemon ('kadmind') is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue also affects third-party applications using the affected RPC library.

Versions prior to 'kadmind' krb5-1.6.1 are vulnerable.

84. ArgoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
BugTraq ID: 25105
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25105
Summary:
ArGoSoft Mail Server is prone to an arbitrary file-overwrite vulnerability.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

ArGoSoft Mail Server version 1.8.9.1 is vulnerable; other versions may also be affected.

85. Solaris FingerD Daemon Information Disclosure Vulnerability
BugTraq ID: 25103
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25103
Summary:
Sun Solaris is prone to an information-disclosure vulnerability due to a design error in the 'fingerd' daemon.

An attacker can exploit this issue gain access to user account information. Information obtained may lead to further attacks.

86. UltraDefrag FindFiles Function Buffer Overflow Vulnerability
BugTraq ID: 25102
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25102
Summary:
UltraDefrag is prone to a buffer-overflow vulnerability. This issue is due to a failure of the application to perform adequate bounds checks on user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

UltraDefrag versions prior to 1.0.4 are vulnerable to this issue.

87. Guidance Software EnCase Forensic Unspecified Denial Of Service Vulnerability
BugTraq ID: 25101
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25101
Summary:
Guidance Software EnCase Forensic is prone to an unspecified denial-of-service vulnerability because it fails to handle specially-crafted file systems.

Attackers can exploit this issue to cause denial-of-service conditions. This can delay and complicate forensic investigations.

NOTE: This issue may be related to the issues described in BID: 25100.

EnCase Forensics version 5.0 is vulnerable; other versions may also be affected.

88. Drupal Cross-Site Request Forgery Vulnerability
BugTraq ID: 25099
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25099
Summary:
Drupal is prone to a cross-site request forgery vulnerability. This issue may allow a remote attacker to exploit the issue to use a victims cookie credentials to perform actions with the application.

Drupal versions prior to 5.2 are affected by this issue.

89. SBlog Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25098
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25098
Summary:
sBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

sBlog 0.7.3 Beta is vulnerable; other versions may also be affected.

90. Drupal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25097
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25097
Summary:
Drupal is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 4.7.7 and prior to 5.2 are vulnerable to these issues.

91. Metyus Forum Portal Philboard_Forum.ASP SQL Injection Vulnerability
BugTraq ID: 25096
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25096
Summary:
Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Metyus Forum Portal 1.0 is vulnerable; other versions may also be affected.

92. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim versions 6.4 and 7.1 are vulnerable; other versions may also be affected.

93. Bandersnatch Multiple Input Validation Vulnerabilities
BugTraq ID: 25094
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25094
Summary:
Bandersnatch is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple SQL-injections vulnerabilities and an HTML-injection vulnerability.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Bandersnatch version 0.4; other versions may also be affected.

94. MLDonkey Country-Based IP Blocking Security Bypass Vulnerability
BugTraq ID: 25093
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25093
Summary:
MLDonkey is prone to a security-bypass vulnerability due to a design error.

Users who enable country-based IP-blocking may have a false sense of security.

Attackers can exploit this issue to temporarily connect to the application using supposedly blocked IP addresses.

Versions prior to MLDonkey 2.9.0 are vulnerable.

95. Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
BugTraq ID: 25092
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25092
Summary:
Novell Client is prone to a unspecified buffer-overflow vulnerability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the affected application, denying service to legitimate users.

This issue affects Novell Client 4.91 SP4; other versions may also be vulnerable.

96. ADempiere Bazaar WebUI Unspecified Authentication Bypass Vulnerability
BugTraq ID: 25091
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25091
Summary:
ADempiere Bazaar is prone to an unspecified authentication-bypass vulnerability.

Exploiting this issue could allow an attacker to access certain system level windows of the application. This may facilitate a compromise of the vulnerable application.

The vulnerability affects versions prior to 3.3 beta (Victoria Edition).

97. Advanced Webhost Billing System Multiple Vulnerabilities
BugTraq ID: 25089
Remote: Yes
Last Updated: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25089
Summary:
Advanced Webhost Billing System is prone to a cross-site scripting, sql-injection, and an information-disclosure vulnerability.

An attacker may leverage these issues to access sensitive information, access or modify databases, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect version 2.5.1.

98. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

99. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

100. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
BugTraq ID: 24835
Remote: Yes
Last Updated: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/24835
Summary:
GNU Image Manipulation Program (GIMP) is prone to multiple integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with the privileges of the user running GIMP. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to GIMP 2.2.16 are vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Firm finds new danger in dangling pointers
By: Robert Lemos
The common software flaw should be considered a security threat, not a quality control issue, researchers say.
http://www.securityfocus.com/news/11477

2. Newsmaker: <em>DCT, MPack developer</em>
By: Robert Lemos
One of the three Russian developers behind the MPack infection kit virtually sits down with <cite>SecurityFocus</cite> to discuss the program and making a business out of cybercrime.
http://www.securityfocus.com/news/11476

3. Spammers dump images, switch to PDF files
By: Robert Lemos
A wave of spam e-mail messages carrying attachments in the Portable Document Format gathers speed, hitting companies and consumers worldwide.
http://www.securityfocus.com/news/11475

4. Flaw auction site highlights disclosure issues
By: Robert Lemos
WabiSabiLabi gets mixed reviews, but security pros agree that interesting times are ahead.
http://www.securityfocus.com/news/11474

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. 0day linux 2.6 /dev/mem rootkit found
http://www.securityfocus.com/archive/75/473510

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. error in my code
http://www.securityfocus.com/archive/82/474873

2. Win32/Vista IE exploitations?
http://www.securityfocus.com/archive/82/474459

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. User Access Control
http://www.securityfocus.com/archive/88/474348

2. win2k3 active directory - firewall ports
http://www.securityfocus.com/archive/88/474237

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation by hackers as their predecessors. When Web 2.0 applications push functionality and even code down to the client, it provides hackers with a wealth of information they can use to formulate attacks. Cross-Site Scripting, Web Application Worms and Feed Injection are attacks that have become even more dangerous when enacted against a Web 2.0 application. Learn how to secure your web apps against exploitation, download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000Cwmw

News

Saturday, July 28, 2007

SecurityFocus Newsletter #411

No comments:

WINDOWS CENTER

Blog Archive