WINDOWS CENTER: SecurityFocus Newsletter #430

SecurityFocus Newsletter #430
----------------------------------------

This issue is Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009400

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Man in the Machine
2.Aye, Robot, or Can Computers Contract?
II. BUGTRAQ SUMMARY
1. NoAh PHP Content Architect Multiple Remote File Include Vulnerabilities
2. TuMusika Evolution Multiple Local File Include Vulnerabilities
3. Apple Mac OS X VPND Remote Denial of Service Vulnerability
4. Jetty Dump Servlet Cross Site Scripting Vulnerability
5. Jetty Unspecified HTTP Response Splitting Vulnerability
6. Jetty Cookie Names Session Hijacking Vulnerability
7. Beehive Forum Post.PHP SQL Injection Vulnerability
8. Info-ZIP UnZip Privilege Escalation Vulnerability
9. Ascential DataStage Multiple Local Vulnerabilities
10. ZABBIX daemon_start Local Privilege Escalation Vulnerability
11. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
12. Apple QuickTime Unspecified Remote Vulnerability
13. Tellmatic tm_includepath Parameter Multiple Remote File Include Vulnerabilities
14. Cisco Multiple Products Extensible Authentication Protocol Denial of Service Vulnerability
15. bcoos Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
16. bcoos Multiple Input Validation Vulnerabilities
17. bcoos Arcade Module Index.PHP SQL Injection Vulnerability
18. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
19. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
20. Linux Kernel ELF File Cross Region Mapping Local Denial of Service Vulnerability
21. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
22. Claws Mail Insecure Temporary File Creation Vulnerability
23. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
24. Zsh Insecure Temporary File Creation Vulnerability
25. IBM Tivoli Netcool Security Manager Unspecified Cross-Site Scripting Vulnerability
26. Asterisk CDR_PGSQL SQL Injection Vulnerability
27. TuMusika Evolution Remote File Include Vulnerability
28. Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
29. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
30. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
31. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
32. PHP-CON Include.PHP Remote File Include Vulnerability
33. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
34. wpQuiz Viewimage.PHP SQL Injection Vulnerability
35. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
36. OpenSSL DTLS Heap Buffer Overflow Vulnerability
37. Perl Unicode Regular Expression Buffer Overflow Vulnerability
38. Mono System.Math BigInteger Buffer Overflow Vulnerability
39. Rsync Daemon Excludes Multiple File Access Vulnerabilities
40. Rsync Use Chroot Insecure File Creation Vulnerability
41. Joomla! Index.PHP Multiple SQL Injection Vulnerabilities
42. Mambo/Joomla! RSGallery2 CATID Parameter SQL Injection Vulnerability
43. OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability
44. PHPHeaven PHPMyChat Start-Page.CSS.PHP3 Cross-Site Scripting Vulnerability
45. SING Log Option Local Privilege Escalation Vulnerability
46. PHPHeaven PHPMyChat Style.CSS.PHP3 Cross-Site Scripting Vulnerability
47. phpMyChat Multiple Scripts and Parameters Cross-Site Scripting Vulnerabilities
48. PHPMyChat Multiple Cross-Site Scripting Vulnerabilities
49. VideoLAN VLC axvlc.dll ActiveX Control Multiple Memory Corruption Vulnerabilities
50. Battle for Wesnoth turn_cmd Remote Denial of Service Vulnerability
51. Neocrome Seditio PLUG.PHP SQL Injection Vulnerability
52. Battle for Wesnoth WML Preprocessor Directory Traversal Vulnerability
53. BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities
54. @Mail Util.PHP Cross-Site Scripting Vulnerability
55. p.mapper Multiple Remote File Include Vulnerabilities
56. Cisco Unified IP Phone RTP Audio Stream Eavesdropping Vulnerability
57. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
58. Asterisk res_config_pgsql SQL Injection Vulnerability
59. PHPDevShell Remote Privilege Escalation Vulnerability
60. Eurologon CMS files.php Directory Traversal Vulnerability
61. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
62. ISPmanager Responder Local Privilege Escalation Vulnerability
63. Ruby-GNOME2 Gtk::MessageDialog.new Function Format String Vulnerability
64. Sun Solaris RPC Module Unspecified Local Denial of Service Vulnerability
65. Cygwin Filename Filename Buffer Overflow Vulnerability
66. Charray's CMS ccms_library_path Parameter Multiple Remote File Include Vulnerabilities
