WINDOWS CENTER: SecurityFocus Newsletter #427

SecurityFocus Newsletter #427
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Don't blame the IDS
2.E-mail privacy to disappear?
II. BUGTRAQ SUMMARY
1. GuppY Error.PHP Remote File Include and Command Execution Vulnerability
2. GuppY Includes.Inc Remote File Include Vulnerability
3. AutoIndex PHP Script PHP_SELF Index.PHP Cross-Site Scripting Vulnerability
4. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability
5. AutoIndex PHP Script Index.PHP Denial of Service Vulnerability
6. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
7. WinPcap NPF.SYS Bpf_Filter_Init Function Local Privilege Escalation Vulnerability
8. Eggblog Rss.PHP Cross-Site Scripting Vulnerability
9. Miro Broadcast Machine Login.PHP Cross Site Scripting Vulnerability
10. PHP-Nuke Advertising Module Modules.PHP SQL Injection Vulnerability
11. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
12. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
13. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
14. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
15. Perl Unicode Regular Expression Buffer Overflow Vulnerability
16. Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
17. Multiple Vendor H.323 Protocol Implementation Vulnerabilities
18. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
19. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
20. LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
21. Apple Mac OS X Multiple Security Vulnerabilities
22. LibTIFF TiffFetchShortPair Remote Buffer Overflow Vulnerability
23. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
24. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
25. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
26. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
27. Vortex Portal Multiple Remote File Include Vulnerabilities
28. nuBoard Index.PHP Remote File Include Vulnerability
29. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
30. Mono System.Math BigInteger Buffer Overflow Vulnerability
31. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
32. iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
33. EDraw Flowchart ActiveX Control Arbitrary File Overwrite Vulnerability
34. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
35. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
36. Xpdf Multiple Remote Stream.CC Vulnerabilities
37. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
38. scWiki Common.PHP Remote File Include Vulnerability
39. Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities
40. SyndeoCMS MAIN.INC.PHP Remote File Include Vulnerability
41. BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
42. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
43. WP-SlimStat WordPress Plugin Cross-Site Scripting Vulnerability
44. ExoPHPDesk Index.PHP Multiple Input Validation Vulnerabilities
45. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation Vulnerability
46. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
47. AFCommerce Firstname Parameter SQL Injection Vulnerability
48. Yarssr GUI.PM Remote Code Injection Vulnerability
49. RETIRED: BosDev BosNews Multiple HTML Injection Vulnerabilities
50. BosDev BosMarket Multiple HTML Injection Vulnerabilities
51. CONTENTCustomizer Dialog.PHP Unauthorized Access Vulnerability
52. Oracle Database Server Installation Security Bypass Vulnerability
53. SSL-Explorer Multiple Input Validation Vulnerabilities
54. Datecomm Social Networking Script Index.PHP SQL Injection Vulnerability
55. Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
56. Firefly Media Server Multiple Null Pointer Dereference Vulnerabilities
57. Scribe Forum.PHP Remote PHP Code Execution Vulnerability
58. Adobe ColdFusion CFID CFTOKEN Session Hijacking Vulnerability
59. Grani Search Favorites Cross Site Scripting Vulnerability
60. VTLS Web Gateway Searchtype Parameter Cross-Site Scripting Vulnerability
61. PHP stream_wrapper_register() Function Denial of Service Vulnerability
62. PHP Multiple GetText Functions Denial Of Service Vulnerabilities
63. DM Guestbook Multiple Local File Include Vulnerabilities
64. RSA Authentication Agent IISWebAgentIF.DLL Remote Stack Based Buffer Overflow Vulnerability
65. IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
66. Ax Developer CMS Index.PHP Local File Include Vulnerability
