WINDOWS CENTER: SecurityFocus Newsletter #418

SecurityFocus Newsletter #418
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
2. Mod Your iPhone - For Fun or Profit?
II. BUGTRAQ SUMMARY
1. Oracle April 2007 Security Update Multiple Vulnerabilities
2. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
3. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
4. Webace Linkscript start.php SQL Injection Vulnerability
5. RW::Download Index.PHP Multiple SQL Injection Vulnerabilities
6. Cisco IOS VTY Authentication Bypass Vulnerability
7. Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability
8. Blogsphere Name Field HTML Injection Vulnerability
9. GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability
10. Modular Merchant Shopping Cart Cross-Site Scripting Vulnerability
11. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities
12. Gforge Unspecified SQL Injection Vulnerability
13. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
14. Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities
15. SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
16. MapServer Multiple Remote Vulnerabilities
17. Toms GÃ¤stebuch Multiple Cross-Site Scripting Vulnerabilities
18. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
19. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
20. Sun Solaris Special File System Local Denial of Service Vulnerability
21. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
22. MySQL Access Validation and Denial of Service Vulnerabilities
23. KDE Konqueror Address Bar URI Spoofing Vulnerability
24. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
25. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability
26. Total Commander Client Side Directory Traversal Vulnerability
27. Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
28. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
29. PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
30. Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
31. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
32. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
33. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
34. Adobe Connect Enterprise Server Information Disclosure Vulnerability
35. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
36. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
37. KTorrent Remote Directory Traversal Variant Vulnerability
38. Just For Fun Network Management and Monitoring System Multiple Remote Vulnerabilities
39. WordPress Unfiltered_HTML Field Name HTML Injection Vulnerability
40. Qualiteam X-Cart xcart_dir Multiple Remote File Include Vulnerabilities
41. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
42. Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
43. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
44. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
45. NuclearBB send_queued_emails.php Remote File Include Vulnerability
46. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
47. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
48. Edit-X Edit_Address.PHP Remote File Include Vulnerability
49. MediaWiki API Pretty-Printing Mode Cross-Site Scripting Vulnerability
50. Joomla! Comp Restaurante Component Index.PHP Arbitrary File Upload Vulnerability
51. Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
52. psi-labs.com psisns SQL Injection Vulnerability
53. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
54. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
55. phpMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
56. phpMyAdmin Multiple Input Validation Vulnerabilities
57. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
58. IBM WebSphere Application Server Edge Component Unspecified Vulnerability
59. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
60. GD Graphics Library Multiple Vulnerabilities
61. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
62. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
63. Ekiga GetHostAddress Remote Denial of Service Vulnerability
64. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
65. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
66. TechExcel CustomerWise Multiple Input Validation Vulnerabilities
67. AuraCMS mod/contak.php Arbitrary File Upload Vulnerability
68. AuraCMS Index.PHP Local File Include Vulnerability
69. TorrentTrader Account_Settings.PHP Multiple HTML Injection Vulnerabilities
70. Ultra Crypto Component ActiveX Control SaveToFile Arbitrary File Overwrite Vulnerability
71. AuraCMS ID Parameter Multiple SQL Injection Vulnerabilities
72. phpMyQuote Index.PHP SQL Injection and Cross-Site Scripting Vulnerabilities
73. ED Engine Codebase Parameter Multiple Remote File Include Vulnerabilities
74. Proxy Anket anket.asp SQL Injection Vulnerability
75. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
76. phpRealty MGR Parameter Multiple Remote File Include Vulnerabilities
77. Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
78. husrevforum Philboard_forum.ASP SQL Injection Vulnerability
79. DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
80. NetSupport School Weak Password Encryption Vulnerability
81. id3lib Insecure Temporary File Creation Vulnerability
82. ClamAV Popen Function Remote Code Execution Vulnerability
83. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
84. ClamAV Multiple Remote Denial of Service Vulnerabilities
85. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
86. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
87. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
88. Smart SisfoKampus blanko.preview.php Local File Include Vulnerability
89. fuzzylime cms getgalldata.php Local File Include Vulnerability
90. Focus/SIS Multiple Remote File Include Vulnerabilities
91. TLM CMS Multiple SQL Injection Vulnerabilities
92. BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
93. Netjuke Multiple SQL Injection Vulnerabilities
94. Netjuke Multiple Cross Site Scripting Vulnerabilities
95. Toms GÃ¤stebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
96. TxX CMS doc_root Multiple Remote File Include Vulnerabilities
97. OFFL DOC_ROOT Multiple Remote File Include Vulnerabilities
98. Microsoft September 2007 Advance Notification Multiple Vulnerabilities
99. Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities
100. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Embassy leaks highlight pitfalls of Tor
2. China on hot seat over alleged hacks
3. Fraudsters focus on job sites
4. Universities warned of Storm Worm attacks
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Certification & Accreditation Engineer, Springfield
2. [SJ-JOB] Customer Support, Austin
3. [SJ-JOB] Security Consultant, Boston
4. [SJ-JOB] Security System Administrator, Wilmington
5. [SJ-JOB] Penetration Engineer, Montvale
6. [SJ-JOB] Information Assurance Analyst, Fort Worth
7. [SJ-JOB] Sr. Security Analyst, Roseland
8. [SJ-JOB] Sr. Security Analyst, Rockville
9. [SJ-JOB] Account Manager, Bay Area
10. [SJ-JOB] Security Researcher, Hyderabad
V. INCIDENTS LIST SUMMARY
1. Source port 445,80
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. AAA that Acquire from Lotus Domino 7.02
2. SecurityFocus Microsoft Newsletter #358
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892

