News

Wednesday, August 29, 2007

SecurityFocus Newsletter #416

SecurityFocus Newsletter #416
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper
One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data.
XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D1rX


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Virtualized rootkits - Part 2
2. Virtualized rootkits - Part 1
II. BUGTRAQ SUMMARY
1. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
2. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
3. Libpng Library Remote Denial of Service Vulnerability
4. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
6. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
7. GIMP PSD File Integer Overflow Vulnerability
8. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
9. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
10. E-Gads! Common.PHP Remote File Include Vulnerability
11. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
12. J! Reactions comPath Remote File Include Vulnerability
13. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
14. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
16. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
17. Windows Vista Weather Gadget Remote Code Execution Vulnerability
18. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
19. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
20. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
21. AlstraSoft Video Share Enterprise MyajaxPHP.PHP Remote File Include Vulnerability
22. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
23. MySQL Access Validation and Denial of Service Vulnerabilities
24. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
25. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
26. phpSysInfo Index.php Cross-Site Scripting Vulnerability
27. Trend Micro ServerProtect SPNTSVC.EXE Multiple Stack Buffer Overflow Vulnerabilities
28. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
29. GetMyOwnArcade Search.PHP SQL Injection Vulnerability
30. Live For Speed Multiple Vulnerabilities
31. RndLabs Babo Violent 2 Multiple Vulnerabilities
32. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
33. InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities
34. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
35. Yahoo! Messenger KDU_V32M.DLL Remote Denial Of Service Vulnerability
36. Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability
37. DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
38. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
39. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
40. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
41. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
42. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
43. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
44. EZPhotoSales Multiple Input Validation Vulnerabilities
45. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
46. Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability
47. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
48. IBM Rational ClearQuest Username Parameter SQL Injection Vulnerability
49. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
50. Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities
51. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
52. APOP Protocol Insecure MD5 Hash Weakness
53. Mozilla Products Multiple Remote Vulnerabilities
54. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
55. EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability
56. Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities
57. phpns Shownews.PHP SQL Injection Vulnerability
58. Blizzard Entertainment StarCraft Brood War Minimap Preview Remote Denial of Service Vulnerability
59. DL PayCart Viewitem.PHP SQL Injection Vulnerability
60. ABC eStore Index.PHP SQL Injection Vulnerability
61. SomeryC Include.PHP Remote File Include Vulnerability
62. Novell Client NWSPOOL.DLL RPC Request Multiple Buffer Overflow Vulnerabilities
63. Vim HelpTags Command Remote Format String Vulnerability
64. GNU Emacs Image Processing Remote Denial of Service Vulnerability
65. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
66. Linux Kernel Netfilter nf_conntrack IPv6 Packet Reassembly Rule Bypass Vulnerability
67. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
68. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
69. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
70. Linux Kernel PRNG Entropy Weakness
71. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
72. Linux Kernel SCTP Connection Denial Of Service Vulnerability
73. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
74. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
75. BEA Multiple Products Multiple Vulnerabilities
76. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
77. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
78. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
79. Asterisk SIP Channel Driver UDP Packets Remote Denial of Service Vulnerability
80. Asterisk ManagerInterface Manager.Conf Remote Denial of Service Vulnerability
81. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
82. Mozilla Firefox OnUnload Memory Corruption Vulnerability
83. Asterisk IAX2 Text Frame Information Disclosure Vulnerability
84. Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability
85. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
86. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
87. Asterisk Multiple Remote Denial of Service Vulnerabilities
88. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
89. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
90. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
91. Opera Web Browser Address Bar URI Spoofing Vulnerability
92. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
93. Opera Web Browser Basic Authentication Server Domain Spoofing Vulnerability
94. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
95. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
96. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
97. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
98. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
99. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
100. Sophos Antivirus UPX and BZIP Multiple Remote Vulnerabilities
III. SECURITYFOCUS NEWS