67. Microsoft Windows URI Handler Command Execution Vulnerability
68. Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability
69. Hitachi Collaboration Portal Schedule Component Information Disclosure Vulnerability
70. Microsoft Windows Recursive DNS Spoofing Vulnerability
71. GNU Emacs Local Variable Handling Code Execution Vulnerability
72. Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
73. Libpng Library Multiple Remote Denial of Service Vulnerabilities
74. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
75. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
76. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
77. CONTENTCustomizer Dialog.PHP Information Disclosure Vulnerability
78. SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
79. ISPworker Download.PHP Multiple Local File Include Vulnerabilities
80. RETIRED: phpMyConferences PageTraiteDownload.PHP Local File Include Vulnerability
81. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
82. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
83. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
84. DocuSafe Search Parameter SQL Injection Vulnerability
85. IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption Vulnerabilities
86. TestLink Unspecified Authentication Bypass Vulnerability
87. KDE Konqueror Cookie Handling Denial of Service Vulnerability
88. Free Forum Search SQL Injection Vulnerability
89. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
90. Linux Kernel HugeTLB Local Denial Of Service Vulnerability
91. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
92. Linux Kernel PRNG Entropy Weakness
93. X7 Chat Multiple Cross Site Scripting Vulnerabilities
94. PHP Application Tools patBBCode BBCODESOURCE.PHP Remote File Include Vulnerability
95. TorrentStrike INDEX.PHP SQL Injection Vulnerability
96. SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
97. IBM AIX Swcons Arbitrary File Access Vulnerability
98. ILIAS Multiple HTML Injection Vulnerabilities
99. Citrix Access Gateway Standard and Advanced Edition Multiple Remote Vulnerabilities
100. F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS
1. Task force aims to improve U.S. cybersecurity
2. Court filings double estimate of TJX breach
3. Identity thieves likely to be first-timers, strangers
4. Retailers look to exorcise credit-card data
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Quality Assurance, Fredericton or Saint John
2. [SJ-JOB] Senior Software Engineer, Fredericton or Saint John
3. [SJ-JOB] Technical Writer, Fredericton or Saint John
4. [SJ-JOB] Technical Support Engineer, Fredericton
5. [SJ-JOB] Information Assurance Engineer, Arlington
6. [SJ-JOB] Security Architect, Boston
7. [SJ-JOB] VP / Dir / Mgr engineering, Fredericton
8. [SJ-JOB] Security Architect, Arlinton
9. [SJ-JOB] Certification & Accreditation Engineer, Arlington
10. [SJ-JOB] Security Consultant, Atlanta
11. [SJ-JOB] Application Security Engineer, Cincinnati
12. [SJ-JOB] Sr. Security Analyst, Calgary
13. [SJ-JOB] Technical Writer, Washington
14. [SJ-JOB] Penetration Engineer, Milwaukee
15. [SJ-JOB] Security Engineer, Washington
16. [SJ-JOB] Jr. Security Analyst, Washington
17. [SJ-JOB] Security Engineer, Bloomington
18. [SJ-JOB] Information Assurance Engineer, Arlington
19. [SJ-JOB] Security Consultant, Winnipeg
20. [SJ-JOB] Security Architect, Chicago
21. [SJ-JOB] Customer Service, Fredericton or Saint John
22. [SJ-JOB] Security Engineer, Arlington
23. [SJ-JOB] VP of Regional Sales, Kolkata
24. [SJ-JOB] Manager, Information Security, Kolkata
25. [SJ-JOB] Security Engineer, Kansas City
26. [SJ-JOB] Sr. Security Engineer, Fredericton or Saint John
27. [SJ-JOB] Security Director, Nashville
28. [SJ-JOB] Penetration Engineer, Kolkata
29. [SJ-JOB] VP of Marketing, Kolkata
30. [SJ-JOB] Jr. Security Analyst, Calgary
31. [SJ-JOB] Quality Assurance, Palo Alto
32. [SJ-JOB] Security Researcher, CUPERTINO
33. [SJ-JOB] Security System Administrator, Boulder
34. [SJ-JOB] Sr. Security Engineer, CUPERTINO
35. [SJ-JOB] Sr. Security Analyst, Bloomington
36. [SJ-JOB] Auditor, Charlotte
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Oracle 0-day to get SYSDBA access to the database
2. CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #367
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Don't blame the IDS
By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457

