WINDOWS CENTER: SecurityFocus Newsletter #429

SecurityFocus Newsletter #429
----------------------------------------

This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Aye, Robot, or Can Computers Contract?
2.Don't blame the IDS
II. BUGTRAQ SUMMARY
1. Pidgin HTML Processing Remote Denial Of Service Vulnerability
2. Xpdf Multiple Remote Stream.CC Vulnerabilities
3. PHP stream_wrapper_register() Function Denial of Service Vulnerability
4. Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include Vulnerability
5. Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting Vulnerability
6. LIVE555 Media Server ParseRTSPRequestString Remote Denial Of Service Vulnerability
7. Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
8. Aleris Web Publishing Server Page.ASP SQL Injection Vulnerability
9. ISC BIND 9 Remote Cache Poisoning Vulnerability
10. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
11. PHP Coupon Script Index.PHP SQL Injection Vulnerability
12. SWsoft Confixx Fehler.Inc.PHP Remote File Include Vulnerability
13. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
14. Nuked-Klan File Parameter News Module Cross-Site Scripting Vulnerability
15. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
16. ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
17. Belkin Wireless G Router Remote Syn Flood Denial of Service Vulnerability
18. p3mbo Content Injector Index.PHP SQL Injection Vulnerability
19. PHPKIT Article.PHP SQL Injection Vulnerability
20. MySpace Scripts Poll Creator Index.PHP HTML Injection Vulnerability
21. PHPSlideShow Toonchapter8.php Cross Site Scripting Vulnerability
22. DevMass Cart Initialise.PHP Remote File Include Vulnerability
23. Aruba MC-800 Mobility Controller Screens Directory HTML Injection Vulnerability
24. Rigs of Rods Long Vehicle Name Buffer Overflow Vulnerability
25. ClamAV Unspecified Remote Code Execution Vulnerability
26. Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File Include Vulnerability
27. Symantec Backup Exec Job Engine Multiple Integer Overflow Vulnerabilities
28. Sun Java Runtime Environment Multiple Weaknesses
29. p.mapper Multiple Remote File Include Vulnerabilities
30. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
31. Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
32. Audacity Insecure Temporary File Creation Vulnerability
33. GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability
34. CPIO Filename Directory Traversal Vulnerability
35. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
36. wpQuiz Viewimage.PHP SQL Injection Vulnerability
37. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
38. ht://Dig Htsearch Cross Site Scripting Vulnerability
39. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
40. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
41. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
42. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
43. PCRE Regular Expression Library Multiple Security Vulnerabilities
44. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
45. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
46. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
47. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
48. Autonomy KeyView Lotus 1-2-3 File Multiple Buffer Overflow Vulnerabilities
49. Macrovision InstallShield Update Service Isusweb.DLL Multiple Remote Code Execution Vulnerabilities
50. VanDyke VShell Unspecified Denial Of Service Vulnerability
51. Info-ZIP UnZip Privilege Escalation Vulnerability
52. datecomm Social Networking Software Index.PHP Remote File Include Vulnerability
53. Eurologon CMS files.php Directory Traversal Vulnerability
54. Weird Solutions BOOTP Turbo Unspecified Remote Vulnerability
55. Eurologon CMS ID Parameter Multiple SQL Injection Vulnerabilities
56. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
57. IBM Tivoli Storage Manager Client Multiple Vulnerabilities
58. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
59. Amber Script Show_Content.PHP Local File Include Vulnerability
60. Project Alumni View and News Multiple SQL Injection Vulnerabilities
61. Softbiz Freelancers Script Multiple Vulnerabilities
62. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
63. WorkingOnWeb Events.PHP SQL Injection Vulnerability
64. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
65. IRC Services Password Parsing Remote Denial Of Service Vulnerability
66. FileMaker Instant Web Publishing Cross Site Scripting Vulnerability
67. Wireshark 0.99.6 Multiple Remote Vulnerabilities
68. Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities
69. AlstraSoft E-Friends Events Module SQL Injection Vulnerability
70. Code-Crafters Ability Mail Server Multiple Remote Denial Of Service Vulnerabilities
71. I Hear U Multiple Remote Denial Of Service Vulnerabilities
72. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
73. Ingate Firewall And SIParator Multiple Vulnerabilities
74. phpMyAdmin Login Page Cross-Site Scripting Vulnerability
75. JiRo's Banner System Login.ASP Multiple SQL Injection Vulnerabilities
76. PHPSlideShow Directory Parameter Cross Site Scripting Vulnerability
77. Vigile CMS Multiple Vulnerabilities
78. meBiblio Index.PHP Remote File Include Vulnerability
79. X.Org X Window Server LibX11 XKEYBOARD Extension Local Buffer Overflow Vulnerability
80. phpBBViet PHPBB_Root_Path Parameter Remote File Include Vulnerability
81. HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection Vulnerability
82. TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
83. Sciurus Hosting Panel Code Injection Vulnerability
84. AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
85. Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability
86. bcoos Multiple Input Validation Vulnerabilities
87. SkyPortal Multiple SQL Injection Vulnerabilities
88. Ruby on Rails Session Fixation Vulnerability
89. Aurigma Image Uploader ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities
90. IBM Websphere Application Server Multiple Vulnerabilities
91. ngIRCd JOIN Command Parsing Denial Of Service Vulnerability
92. AhnLab V3 Products ZIP File Remote Memory Corruption Vulnerability
93. IBM WebSphere Faultactor Cross-Site Scripting Vulnerability
94. Liferay Portal Login Script Cross-Site Scripting Vulnerability
95. AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities
96. IBM DB2 Multiple Privilege Escalation Vulnerabilities
97. Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness
98. Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
99. IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption Vulnerabilities
100. PHP Multiple GetText Functions Denial Of Service Vulnerabilities
III. SECURITYFOCUS NEWS
1. Group drafts rules to nix credit-card storage
2. Task force aims to improve U.S. cybersecurity
3. Court filings double estimate of TJX breach
4. Identity thieves likely to be first-timers, strangers
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, NY
2. [SJ-JOB] Account Manager, Atlanta
3. [SJ-JOB] Jr. Security Analyst, Calgary
4. [SJ-JOB] Security Engineer, London
5. [SJ-JOB] Security Engineer, San Antonio
6. [SJ-JOB] Security Consultant, Any in WA, CA, VA, OR or DC
7. [SJ-JOB] Security Consultant, Chicago
8. [SJ-JOB] Security Researcher, Menlo Park
9. [SJ-JOB] Security Consultant, NY
10. [SJ-JOB] Security Consultant, Any in WA, CA, VA, OR or DC
11. [SJ-JOB] Account Manager, Atlanta
12. [SJ-JOB] Jr. Security Analyst, Calgary
13. [SJ-JOB] Security Consultant, Chicago
14. [SJ-JOB] Security Engineer, London
15. [SJ-JOB] Security Researcher, Menlo Park
16. [SJ-JOB] Security Engineer, San Antonio
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Windows NT Desktop
2. Security and Implications of Hosted Exchange
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

