----------------------------------------
This issue is Sponsored by: Insight24
Are There Holes in Your Network? View this on-demand webcast hosted by Dr. Chenxi Wang,
Principal Analyst, Security & Risk Management, Forrester Research, as she discusses the steps you can follow
to ensure your network isn't vulnerable. She will also outline key metrics organizations can use to measure the
maturity of their vulnerability management programs. Click on the link below to view this on-demand webcast today!
http://showcase.insight24.com/?ForresterSecurityFocus
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Aye, Robot, or Can Computers Contract?
2.Don't blame the IDS
II. BUGTRAQ SUMMARY
1. PCRE Regular Expression Library Multiple Security Vulnerabilities
2. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
3. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
4. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
5. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
7. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
8. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9. Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
12. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
13. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
14. GNU Emacs Local Variable Handling Code Execution Vulnerability
15. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
16. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
17. Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
18. teTeX DVI File Parsing Multiple Vulnerabilities
19. MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
20. VMware Workstation Unspecified Host Memory Corruption Vulnerability
21. OpenLDAP SLAPD Access Control Circumvention Vulnerability
22. GDB DWARF Multiple Buffer Overflow Vulnerabilities
23. VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
24. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
25. VMware Workstation Guest System Denial Of Service Vulnerability
26. phpBBViet PHPBB_Root_Path Parameter Remote File Include Vulnerability
27. Microsoft Windows URI Handler Command Execution Vulnerability
28. IBM Tivoli Service Desk Maximo HTML Injection Vulnerability
29. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
30. SF-Shoutbox Main.PHP Multiple HTML Injection Vulnerabilities
31. HP-UX Aries PA-RISC Emulator Unspecified Local Unauthorized Access Vulnerability
32. USVN Subversion Repository Information Disclosure Vulnerability
33. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
34. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
35. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Multiple Denial of Service Vulnerabilities
36. Sun Remote Services Net Connect Software Local Format String Vulnerability
37. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
38. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
39. Sun Java Runtime Environment Multiple Weaknesses
40. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
41. bcoos Multiple Input Validation Vulnerabilities
42. OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
43. PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
44. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability
45. OpenBase Buffer Overflow Vulnerability and Multiple Remote Command Execution Vulnerabilities
46. IBM Lotus Domino Web Server Unspecified Cross-Site Scripting Security Vulnerability
47. Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
48. SkyPortal Multiple SQL Injection Vulnerabilities
49. Cypress for BitchX Information Disclosure Backdoor Vulnerability
50. Sun Solaris Volume Manager Local Denial of Service Vulnerability
51. ISC BIND 8 Remote Cache Poisoning Vulnerability
52. PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
53. Microsoft Windows Recursive DNS Spoofing Vulnerability
54. ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow Vulnerabilities
55. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
56. Adobe Shockwave Player ActiveX Control ShockwaveVersion Remote Denial of Service Vulnerability
57. ISPmanager Responder Local Privilege Escalation Vulnerability
58. Rigs of Rods Long Vehicle Name Buffer Overflow Vulnerability
59. OmniPCX Enterprise Audio Rerouting Information Disclosure And Denial Of Service Vulnerability
60. Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
61. SWsoft Confixx Fehler.Inc.PHP Remote File Include Vulnerability
62. Multiple Web Browsers SSL Certificate SubjectAltName Validation Weakness
63. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
64. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
65. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
66. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
67. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
68. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
69. Xpdf Multiple Remote Stream.CC Vulnerabilities
70. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
71. Linksys Wireless-G ADSL Gateway WAG54GS Setup.CGI Cross-Site Scripting Vulnerabilities
72. MyWebFTP Pass.PHP Hashed Password Information Disclosure Vulnerability
73. Weblord.it MS-TopSites Unauthorized Access Vulnerability and HTML Injection Vulnerability
74. Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include Vulnerability
75. SMF Private Forum Messages Information Disclosure Vulnerability
76. feynmf feynmf.pl Insecure Temporary File Creation Vulnerability
77. Microsoft Windows 2000 Insecure Random Number Generator Information Disclosure Weakness
78. Belkin Wireless G Router Remote Syn Flood Denial of Service Vulnerability
79. Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting Vulnerability