67. Powerschool Javascript File Request Information Disclosure Vulnerability
68. ehcp easy hosting control panel Multiple Remote File Include Vulnerabilities
69. Lhaplus LZH Archive Processing Unspecified Remote Buffer Overflow Vulnerability
70. amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote Shell Command Execution Vulnerabilities
71. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
72. Microsoft Optical Desktop Wireless Keyboard Weak Encryption Information Disclosure Vulnerability
73. Absolute News Manager .NET Multiple Input Validation and Information Disclosure Vulnerabilities
74. Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
75. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
76. SonicWALL Global VPN Client Remote Format String Vulnerability
77. Snitz Forums 2000 Active.ASP SQL Injection Vulnerability
78. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
79. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
80. Linux Kernel wait_task_stopped Local Denial of Service Vulnerability
81. Linux Kernel TCP_Input.C Remote Denial of Service Vulnerability
82. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
83. ht://Dig Htsearch Cross Site Scripting Vulnerability
84. PHP ZendEngine Variable Destruction Remote Denial of Service Vulnerability
85. PHP EXT/Session HTTP Response Header Injection Vulnerability
86. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
87. PHP Chunk_Split() Function Integer Overflow Vulnerability
88. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
89. CRM-CTT CheckCustomerAccess Security Bypass Vulnerability
90. Microsoft Web Proxy Auto-Discovery Proxy Spoofing Vulnerability
91. GTD-PHP Multiple Input Validation Vulnerabilities
92. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
93. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
94. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
95. PhpBBGarage Garage.PHP SQL Injection Vulnerability
96. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
97. Rayzz Class_HeaderHandler.Lib.PHP Remote File Include Vulnerability
98. Citrix EdgeSight for Endpoints and Presentation Server Database Credential Disclosure Weakness
99. avast! Home/Professional TAR File Handling Unspecified Vulnerability
100. Apple Mac OS X Mach_Loader.C Local Denial of Service Vulnerability
III. SECURITYFOCUS NEWS
1. Researchers reverse Netflix anonymization
2. Group drafts rules to nix credit-card storage
3. Task force aims to improve U.S. cybersecurity
4. Court filings double estimate of TJX breach
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Memphis
2. [SJ-JOB] Application Security Engineer, New York
3. [SJ-JOB] Application Security Architect, Cincinnati
4. [SJ-JOB] Sr. Security Analyst, San Jose
5. [SJ-JOB] Security Engineer, Memphis
6. [SJ-JOB] Security Consultant, Springfield
7. [SJ-JOB] Sr. Security Analyst, Charlotte
8. [SJ-JOB] Sales Engineer, Concord
9. [SJ-JOB] Information Assurance Engineer, Arlington
10. [SJ-JOB] Software Engineer, Columbia
11. [SJ-JOB] Sales Representative, Livonia
12. [SJ-JOB] Security Engineer, Reston
13. [SJ-JOB] Software Engineer, Bethesda
14. [SJ-JOB] Security System Administrator, Columbia
15. [SJ-JOB] Software Engineer, Livonia
16. [SJ-JOB] Security Architect, Arlington
17. [SJ-JOB] Database Security Engineer, Washington
18. [SJ-JOB] Security Architect, Arlington
19. [SJ-JOB] Security Consultant, Washington
20. [SJ-JOB] Forensics Engineer, McLean
21. [SJ-JOB] Sr. Security Analyst, Moncton
22. [SJ-JOB] Security Engineer, Washington
23. [SJ-JOB] Database Security Architect, Suffolk
24. [SJ-JOB] Security Architect, Folsom
25. [SJ-JOB] Sr. Security Analyst, Pune
26. [SJ-JOB] Management, washington
27. [SJ-JOB] Security Consultant, Gaithersburg
28. [SJ-JOB] Sr. Security Analyst, Chicago
29. [SJ-JOB] Sr. Security Engineer, McLean
30. [SJ-JOB] Application Security Architect, St. Louis
31. [SJ-JOB] Management, washington
V. INCIDENTS LIST SUMMARY
1. Anyone have a reason for 2x the email flow today?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. SEH and overwrite EIP
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #370
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Man in the Machine
By Federico Biancuzzi
In April 2007, when two security researchers demonstrated a flaw in the next-generation IPv6 routing scheme that would allow attackers to significantly amplify any denial-of-service attack by a factor of at least 80, networking expert Jun-ichiro "Itojun" Hagino worked to get Internet engineers to take the threat seriously.