http://www.securityfocus.com/columnists/458
2.Don't blame the IDS

By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457

II. BUGTRAQ SUMMARY
--------------------
1. Pidgin HTML Processing Remote Denial Of Service Vulnerability
BugTraq ID: 26205
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26205
Summary:
Pidgin is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML messages.

Attackers can exploit this issue to crash the application, denying service to legitimate users.

Versions prior to Pidgin 2.2.2 are vulnerable.

2. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.

Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.

3. PHP stream_wrapper_register() Function Denial of Service Vulnerability
BugTraq ID: 26426
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26426
Summary:
PHP is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 5.2.5 and prior versions are vulnerable.

4. Joomla Equipment JUser Component MosConfig_Absolute_Path Remote File Include Vulnerability
BugTraq ID: 26499
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26499
Summary:
The JUser component for Joomla! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

JUser 1.0.14 is vulnerable; other versions may also be affected.

5. Citrix NetScaler Generic_API_Call.PL Cross-Site Scripting Vulnerability
BugTraq ID: 26491
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26491
Summary:
Citrix NetScaler is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Citrix NetScaler 8.0 build 47.8 is vulnerable; other versions may also be affected.

6. LIVE555 Media Server ParseRTSPRequestString Remote Denial Of Service Vulnerability
BugTraq ID: 26488
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26488
Summary:
LIVE555 Media Server is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

LIVE555 Media Server 2007.11.01 is vulnerable; other versions may also be affected.

7. Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
BugTraq ID: 26496
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26496
Summary:
Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share.

Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer.

InTouch 8.0 is vulnerable.

8. Aleris Web Publishing Server Page.ASP SQL Injection Vulnerability
BugTraq ID: 26207
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26207
Summary:
Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Aleris Web Publishing Server 3.0 is vulnerable; other versions may also be affected.

9. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions up to BIND 9.4.1 are vulnerable to this issue.

10. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
BugTraq ID: 26468
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26468
Summary:
Microsoft Jet DataBase Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

11. PHP Coupon Script Index.PHP SQL Injection Vulnerability
BugTraq ID: 23799
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/23799
Summary:
PHP Coupon Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects PHP Coupon Script 3.0; other versions may also be affected.

12. SWsoft Confixx Fehler.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 26500
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26500
Summary:
SWsoft Confixx is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SWsoft Confixx 3.2.1 is vulnerable; other versions may also be affected.

13. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 26210
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26210
Summary:
BitDefender Online Scanner is prone a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

14. Nuked-Klan File Parameter News Module Cross-Site Scripting Vulnerability
BugTraq ID: 26458
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26458
Summary:
Nuked-Klan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Nuked-Klan 1.7.5 is vulnerable; other versions may also be affected.

15. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
BugTraq ID: 26483
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26483
Summary:
IceBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IceBB 1.0-rc6 and prior versions are vulnerable.

16. ProfileCMS ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 26490
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26490
Summary:
ProfileCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ProfileCMS 1.0 is vulnerable; prior versions may also be affected.

17. Belkin Wireless G Router Remote Syn Flood Denial of Service Vulnerability
BugTraq ID: 26498
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26498
Summary:
Belkin Wireless G routers are prone to a remote denial-of-service vulnerability because the devices fail to properly handle certain network traffic.

Successfully exploiting this issue allows remote attackers to crash the logging system of affected devices. This may aid in obfuscating further attacks.

Belkin Wireless G routers with model number F5D7230-4 are vulnerable to this issue; other versions may also be affected.

18. p3mbo Content Injector Index.PHP SQL Injection Vulnerability
BugTraq ID: 26547
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26547
Summary:
p3mbo Content Injector is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Content Injector 1.52; other versions may also be vulnerable.

19. PHPKIT Article.PHP SQL Injection Vulnerability
BugTraq ID: 26546
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26546
Summary:
PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

PHPKIT 1.6.4 pl1 is vulnerable to this issue; other versions may be affected as well.

20. MySpace Scripts Poll Creator Index.PHP HTML Injection Vulnerability
BugTraq ID: 26544
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26544
Summary:
MySpace Scripts Poll Creator is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

21. PHPSlideShow Toonchapter8.php Cross Site Scripting Vulnerability
BugTraq ID: 26576
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26576
Summary:
PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

22. DevMass Cart Initialise.PHP Remote File Include Vulnerability
BugTraq ID: 26538
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26538
Summary:
DevMass Cart is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

DevMass Cart 1.0 is vulnerable; other versions may also be affected.