80. Click&BaneX Details.ASP SQL Injection Vulnerability
81. ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
82. Vigile CMS Multiple Vulnerabilities
83. Perl Unicode Regular Expression Buffer Overflow Vulnerability
84. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
85. LIVE555 Media Server ParseRTSPRequestString Remote Denial Of Service Vulnerability
86. Net-SNMP GETBULK Remote Denial of Service Vulnerability
87. Ingate Firewall And SIParator Multiple Vulnerabilities
88. ngIRCd JOIN Command Parsing Denial Of Service Vulnerability
89. Cacti Unspecified SQL Injection Vulnerability
90. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
91. ClamAV Unspecified Remote Code Execution Vulnerability
92. PHP Helpdesk Login SQL Injection Vulnerability
93. PHP Helpdesk Index.PHP Local File Include Vulnerability
94. JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
95. JPortal Mailer.PHP SQL Injection Vulnerability
96. Viewpoint Media Player AxMetaStream.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
97. Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
98. HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection Vulnerability
99. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
100. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
III. SECURITYFOCUS NEWS
1. Group drafts rules to nix credit-card storage
2. Task force aims to improve U.S. cybersecurity
3. Court filings double estimate of TJX breach
4. Identity thieves likely to be first-timers, strangers
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security System Administrator, Dubai
2. [SJ-JOB] Manager, Information Security, Hyderabad
3. [SJ-JOB] Security Engineer, San Antonio
4. [SJ-JOB] Penetration Engineer, London
5. [SJ-JOB] Manager, Information Security, New York
6. [SJ-JOB] Security Consultant, Dallas
7. [SJ-JOB] Management, Seattle
8. [SJ-JOB] Manager, Information Security, Mountain View
9. [SJ-JOB] Quality Assurance, Boston
10. [SJ-JOB] Security Engineer, Bloomington
11. [SJ-JOB] Security Consultant, Philadelphia
12. [SJ-JOB] Security Auditor, Phoenix
13. [SJ-JOB] Sr. Security Engineer, Bloomington
14. [SJ-JOB] Security Consultant, Copenhagen
15. [SJ-JOB] Forensics Engineer, Berkshire
16. [SJ-JOB] Software Engineer, Alpharetta
17. [SJ-JOB] Sr. Security Analyst, Bloomington
18. [SJ-JOB] Security Consultant, Clarksburg
19. [SJ-JOB] Developer, Madison
20. [SJ-JOB] Application Security Engineer, Beverly Hills
21. [SJ-JOB] Compliance Officer, Seattle
22. [SJ-JOB] Security Engineer, Arlington
23. [SJ-JOB] Security Architect, Seattle
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Setting up IPSEC with servers in and out of a domain
2. Security and Implications of Hosted Exchange
3. SecurityFocus Microsoft Newsletter #368
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. important errors to control with swatch
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.
http://www.securityfocus.com/columnists/458
2.Don't blame the IDS
By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457
II. BUGTRAQ SUMMARY
--------------------
1. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
2. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
3. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 22688
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/22688
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.
Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
4. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
BugTraq ID: 24725
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24725
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability that can allow an attacker to access sensitive files.
This issue stems from a design error resulting from the improper handling of form fields.
All versions of Firefox are considered vulnerable.
5. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
BugTraq ID: 25543
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25543
Summary:
Mozilla Firefox is prone to an unspecified vulnerability that lets remote attackers inject commands through the 'mailto', 'nntp', 'news', and 'snews' protocol handlers.
Remote attackers may influence command options that can be called through the various handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in various consequences, including remote unauthorized access.
NOTE: Attackers can use this issue as an attack vector for the issue described in BID 25945 (Microsoft Windows URI Handler Command Execution Vulnerability).
6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
BugTraq ID: 23668
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/23668
Summary:
Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected.
7. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
BugTraq ID: 24524
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24524
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.
8. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
BugTraq ID: 26070
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26070
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability
Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.
9. Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24058
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24058
Summary:
Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following Tomcat versions are affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36
5.0.0 to 5.0.30
5.5.0 to 5.5.23
6.0.0 to 6.0.10
10. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 25316
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25316
Summary:
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.
Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.
Versions prior to Apache Tomcat 6.0.14 are vulnerable.
11. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
BugTraq ID: 24476
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24476
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
12. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
BugTraq ID: 24475
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24475
Summary:
Apache Tomcat Manager and Host Manager are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
13. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
BugTraq ID: 25314
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25314
Summary:
Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 are affected.
14. GNU Emacs Local Variable Handling Code Execution Vulnerability
BugTraq ID: 26327
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26327
Summary:
Emacs is prone to a vulnerability that lets attackers execute arbitrary code.
Due to a design error, the application ignores certain security settings and modifies local variables.
By supplying a malicious file, an attacker can exploit this issue to carry out various attacks, including executing arbitrary code in the context of the application. This may facilitate remote unauthorized access.
This issue affects Emacs 22.1; other versions may be vulnerable as well.
15. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 24246
Remote: No
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/24246
Summary:
Bochs is prone to a heap-based buffer-overflow issue and a denial-of-service issue. The buffer-overflow issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. The denial-of-service vulnerability is caused by a divide-by-zero operation.
A local attacker can exploit these issues to execute arbitrary code in the context of the affected application or to cause denial-of-service conditions. Failed exploit attempts of the buffer-overflow vulnerability will also result in denial-of-service conditions.
16. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 26268
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26268
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.
17. Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
BugTraq ID: 26365
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26365
Summary:
Link Grammar is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted document with overly long words.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Link Grammar 4.1b and AbiWord Link Grammar 4.2.4.
Please note that other versions of Link Grammar and other application that use Link Grammar may also be vulnerable.
18. teTeX DVI File Parsing Multiple Vulnerabilities
BugTraq ID: 26469
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26469
Summary:
teTeX is prone to multiple vulnerabilities that include buffer-overflow errors and race-condition issues.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, or obtain potentially sensitive information.
19. MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
BugTraq ID: 26353
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26353
Summary:
MySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input.
Exploiting this issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers.
This issue affects MySQL 5.1.23 and prior versions.
20. VMware Workstation Unspecified Host Memory Corruption Vulnerability
BugTraq ID: 25728
Remote: No
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25728
Summary:
VMware Workstation is prone to an unspecified memory-corruption vulnerability.
An administrative user in a guest operating system may be able to exploit this issue to execute arbitrary code on the host system. This may facilitate a compromise of the affected computer. Failed exploit attempts will likely result in denial-of-service conditions.
21. OpenLDAP SLAPD Access Control Circumvention Vulnerability
BugTraq ID: 19832
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP 'slapd' is prone to a vulnerability that allows attackers to circumvent access controls.
An attacker may be able to modify any domain name regardless of the owner.
Versions prior to OpenLDAP 2.3.25 are vulnerable.
22. GDB DWARF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19802
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of insufficient bounds-checking when handling DWARF and DWARF2 data.
Attackers could leverage this issue to run arbitrary code outside of a restricted environment; this may lead to privilege escalation.
23. VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25729
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25729
Summary:
VMware Workstation's DHCP server is prone to multiple remote code-execution issues, including a stack-based integer-underflow issue, a stack-based buffer-overflow issue, and an unspecified vulnerability.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.
Versions prior to VMware Workstation 6.0.1 Build 55017 are vulnerable.
24. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26245
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26245
Summary:
OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue.
Attackers can exploit these issues to deny service to legitimate users.
Versions prior to OpenLDAP 2.3.39 are vulnerable.
25. VMware Workstation Guest System Denial Of Service Vulnerability
BugTraq ID: 25731
Remote: No
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25731
Summary:
VMware Workstation is prone to a denial-of-service vulnerability.
An unprivileged attacker in a guest operating system could cause a host process to become unresponsive or to crash, effectively denying service to legitimate users.
26. phpBBViet PHPBB_Root_Path Parameter Remote File Include Vulnerability
BugTraq ID: 26482
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26482
Summary:
phpBBViet is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects phpBBViet 2.0.22; other versions may also be vulnerable.
27. Microsoft Windows URI Handler Command Execution Vulnerability
BugTraq ID: 25945
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25945
Summary:
Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input.
Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.