2.E-mail privacy to disappear?
By Mark Rasch
On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad.

http://www.securityfocus.com/columnists/456

II. BUGTRAQ SUMMARY
--------------------
1. GuppY Error.PHP Remote File Include and Command Execution Vulnerability
BugTraq ID: 15609
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/15609
Summary:
GuppY is prone to a remote file-include vulnerability and to a command-execution vulnerability.

The software fails to properly sanitize data supplied to the 'error.php' script, allowing attackers to specify remotely hosted script files to be executed in the context of the webserver hosting the vulnerable software.

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process.

An attacker can also pass malicious PHP commands through this script to be executed on an affected server, which could facilitate unauthorized access as well.

GuppY 4.5.16 and prior versions are vulnerable.

2. GuppY Includes.Inc Remote File Include Vulnerability
BugTraq ID: 26315
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26315
Summary:
GuppY is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

GuppY 4.6.3 is vulnerable; other versions may also be affected.

3. AutoIndex PHP Script PHP_SELF Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26411
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26411
Summary:
AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

AutoIndex PHP Script 2.2.2 is vulnerable; other versions may also be affected.

4. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability
BugTraq ID: 26405
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26405
Summary:
Microsoft Office Web Component is prone to a denial-of-service vulnerability because of a memory access violation.

Attackers can exploit this issue to crash Internet Explorer and deny service to legitimate users.

This issue affects OWC11 for Microsoft Office 2003.

5. AutoIndex PHP Script Index.PHP Denial of Service Vulnerability
BugTraq ID: 26410
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26410
Summary:
AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input.

Successfully exploiting this issue allows remote attackers to consume excessive CPU resources, potentially denying service to legitimate users.

AutoIndex PHP Script 2.2.2 and 2.2.3 are vulnerable to this issue; prior versions may also be affected.

6. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 26345
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26345
Summary:
Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

7. WinPcap NPF.SYS Bpf_Filter_Init Function Local Privilege Escalation Vulnerability
BugTraq ID: 26409
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26409
Summary:
WinPcap is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Note that an administrator must load the vulnerable driver ('NPF.SYS') by executing an application that depends on it. By default, the driver is not loaded; it can be loaded only by administrative users.

WinPcap 4.0.1 is vulnerable to this issue; previous versions may also be affected.

8. Eggblog Rss.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26408
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26408
Summary:
Eggblog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

Eggblog 3.1.0 is vulnerable; other versions may also be affected.

9. Miro Broadcast Machine Login.PHP Cross Site Scripting Vulnerability
BugTraq ID: 26407
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26407
Summary:
Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects Broadcast Machine 0.9.9.9; other versions may also be affected.

10. PHP-Nuke Advertising Module Modules.PHP SQL Injection Vulnerability
BugTraq ID: 26406
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26406
Summary:
The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

11. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
BugTraq ID: 25348
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/25348
Summary:
The Linux kernel is prone to a local vulnerability that may result in a denial of service or privilege escalation. This issue stems from a stack-based overflow in kernel memory.

Successfully exploiting this issue allows local attackers to trigger kernel crashes, denying service to legitimate users. In certain circumstances, attackers may also gain elevated privileges. The attacker may require partial administrative access via granular assignments of superuser privileges.

Linux kernel versions prior to 2.6.22.3 are affected by this issue.

12. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
BugTraq ID: 11409
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/11409
Summary:
ShixxNOTE 6.net is reported susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly perform boundary checks before copying user-supplied strings into finite process buffers.

An attacker may leverage this issue to execute arbitrary code on a vulnerable computer with the privileges of the user running the vulnerable application.

13. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

14. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

15. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

16. Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
BugTraq ID: 25905
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/25905
Summary:
Sun Solaris is prone to a local information-disclosure vulnerability because it fails to adequately sanitize users-supplied input used for reading potentially sensitive memory data.

Information gained will help attackers launch further attacks against the affected computer.

17. Multiple Vendor H.323 Protocol Implementation Vulnerabilities
BugTraq ID: 9406
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/9406
Summary:
Multiple vendor implementations of the H.323 protocol contain various vulnerabilities; these may range from simple denial of service to potential arbitrary code execution.

18. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19282
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
The Next RLE Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.

This issue occurs because the application fails to check boundary conditions on certain RLE decoding operations.

This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service.

19. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19290
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
The PixarLog Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.

This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial-of-service.

20. LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
BugTraq ID: 19287
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19287
Summary:
The libTIFF library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by submitting malformed image files.

When the libTIFF library routines process a malicious TIFF file, this could result in abnormal behavior, cause the application to become unresponsive, or possibly allow malicious code to execute.

21. Apple Mac OS X Multiple Security Vulnerabilities
BugTraq ID: 19289
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19289
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities.

These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information.

Apple Mac OS X 10.4.7 and prior are reported vulnerable to these issues.

22. LibTIFF TiffFetchShortPair Remote Buffer Overflow Vulnerability
BugTraq ID: 19283
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/19283
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of appications using the affected library. Failed exploit attempts will likely crash the application, denying service to legitimate users.

23. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 26268
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26268
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.

24. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
BugTraq ID: 23668
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/23668
Summary:
Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected.

25. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
BugTraq ID: 26132
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26132
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions.

These vulnerabilities allow attackers to:

- Execute arbitrary code due to memory corruption.
- Carry out content spoofing and phishing attacks.
- Gain unauthorized access to files on a user's computer running the Linux operating system.
- Execute script code with elevated privileges.

Other attacks may also be possible.

These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.

26. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 22688
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/22688
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.

27. Vortex Portal Multiple Remote File Include Vulnerabilities
BugTraq ID: 26325
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26325
Summary:
Vortex Portal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Vortex Portal 1.0.42 is vulnerable; other versions may also be affected.

28. nuBoard Index.PHP Remote File Include Vulnerability
BugTraq ID: 26322
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26322
Summary:
nuBoard is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

nuBoard 0.5 is vulnerable; other versions may also be affected.

29. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
BugTraq ID: 26265
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26265
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary files with 'System' privileges. Successful exploits will completely compromise affected computers.

30. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

31. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 26380
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26380
Summary:
Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 13, 2007. The highest severity rating for these issues is 'Critical'.

The following individual records have been created to document these vulnerabilities:

25945 Microsoft Windows URI Handler Command Execution Vulnerability
25919 Microsoft Windows Recursive DNS Spoofing Vulnerability

32. iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
BugTraq ID: 26299
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26299
Summary:
iSCSI Enterprise Target is prone to a local information-disclosure vulnerability because the software sets incorrect permissions on the '/etc/ietd.conf' file.

Attackers can exploit this issue to obtain usernames and passwords as well as information about the configuration of the affected application.

This issue affects iSCSI Enterprise Target 0.4.15; other versions may also be affected.

33. EDraw Flowchart ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 26308
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26308
Summary:
The EDraw Flowchart ActiveX Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

EDraw Flowchart ActiveX Control 2.3 is vulnerable to this issue; other versions may also be affected.

34. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

35. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

36. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.

Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.

37. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
BugTraq ID: 13382
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/13382
Summary:
A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries.

An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may allow the attacker to steal sensitive information, potentially including authentication credentials, and to corrupt data.

MetaCart2 is vulnerable; other versions may also be affected.

38. scWiki Common.PHP Remote File Include Vulnerability
BugTraq ID: 26316
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26316
Summary:
scWiki is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

scWiki 1.0 Beta 2 is vulnerable; other versions may also be affected.

39. Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 26433
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26433
Summary:
Toko Instan is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Toko Instan 7.6 is vulnerable; other versions may also be affected.

40. SyndeoCMS MAIN.INC.PHP Remote File Include Vulnerability
BugTraq ID: 26321
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26321
Summary:
SyndeoCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SyndeoCMS 2.5.01 is vulnerable; other versions may also be affected.

41. BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
BugTraq ID: 26326
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26326
Summary:
BitchX is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects BitchX 1.1; other versions may also be vulnerable.

42. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects version 2.6.23.1; previous versions may also be affected.

43. WP-SlimStat WordPress Plugin Cross-Site Scripting Vulnerability
BugTraq ID: 26432
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26432
Summary:
WP-SlimStat Plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects WP-SlimStat Plugin 0.9.2; other versions may also be vulnerable.

44. ExoPHPDesk Index.PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 26431
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26431
Summary:
ExoPHPDesk is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

45. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 26420
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26420
Summary:
Novell Client for Windows is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input.

Authenticated attackers with the privileges to invoke executables can exploit this issue to execute arbitrary code with kernel-level privileges.

Novell Client for Windows 4.91 is vulnerable; other versions may also be affected.

46. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
BugTraq ID: 26430
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26430
Summary:
WebEx is prone to multiple remote denial-of-service vulnerabilities.

Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users.

47. AFCommerce Firstname Parameter SQL Injection Vulnerability
BugTraq ID: 26282
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26282
Summary:
AFCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

48. Yarssr GUI.PM Remote Code Injection Vulnerability
BugTraq ID: 26273
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26273
Summary:
Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer; other attacks are also possible.

Yarssr 0.2.2 is vulnerable; other versions may also be affected.

49. RETIRED: BosDev BosNews Multiple HTML Injection Vulnerabilities
BugTraq ID: 26199
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26199
Summary:
BosDev BosNews is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

UPDATE (November 13, 2007): This BID is being retired. The vendor refutes these claims, stating that HTML code is stripped with the exception of certain parameters that will accept HTML only if the user has administrator privileges. Please see the references for more information.