23. Aruba MC-800 Mobility Controller Screens Directory HTML Injection Vulnerability
BugTraq ID: 26465
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26465
Summary:
Aruba MC-800 Mobility Controller is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

24. Rigs of Rods Long Vehicle Name Buffer Overflow Vulnerability
BugTraq ID: 26502
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26502
Summary:
Rigs of Rods is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Rigs of Rods 0.33d and prior versions.

25. ClamAV Unspecified Remote Code Execution Vulnerability
BugTraq ID: 26463
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26463
Summary:
ClamAV is prone to an unspecified remote code-execution vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application.

ClamAV 0.91.1 is vulnerable; other versions may also be affected.

26. Carousel Flash Image Gallery Admin.JJGallery.PHP Remote File Include Vulnerability
BugTraq ID: 26471
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26471
Summary:
Carousel Flash Image Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

27. Symantec Backup Exec Job Engine Multiple Integer Overflow Vulnerabilities
BugTraq ID: 26029
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26029
Summary:
Symantec Backup Exec is prone to two remote integer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to cause an infinite loop that will exhaust memory or consume excessive CPU resources. Successful attacks will cause denial-of-service conditions.

Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.

28. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow JavaScript code or applets to connect to resources other than the one the scripts or applets were downloaded from. One of the weaknesses may allow an attacker to obscure a Java warning about an untrusted applet from the user.

These issues affect the following packages for Windows, Solaris, and Linux:

JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier

29. p.mapper Multiple Remote File Include Vulnerabilities
BugTraq ID: 26614
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26614
Summary:
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.

30. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.

An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.

31. Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 26028
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26028
Summary:
Symantec Backup Exec for Windows Servers is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted TCP packets.

Exploiting this issue allows remote attackers to crash the listening service, denying further service to legitimate users.

Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.

32. Audacity Insecure Temporary File Creation Vulnerability
BugTraq ID: 26608
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26608
Summary:
Audacity is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Audacity 1.3.2; other versions may also be vulnerable.

33. GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability
BugTraq ID: 26445
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26445
Summary:
GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca()' function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code, but this has not been confirmed.

GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected.

34. CPIO Filename Directory Traversal Vulnerability
BugTraq ID: 13291
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
The cpio utility is prone to a directory-traversal vulnerability. The issue occurs when cpio is invoked on a malicious archive.

An archive containing an absolute path for a filename that contains '/' characters results in the file getting written using the absolute path contained in the filename.

A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.

35. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 26613
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26613
Summary:
Tencent QQ is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

These issues affect Tencent QQ 2006 and prior versions.

36. wpQuiz Viewimage.PHP SQL Injection Vulnerability
BugTraq ID: 26611
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26611
Summary:
wpQuiz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects wpQuiz 2.7; other versions may also be affected.

37. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
BugTraq ID: 26612
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26612
Summary:
Project Alumni is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Project Alumni 1.0.9 is vulnerable to this issue; other versions may also be affected.

38. ht://Dig Htsearch Cross Site Scripting Vulnerability
BugTraq ID: 26610
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26610
Summary:
ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable.

39. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
BugTraq ID: 26385
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26385
Summary:
Mozilla Firefox is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

40. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
BugTraq ID: 26606
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26606
Summary:
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Liferay Portal 4.3.1 is vulnerable; other versions may also be affected.

41. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).

42. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

43. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

44. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Samba 3.0.0 through 3.0.26a are vulnerable.

45. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.

Samba 3.0.0 through 3.0.26a are vulnerable.

46. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
BugTraq ID: 25636
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25636
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the Winbind daemon.

An attacker can exploit this issue to gain 'groupid 0' privileges on UNIX computers running the vulnerable Samba software. This may aid them in further attacks.

Samba 3.0.25 through 3.0.25c are vulnerable to this issue.

47. Linux Kernel IEEE80211 HDRLen Remote Denial Of Service Vulnerability
BugTraq ID: 26337
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26337
Summary:
The Linux kernel ieee80211 driver is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash a victim computer, effectively denying service.