Known attack vectors include following URIs in these applications:
- Mozilla Firefox in versions prior to 2.0.0.6
- Skype in versions prior to 3.5.0.239
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.
NOTE: Attackers can exploit the issue in BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) as an attack vector for this issue.
28. IBM Tivoli Service Desk Maximo HTML Injection Vulnerability
BugTraq ID: 26305
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26305
Summary:
IBM Tivoli Service Desk Maximo is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
IBM Tivoli Service Desk Maximo 6.2 is vulnerable; other versions may also be affected.
29. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
BugTraq ID: 26385
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26385
Summary:
Mozilla Firefox is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
30. SF-Shoutbox Main.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 26320
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26320
Summary:
SF-Shoutbox is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
SF-Shoutbox 1.2.1 to 1.4 are vulnerable; other versions may also be affected.
31. HP-UX Aries PA-RISC Emulator Unspecified Local Unauthorized Access Vulnerability
BugTraq ID: 26383
Remote: No
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26383
Summary:
HP-UX Aries PA-RISC emulator is prone to a local unauthorized-access vulnerability.
Few technical details regarding this issue are currently available. We will update this BID as more information emerges.
This issue affects HP-UX Aries PA-RISC emulator software running on HP-UX IA-64 platforms.
32. USVN Subversion Repository Information Disclosure Vulnerability
BugTraq ID: 26384
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26384
Summary:
USVN is prone to an information-disclosure vulnerability.
An attacker could exploit this issue to access information that may lead to further attacks.
Versions prior to USVN 6.5 are vulnerable.
33. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Samba 3.0.0 through 3.0.26a are vulnerable.
34. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.
Samba 3.0.0 through 3.0.26a are vulnerable.
35. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Multiple Denial of Service Vulnerabilities
BugTraq ID: 24188
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/24188
Summary:
Microsoft DirectX Media ActiveX control is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate checks on user-supplied data.
Successfully exploiting these issues allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of these issues, remote code execution may be possible, but this has not been confirmed.
36. Sun Remote Services Net Connect Software Local Format String Vulnerability
BugTraq ID: 26313
Remote: No
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26313
Summary:
Sun Remote Services (SRS) Net Connect Software is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code with superuser privileges. A successful attack will completely compromise the computer. Failed attempts may cause denial-of-service conditions.
37. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
BugTraq ID: 20804
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/20804
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the Server service fails to properly handle unexpected network traffic.
Exploiting this issue may cause affected computers to crash, denying service to legitimate users. Reports indicate that this vulnerability can be used to disable the Windows firewall.
To exploit this issue, an attacker must be able to send malformed network traffic from a network interface located in the LAN side of an affected computer.
38. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.
An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.
39. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow JavaScript code or applets to connect to resources other than the one the scripts or applets were downloaded from. One of the weaknesses may allow an attacker to obscure a Java warning about an untrusted applet from the user.
These issues affect the following packages for Windows, Solaris, and Linux:
JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier
40. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 26210
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26210
Summary:
BitDefender Online Scanner is prone a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
41. bcoos Multiple Input Validation Vulnerabilities
BugTraq ID: 26505
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26505
Summary:
The 'bcoos' program is prone to multiple input-validation vulnerabilities, including a local file-include issue, an arbitrary file-upload issue, and an SQL-injection issue. These issues occur because the application fails to properly sanitize user-supplied input.
Exploiting these issues may allow an unauthorized user to view files and execute local scripts, execute arbitrary script code, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects bcoos 1.0.10; other versions may also be affected.
42. OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
BugTraq ID: 26351
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26351
Summary:
OrangeHRM is prone to a security-bypass vulnerability because the application fails to properly validate user privileges.
An unprivileged attacker may exploit this issue to gain unauthorized access to certain data that may aid in further attacks.
The issue affects versions prior to OrangeHRM 2.2.2.
43. PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
BugTraq ID: 26382
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26382
Summary:
PEAR::MDB2 is prone to an information-disclosure vulnerability because the library fails to securely handle URIs in BLOB and CLOB database fields.
Successfully exploiting this issue allows attackers to access potentially sensitive information that may aid in further attacks. Because of the unknown nature of applications that use the affected library, other attacks may also be possible.