2. Mod Your iPhone - For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer!
http://www.securityfocus.com/columnists/453

II. BUGTRAQ SUMMARY
--------------------
1. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Last Updated: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

2. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
BugTraq ID: 25606
Remote: No
Last Updated: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/25606
Summary:
The X.Org X Window System is prone to a local buffer-overflow vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. This may facilitate a compromise of the affected computer.

3. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
BugTraq ID: 25593
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25593
Summary:
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition and possibly to execute arbitrary code, but has not been confirmed.

This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected.

4. Webace Linkscript start.php SQL Injection Vulnerability
BugTraq ID: 25592
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25592
Summary:
Linkscript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Linkscript 1.3 Special Edition; other versions may also be vulnerable.

5. RW::Download Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 25589
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25589
Summary:
RW::Download is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RW::Download 2.0.3 lite is vulnerable.

6. Cisco IOS VTY Authentication Bypass Vulnerability
BugTraq ID: 25482
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25482
Summary:
Cisco IOS is prone to a remote authentication-bypass vulnerability because the software fails to properly ensure that password authentication is required.

Successfully exploiting this issue allows remote attackers to gain VTY access to vulnerable devices without requiring successful password authentication.

This issue is being tracked by Cisco bug ID CSCsa91175.

7. Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability
BugTraq ID: 25588
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25588
Summary:
Buffalo AirStation WHR-G54S is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to use a victim's cookie credentials to perform actions with the application.

This issue affects Buffalo AirStation WHR-G54S 1.20; other versions may also be affected.

8. Blogsphere Name Field HTML Injection Vulnerability
BugTraq ID: 25587
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25587
Summary:
Blogsphere is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

9. GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 25586
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25586
Summary:
GlobalLink is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

GlobalLink 2.7.0.8 is vulnerable; other versions may also be affected.

10. Modular Merchant Shopping Cart Cross-Site Scripting Vulnerability
BugTraq ID: 16160
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/16160
Summary:
Modular Merchant is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

11. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities
BugTraq ID: 25583
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25583
Summary:
Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue.

An attacker can exploit these issues to compromise the affected computer, write files to arbitrary locations, and crash the affected application.

Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.

12. Gforge Unspecified SQL Injection Vulnerability
BugTraq ID: 25585
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25585
Summary:
Gforge is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Gforge 3.1 is vulnerable; other versions may also be affected.

13. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BugTraq ID: 21363
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/21363
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects VUPlayer 2.44; earlier versions may also be vulnerable.

14. Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25584
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25584
Summary:
The Earth Resource Mapper (ER Mapper) NCSView ActiveX control is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

15. SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
BugTraq ID: 25617
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25617
Summary:
Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.

This issue affects SisfoKampus 2006; other versions may also be vulnerable.

16. MapServer Multiple Remote Vulnerabilities
BugTraq ID: 25582
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25582
Summary:
MapServer is prone to multiple remote vulnerabilities, including a cross-site scripting issue and a buffer-overflow issue.

An attacker can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code within the context of the affected application, or crash the application, denying service to legitimate users.

Versions prior to MapServer 4.10.3 are vulnerable.

17. Toms GÃ¤stebuch Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25507
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25507
Summary:
Toms GÃ¤stebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Toms GÃ¤stebuch versions prior to 1.01 are vulnerable.

18. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

19. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

20. Sun Solaris Special File System Local Denial of Service Vulnerability
BugTraq ID: 25510
Remote: No
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25510
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

This issue stems from a NULL-pointer error caused by a function of the Special File System (SPECFS). Local attackers may exploit this issue to trigger kernel panics or system hangs, denying service to legitimate users.

Solaris 8, 9, and 10 SPARC and x86 are affected by this issue.

21. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

22. MySQL Access Validation and Denial of Service Vulnerabilities
BugTraq ID: 25017
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25017
Summary:
MySQL is prone to a access-validation vulnerability and a denial-of-service vulnerability.

An attacker can exploit these issues to create arbitrary MySQL tables or to crash the affected application, denying service to legitimate users.

This issue affects versions prior to MySQL 5.0.45.

23. KDE Konqueror Address Bar URI Spoofing Vulnerability
BugTraq ID: 24912
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/24912
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to adequately handle user-supplied data.

An attacker may leverage this issue by padding the URI and inserting arbitrary content to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 are vulnerable; other versions may also be affected.

NOTE: This issue also affects the Opera browser. This BID originally tracked the issue for both products but has been split into two separate BIDs. The issue affecting Opera is now being tracked as BID 24917.

24. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
BugTraq ID: 25219
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25219
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to display arbitrary content while displaying the URL of a trusted website in the address bar. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 is vulnerable; other versions may also be affected.

25. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability
BugTraq ID: 25567
Remote: Yes
Last Updated: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25567
Summary:
Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to iTunes 7.4.

26. Total Commander Client Side Directory Traversal Vulnerability
BugTraq ID: 25581
Remote: Yes
Last Updated: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25581
Summary:
Total Commander is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker can exploit this issue to upload a malicious file to an arbitrary location on the victim's computer.

This issue affects Total Commander 7.01; other versions may also be vulnerable.

27. Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
BugTraq ID: 25495
Remote: Yes
Last Updated: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/25495
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Fetchmail 4.6.8 through to 6.3.8 are vulnerable to this issue.

28. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 22196
Remote: Yes
Last Updated: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/22196
Summary:
NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

NCTAudioEditor is a collection of ActiveX controls for manipulating audio data. Numerous audio software products use the vulnerable 'NCTAudioFile2.AudioFile' ActiveX component.

NCTAudioStudio 2.7.1, NCTAudioEditor 2.7.1, and NCTDialogicVoice 2.7.1 are affected by this vulnerability; other versions may be affected as well.

Please see the list of associated technologies for a table of third-party products that are vulnerable because they depend on this ActiveX control.

29. PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
BugTraq ID: 4026
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/4026
Summary:
PHP's 'safe_mode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas of the filesystem that are restricted when PHP 'safe_mode' is enabled.

In particular, the MySQL client library that ships with PHP fails to properly honor 'safe_mode'. As a result, a user can issue a LOAD DATA statement to read files that reside in restricted areas of the filesystem (as determined by 'safe_mode').

30. Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25473
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25473
Summary:
Oracle JInitiator is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

These issues affect Oracle JInitiator 1.1.8.16; other versions may also be affected.

31. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
BugTraq ID: 25534
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25534
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third-party applications using the affected RPC library are also affected.

32. MIT Kerberos 5 kadmind Server Uninitialized Pointer Remote Code Execution Vulnerability
BugTraq ID: 25533
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25533
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a remote code-execution vulnerability because of an uninitialized pointer.

An authenticated attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will cause denial-of-service conditions.

Kerberos 5 'kadmind' 1.5 through 1.6.2 are vulnerable.

33. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
BugTraq ID: 25566
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25566
Summary:
Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

34. Adobe Connect Enterprise Server Information Disclosure Vulnerability
BugTraq ID: 25640
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25640
Summary:
Adobe Connect Enterprise Server is prone to an information-disclosure vulnerability because it fails to perform adequate access validation on certain web pages.

Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks.

Versions of Adobe Connect Enterprise Server 6 prior to Service Pack 3 are vulnerable.

35. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
BugTraq ID: 25636
Remote: No
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25636
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the Winbind daemon.

An attacker can exploit this issue to gain 'groupid 0' privileges on UNIX computers running the vulnerable Samba software. This may aid them in further attacks.

Samba 3.0.25 through 3.0.25c are vulnerable to this issue.

36. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
BugTraq ID: 25638
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25638
Summary:
Microsoft Visual Studio is prone to multiple remote vulnerabilities, including two remote command-execution issues and four unspecified vulnerabilities.

An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user.

Very little information is known about the four unspecified issues. We will update this BID as more information emerges.

These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected.

37. KTorrent Remote Directory Traversal Variant Vulnerability
BugTraq ID: 23745
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/23745
Summary:
KTorrent is prone to a remote directory-traversal vulnerability.

An attacker can exploit this issue by using modified '..' sequences to overwrite arbitrary files on a victim user's system.

This issue is due to an incomplete vendor fix of the issue discussed in BID 22930.

Versions of KTorrent prior to 2.1.3 are vulnerable to this issue.

38. Just For Fun Network Management and Monitoring System Multiple Remote Vulnerabilities
BugTraq ID: 24414
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/24414
Summary:
Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues.

An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.

These issues affect versions prior to JFFNMS 0.8.4-pre3.

39. WordPress Unfiltered_HTML Field Name HTML Injection Vulnerability
BugTraq ID: 25639
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25639
Summary:
WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

40. Qualiteam X-Cart xcart_dir Multiple Remote File Include Vulnerabilities
BugTraq ID: 25637
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25637
Summary:
X-Cart is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

41. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
BugTraq ID: 21261
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/21261
Summary:
Business Objects Crystal Reports XI Professional is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An atacker may exploit this issue by enticing a victim user into opening a malicious document file, resulting in the execution of arbitrary code with privileges of the vulnerable application. Failed exploit attemtps will likely result in denial-of-service conditions.

42. Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
BugTraq ID: 25461
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25461
Summary:
Microsoft MSN Messenger is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.

43. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
BugTraq ID: 25620
Remote: No
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25620
Summary:
Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability.

Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers.

Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue.

44. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25634
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25634
Summary:
Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

These issues affect versions prior to Quagga Routing Suite 0.99.9.

45. NuclearBB send_queued_emails.php Remote File Include Vulnerability
BugTraq ID: 25633
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25633
Summary:
NuclearBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects NuclearBB alpha 2.0; other versions may also be vulnerable.

46. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25627
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25627
Summary:
RealPlayer and Helix Player are prone to a denial-of-service vulnerability when handling malformed AU media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

47. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 24491
Remote: No
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/24491
Summary:
Kaspersky Internet Security 6 is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Kaspersky Internet Security 6.0.2.614 and 6.0.2.621 are vulnerable; other versions may also be affected.

NOTE: These issues may be related to BID 23326 (Kaspersky Internet Security Suite Klif.SYS Drive Local Heap Overflow Vulnerability), but this has not been confirmed. If we find that this BID is a duplicate, we will retire it and merge its information into BID 23326.