50. BosDev BosMarket Multiple HTML Injection Vulnerabilities
BugTraq ID: 26197
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26197
Summary:
BosDev BosMarket is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

UPDATE (November 13, 2007): The vendor states that the issue affecting the 'username' parameter is being addressed in BosMarket 6.1. The vendor refutes claims that other parameters are affected, stating that HTML code is stripped with the exception of certain parameters that will accept HTML only if the user has administrator privileges. Please see the references for more information.

51. CONTENTCustomizer Dialog.PHP Unauthorized Access Vulnerability
BugTraq ID: 26437
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26437
Summary:
CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker could exploit this issue to delete arbitrary files, rename files, or reset the content of certain files.

CONTENTCustomizer 3.1mp is vulnerable; other versions may also be affected.

52. Oracle Database Server Installation Security Bypass Vulnerability
BugTraq ID: 26425
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26425
Summary:
The Oracle Database Server installation process is prone to a security-bypass vulnerability because of a design error. A small window of time exists during the installation process where attackers can access SYS or SYSTEM accounts.

Successful attacks will compromise the application or provide a means to launch further attacks.

This issue affects Oracle 10g and 11g.

53. SSL-Explorer Multiple Input Validation Vulnerabilities
BugTraq ID: 24319
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/24319
Summary:
SSL-Explorer is prone to multiple input-validation vulnerabilities, including HTML-injection, cross-site scripting, and directory-traversal issues, because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, and access or modify data.

54. Datecomm Social Networking Script Index.PHP SQL Injection Vulnerability
BugTraq ID: 26422
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26422
Summary:
Datecomm is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

55. Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
BugTraq ID: 26310
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26310
Summary:
Firefly Media Server (formerly known as mt-daapd) is affected by multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application.

Versions prior to Firefly Media Server 0.2.4.1 are affected.

56. Firefly Media Server Multiple Null Pointer Dereference Vulnerabilities
BugTraq ID: 26309
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26309
Summary:
Firefly Media Server is prone to multiple NULL-pointer-dereference vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, remote attackers may also be able to execute code, but this has not been confirmed.

Firefly Media Server 0.2.4 is vulnerable; other versions may also be affected.

57. Scribe Forum.PHP Remote PHP Code Execution Vulnerability
BugTraq ID: 26302
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26302
Summary:
Scribe is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

This issue affects Scribe 0.2; other versions may also be vulnerable.

58. Adobe ColdFusion CFID CFTOKEN Session Hijacking Vulnerability
BugTraq ID: 26429
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26429
Summary:
Adobe ColdFusion is prone to a vulnerability that allows attackers to hijack browser sessions.

Successful attacks will allow attackers to access potentially sensitive information and perform actions in the guise of legitimate users.

ColdFusion MX 7 and ColdFusion 8 are vulnerable; other versions may also be affected.

NOTE: This issue does not occur when using J2EE session management.

59. Grani Search Favorites Cross Site Scripting Vulnerability
BugTraq ID: 26418
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26418
Summary:
Grani is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

This issue affects Grani 3.0; other versions may also be affected.

60. VTLS Web Gateway Searchtype Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 26419
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26419
Summary:
Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

This issue affects versions prior to Web Gateway 48.1.1.

61. PHP stream_wrapper_register() Function Denial of Service Vulnerability
BugTraq ID: 26426
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26426
Summary:
PHP is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 5.2.5 and prior versions are vulnerable.

62. PHP Multiple GetText Functions Denial Of Service Vulnerabilities
BugTraq ID: 26428
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26428
Summary:
PHP is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to cause denial-of-service conditions. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

PHP 5.2.5 is vulnerable; other versions may also be affected.

63. DM Guestbook Multiple Local File Include Vulnerabilities
BugTraq ID: 26300
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26300
Summary:
DM Guestbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts.

DM Guestbook 0.4.1 is vulnerable; other versions may also be affected.

64. RSA Authentication Agent IISWebAgentIF.DLL Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26424
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26424
Summary:
RSA Authentication Agent is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue on an affected computer to execute code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

RSA WebAgent 5.2 and 5.3 for Web for Microsoft IIS are vulnerable; other versions may also be affected.

65. IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
BugTraq ID: 26293
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26293
Summary:
IBM Tivoli Continuous Data Protection for Files is prone to an insecure-permissions vulnerability. This issue affects the application's 'Global Download' directory.