MDB2 2.5.0a1 is vulnerable to this issue; other versions may also be affected.
44. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability
BugTraq ID: 26381
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26381
Summary:
Cerberus FTP Server web interface is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to Cerberus FTP Server 2.46.
45. OpenBase Buffer Overflow Vulnerability and Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 26347
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26347
Summary:
OpenBase is prone to a buffer-overflow vulnerability and multiple remote command-execution vulnerabilities.
An attacker could exploit these issues to execute arbitrary code or commands with superuser privileges. Successfully exploiting these issues will facilitate in the complete compromise of affected computers.
46. IBM Lotus Domino Web Server Unspecified Cross-Site Scripting Security Vulnerability
BugTraq ID: 26298
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26298
Summary:
IBM Lotus Domino Web Server is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects IBM Lotus Domino 6.0, 6.5, and 7.0.
47. Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
BugTraq ID: 26375
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26375
Summary:
Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
We were not told which versions are affected. We will update this BID as more information emerges.
48. SkyPortal Multiple SQL Injection Vulnerabilities
BugTraq ID: 26504
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26504
Summary:
SkyPortal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SkyPortal RC6 is vulnerable; other versions may also be affected.
49. Cypress for BitchX Information Disclosure Backdoor Vulnerability
BugTraq ID: 26372
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26372
Summary:
An attacker compromised the source code for Cypress for BitchX and altered it to include a malicious backdoor. This backdoor introduces an information-disclosure vulnerability that will let remote users gain access to potentially sensitive information.
Cypress 1.0k is affected by this issue. It is not currently known when this malicious code was inserted into the archive.
50. Sun Solaris Volume Manager Local Denial of Service Vulnerability
BugTraq ID: 26376
Remote: No
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26376
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability.
A local unprivileged attacker can exploit this issue to cause a system panic on an affected computer, resulting in a denial-of-service condition.
This issue affects Solaris 9 and 10 for SPARC and x86 architectures.
51. ISC BIND 8 Remote Cache Poisoning Vulnerability
BugTraq ID: 25459
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25459
Summary:
BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions of BIND from 8.2.0 through to 8.4.7 are vulnerable to this issue.
52. PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
BugTraq ID: 26362
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26362
Summary:
PicoFlat CMS is prone to multiple security-bypass vulnerabilities because the application fails to properly validate user privileges.
An unprivileged attacker may exploit these issues to bypass certain security restrictions and gain access to perform certain actions.
These issues affect versions prior to PicoFlat CMS 0.4.18.
53. Microsoft Windows Recursive DNS Spoofing Vulnerability
BugTraq ID: 25919
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25919
Summary:
Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests.
A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing.
54. ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26467
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26467
Summary:
ComponentOne FlexGrid ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input.
An attacker can exploit these issues to cause denial denial-of-service conditions and possibly to execute arbitrary code, but this has not been confirmed.
ComponentOne FlexGrid 7.1 Light is vulnerable; other versions may also be affected.
55. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
BugTraq ID: 26430
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26430
Summary:
WebEx is prone to multiple remote denial-of-service vulnerabilities.
Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users.
56. Adobe Shockwave Player ActiveX Control ShockwaveVersion Remote Denial of Service Vulnerability
BugTraq ID: 26388
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26388
Summary:
Adobe Shockwave Player ActiveX Control is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.
Adobe Shockwave Player 10 is vulnerable to this issue; other versions may also be affected.
57. ISPmanager Responder Local Privilege Escalation Vulnerability
BugTraq ID: 26503
Remote: No
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26503
Summary:
ISPmanager is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer.
ISPmanager 4.2.15.1 is reported vulnerable; other versions may be affected as well.
58. Rigs of Rods Long Vehicle Name Buffer Overflow Vulnerability
BugTraq ID: 26502
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26502
Summary:
Rigs of Rods is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
This issue affects Rigs of Rods 0.33d and prior versions.
59. OmniPCX Enterprise Audio Rerouting Information Disclosure And Denial Of Service Vulnerability
BugTraq ID: 26494
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26494
Summary:
OmniPCX Enterprise is prone to an information-disclosure and denial-of-service vulnerability; fixes are available.