1. Fraudsters focus on job sites
2. Universities warned of Storm Worm attacks
3. Retro attack gets new life, worries browser makers
4. Teaching hacking helps students, professors say
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] VP of Regional Sales, Washington
2. [SJ-JOB] Technical Support Engineer, Fredericton
3. [SJ-JOB] Senior Software Engineer, Fort Lauderdale
4. [SJ-JOB] Security Product Marketing Manager, Mountain View
5. [SJ-JOB] Senior Software Engineer, Fredericton
6. [SJ-JOB] Security Consultant, Houston
7. [SJ-JOB] Sales Engineer, New York
8. [SJ-JOB] Security Engineer, Fort Collins
9. [SJ-JOB] Security Architect, Portland
10. [SJ-JOB] Sr. Security Analyst, Charlotte
11. [SJ-JOB] Application Security Engineer, Torrance
12. [SJ-JOB] Regional Channel Manager, Boston
13. [SJ-JOB] Director, Information Security, Chicago
14. [SJ-JOB] Security Engineer, Denver
15. [SJ-JOB] Security Auditor, Charlotte
16. [SJ-JOB] Security System Administrator, Torrance, CA
17. [SJ-JOB] Jr. Security Analyst, VA/MD/DC
18. [SJ-JOB] Information Assurance Engineer, Rosslyn
19. [SJ-JOB] Information Assurance Analyst, VA/MD/DC
20. [SJ-JOB] Sr. Security Engineer, Dallas
21. [SJ-JOB] Security Architect, Rosslyn
22. [SJ-JOB] Information Assurance Engineer, VA/MD/DC
23. [SJ-JOB] Security System Administrator, Charlotte
24. [SJ-JOB] Security Auditor, VA/MD/DC
25. [SJ-JOB] Security Engineer, VA/MD/DC
26. [SJ-JOB] Technology Risk Consultant, London
27. [SJ-JOB] Management, Bellevue
28. [SJ-JOB] Security Consultant, Sydney
29. [SJ-JOB] Security Engineer, New York
30. [SJ-JOB] Incident Handler, Doha
31. [SJ-JOB] Threat Analyst, Denver
32. [SJ-JOB] Manager, Information Security, London
33. [SJ-JOB] Sr. Product Manager, Mountain View
34. [SJ-JOB] Security Engineer, Washington
35. [SJ-JOB] Sr. Security Analyst, Washington
36. [SJ-JOB] Security Consultant, Nationwide / Virtual (Heavy Travel)
37. [SJ-JOB] Security Consultant, Singapore
38. [SJ-JOB] Sales Representative, Lexington
39. [SJ-JOB] Sales Engineer, South
40. [SJ-JOB] VP, Information Security, New York
41. [SJ-JOB] Sr. Security Analyst, Evansville
42. [SJ-JOB] Manager, Information Security, Miami
43. [SJ-JOB] Penetration Engineer, Washington DC
44. [SJ-JOB] Security Engineer, Washington DC
45. [SJ-JOB] Technical Writer, Washington DC
46. [SJ-JOB] Sr. Security Analyst, New York city
47. [SJ-JOB] Application Security Engineer, Philadelphia
48. [SJ-JOB] Management, Sydney
49. [SJ-JOB] Penetration Engineer, Austin
50. [SJ-JOB] Security Consultant, Chicago
51. [SJ-JOB] Manager, Information Security, Heidelberg
52. [SJ-JOB] Security Engineer, St. Louis
53. [SJ-JOB] Manager, Information Security, Toronto
54. [SJ-JOB] Security Consultant, St. Louis
55. [SJ-JOB] Sr. Security Engineer, South San Francisco
56. [SJ-JOB] Security Engineer, Arlington
57. [SJ-JOB] Security Consultant, Boston
58. [SJ-JOB] Application Security Architect, Valley Forge
59. [SJ-JOB] Security Consultant, Chicago
60. [SJ-JOB] Account Manager, London
61. [SJ-JOB] Security Consultant, Munich
62. [SJ-JOB] Security Consultant, Mexico City
63. [SJ-JOB] Information Assurance Analyst, Columbia
64. [SJ-JOB] Security Consultant, Washington DC
65. [SJ-JOB] Sales Engineer, London
66. [SJ-JOB] Sales Representative, NYC or Wash DC areas
67. [SJ-JOB] Security Consultant, Any City
68. [SJ-JOB] Management, UK wide
69. [SJ-JOB] Manager, Information Security, UK wide
70. [SJ-JOB] Manager, Information Security, UK wide
71. [SJ-JOB] Manager, Information Security, UK Wide
72. [SJ-JOB] Security Consultant, Springfield
73. [SJ-JOB] Forensics Engineer, Multiple Locations: Washington D.C, Dallas, Chicago, NY, L.A
74. [SJ-JOB] Security Researcher, San Jose
75. [SJ-JOB] Developer, Columbia
76. [SJ-JOB] Penetration Engineer, Sydney
77. [SJ-JOB] Threat Analyst, McLean
78. [SJ-JOB] Quality Assurance, Redmond
79. [SJ-JOB] Security Architect, Los Angeles
80. [SJ-JOB] Auditor, Charlotte
81. [SJ-JOB] Security Product Manager, Mountain View
82. [SJ-JOB] Software Engineer, Redmond
83. [SJ-JOB] Manager, Information Security, PROVIDENCE
84. [SJ-JOB] Security Consultant, Boston, Multiple Locations
85. [SJ-JOB] Threat Analyst, Munich
86. [SJ-JOB] Security Consultant, Mexico City
87. [SJ-JOB] Security Consultant, CHICAGO
88. [SJ-JOB] Security System Administrator, Herndon
89. [SJ-JOB] Penetration Engineer, New York
90. [SJ-JOB] Security Engineer, Vernon Hills
91. [SJ-JOB] Software Engineer, Los Angeles
92. [SJ-JOB] Sales Representative, Minneapolis
93. [SJ-JOB] Sr. Security Engineer, Cleveland
94. [SJ-JOB] Security Engineer, Chantilly
95. [SJ-JOB] Application Security Engineer, Santa Clara
96. [SJ-JOB] Application Security Architect, San Francisco
97. [SJ-JOB] Senior Software Engineer, Los Angeles
98. [SJ-JOB] Security Engineer, San Jose
99. [SJ-JOB] Information Assurance Analyst, Wilmington
100. [SJ-JOB] Database Security Engineer, Redwood Shores
101. [SJ-JOB] Sr. Security Engineer, Irvine
102. [SJ-JOB] Information Assurance Analyst, Hagerstown
103. [SJ-JOB] Application Security Engineer, Toronto
104. [SJ-JOB] Disaster Recovery Coordinator, New York
105. [SJ-JOB] Management, Mountain View
106. [SJ-JOB] Security Engineer, Carpinteria
107. [SJ-JOB] Account Manager, New York Metro
108. [SJ-JOB] Account Manager, New York Metro
109. [SJ-JOB] Sr. Security Analyst, San Francisco
110. [SJ-JOB] Security Engineer, Carpinteria
111. [SJ-JOB] Security Product Manager, Calgary
112. [SJ-JOB] Sr. Security Engineer, Mountain View, Heathrow (FL), Roseville (MN)
113. [SJ-JOB] Sales Engineer, Remote
114. [SJ-JOB] Threat Analyst, Calgary
115. [SJ-JOB] Sales Engineer, Herndon
116. [SJ-JOB] Sales Engineer, Herndon
117. [SJ-JOB] Sr. Security Analyst, Calgary
V. INCIDENTS LIST SUMMARY
1. HTTP worm?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Security contact for Roper?
2. 24th Chaos Communication Congress 2007: Call for Participation
VII. MICROSOFT FOCUS LIST SUMMARY
1. Software smart-card emulation
2. SecurityFocus Microsoft Newsletter #356
3. NTFS default special permissions
4. Password complexity - improvement
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. mail antivirus
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Virtualized rootkits - Part 2
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2
http://www.securityfocus.com/columnists/452