Successfully exploiting this issue allows attackers to distribute and execute arbitrary executables to client computers managed by the vulnerable software. This may facilitate the complete compromise of all client computers.

IBM Tivoli Continuous Data Protection for Files 3.1 is vulnerable to this issue; other versions may also be affected.

66. Ax Developer CMS Index.PHP Local File Include Vulnerability
BugTraq ID: 26306
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26306
Summary:
Ax Developer CMS (AxDCMS) is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.

AxDCMS 0.1.1 is vulnerable; other versions may also be affected.

67. Microsoft Windows URI Handler Command Execution Vulnerability
BugTraq ID: 25945
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25945
Summary:
Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.

Known attack vectors include following URIs in these applications:

- Mozilla Firefox in versions prior to 2.0.0.6
- Skype in versions prior to 3.5.0.239
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.

NOTE: Attackers can exploit the issue in BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) as an attack vector for this issue.

68. Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability
BugTraq ID: 26271
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26271
Summary:
Hitachi Web Server is prone to an HTML-injection vulnerability and a vulnerability that allow attackers to forge digital signatures in an SSL certificate.

An attacker could exploit these issues to execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, sign digital certificates, and take advantage of trust relationships that may depend on these credentials.

69. Hitachi Collaboration Portal Schedule Component Information Disclosure Vulnerability
BugTraq ID: 26272
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26272
Summary:
Hitachi Collaboration Portal is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks.

70. Microsoft Windows Recursive DNS Spoofing Vulnerability
BugTraq ID: 25919
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25919
Summary:
Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests.

A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing.

71. GNU Emacs Local Variable Handling Code Execution Vulnerability
BugTraq ID: 26327
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26327
Summary:
Emacs is prone to a vulnerability that lets attackers execute arbitrary code.

Due to a design error, the application ignores certain security settings and modifies local variables.

By supplying a malicious file, an attacker can exploit this issue to carry out various attacks, including executing arbitrary code in the context of the application. This may facilitate remote unauthorized access.

This issue affects Emacs 22.1; other versions may be vulnerable as well.

72. Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
BugTraq ID: 25957
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25957
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.21 and prior versions.

73. Libpng Library Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25956
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25956
Summary:
The 'libpng' library is prone to multiple remote denial-of-service vulnerabilities because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect 'libpng' 1.2.20 and prior versions.

74. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
BugTraq ID: 26042
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26042
Summary:
FLAC (Free Lossless Audio Codec) is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before allocating memory.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted FLAC files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

FLAC 1.2.0 is vulnerable; other versions may also be affected.

NOTE: Applications that include the affected libFLAC library are also affected.

75. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
BugTraq ID: 25298
Remote: No
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25298
Summary:
Microsoft Virtual PC and Virtual Server are prone to a local heap-overflow vulnerability.

To exploit this issue, attackers must have administrative privileges for the guest operating system.

Attackers may exploit this issue to execute arbitrary code in the context of the host operating system or another guest operating system. Successful exploits can result in a compromise of vulnerable computers.

76. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.

Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).

77. CONTENTCustomizer Dialog.PHP Information Disclosure Vulnerability
BugTraq ID: 26291
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26291
Summary:
CONTENTCustomizer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

CONTENTCustomizer 3.1mp is vulnerable; other versions may also be affected.

78. SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
BugTraq ID: 26288
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26288
Summary:
SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions.

These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable.

79. ISPworker Download.PHP Multiple Local File Include Vulnerabilities
BugTraq ID: 26277
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26277
Summary:
ISPworker is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts within the context of the webserver process.

These issues affect ISPworker 1.21; other versions may also be affected.

80. RETIRED: phpMyConferences PageTraiteDownload.PHP Local File Include Vulnerability
BugTraq ID: 26278
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26278
Summary:
phpMyConferences is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied input for requests to restricted files that reside outside of the web document root directory.

A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects phpMyConferences 8.0.2; other versions may also be affected.

NOTE: This BID is being retired. The affected script does not work, so this issue cannot be exploited in the manner specified.

81. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
BugTraq ID: 26421
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26421
Summary:
Ruby is prone to multiple weaknesses related to its validation of certificates. The problem is that multiple libraries fail to properly perform validity checks on X.509 certificates.

Successfully exploiting these issues may allow attackers to perform man-in-the-middle attacks against applications that insecurely use an affected library. Other attacks may also be possible.