Attackers can exploit this issue to cause an IP Touch telephone to route incoming audio to an attacker-controlled source.
Users will be denied access to incoming audio on placed or received calls on the phone. Attackers could obtain potentially sensitive information while listening to the routed audio.
OmniPCX Enterprise 7.1 and prior versions are vulnerable.
60. Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
BugTraq ID: 26496
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26496
Summary:
Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share.
Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer.
InTouch 8.0 is vulnerable.
61. SWsoft Confixx Fehler.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 26500
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26500
Summary:
SWsoft Confixx is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
SWsoft Confixx 3.2.1 is vulnerable; other versions may also be affected.
62. Multiple Web Browsers SSL Certificate SubjectAltName Validation Weakness
BugTraq ID: 26501
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26501
Summary:
Multiple web browsers fail to validate SSL certificates properly. This issue occurs because the applications fail to properly handle 'subjectAltName' extensions to X.509 certificates.
Successfully exploiting this issue may aid attackers in phishing-style attacks by bypassing security warnings when invalid certificates are used in SSL HTTP connections.
The following browsers are reported vulnerable:
Mozilla Firefox (and browsers based on the Gecko rendering engine)
Opera
Konqueror (and browsers based on the KHTML rendering engine, such as Apple's Safari).
Other browsers may also be affected.
This BID may be split into individual records as vendors disclose more information about individual browsers.
63. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.
64. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
65. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
66. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
67. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
BugTraq ID: 25653
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/25653
Summary:
Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.
Web pages generated by the affected source code may be prone to a cross-site scripting issue.
Versions prior to Apache 2.2.6 are affected.
NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.
68. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
69. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.
Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.
Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.
70. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
BugTraq ID: 26337
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26337
Summary:
The Linux kernel ieee80211 driver is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to crash a victim computer, effectively denying service.
Versions prior to Linux kernel 2.6.22.11 are vulnerable.
71. Linksys Wireless-G ADSL Gateway WAG54GS Setup.CGI Cross-Site Scripting Vulnerabilities
BugTraq ID: 24682
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/24682
Summary:
Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
Attackers may exploit this issue by enticing victims into opening a malicious URI.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks.
Successful exploits will allow script code to be stored persistently in the affected device.
Linksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is reported vulnerable.
72. MyWebFTP Pass.PHP Hashed Password Information Disclosure Vulnerability
BugTraq ID: 26366
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26366
Summary:
MyWebFTP is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to other attacks.
MYWebFTP 5.3.2 is vulnerable; other versions may also be affected.
73. Weblord.it MS-TopSites Unauthorized Access Vulnerability and HTML Injection Vulnerability
BugTraq ID: 26358
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26358
Summary:
MS-TopSites is prone to an unauthorized-access vulnerability and an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues to gain elevated privileges on the affected application, execute arbitrary code within the context of the webserver, and steal cookie-based authentication credentials.
74. Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include Vulnerability
BugTraq ID: 26499
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26499
Summary:
The JUser component for Joomla! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
JUser 1.0.14 is vulnerable; other versions may also be affected.
75. SMF Private Forum Messages Information Disclosure Vulnerability
BugTraq ID: 26508
Remote: Yes
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26508
Summary:
SMF is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks.
SMF 1.1.4 is vulnerable; other versions may also be affected.
76. feynmf feynmf.pl Insecure Temporary File Creation Vulnerability
BugTraq ID: 26507
Remote: No
Last Updated: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26507
Summary:
feynmf is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects feynmf 1.08; other versions may also be vulnerable.
77. Microsoft Windows 2000 Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26495
Remote: No
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26495
Summary:
Microsoft Windows 2000 is prone to an information-disclosure weakness.
An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.
78. Belkin Wireless G Router Remote Syn Flood Denial of Service Vulnerability
BugTraq ID: 26498
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26498
Summary:
Belkin Wireless G routers are prone to a remote denial-of-service vulnerability because the devices fail to properly handle certain network traffic.
Successfully exploiting this issue allows remote attackers to crash the logging system of affected devices. This may aid in obfuscating further attacks.
Belkin Wireless G routers with model number F5D7230-4 are vulnerable to this issue; other versions may also be affected.
79. Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting Vulnerability
BugTraq ID: 26491
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26491
Summary:
Citrix NetScaler is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Citrix NetScaler 8.0 build 47.8 is vulnerable; other versions may also be affected.
80. Click&BaneX Details.ASP SQL Injection Vulnerability
BugTraq ID: 26493
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26493
Summary:
Click&BaneX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
81. ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 26490
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26490
Summary:
ProfileCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ProfileCMS 1.0 is vulnerable; prior versions may also be affected.
82. Vigile CMS Multiple Vulnerabilities
BugTraq ID: 26484
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26484
Summary:
The Vigile CMS is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute local scripts or view files on the server, steal cookie-based authentication credentials, execute arbitrary script code in a victim's browser, and use a victim's currently active session to perform actions with the application.
Vigile CMS 1.4 is vulnerable; other versions may also be affected.
83. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected.
84. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
BugTraq ID: 26483
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26483
Summary:
IceBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IceBB 1.0-rc6 and prior versions are vulnerable.
85. LIVE555 Media Server ParseRTSPRequestString Remote Denial Of Service Vulnerability
BugTraq ID: 26488
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26488
Summary:
LIVE555 Media Server is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.
LIVE555 Media Server 2007.11.01 is vulnerable; other versions may also be affected.
86. Net-SNMP GETBULK Remote Denial of Service Vulnerability
BugTraq ID: 26378
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26378
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue affects versions prior to Net-SNMP 5.4.1.
87. Ingate Firewall And SIParator Multiple Vulnerabilities
BugTraq ID: 26486
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26486
Summary:
Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues.
An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code.
Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable.
88. ngIRCd JOIN Command Parsing Denial Of Service Vulnerability
BugTraq ID: 26489
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26489
Summary:
ngIRCd is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users.
Versions prior to ngIRCd 0.10.3 are vulnerable.
89. Cacti Unspecified SQL Injection Vulnerability
BugTraq ID: 26487
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26487
Summary:
Cacti is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Cacti 0.8.7 and prior versions are vulnerable.
90. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
BugTraq ID: 25774
Remote: No
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25774
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.
Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.
Versions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue.
91. ClamAV Unspecified Remote Code Execution Vulnerability
BugTraq ID: 26463
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26463
Summary:
ClamAV is prone to an unspecified remote code-execution vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application.
ClamAV 0.91.1 is vulnerable; other versions may also be affected.
92. PHP Helpdesk Login SQL Injection Vulnerability
BugTraq ID: 26319
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26319
Summary:
PHP Helpdesk is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Helpdesk 0.6.16 is vulnerable; other versions may also be affected.
93. PHP Helpdesk Index.PHP Local File Include Vulnerability
BugTraq ID: 26318
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26318
Summary:
PHP Helpdesk is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
PHP Helpdesk 0.6.16 is vulnerable to this issue; other versions may also be affected.
94. JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
BugTraq ID: 26332
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26332
Summary:
JBC Explorer is prone to an authentication-bypass vulnerability.
An attacker could exploit this issue to gain administrative access to the affected application.
JBC Explorer 7.20 RC1 is vulnerable; other versions may also be affected.
95. JPortal Mailer.PHP SQL Injection Vulnerability
BugTraq ID: 26360
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26360
Summary:
JPortal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
JPortal 2 is vulnerable; other versions may also be affected.
96. Viewpoint Media Player AxMetaStream.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26356
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26356
Summary:
Viewpoint Media Player is prone to multiple stack-based buffer-overflow vulnerabilities because the software fails to adequately check boundaries on data supplied to ActiveX control methods.
An attacker can exploit these issues to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
Viewpoint Media Player 3.2 is vulnerable; other versions may also be affected.
97. Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26175
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26175
Summary:
Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.
Multiple applications incorporate the vulnerable KeyView component, so are also considered vulnerable to these issues.
NOTE: This document was previously titled 'IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities'. It has been updated and relabeled to properly reflect the vulnerable component.
98. HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection Vulnerability
BugTraq ID: 26485
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26485
Summary:
HotScripts Clone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
99. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
BugTraq ID: 26132
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26132
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions.