2. Virtualized rootkits - Part 1
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 1 of 2
http://www.securityfocus.com/columnists/451


II. BUGTRAQ SUMMARY
--------------------
1. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
BugTraq ID: 25301
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25301
Summary:
Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.

Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption.

Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

2. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
BugTraq ID: 25302
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25302
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied metafile data.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users viewing malicious files. This facilitates the remote compromise of affected computers.

3. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

4. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BugTraq ID: 25305
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25305
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
BugTraq ID: 22396
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.

By exploiting this issue in conjunction with other weaknesses or vulnerabilities, attackers may be able to execute arbitrary script code with the elevated privileges that are granted to scripts when they are executed from local sources.

Mozilla Firefox 1.5.0.9 is affected by this issue; other versions may be affected as well.

6. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
BugTraq ID: 22566
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to steal cookies. This issue occurs because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to manipulate cookie-based authentication credentials for third-party web pages or to control how the site is rendered to the user. Exploiting this issue may allow the attacker to bypass the same-origin policy for cross-window/cross-frame data access; other attacks are also possible.

This issue affects version 2.0.0.1; prior versions may also be affected.

7. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

8. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

9. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
BugTraq ID: 25191
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25191
Summary:
GNOME Display Manager is prone to a local denial-of-service vulnerability because the application fails to handle specially crafted GDM socket commands.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to GNOME Display Manager 2.14.13, 2.16.7, 2.18.4, and 2.19.5 are vulnerable.

10. E-Gads! Common.PHP Remote File Include Vulnerability
BugTraq ID: 23817
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23817
Summary:
E-GADS! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

E-GADS! 2.2.6 is vulnerable to this issue.

11. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25279
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25279
Summary:
Microsoft DirectX Media SDK 'DXTLIPI.DLL' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Microsoft DirectX Media SDK 6.0 with DXTLIPI.DLL 6.0.2.827 is reported vulnerable.

12. J! Reactions comPath Remote File Include Vulnerability
BugTraq ID: 25198
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25198
Summary:
J! Reactions is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects J! Reactions 1.8.1; other versions may also be vulnerable.

13. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
BugTraq ID: 24920
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24920
Summary:
HP Serviceguard for Linux is prone to an unspecified privilege-escalation vulnerability.

A local attacker can gain unauthorized access or escalated privileges on a vulnerable computer.

Very few technical details are currently available. We will update this BID as more information emerges.

14. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

15. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
BugTraq ID: 25298
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25298
Summary:
Microsoft Virtual PC and Virtual Server are prone to a local heap-overflow vulnerability.

To exploit this issue, attackers must have administrative privileges for the guest operating system.

Attackers may exploit this issue to execute arbitrary code in the context of the host operating system or another guest operating system. Successful exploits can result in a compromise of vulnerable computers.

16. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
BugTraq ID: 24658
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects RealPlayer 10.5-GOLD and HelixPlayer 10.5-GOLD; other versions may also be affected.

17. Windows Vista Weather Gadget Remote Code Execution Vulnerability
BugTraq ID: 25306
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25306
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately validate certain HTML attributes.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

18. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
BugTraq ID: 25304
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25304
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to add or import malicious contact files.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

19. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
BugTraq ID: 25287
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25287
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to subscribe to a malicious RSS feed using the affected gadget.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

20. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 24967
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24967
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users.

These issues affect versions prior to lighttpd 1.4.16.

21. AlstraSoft Video Share Enterprise MyajaxPHP.PHP Remote File Include Vulnerability
BugTraq ID: 19724
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/19724
Summary:
AlstraSoft Video Share Enterprise is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Video Share Enterprise versions prior to 4.4 are vulnerable.

22. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.

23. MySQL Access Validation and Denial of Service Vulnerabilities
BugTraq ID: 25017
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25017
Summary:
MySQL is prone to a access-validation vulnerability and a denial-of-service vulnerability.

An attacker can exploit these issues to create arbitrary MySQL tables or to crash the affected application, denying service to legitimate users.

This issue affects versions prior to MySQL 5.0.45.

24. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BugTraq ID: 24052
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24052
Summary:
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.

An attacker may exploit this issue by enticing victims to open a maliciously crafted file.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.

25. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

26. phpSysInfo Index.php Cross-Site Scripting Vulnerability
BugTraq ID: 25090
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25090
Summary:
phpSysInfo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

phpSysInfo 2.5.3 is reported vulnerable; other versions may be affected as well. Due to a shared codebase phpGroupWare is also affected by this vulnerability

27. Trend Micro ServerProtect SPNTSVC.EXE Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 22639
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/22639
Summary:
Trend Micro ServerProtect is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting these issues allows attackers to execute arbitrary machine code with SYSTEM-level privileges.

28. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

29. GetMyOwnArcade Search.PHP SQL Injection Vulnerability
BugTraq ID: 25345
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25345
Summary:
GetMyOwnArcade is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

30. Live For Speed Multiple Vulnerabilities
BugTraq ID: 25327
Remote: No
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25327
Summary:
Live For Speed is prone to four vulnerabilities, including buffer-overflow and denial-of-service issues.

Successful exploits could allow attackers to execute arbitrary code or to crash game servers.

31. RndLabs Babo Violent 2 Multiple Vulnerabilities
BugTraq ID: 25329
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25329
Summary:
Babo Violent 2 is prone to four vulnerabilities: a format-string issue and three denial-of-service issues.

Successful attacks could allow attackers to execute arbitrary code or crash game servers.

32. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability. This issue occurs because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

33. InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25451
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25451
Summary:
InterWorx-CP is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect InterWorx-CP 3.0.2; other versions may also be vulnerable.

34. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
BugTraq ID: 25328
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25328
Summary:
Easy Chat Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

Easy Chat Server 2.2 is reported vulnerable; other versions may also be affected.

35. Yahoo! Messenger KDU_V32M.DLL Remote Denial Of Service Vulnerability
BugTraq ID: 25330
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25330
Summary:
Yahoo! Messenger is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Yahoo! Messenger 8.1.0; other versions may also be affected.

36. Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability
BugTraq ID: 25357
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25357
Summary:
Mercury Mail Transport System is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on when handling AUTH CRAM-MD5 requests.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise the computer. Failed exploit attempts will result in a denial of service.

Versions prior to Mercury/32 v4.52 and Mercury/NLM v1.49 are vulnerable.

UPDATE (August 28, 2007) - Symantec has confirmed that this issue is actively being exploited in the wild.

37. DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
BugTraq ID: 25325
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25325
Summary:
DeskPRO is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

To exploit this issue, an attacker must have administrative privileges.

Exploiting these issues may allow the attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

DeskPRO 3.0.2 is reported vulnerable; other versions may also be affected.

38. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 25344
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25344
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to a vulnerability that lets attackers overwrite files.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Version 5.1 of the control is vulnerable to this issue; other versions may also be affected.

39. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

40. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

41. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
BugTraq ID: 25340
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25340
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

42. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

43. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
BugTraq ID: 24690
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/24690
Summary:
Sun JavaDoc Tool is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

44. EZPhotoSales Multiple Input Validation Vulnerabilities
BugTraq ID: 25323
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25323
Summary:
EZPhotoSales is prone to multiple input-validation vulnerabilities, including an authentication-bypass issue, multiple information-disclosure issues, an HTML-injection issue, and an arbitrary-file-upload issue. These issues occur because the application fails to properly sanitize user-supplied input and to protect sensitive information.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. Successful exploits may facilitate a complete compromise of affected computers.

EZPhotoSales 1.9.3 is reported vulnerable; other versions may also be affected.

45. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

46. Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 25341
Remote: No
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25341
Summary:
Tomboy is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

47. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
BugTraq ID: 25321
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25321
Summary:
Drupal Content Construction Kit is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

48. IBM Rational ClearQuest Username Parameter SQL Injection Vulnerability
BugTraq ID: 25324
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25324
Summary:
IBM Rational ClearQuest is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IBM Rational ClearQuest 7.0.0.0 and 7.0.0.1 are vulnerable; other versions may also be affected.

49. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
BugTraq ID: 25282
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25282
Summary:
Microsoft OLE Automation is prone to an integer-overflow vulnerability. this issue occurs because the application fails to ensure that integer values are not overrun.

Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary in the context of the affeced application. Failed exploit attempts will result in a denial-of-service condition.

50. Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities
BugTraq ID: 25353
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25353
Summary:
Sun Solaris 8 is prone to two remote privilege-escalation vulnerabilities.

Successfully exploiting these issues may allow remote attackers to gain elevated privileges on vulnerable computers. This facilitates the complete compromise of affected computers.

Attackers require knowledge of role passwords to successfully exploit these issues.

51. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 25310
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25310
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) graphics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions.

52. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

53. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

54. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

55. EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability
BugTraq ID: 25481
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25481
Summary:
EnterpriseDB Advanced Server is prone to an uninitialized-pointer vulnerability.

Authenticated attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this vulnerability, remote code execution may also be possible but this has not been confirmed.

EnterpriseDB Advanced Server 8.2 is vulnerable; other versions may also be affected.

56. Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 25480
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25480
Summary:
Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerability and an SQL-injection vulnerability.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

57. phpns Shownews.PHP SQL Injection Vulnerability
BugTraq ID: 25479
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25479
Summary:
phpns is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects phpns 1.1; other versions may also be vulnerable.