NOTE: These issues are related to a weakness covered by BID 25847 (Ruby Net::HTTP SSL Insecure Certificate Validation Weakness).

82. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
BugTraq ID: 25847
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/25847
Summary:
Ruby's Net::HTTP library is prone to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.

Successfully exploiting this issue may allow attackers to perform man-in-the-middle attacks against applications that insecurely use the affected library. Other attacks may also be possible.

NOTE: This issue is related to multiple weaknesses covered by BID 26421 - Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses.

83. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
BugTraq ID: 21441
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because the application's CGI library fails to properly handle specially crafted HTTP requests.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected Ruby CGI library.

84. DocuSafe Search Parameter SQL Injection Vulnerability
BugTraq ID: 26442
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26442
Summary:
DocuSafe is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

85. IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption Vulnerabilities
BugTraq ID: 26441
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26441
Summary:
IBM WebSphere MQ is affected by multiple unspecified remote memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to crash affected services, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

IBM WebSphere MQ version 6.0 is vulnerable to these issues; other versions may also be affected.

86. TestLink Unspecified Authentication Bypass Vulnerability
BugTraq ID: 26439
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26439
Summary:
TestLink is prone to an unspecified authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the application.

This issue affects TestLink versions prior to 1.7.1.

87. KDE Konqueror Cookie Handling Denial of Service Vulnerability
BugTraq ID: 26435
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26435
Summary:
KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle overly large cookies.

An attacker may exploit this vulnerability to cause Konqueror to crash, resulting in denial-of-service conditions.

Konqueror 3.5.6 is vulnerable; other versions may also be affected.

88. Free Forum Search SQL Injection Vulnerability
BugTraq ID: 26434
Remote: Yes
Last Updated: 2007-11-14
Relevant URL: http://www.securityfocus.com/bid/26434
Summary:
Free Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

89. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
BugTraq ID: 23447
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/23447
Summary:
The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

90. Linux Kernel HugeTLB Local Denial Of Service Vulnerability
BugTraq ID: 25904
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/25904
Summary:
The Linux Kernel is prone to a local denial-of-service vulnerability caused by a design error in the 'hugetlbfs' handling procedures.

This issue affects kernel 2.6.x versions prior to 2.6.18.

91. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

92. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

93. X7 Chat Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 26417
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26417
Summary:
X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

These issues affect X7 Chat 2.0.4; other versions may be also vulnerable.

94. PHP Application Tools patBBCode BBCODESOURCE.PHP Remote File Include Vulnerability
BugTraq ID: 26416
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26416
Summary:
PHP Application Tools patBBCode is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects patBBCode 1.0; other versions may also be vulnerable.

95. TorrentStrike INDEX.PHP SQL Injection Vulnerability
BugTraq ID: 26415
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26415
Summary:
TorrentStrike is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects TorrentStrike 0.4; other versions may also be vulnerable.

96. SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
BugTraq ID: 26247
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26247
Summary:
SSReader Ultra Star Reader is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

97. IBM AIX Swcons Arbitrary File Access Vulnerability
BugTraq ID: 26258
Remote: No
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26258
Summary:
AIX 'swcons' is prone to a vulnerability that lets attackers access arbitrary files because the utility fails to adequately verify user-supplied input.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges. Note that to run the 'swcons' utility, local users must belong to the 'system' group.

This issue affects AIX 5.2 and 5.3; fixes are available.

98. ILIAS Multiple HTML Injection Vulnerabilities
BugTraq ID: 26264
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26264
Summary:
ILIAS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

These issues affect ILIAS 3.8.3 and prior versions.

99. Citrix Access Gateway Standard and Advanced Edition Multiple Remote Vulnerabilities
BugTraq ID: 24975
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/24975
Summary:
Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to:

- Obtain sensitive information
- Execute code remotely
- Hijack sessions
- Redirect users to arbitrary sites
- Make unauthorized configuration changes

Citrix has released patches for these vulnerabilities.