These vulnerabilities allow attackers to:
- Execute arbitrary code due to memory corruption.
- Carry out content spoofing and phishing attacks.
- Gain unauthorized access to files on a user's computer running the Linux operating system.
- Execute script code with elevated privileges.
Other attacks may also be possible.
These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.
100. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.
A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.
NOTE: This issue was introduced by the fix for MFSA 2007-20.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group drafts rules to nix credit-card storage
By: Robert Lemos
The organization responsible for technical and best-practice standards in the payment industry plans to require the makers of merchant software to certify that their programs do not store sensitive data.
http://www.securityfocus.com/news/11496
2. Task force aims to improve U.S. cybersecurity
By: Robert Lemos
A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve cybersecurity by the time the next president takes office.
http://www.securityfocus.com/news/11494
3. Court filings double estimate of TJX breach
By: Robert Lemos
Online attackers stole information on more than 94 million credit- and debit-card accounts, more than double the original estimates, according to court documents.
http://www.securityfocus.com/news/11493
4. Identity thieves likely to be first-timers, strangers
By: Robert Lemos
Six years of U.S. Secret Service cases reveal that the majority of identity thieves do not know their victims and do not have a prior criminal record.
http://www.securityfocus.com/news/11492
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security System Administrator, Dubai
http://www.securityfocus.com/archive/77/483840
2. [SJ-JOB] Manager, Information Security, Hyderabad
http://www.securityfocus.com/archive/77/483842
3. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/483843
4. [SJ-JOB] Penetration Engineer, London
http://www.securityfocus.com/archive/77/483849
5. [SJ-JOB] Manager, Information Security, New York
http://www.securityfocus.com/archive/77/483832
6. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/483838
7. [SJ-JOB] Management, Seattle
http://www.securityfocus.com/archive/77/483841
8. [SJ-JOB] Manager, Information Security, Mountain View
http://www.securityfocus.com/archive/77/483848
9. [SJ-JOB] Quality Assurance, Boston
http://www.securityfocus.com/archive/77/483834
10. [SJ-JOB] Security Engineer, Bloomington
http://www.securityfocus.com/archive/77/483835
11. [SJ-JOB] Security Consultant, Philadelphia
http://www.securityfocus.com/archive/77/483837
12. [SJ-JOB] Security Auditor, Phoenix
http://www.securityfocus.com/archive/77/483839
13. [SJ-JOB] Sr. Security Engineer, Bloomington
http://www.securityfocus.com/archive/77/483851
14. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/483829
15. [SJ-JOB] Forensics Engineer, Berkshire
http://www.securityfocus.com/archive/77/483831
16. [SJ-JOB] Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/483833
17. [SJ-JOB] Sr. Security Analyst, Bloomington
http://www.securityfocus.com/archive/77/483836
18. [SJ-JOB] Security Consultant, Clarksburg
http://www.securityfocus.com/archive/77/483826
19. [SJ-JOB] Developer, Madison
http://www.securityfocus.com/archive/77/483827
20. [SJ-JOB] Application Security Engineer, Beverly Hills
http://www.securityfocus.com/archive/77/483828
21. [SJ-JOB] Compliance Officer, Seattle
http://www.securityfocus.com/archive/77/483824
22. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/483825
23. [SJ-JOB] Security Architect, Seattle
http://www.securityfocus.com/archive/77/483830
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Setting up IPSEC with servers in and out of a domain
http://www.securityfocus.com/archive/88/483912
2. Security and Implications of Hosted Exchange
http://www.securityfocus.com/archive/88/483800
3. SecurityFocus Microsoft Newsletter #368
http://www.securityfocus.com/archive/88/483725
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. important errors to control with swatch
http://www.securityfocus.com/archive/91/483940
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Insight24
Are There Holes in Your Network? View this on-demand webcast hosted by Dr. Chenxi Wang,
Principal Analyst, Security & Risk Management, Forrester Research, as she discusses the steps you can follow
to ensure your network isn't vulnerable. She will also outline key metrics organizations can use to measure the
maturity of their vulnerability management programs. Click on the link below to view this on-demand webcast today!
http://showcase.insight24.com/?ForresterSecurityFocus
No comments:
Post a Comment