58. Blizzard Entertainment StarCraft Brood War Minimap Preview Remote Denial of Service Vulnerability
BugTraq ID: 25478
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25478
Summary:
StarCraft Brood War is prone to a remote denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects StarCraft Brood War 1.15.1; prior versions may also be affected.

59. DL PayCart Viewitem.PHP SQL Injection Vulnerability
BugTraq ID: 25477
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25477
Summary:
DL PayCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects DL PayCart version 1.01; other versions may also be vulnerable.

60. ABC eStore Index.PHP SQL Injection Vulnerability
BugTraq ID: 25476
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25476
Summary:
ABC eStore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects ABC eStore 3.0; other versions may also be vulnerable.

61. SomeryC Include.PHP Remote File Include Vulnerability
BugTraq ID: 25475
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25475
Summary:
SomeryC is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 0.2.4 is vulnerable; other versions may also be affected.

62. Novell Client NWSPOOL.DLL RPC Request Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25474
Remote: Yes
Last Updated: 2007-08-29
Relevant URL: http://www.securityfocus.com/bid/25474
Summary:
Novell Client is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

This issue affects Novell Client 4.91 SP4; other versions may also be vulnerable.

63. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

64. GNU Emacs Image Processing Remote Denial of Service Vulnerability
BugTraq ID: 24570
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24570
Summary:
The 'emacs' program is prone to a remote denial-of-service vulnerability because it fails to handle malicious image files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected application.

65. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
BugTraq ID: 22946
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22946
Summary:
The Linux kernel is prone to multiple NULL-pointer dereference vulnerabilities.

A local attacker can exploit these issues to crash the affected kernel, denying service to legitimate users.

66. Linux Kernel Netfilter nf_conntrack IPv6 Packet Reassembly Rule Bypass Vulnerability
BugTraq ID: 23976
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23976
Summary:
The Linux kernel is prone to a vulnerability that lets attackers bypass firewall rules. This issue occurs because the Linux 'netfilter' code fails to properly classify network packets.

Successfully exploiting this issue allows attackers to bypass firewall rules, potentially aiding them in further network-based attacks.

Linux kernel versions in the 2.6 series prior to 2.6.20.3 are vulnerable to this issue.

67. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
BugTraq ID: 23677
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23677
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted.

A local attacker may exploit this issue to trigger an infinite-recursion stack-based overflow in the kernel. This results in a denial of service to legitimate users.

Versions prior to 2.6.20.8 are vulnerable.

68. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
BugTraq ID: 23447
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23447
Summary:
The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

69. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.

Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).

70. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

71. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

72. Linux Kernel SCTP Connection Denial Of Service Vulnerability
BugTraq ID: 24376
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This BID initially discussed three weaknesses/vulnerabilities in the Linux kernel. These issues have been separated into the following individual records:

24389 Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
24390 Linux Kernel PRNG Entropy Weakness
24376 Linux Kernel SCTP Connection Denial Of Service Vulnerability

73. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25336
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25336
Summary:
The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.

Rsync version 2.6.9 is affected by this issue; other versions may also be vulnerable.

74. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
BugTraq ID: 15052
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/15052
Summary:
BEA has released 24 advisories identifying various vulnerabilities affecting BEA WebLogic Server and WebLogic Express. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

We conjecture that some of these issues may allow an attacker to completely compromise a vulnerable computer.

These issues are currently being analyzed. This BID will be updated and individual BIDs will be released when further analysis is complete.

75. BEA Multiple Products Multiple Vulnerabilities
BugTraq ID: 22082
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22082
Summary:
BEA has released 23 advisories identifying various vulnerabilities affecting BEA WebLogic Server, WebLogic Platform, and WebLogic Express, ALES, ALSB, and JRockit. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

76. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
BugTraq ID: 23552
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

77. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
BugTraq ID: 22838
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22838
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

Asterisk versions prior to 1.2.16 and 1.4.1 are vulnerable to this issue.

78. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
BugTraq ID: 23031
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

79. Asterisk SIP Channel Driver UDP Packets Remote Denial of Service Vulnerability
BugTraq ID: 24359
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24359
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain SIP UDP packets.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

NOTE: This record may be a duplicate of the issue discussed in BID 23093 (Asterisk SIP Channel Driver Response Code Zero Remote Denial of Service Vulnerability). We are still investigating this issue and will retire this BID if we find it to be a duplicate.

80. Asterisk ManagerInterface Manager.Conf Remote Denial of Service Vulnerability
BugTraq ID: 23649
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23649
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle exceptional conditions.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

81. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.

82. Mozilla Firefox OnUnload Memory Corruption Vulnerability
BugTraq ID: 22679
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. This could facilitate the remote compromise of affected computers.

Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other versions are also likely affected.

83. Asterisk IAX2 Text Frame Information Disclosure Vulnerability
BugTraq ID: 23824
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23824
Summary:
Asterisk is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue may also result in a segmentation fault.

84. Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability
BugTraq ID: 24970
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24970
Summary:
The Opera Web Browser is prone to a remote code-execution vulnerability that occurs when parsing a specially crafted BitTorrent header.

Exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Opera 9.21; prior versions may also be affected.

NOTE: This issue is reported to affect only Opera running on Microsoft Windows; other platforms running Opera may also be affected.

85. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 24949
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24949
Summary:
Asterisk is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause a denial-of-service condition.

86. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
BugTraq ID: 25280
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25280
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

87. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

88. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
BugTraq ID: 23927
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/23927
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Versions of libexif prior to 0.6.14 are vulnerable to this issue.

89. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

90. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
BugTraq ID: 21078
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
LibPNG is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error.

Attackers may exploit this vulnerability to crash an application that relies on the affected library.

91. Opera Web Browser Address Bar URI Spoofing Vulnerability
BugTraq ID: 24917
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24917
Summary:
Opera Web Browser is affected by a URI-spoofing vulnerability because it fails to adequately handle user-supplied data.

An attacker may leverage this issue by padding the URI and inserting arbitrary content to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust as the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Opera 9.21 is vulnerable; other versions may also be affected.

NOTE: KDE's Konqueror browser is also affected by this issue. Please see BID 24912 for more information.

92. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

93. Opera Web Browser Basic Authentication Server Domain Spoofing Vulnerability
BugTraq ID: 24352
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24352
Summary:
Opera Web Browser is prone to an HTTP basic authentication domain-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Opera 9.21 is vulnerable; other versions may also be affected.

Reports indicate that other browsers are also vulnerable, but this has not been confirmed.

94. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

95. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
BugTraq ID: 25288
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25288
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.

This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.

96. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
BugTraq ID: 25307
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25307
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted compressed skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files).

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

97. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

98. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
BugTraq ID: 24835
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/24835
Summary:
GNU Image Manipulation Program (GIMP) is prone to multiple integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with the privileges of the user running GIMP. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to GIMP 2.2.16 are vulnerable.

99. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
BugTraq ID: 21240
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.

Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks.

Initial reports and preliminary testing indicate that this issue affects only Firefox 2.

100. Sophos Antivirus UPX and BZIP Multiple Remote Vulnerabilities
BugTraq ID: 25428
Remote: Yes
Last Updated: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25428
Summary:
Sophos Antivirus is prone to multiple remote vulnerabilities. These issues include a remote code-execution vulnerability and a denial-of-service vulnerability.

A remote attacker can exploit this issue to execute arbitrary code within the context of the affected application or crash the affected application, denying service to legitimate users. Successful exploits may result in a crash of the antivirus engine or the exhaustion of disk space on affected computers.

This issue affects Sophos applications using antivirus engine versions prior to 2.48.0.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Fraudsters focus on job sites
By: Robert Lemos
A Trojan horse mines Monster.com for personal details that could make fraudulent e-mail schemes more convincing, while evidence mounts that other job sites are also being attacked.
http://www.securityfocus.com/news/11484

2. Universities warned of Storm Worm attacks
By: Robert Lemos
Scanning a computer infected with the bot software could bring swift retribution, warns the response center for academic networks.
http://www.securityfocus.com/news/11482

3. Retro attack gets new life, worries browser makers
By: Robert Lemos
Researchers find that browsers and plug-ins could be exploited to turn a victim's computer into a door to the internal network. One study finds an attack could claim 100,000 IP addresses in three days.
http://www.securityfocus.com/news/11481

4. Teaching hacking helps students, professors say
By: Robert Lemos
Universities and colleges could find more students interested in computer-science courses, if the teachers taught practical hacking, educators say.
http://www.securityfocus.com/news/11480

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] VP of Regional Sales, Washington
http://www.securityfocus.com/archive/77/477978

2. [SJ-JOB] Technical Support Engineer, Fredericton
http://www.securityfocus.com/archive/77/477980

3. [SJ-JOB] Senior Software Engineer, Fort Lauderdale
http://www.securityfocus.com/archive/77/477970

4. [SJ-JOB] Security Product Marketing Manager, Mountain View
http://www.securityfocus.com/archive/77/477979

5. [SJ-JOB] Senior Software Engineer, Fredericton
http://www.securityfocus.com/archive/77/477981

6. [SJ-JOB] Security Consultant, Houston
http://www.securityfocus.com/archive/77/477982

7. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/477966

8. [SJ-JOB] Security Engineer, Fort Collins
http://www.securityfocus.com/archive/77/477968

9. [SJ-JOB] Security Architect, Portland
http://www.securityfocus.com/archive/77/477969

10. [SJ-JOB] Sr. Security Analyst, Charlotte
http://www.securityfocus.com/archive/77/477967

11. [SJ-JOB] Application Security Engineer, Torrance
http://www.securityfocus.com/archive/77/477871

12. [SJ-JOB] Regional Channel Manager, Boston
http://www.securityfocus.com/archive/77/477842

13. [SJ-JOB] Director, Information Security, Chicago
http://www.securityfocus.com/archive/77/477858

14. [SJ-JOB] Security Engineer, Denver
http://www.securityfocus.com/archive/77/477859

15. [SJ-JOB] Security Auditor, Charlotte
http://www.securityfocus.com/archive/77/477879

16. [SJ-JOB] Security System Administrator, Torrance, CA
http://www.securityfocus.com/archive/77/477857

17. [SJ-JOB] Jr. Security Analyst, VA/MD/DC
http://www.securityfocus.com/archive/77/477843

18. [SJ-JOB] Information Assurance Engineer, Rosslyn
http://www.securityfocus.com/archive/77/477830

19. [SJ-JOB] Information Assurance Analyst, VA/MD/DC
http://www.securityfocus.com/archive/77/477833

20. [SJ-JOB] Sr. Security Engineer, Dallas
http://www.securityfocus.com/archive/77/477835