100. F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 26412
Remote: Yes
Last Updated: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26412
Summary:
F5 FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

F5 FirePass 4100 SSL VPNs running these firmware versions are vulnerable:

5.4 through 5.5.2
6.0
6.0.1

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Task force aims to improve U.S. cybersecurity
By: Robert Lemos
A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve cybersecurity by the time the next president takes office.
http://www.securityfocus.com/news/11494

2. Court filings double estimate of TJX breach
By: Robert Lemos
Online attackers stole information on more than 94 million credit- and debit-card accounts, more than double the original estimates, according to court documents.
http://www.securityfocus.com/news/11493

3. Identity thieves likely to be first-timers, strangers
By: Robert Lemos
Six years of U.S. Secret Service cases reveal that the majority of identity thieves do not know their victims and do not have a prior criminal record.
http://www.securityfocus.com/news/11492

4. Retailers look to exorcise credit-card data
By: Robert Lemos
The National Retail Federation sends a letter asking that its members be allowed to decide what credit-card data to keep.
http://www.securityfocus.com/news/11491

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Quality Assurance, Fredericton or Saint John
http://www.securityfocus.com/archive/77/483493

2. [SJ-JOB] Senior Software Engineer, Fredericton or Saint John
http://www.securityfocus.com/archive/77/483495

3. [SJ-JOB] Technical Writer, Fredericton or Saint John
http://www.securityfocus.com/archive/77/483500

4. [SJ-JOB] Technical Support Engineer, Fredericton
http://www.securityfocus.com/archive/77/483494

5. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/483497

6. [SJ-JOB] Security Architect, Boston
http://www.securityfocus.com/archive/77/483498

7. [SJ-JOB] VP / Dir / Mgr engineering, Fredericton
http://www.securityfocus.com/archive/77/483501

8. [SJ-JOB] Security Architect, Arlinton
http://www.securityfocus.com/archive/77/483489

9. [SJ-JOB] Certification & Accreditation Engineer, Arlington
http://www.securityfocus.com/archive/77/483499

10. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/483478

11. [SJ-JOB] Application Security Engineer, Cincinnati
http://www.securityfocus.com/archive/77/483486

12. [SJ-JOB] Sr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/483487

13. [SJ-JOB] Technical Writer, Washington
http://www.securityfocus.com/archive/77/483488

14. [SJ-JOB] Penetration Engineer, Milwaukee
http://www.securityfocus.com/archive/77/483496

15. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/483472

16. [SJ-JOB] Jr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/483477

17. [SJ-JOB] Security Engineer, Bloomington
http://www.securityfocus.com/archive/77/483480

18. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/483483

19. [SJ-JOB] Security Consultant, Winnipeg
http://www.securityfocus.com/archive/77/483502

20. [SJ-JOB] Security Architect, Chicago
http://www.securityfocus.com/archive/77/483474

21. [SJ-JOB] Customer Service, Fredericton or Saint John
http://www.securityfocus.com/archive/77/483490

22. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/483492

23. [SJ-JOB] VP of Regional Sales, Kolkata
http://www.securityfocus.com/archive/77/483464

24. [SJ-JOB] Manager, Information Security, Kolkata
http://www.securityfocus.com/archive/77/483465

25. [SJ-JOB] Security Engineer, Kansas City
http://www.securityfocus.com/archive/77/483466

26. [SJ-JOB] Sr. Security Engineer, Fredericton or Saint John
http://www.securityfocus.com/archive/77/483473

27. [SJ-JOB] Security Director, Nashville
http://www.securityfocus.com/archive/77/483475

28. [SJ-JOB] Penetration Engineer, Kolkata
http://www.securityfocus.com/archive/77/483463

29. [SJ-JOB] VP of Marketing, Kolkata
http://www.securityfocus.com/archive/77/483476

30. [SJ-JOB] Jr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/483479

31. [SJ-JOB] Quality Assurance, Palo Alto
http://www.securityfocus.com/archive/77/483450

32. [SJ-JOB] Security Researcher, CUPERTINO
http://www.securityfocus.com/archive/77/483451

33. [SJ-JOB] Security System Administrator, Boulder
http://www.securityfocus.com/archive/77/483452

34. [SJ-JOB] Sr. Security Engineer, CUPERTINO
http://www.securityfocus.com/archive/77/483453

35. [SJ-JOB] Sr. Security Analyst, Bloomington
http://www.securityfocus.com/archive/77/483467

36. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/483449

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Oracle 0-day to get SYSDBA access to the database
http://www.securityfocus.com/archive/82/483632

2. CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's
http://www.securityfocus.com/archive/82/483517

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #367
http://www.securityfocus.com/archive/88/483444

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl

News

Wednesday, November 14, 2007

SecurityFocus Newsletter #427

No comments:

WINDOWS CENTER

Blog Archive