Versions prior to Linux kernel 2.6.22.11 are vulnerable.

48. Autonomy KeyView Lotus 1-2-3 File Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26604
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26604
Summary:
Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.

Multiple applications incorporate the vulnerable KeyView component, so they are also considered vulnerable to these issues.

NOTE: These issues are similar to those described in BID 26175 (Autonomy KeyView Multiple Buffer Overflow Vulnerabilities) but affect a different component.

49. Macrovision InstallShield Update Service Isusweb.DLL Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 26280
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26280
Summary:
InstallShield Update Service is prone to multiple remote code-execution vulnerabilities because it fails to adequately sanitize user-supplied data.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with the permissions of the user running the application.

These issues affect InstallShield Update Service 5.01.100.47363 and 6.0.100.60146.

50. VanDyke VShell Unspecified Denial Of Service Vulnerability
BugTraq ID: 26602
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26602
Summary:
VanDyke VShell is prone to a denial-of-service vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

An attacker can exploit this issue to deny access to legitimate users.

VShell 3.0.1 is vulnerable; other versions may also be affected.

51. Info-ZIP UnZip Privilege Escalation Vulnerability
BugTraq ID: 14447
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/14447
Summary:
Info-ZIP UnZip is prone to a privilege-escalation issue because of improper handling of permissions contained in ZIP archives during decompression.

If users with superuser privileges use UnZip to decompress archives with setuid or setgid permissions, malicious binaries may be created that allow attackers to gain superuser privileges and compromise the computer.

52. datecomm Social Networking Software Index.PHP Remote File Include Vulnerability
BugTraq ID: 26607
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26607
Summary:
datecomm Social Networking Software is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

53. Eurologon CMS files.php Directory Traversal Vulnerability
BugTraq ID: 26600
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26600
Summary:
Eurologon CMS is prone to a vulnerability that lets attackers access arbitrary files because the application fails to sufficiently sanitize user-supplied input.

This issue affects the application's download module.

An attacker can exploit this issue using directory-traversal strings ('../') to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

54. Weird Solutions BOOTP Turbo Unspecified Remote Vulnerability
BugTraq ID: 26601
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26601
Summary:
Weird Solutions BOOTP Turbo is prone to an unspecified remote vulnerability.

Very little is known about this issue at this time. We will update this BID as more information emerges.

Weird Solutions BOOTP Turbo 1.2 is vulnerable; other versions may also be affected.

55. Eurologon CMS ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 26599
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26599
Summary:
Eurologon CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

56. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.

Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

57. IBM Tivoli Storage Manager Client Multiple Vulnerabilities
BugTraq ID: 25743
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25743
Summary:
IBM Tivoli Storage Manager client is prone to multiple vulnerabilities that can allow attackers to crash the client, execute arbitrary code in the context of the application, or gain unauthorized access to a client's data.

These issues affect Tivoli Storage Manager client 5.1, V5.2, V5.3, and V5.4.

58. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 26593
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26593
Summary:
The Mozilla Foundation has released a security advisory disclosing three unspecified memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute code, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.

Versions prior to Mozilla Firefox 2.0.0.10 and Mozilla SeaMonkey 1.1.7 are vulnerable to these issues.

59. Amber Script Show_Content.PHP Local File Include Vulnerability
BugTraq ID: 26561
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26561
Summary:
Amber Script is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Amber Script 1.0 is vulnerable to this issue; other versions may also be affected.

60. Project Alumni View and News Multiple SQL Injection Vulnerabilities
BugTraq ID: 26564
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26564
Summary:
Project Alumni is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

61. Softbiz Freelancers Script Multiple Vulnerabilities
BugTraq ID: 26569
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26569
Summary:
Softbiz Freelancers Script is prone to multiple vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Exploiting the cross-site scripting issue may allow the attacker to run arbitrary script code in the browser of an unsuspecting user and steal cookie-based authentication credentials.

62. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26565
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26565
Summary:
Project Alumni is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

63. WorkingOnWeb Events.PHP SQL Injection Vulnerability
BugTraq ID: 26563
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26563
Summary:
WorkingOnWeb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects WorkingOnWeb 2.0.1400; other versions may also be vulnerable.

64. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.

This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

65. IRC Services Password Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 26517
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26517
Summary:
IRC Services are prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to crash the application and deny service to legitimate users.

This issue affects versions prior to IRC Services 5.0.63 and 5.1.9.

66. FileMaker Instant Web Publishing Cross Site Scripting Vulnerability
BugTraq ID: 26515
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26515
Summary:
FileMaker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects the following versions of FileMaker:

FileMaker Pro 7
FileMaker Developer 7
FileMaker Server 7
FileMaker Pro 8.x
FileMaker Pro 8.x Advanced
FileMaker Server 8.x
FileMaker Server 8.x Advanced

67. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 0.99.7 are affected.

68. Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities
BugTraq ID: 26520
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26520
Summary:
TalkBack Comments and Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Talkback Comments and Guestbook 2.2.7 is vulnerable; other versions may also be affected.

69. AlstraSoft E-Friends Events Module SQL Injection Vulnerability
BugTraq ID: 26519
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26519
Summary:
AlstraSoft E-Friends is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AlstraSoft E-Friends 4.98 is vulnerable; other versions may also be affected.

70. Code-Crafters Ability Mail Server Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 26514
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26514
Summary:
Code-Crafters Ability Mail Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to adequately sanitize user-supplied input.

Attackers can exploit these issues to crash the application, resulting in denial-of-service conditions.

These issues affect versions prior to Ability Mail Server 2.61.

71. I Hear U Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 26516
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26516
Summary:
Multiple denial-of-service vulnerabilities affect I Hear U because the application fails to handle specially crafted packets.

An attacker may leverage these issues to cause a remote denial-of-service condition in affected applications.

These issues affect versions prior to I Hear U 0.5.7.

72. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects version 2.6.23; other versions may also be affected.

73. Ingate Firewall And SIParator Multiple Vulnerabilities
BugTraq ID: 26486
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26486
Summary:
Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues.

An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code.

Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable.

74. phpMyAdmin Login Page Cross-Site Scripting Vulnerability
BugTraq ID: 26513
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26513
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to phpMyAdmin 2.11.2.2.

75. JiRo's Banner System Login.ASP Multiple SQL Injection Vulnerabilities
BugTraq ID: 26479
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26479
Summary:
JiRo's Banner System is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

JiRo's Banner System 2.0 is vulnerable; other versions may also be affected.

76. PHPSlideShow Directory Parameter Cross Site Scripting Vulnerability
BugTraq ID: 26575
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26575
Summary:
PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

This issue affects PHPSlideShow 0.9.9.2; other versions may also be vulnerable.

77. Vigile CMS Multiple Vulnerabilities
BugTraq ID: 26484
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26484
Summary:
The Vigile CMS is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute local scripts or view files on the server, steal cookie-based authentication credentials, execute arbitrary script code in a victim's browser, and use a victim's currently active session to perform actions with the application.

Vigile CMS 1.4 is vulnerable; other versions may also be affected.

78. meBiblio Index.PHP Remote File Include Vulnerability
BugTraq ID: 26480
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26480
Summary:
meBiblio is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

meBiblio 0.4.5 is vulnerable; other versions may also be affected.

79. X.Org X Window Server LibX11 XKEYBOARD Extension Local Buffer Overflow Vulnerability
BugTraq ID: 19905
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/19905
Summary:
X.Org X Window Server libX11 library is prone to a local buffer-overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

The issue allows local attackers to execute arbitrary machine code in the context of a user running an application that is dynamically linked against the library. Failed exploit attempts will likely crash the application, denying service to legitimate users.

X11R6 4.0 and prior versions are reported affected by this vulnerability.