48. Edit-X Edit_Address.PHP Remote File Include Vulnerability
BugTraq ID: 21974
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/21974
Summary:
Edit-x is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

49. MediaWiki API Pretty-Printing Mode Cross-Site Scripting Vulnerability
BugTraq ID: 25632
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25632
Summary:
MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

NOTE: Some versions will be vulnerable only if '$wgEnableAPI' has been enabled.

50. Joomla! Comp Restaurante Component Index.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25612
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25612
Summary:
The Joomla! Comp Restaurante component is prone to a vulnerability that lets attackers upload arbitrary files because it fails to verify the type of file being uploaded.

Exploiting this issue could allow attackers to upload and execute arbitrary script code in the context of the affected webserver process.

51. Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25564
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25564
Summary:
Broderbund 3DGreetings Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

NOTE: 3DGreetings Player was originally owned by Expressit but is now owned by Broderbund.

52. psi-labs.com psisns SQL Injection Vulnerability
BugTraq ID: 25631
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25631
Summary:
The 'psisns' script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects psisns 1.0; other versions may also be vulnerable.

53. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
BugTraq ID: 25629
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25629
Summary:
Microsoft Visual Basic 6.0 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

54. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch a forwarded X11 session through SSH in an unauthorized manner. Further details are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions may be affected as well.

55. phpMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
BugTraq ID: 22841
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/22841
Summary:
phpMyAdmin is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote, unauthenticated attackers to cause the application to crash, effectively denying service to legitimate users.

phpMyAdmin 2.10.0.1 and prior versions are vulnerable to this issue.

56. phpMyAdmin Multiple Input Validation Vulnerabilities
BugTraq ID: 21137
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/21137
Summary:
phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities.

An attacker could exploit these vulnerabilities to view sensitive information or to have arbitrary script code execute in the context of the affected site, which may allow the attacker to steal cookie-based authentication credentials or change the way the site is rendered to the user. Data gained could aid in further attacks.

All versions of phpMyAdmin are vulnerable.

57. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 23624
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/23624
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Versions prior to phpMyAdmin 2.10.1 are vulnerable to this issue.

58. IBM WebSphere Application Server Edge Component Unspecified Vulnerability
BugTraq ID: 25626
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25626
Summary:
IBM WebSphere Application Server is prone to an unspecified vulnerability that affects the Edge Component.

Very little is known about this issue at this time. We will update this BID as more information emerges.

Versions prior to IBM WebSphere Application Server 6.1.0.11 are vulnerable.

59. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

60. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

61. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25625
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25625
Summary:
CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to crash the application.

CellFactor: Revolution 1.03 is vulnerable; other versions may also be affected.

62. QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability
BugTraq ID: 25618
Remote: No
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25618
Summary:
QGit is prone to a local privilege-escalation vulnerability because the application handles temporary files in an insecure manner.

An attacker can exploit this issue overwrite files and to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to QGit 1.5.7 are vulnerable.

63. Ekiga GetHostAddress Remote Denial of Service Vulnerability
BugTraq ID: 25642
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25642
Summary:
Ekiga is prone to a remote denial-of-service vulnerability. This issue arises due to memory mismanagement when handling user-supplied data.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

Ekiga 2.0.5 and prior versions are reported to be affected by this vulnerability.

64. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
BugTraq ID: 25635
Remote: Yes
Last Updated: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25635
Summary:
Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker can exploit this issue to overwrite arbitrary files with local data. This will likely result in denial-of-service conditions; other attacks may also be possible.

65. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
BugTraq ID: 25622
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25622
Summary:
Lighttpd is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.

66. TechExcel CustomerWise Multiple Input Validation Vulnerabilities
BugTraq ID: 25624
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25624
Summary:
CustomerWise is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML-injection issue, because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.

67. AuraCMS mod/contak.php Arbitrary File Upload Vulnerability
BugTraq ID: 25621
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25621
Summary:
AuraCMS is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify the type of file being uploaded.