21. [SJ-JOB] Security Architect, Rosslyn
http://www.securityfocus.com/archive/77/477839

22. [SJ-JOB] Information Assurance Engineer, VA/MD/DC
http://www.securityfocus.com/archive/77/477840

23. [SJ-JOB] Security System Administrator, Charlotte
http://www.securityfocus.com/archive/77/477832

24. [SJ-JOB] Security Auditor, VA/MD/DC
http://www.securityfocus.com/archive/77/477834

25. [SJ-JOB] Security Engineer, VA/MD/DC
http://www.securityfocus.com/archive/77/477841

26. [SJ-JOB] Technology Risk Consultant, London
http://www.securityfocus.com/archive/77/477597

27. [SJ-JOB] Management, Bellevue
http://www.securityfocus.com/archive/77/477598

28. [SJ-JOB] Security Consultant, Sydney
http://www.securityfocus.com/archive/77/477599

29. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/477602

30. [SJ-JOB] Incident Handler, Doha
http://www.securityfocus.com/archive/77/477603

31. [SJ-JOB] Threat Analyst, Denver
http://www.securityfocus.com/archive/77/477595

32. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/477604

33. [SJ-JOB] Sr. Product Manager, Mountain View
http://www.securityfocus.com/archive/77/477588

34. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/477591

35. [SJ-JOB] Sr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/477592

36. [SJ-JOB] Security Consultant, Nationwide / Virtual (Heavy Travel)
http://www.securityfocus.com/archive/77/477596

37. [SJ-JOB] Security Consultant, Singapore
http://www.securityfocus.com/archive/77/477590

38. [SJ-JOB] Sales Representative, Lexington
http://www.securityfocus.com/archive/77/477589

39. [SJ-JOB] Sales Engineer, South
http://www.securityfocus.com/archive/77/477584

40. [SJ-JOB] VP, Information Security, New York
http://www.securityfocus.com/archive/77/477581

41. [SJ-JOB] Sr. Security Analyst, Evansville
http://www.securityfocus.com/archive/77/477582

42. [SJ-JOB] Manager, Information Security, Miami
http://www.securityfocus.com/archive/77/477580

43. [SJ-JOB] Penetration Engineer, Washington DC
http://www.securityfocus.com/archive/77/477576

44. [SJ-JOB] Security Engineer, Washington DC
http://www.securityfocus.com/archive/77/477577

45. [SJ-JOB] Technical Writer, Washington DC
http://www.securityfocus.com/archive/77/477579

46. [SJ-JOB] Sr. Security Analyst, New York city
http://www.securityfocus.com/archive/77/477575

47. [SJ-JOB] Application Security Engineer, Philadelphia
http://www.securityfocus.com/archive/77/477566

48. [SJ-JOB] Management, Sydney
http://www.securityfocus.com/archive/77/477568

49. [SJ-JOB] Penetration Engineer, Austin
http://www.securityfocus.com/archive/77/477573

50. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/477574

51. [SJ-JOB] Manager, Information Security, Heidelberg
http://www.securityfocus.com/archive/77/477567

52. [SJ-JOB] Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/477569

53. [SJ-JOB] Manager, Information Security, Toronto
http://www.securityfocus.com/archive/77/477552

54. [SJ-JOB] Security Consultant, St. Louis
http://www.securityfocus.com/archive/77/477557

55. [SJ-JOB] Sr. Security Engineer, South San Francisco
http://www.securityfocus.com/archive/77/477559

56. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/477560

57. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/477558

58. [SJ-JOB] Application Security Architect, Valley Forge
http://www.securityfocus.com/archive/77/477562

59. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/477565

60. [SJ-JOB] Account Manager, London
http://www.securityfocus.com/archive/77/477551

61. [SJ-JOB] Security Consultant, Munich
http://www.securityfocus.com/archive/77/477533

62. [SJ-JOB] Security Consultant, Mexico City
http://www.securityfocus.com/archive/77/477546

63. [SJ-JOB] Information Assurance Analyst, Columbia
http://www.securityfocus.com/archive/77/477547

64. [SJ-JOB] Security Consultant, Washington DC
http://www.securityfocus.com/archive/77/477548

65. [SJ-JOB] Sales Engineer, London
http://www.securityfocus.com/archive/77/477532

66. [SJ-JOB] Sales Representative, NYC or Wash DC areas
http://www.securityfocus.com/archive/77/477534

67. [SJ-JOB] Security Consultant, Any City
http://www.securityfocus.com/archive/77/477527

68. [SJ-JOB] Management, UK wide
http://www.securityfocus.com/archive/77/477528

69. [SJ-JOB] Manager, Information Security, UK wide
http://www.securityfocus.com/archive/77/477531

70. [SJ-JOB] Manager, Information Security, UK wide
http://www.securityfocus.com/archive/77/477524

71. [SJ-JOB] Manager, Information Security, UK Wide
http://www.securityfocus.com/archive/77/477525

72. [SJ-JOB] Security Consultant, Springfield
http://www.securityfocus.com/archive/77/477526

73. [SJ-JOB] Forensics Engineer, Multiple Locations: Washington D.C, Dallas, Chicago, NY, L.A
http://www.securityfocus.com/archive/77/477530

74. [SJ-JOB] Security Researcher, San Jose
http://www.securityfocus.com/archive/77/477511

75. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/477519

76. [SJ-JOB] Penetration Engineer, Sydney
http://www.securityfocus.com/archive/77/477520

77. [SJ-JOB] Threat Analyst, McLean
http://www.securityfocus.com/archive/77/477510

78. [SJ-JOB] Quality Assurance, Redmond
http://www.securityfocus.com/archive/77/477512

79. [SJ-JOB] Security Architect, Los Angeles
http://www.securityfocus.com/archive/77/477513

80. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/477521

81. [SJ-JOB] Security Product Manager, Mountain View
http://www.securityfocus.com/archive/77/477522

82. [SJ-JOB] Software Engineer, Redmond
http://www.securityfocus.com/archive/77/477501

83. [SJ-JOB] Manager, Information Security, PROVIDENCE
http://www.securityfocus.com/archive/77/477509

84. [SJ-JOB] Security Consultant, Boston, Multiple Locations
http://www.securityfocus.com/archive/77/477523

85. [SJ-JOB] Threat Analyst, Munich
http://www.securityfocus.com/archive/77/477498

86. [SJ-JOB] Security Consultant, Mexico City
http://www.securityfocus.com/archive/77/477499

87. [SJ-JOB] Security Consultant, CHICAGO
http://www.securityfocus.com/archive/77/477500

88. [SJ-JOB] Security System Administrator, Herndon
http://www.securityfocus.com/archive/77/477487

89. [SJ-JOB] Penetration Engineer, New York
http://www.securityfocus.com/archive/77/477489

90. [SJ-JOB] Security Engineer, Vernon Hills
http://www.securityfocus.com/archive/77/477497

91. [SJ-JOB] Software Engineer, Los Angeles
http://www.securityfocus.com/archive/77/477478

92. [SJ-JOB] Sales Representative, Minneapolis
http://www.securityfocus.com/archive/77/477485

93. [SJ-JOB] Sr. Security Engineer, Cleveland
http://www.securityfocus.com/archive/77/477486

94. [SJ-JOB] Security Engineer, Chantilly
http://www.securityfocus.com/archive/77/477488

95. [SJ-JOB] Application Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/477479

96. [SJ-JOB] Application Security Architect, San Francisco
http://www.securityfocus.com/archive/77/477482

97. [SJ-JOB] Senior Software Engineer, Los Angeles
http://www.securityfocus.com/archive/77/477483

98. [SJ-JOB] Security Engineer, San Jose
http://www.securityfocus.com/archive/77/477463

99. [SJ-JOB] Information Assurance Analyst, Wilmington
http://www.securityfocus.com/archive/77/477480

100. [SJ-JOB] Database Security Engineer, Redwood Shores
http://www.securityfocus.com/archive/77/477466

101. [SJ-JOB] Sr. Security Engineer, Irvine
http://www.securityfocus.com/archive/77/477477

102. [SJ-JOB] Information Assurance Analyst, Hagerstown
http://www.securityfocus.com/archive/77/477440

103. [SJ-JOB] Application Security Engineer, Toronto
http://www.securityfocus.com/archive/77/477441

104. [SJ-JOB] Disaster Recovery Coordinator, New York
http://www.securityfocus.com/archive/77/477442

105. [SJ-JOB] Management, Mountain View
http://www.securityfocus.com/archive/77/477460

106. [SJ-JOB] Security Engineer, Carpinteria
http://www.securityfocus.com/archive/77/477468

107. [SJ-JOB] Account Manager, New York Metro
http://www.securityfocus.com/archive/77/477438

108. [SJ-JOB] Account Manager, New York Metro
http://www.securityfocus.com/archive/77/477439

109. [SJ-JOB] Sr. Security Analyst, San Francisco
http://www.securityfocus.com/archive/77/477436

110. [SJ-JOB] Security Engineer, Carpinteria
http://www.securityfocus.com/archive/77/477437

111. [SJ-JOB] Security Product Manager, Calgary
http://www.securityfocus.com/archive/77/477353

112. [SJ-JOB] Sr. Security Engineer, Mountain View, Heathrow (FL), Roseville (MN)
http://www.securityfocus.com/archive/77/477354

113. [SJ-JOB] Sales Engineer, Remote
http://www.securityfocus.com/archive/77/477365

114. [SJ-JOB] Threat Analyst, Calgary
http://www.securityfocus.com/archive/77/477355

115. [SJ-JOB] Sales Engineer, Herndon
http://www.securityfocus.com/archive/77/477356

116. [SJ-JOB] Sales Engineer, Herndon
http://www.securityfocus.com/archive/77/477364

117. [SJ-JOB] Sr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/477352

V. INCIDENTS LIST SUMMARY
---------------------------
1. HTTP worm?
http://www.securityfocus.com/archive/75/477880

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Security contact for Roper?
http://www.securityfocus.com/archive/82/477985

2. 24th Chaos Communication Congress 2007: Call for Participation
http://www.securityfocus.com/archive/82/477984

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Software smart-card emulation
http://www.securityfocus.com/archive/88/478049

2. SecurityFocus Microsoft Newsletter #356
http://www.securityfocus.com/archive/88/477495

3. NTFS default special permissions
http://www.securityfocus.com/archive/88/477517

4. Password complexity - improvement
http://www.securityfocus.com/archive/88/476610

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. mail antivirus
http://www.securityfocus.com/archive/91/477433

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper
One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data.
XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D1rX

No comments:

Blog Archive