80. phpBBViet PHPBB_Root_Path Parameter Remote File Include Vulnerability
BugTraq ID: 26482
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26482
Summary:
phpBBViet is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects phpBBViet 2.0.22; other versions may also be vulnerable.

81. HotScripts Clone SOFTWARE-DESCRIPTION.PHP SQL Injection Vulnerability
BugTraq ID: 26485
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26485
Summary:
HotScripts Clone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

82. TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
BugTraq ID: 26056
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26056
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible but has not been confirmed.

Versions prior to TCL/TK 8.4.13 are vulnerable to this issue.

83. Sciurus Hosting Panel Code Injection Vulnerability
BugTraq ID: 26481
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26481
Summary:
Sciurus Hosting Panel is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Sciurus Hosting Panel 2.0.3 is vulnerable; other versions may also be affected.

84. AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
BugTraq ID: 26304
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26304
Summary:
AdventNet EventLog Analyzer is prone to a vulnerability that can result in unauthorized access to the application's SQL database.

This issue occurs because of an insecure default password.

Attackers can exploit this issue to access or modify sensitive data or to exploit latent vulnerabilities in the underlying database. Attackers can use information harvested to compromise the affected computer; other attacks are also possible.

EventLog Analyzer Build 4030 is vulnerable; other versions may also be affected.

85. Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26549
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26549
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer.

This issue occurs when handling specially crafted RTSP Response headers.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3 is vulnerable to this issue; other versions may also be affected.

86. bcoos Multiple Input Validation Vulnerabilities
BugTraq ID: 26505
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26505
Summary:
The 'bcoos' program is prone to multiple input-validation vulnerabilities, including a local file-include issue, an arbitrary file-upload issue, and an SQL-injection issue. These issues occur because the application fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts, execute arbitrary script code, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects bcoos 1.0.10; other versions may also be affected.

87. SkyPortal Multiple SQL Injection Vulnerabilities
BugTraq ID: 26504
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26504
Summary:
SkyPortal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SkyPortal RC6 is vulnerable; other versions may also be affected.

88. Ruby on Rails Session Fixation Vulnerability
BugTraq ID: 26598
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26598
Summary:
Ruby on Rails is prone to a session-fixation vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected application.

This issue affects versions prior to Ruby on Rails 1.2.6.

89. Aurigma Image Uploader ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities
BugTraq ID: 26537
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26537
Summary:
Aurigma Image Uploader ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Versions prior to Aurigma Image Uploader 4.5.70 are affected.

UPDATE (November 26, 2007): Reports indicate that this issue occurs because of a buffer-overflow issue that affects a Win32API method. This has not been confirmed. We will update this BID as more information emerges.

90. IBM Websphere Application Server Multiple Vulnerabilities
BugTraq ID: 17919
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/17919
Summary:
IBM Websphere Application Server is prone to multiple vulnerabilities.

These issues include vulnerabilities of unknown impact, information-disclosure vulnerabilities, and security-bypass vulnerabilities.

Other potentially security-related issues were also addressed.

Information regarding CVE-2006-2431 has been removed. This issue is discussed in detail in BID 21018 (IBM WebSphere Faultactor Cross-Site Scripting Vulnerability).

91. ngIRCd JOIN Command Parsing Denial Of Service Vulnerability
BugTraq ID: 26489
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26489
Summary:
ngIRCd is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to deny service to legitimate users.

Versions prior to ngIRCd 0.10.3 are vulnerable.

92. AhnLab V3 Products ZIP File Remote Memory Corruption Vulnerability
BugTraq ID: 26473
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26473
Summary:
AhnLab V3 Pro 2004 and V3 Internet Security 2007 products are prone to a remote memory-corruption vulnerability.

Successfully exploiting this issue allows remote attackers to crash affected computers and possibly to execute code, but this has not been confirmed.

93. IBM WebSphere Faultactor Cross-Site Scripting Vulnerability
BugTraq ID: 21018
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/21018
Summary:
IBM WebSphere is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

WebSphere Application Server 6 is vulnerable; other versions may also be affected.