Exploiting this issue could allow attackers to upload and execute arbitrary script code in the context of the affected webserver process.

This issue affects AuraCMS 2.1; other versions may also be vulnerable.

68. AuraCMS Index.PHP Local File Include Vulnerability
BugTraq ID: 25619
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25619
Summary:
AuraCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts in the context of the webserver process.

69. TorrentTrader Account_Settings.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 25616
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25616
Summary:
TorrentTrader is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

TorrentTrader 1.07 is vulnerable; other versions may also be affected.

70. Ultra Crypto Component ActiveX Control SaveToFile Arbitrary File Overwrite Vulnerability
BugTraq ID: 25611
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25611
Summary:
Ultra Crypto Component ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

71. AuraCMS ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 25614
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25614
Summary:
AuraCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect AuraCMS 1.5rc; other versions may also be vulnerable.

72. phpMyQuote Index.PHP SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 25615
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25615
Summary:
phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect phpMyQuote 0.20; other versions may also be vulnerable.

73. ED Engine Codebase Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 25608
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25608
Summary:
ED Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects ED Engine 0.8999 alpha; other versions may also be affected.

74. Proxy Anket anket.asp SQL Injection Vulnerability
BugTraq ID: 25613
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25613
Summary:
Proxy Anket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Proxy Anket 3.0.1; other versions may also be vulnerable.

75. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24165
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/24165
Summary:
Sun Java System Web Proxy Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Web Proxy Server 4.0.3; prior versions may also be affected.

76. phpRealty MGR Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 25610
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25610
Summary:
phpRealty is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect phpRealty 0.02; other versions may also be vulnerable.

77. Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25609
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25609
Summary:
Ultra Crypto Component ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

78. husrevforum Philboard_forum.ASP SQL Injection Vulnerability
BugTraq ID: 24928
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/24928
Summary:
The 'husrevforum' program is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects husrevforum v 1.0.1 (tr); other versions may be affected as well.

79. DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
BugTraq ID: 25607
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25607
Summary:
DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects DirectAdmin 1.30.2; other versions may also be affected.

80. NetSupport School Weak Password Encryption Vulnerability
BugTraq ID: 9981
Remote: No
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/9981
Summary:
NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme.

Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.

81. id3lib Insecure Temporary File Creation Vulnerability
BugTraq ID: 25372
Remote: No
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25372
Summary:
The id3lib library creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of applications using the affected library.

Successfully mounting a symbolic-link attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

82. ClamAV Popen Function Remote Code Execution Vulnerability
BugTraq ID: 25439
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25439
Summary:
ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to ClamAV 0.91.2 are vulnerable.

83. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
BugTraq ID: 22616
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/22616
Summary:
Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets.

An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash.

84. ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25398
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25398
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities.

A successful attack may allow an attacker to crash the application and deny service to users.

Versions prior to ClamAV 0.91.2 are vulnerable to these issues.

85. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

86. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25086
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25086
Summary:
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.

87. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25279
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25279
Summary:
Microsoft DirectX Media SDK 'DXTLIPI.DLL' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Microsoft DirectX Media SDK 6.0 with DXTLIPI.DLL 6.0.2.827 is reported vulnerable.

88. Smart SisfoKampus blanko.preview.php Local File Include Vulnerability
BugTraq ID: 25605
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25605
Summary:
Smart SisfoKampus is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

This issue affects Smart SisfoKampus 2006; other versions may also be vulnerable.

89. fuzzylime cms getgalldata.php Local File Include Vulnerability
BugTraq ID: 25604
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25604
Summary:
The 'fuzzylime (cms)' application is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

This issue affects fuzzylime (cms) 3.0; other versions may also be vulnerable.

90. Focus/SIS Multiple Remote File Include Vulnerabilities
BugTraq ID: 25603
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25603
Summary:
Focus/SIS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

91. TLM CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 25602
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25602
Summary:
TLM CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect TLM CMS 3.2; other versions may also be vulnerable.

92. BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25601
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25601
Summary:
BaoFeng Storm ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

93. Netjuke Multiple SQL Injection Vulnerabilities
BugTraq ID: 25600
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25600
Summary:
Netjuke is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

94. Netjuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 25599
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25599
Summary:
Netjuke is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

95. Toms GÃ¤stebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25598
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25598
Summary:
Toms GÃ¤stebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

These issues are related to the vulneraiblities discussed in BID 25507 (Toms GÃ¤stebuch Multiple Cross-Site Scripting Vulnerabilities) and may be a result of an incomplete fix for those issues.

96. TxX CMS doc_root Multiple Remote File Include Vulnerabilities
BugTraq ID: 25597
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25597
Summary:
TxX CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

97. OFFL DOC_ROOT Multiple Remote File Include Vulnerabilities
BugTraq ID: 25596
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25596
Summary:
OFFL (Online Fantasy Football League) is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect OFFL 0.2.6; other versions may also be vulnerable.

98. Microsoft September 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 25573
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25573
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 11, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

99. Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25395
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25395
Summary:
Trend Micro ServerProtect is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Nine buffer-overflow vulnerabilities affect the 'SpntSvc.exe' and agent services that listen on TCP ports 5168 and 3628. Attackers may exploit these vulnerabilities over RPC interfaces that are exposed by the vulnerable application.

Exploiting these issues allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These issues were reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.

100. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability
BugTraq ID: 25594
Remote: Yes
Last Updated: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25594
Summary:
Microsoft SQL Server 'sqldmo.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Embassy leaks highlight pitfalls of Tor
By: Robert Lemos
The security researcher that posted the e-mail addresses and passwords for 100 accounts at embassies and political groups reveals that he exploited the victims' incorrect usage of the Tor Project's anonymous Web surfing software.
http://www.securityfocus.com/news/11486

2. China on hot seat over alleged hacks
By: Robert Lemos
Twice in two weeks, the nation has been taken to task for breaching other nations' systems, but officials continue to deny the accusations.
http://www.securityfocus.com/news/11485

3. Fraudsters focus on job sites
By: Robert Lemos
A Trojan horse mines Monster.com for personal details that could make fraudulent e-mail schemes more convincing, while evidence mounts that other job sites are also being attacked.
http://www.securityfocus.com/news/11484

4. Universities warned of Storm Worm attacks
By: Robert Lemos
Scanning a computer infected with the bot software could bring swift retribution, warns the response center for academic networks.
http://www.securityfocus.com/news/11482

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Certification & Accreditation Engineer, Springfield
http://www.securityfocus.com/archive/77/478659

2. [SJ-JOB] Customer Support, Austin
http://www.securityfocus.com/archive/77/478660

3. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/478661

4. [SJ-JOB] Security System Administrator, Wilmington
http://www.securityfocus.com/archive/77/478662

5. [SJ-JOB] Penetration Engineer, Montvale
http://www.securityfocus.com/archive/77/478664

6. [SJ-JOB] Information Assurance Analyst, Fort Worth
http://www.securityfocus.com/archive/77/478653

7. [SJ-JOB] Sr. Security Analyst, Roseland
http://www.securityfocus.com/archive/77/478654

8. [SJ-JOB] Sr. Security Analyst, Rockville
http://www.securityfocus.com/archive/77/478655

9. [SJ-JOB] Account Manager, Bay Area
http://www.securityfocus.com/archive/77/478656

10. [SJ-JOB] Security Researcher, Hyderabad
http://www.securityfocus.com/archive/77/478657

V. INCIDENTS LIST SUMMARY
---------------------------
1. Source port 445,80
http://www.securityfocus.com/archive/75/478641

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. AAA that Acquire from Lotus Domino 7.02
http://www.securityfocus.com/archive/88/478975

2. SecurityFocus Microsoft Newsletter #358
http://www.securityfocus.com/archive/88/478651

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

News

Wednesday, September 12, 2007

SecurityFocus Newsletter #418

No comments:

WINDOWS CENTER

Blog Archive