94. Liferay Portal Login Script Cross-Site Scripting Vulnerability
BugTraq ID: 26470
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26470
Summary:
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Liferay Portal 4.1.0 and 4.1.1 are vulnerable; other versions may also be affected.

95. AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 26464
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26464
Summary:
AIDA Web is prone to multiple unauthorized access vulnerabilities.

An attacker could exploit these issues to obtain potentially sensitive information that could aid in further attacks.

96. IBM DB2 Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 26450
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26450
Summary:
IBM DB2 is prone to multiple privilege-escalation vulnerabilities.

Attackers can exploit these issues to gain elevated privileges.

Very few details are available regarding these issues. We will update this BID as more information emerges.

This issue affects IBM DB2 9.1 and IBM DB2 9.1 with fix pack 1, 2, 3, and 3a.

97. Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26495
Remote: No
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26495
Summary:
Microsoft Windows is prone to an information-disclosure weakness.

An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.

This issue affects Microsoft Windows 2000 and Microsoft Windows XP.

98. Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
BugTraq ID: 25811
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/25811
Summary:
Freeside is prone to a cross-site scripting vulnerability.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

This issue affects Freeside v1.7.2; other versions may also be affected.

99. IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption Vulnerabilities
BugTraq ID: 26441
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26441
Summary:
IBM WebSphere MQ is affected by multiple unspecified remote memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to crash affected services, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

IBM WebSphere MQ 6.0 is vulnerable to these issues; other versions may also be affected.

100. PHP Multiple GetText Functions Denial Of Service Vulnerabilities
BugTraq ID: 26428
Remote: Yes
Last Updated: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26428
Summary:
PHP is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to cause denial-of-service conditions. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

PHP 5.2.5 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group drafts rules to nix credit-card storage
By: Robert Lemos
The organization responsible for technical and best-practice standards in the payment industry plans to require the makers of merchant software to certify that their programs do not store sensitive data.
http://www.securityfocus.com/news/11496

2. Task force aims to improve U.S. cybersecurity
By: Robert Lemos
A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve cybersecurity by the time the next president takes office.
http://www.securityfocus.com/news/11494

3. Court filings double estimate of TJX breach
By: Robert Lemos
Online attackers stole information on more than 94 million credit- and debit-card accounts, more than double the original estimates, according to court documents.
http://www.securityfocus.com/news/11493

4. Identity thieves likely to be first-timers, strangers
By: Robert Lemos
Six years of U.S. Secret Service cases reveal that the majority of identity thieves do not know their victims and do not have a prior criminal record.
http://www.securityfocus.com/news/11492

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, NY
http://www.securityfocus.com/archive/77/484093

2. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/484097

3. [SJ-JOB] Jr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/484092

4. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/484094

5. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/484095

6. [SJ-JOB] Security Consultant, Any in WA, CA, VA, OR or DC
http://www.securityfocus.com/archive/77/484096

7. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/484090

8. [SJ-JOB] Security Researcher, Menlo Park
http://www.securityfocus.com/archive/77/484091

9. [SJ-JOB] Security Consultant, NY
http://www.securityfocus.com/archive/77/484085

10. [SJ-JOB] Security Consultant, Any in WA, CA, VA, OR or DC
http://www.securityfocus.com/archive/77/484087

11. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/484088

12. [SJ-JOB] Jr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/484089

13. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/484081

14. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/484082

15. [SJ-JOB] Security Researcher, Menlo Park
http://www.securityfocus.com/archive/77/484083

16. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/484084

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows NT Desktop
http://www.securityfocus.com/archive/88/484060

2. Security and Implications of Hosted Exchange
http://www.securityfocus.com/archive/88/483800

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803

News

Wednesday, November 28, 2007

SecurityFocus Newsletter #429

No comments:

WINDOWS CENTER

Blog Archive