http://www.securityfocus.com/columnists/459

2.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

http://www.securityfocus.com/columnists/458

II. BUGTRAQ SUMMARY
--------------------
1. NoAh PHP Content Architect Multiple Remote File Include Vulnerabilities
BugTraq ID: 26633
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26633
Summary:
PHP Content Architect is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect PHP Content Architect 0.9 (pre 1.2) and prior versions.

2. TuMusika Evolution Multiple Local File Include Vulnerabilities
BugTraq ID: 26631
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26631
Summary:
TuMusika Evolution is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

These issues affect TuMusika Evolution 1.7R5; other versions may also be vulnerable.

3. Apple Mac OS X VPND Remote Denial of Service Vulnerability
BugTraq ID: 26699
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26699
Summary:
Apple Mac OS X is prone to a remote denial-of-service vulnerability. This issue occurs because the virtual private network daemon (vpnd) fails to handle specially crafted network packets.

An attacker can exploit this issue to crash affected computers, denying service to legitimate users.

This issue affects Apple Mac OS X 10.5; other versions may also be affected.

4. Jetty Dump Servlet Cross Site Scripting Vulnerability
BugTraq ID: 26697
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26697
Summary:
Jetty is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Jetty versions prior to 6.1.6 are vulnerable.

5. Jetty Unspecified HTTP Response Splitting Vulnerability
BugTraq ID: 26696
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26696
Summary:
Jetty is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

This issue affects Jetty prior to version 6.1.6.

6. Jetty Cookie Names Session Hijacking Vulnerability
BugTraq ID: 26695
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26695
Summary:
Jetty is prone to a vulnerability that allows attackers to hijack browser sessions.

Successful attacks will allow attackers to access potentially sensitive information and perform actions in the guise of legitimate users.

Jetty versions prior to 6.1.6 are vulnerable.

7. Beehive Forum Post.PHP SQL Injection Vulnerability
BugTraq ID: 26492
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26492
Summary:
Beehive Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Beehive Forum 0.7.1 and prior versions are vulnerable.

8. Info-ZIP UnZip Privilege Escalation Vulnerability
BugTraq ID: 14447
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/14447
Summary:
Info-ZIP UnZip is prone to a privilege-escalation issue because of improper handling of permissions contained in ZIP archives during decompression.

If users with superuser privileges use UnZip to decompress archives with setuid or setgid permissions, malicious binaries may be created that allow attackers to gain superuser privileges and compromise the computer.

9. Ascential DataStage Multiple Local Vulnerabilities
BugTraq ID: 26677
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26677
Summary:
Ascential DataStage is prone to three security vulnerabilities that a local attacker may exploit to obtain sensitive information and to manipulate files.

These issues were reported to affect Ascential DataStage 7.5; other versions may also be affected.

10. ZABBIX daemon_start Local Privilege Escalation Vulnerability
BugTraq ID: 26680
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26680
Summary:
ZABBIX is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects ZABBIX 1.4.2; prior versions may also be affected.

11. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

12. Apple QuickTime Unspecified Remote Vulnerability
BugTraq ID: 26682
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26682
Summary:
Apple QuickTime is prone to an unspecified remote vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

This issue affects Apple QuickTime 7.2 for Microsoft Windows XP; other versions may also be affected.

13. Tellmatic tm_includepath Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 26678
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26678
Summary:
Tellmatic is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Tellmatic 1.0.7 and 1.0.7.1 are vulnerable; other versions may also be affected.

14. Cisco Multiple Products Extensible Authentication Protocol Denial of Service Vulnerability
BugTraq ID: 26139
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26139
Summary:
Multiple Cisco products running Cisco IOS and CatOS are prone to a denial-of-service vulnerability that resides in the Extensible Authentication Protocol (EAP).

An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.

The following devices are affected:

- Cisco Access Points and 1310 Wireless Bridges running Cisco IOS in autonomous mode
- All Cisco switches running vulnerable versions of Cisco IOS
- All Cisco switches running vulnerable versions of Cisco CatOS

NOTE: EAP is not configured by default on the devices listed above.

15. bcoos Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 26629
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26629
Summary:
The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

These issues affect the application's arcade, myalbum, mylinks, and ecal modules.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect bcoos 1.0.10; other versions may also be affected.

16. bcoos Multiple Input Validation Vulnerabilities
BugTraq ID: 26505
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26505
Summary:
The 'bcoos' program is prone to multiple input-validation vulnerabilities, including a local file-include issue, an arbitrary file-upload issue, and an SQL-injection issue. These issues occur because the application fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts, execute arbitrary script code, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects bcoos 1.0.10; other versions may also be affected.

17. bcoos Arcade Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 25790
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/25790
Summary:
The 'bcoos' Arcade module is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects bcoos Arcade module 1.0.10; other versions may also be affected.

18. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
BugTraq ID: 25216
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/25216
Summary:
The Linux kernel is prone to a security-bypass vulnerability.

A local attacker may exploit this vulnerability to issue IOCTL commands to AACRAID devices. This may lead to denial-of-service conditions, including data loss and computer crashes.

Versions prior to 2.6.23-rc2 are vulnerable.

19. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
BugTraq ID: 23447
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/23447
Summary:
The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

20. Linux Kernel ELF File Cross Region Mapping Local Denial of Service Vulnerability
BugTraq ID: 19702
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/19702
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue could cause an affected computer to crash.

21. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
BugTraq ID: 25387
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/25387
Summary:
The Linux kernel is prone to a security-bypass weakness when dealing with signal handling.

This issue occurs because the software fails to properly validate access when the parent process tries to deliver its death signal to the child that registered it via 'prctl'.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Linux kernel versions prior to 2.6.22.4 are vulnerable.

22. Claws Mail Insecure Temporary File Creation Vulnerability
BugTraq ID: 26676
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26676
Summary:
Claws Mail is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Claws Mail 3.1.0; other versions may also be vulnerable.

23. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
BugTraq ID: 26042
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26042
Summary:
FLAC (Free Lossless Audio Codec) is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before allocating memory.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted FLAC files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

FLAC 1.2.0 is vulnerable; other versions may also be affected.

NOTE: Applications that include the affected libFLAC library are also affected.

24. Zsh Insecure Temporary File Creation Vulnerability
BugTraq ID: 26674
Remote: No
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26674
Summary:
Zsh is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Zsh 4.3.4; other versions may also be vulnerable.

25. IBM Tivoli Netcool Security Manager Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 26673
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26673
Summary:
IBM Tivoli Netcool Security Manager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

IBM Tivoli Netcool Security Manager 1.3.0 is affected by this vulnerability; other versions may be vulnerable as well.

26. Asterisk CDR_PGSQL SQL Injection Vulnerability
BugTraq ID: 26647
Remote: Yes
Last Updated: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26647
Summary:
Asterisk is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to:

Asterisk Open Source 1.2.25 and 1.4.15
Asterisk Business Edition B.2.3.4.

NOTE: This issue occurs only when the 'cdr_pgsql' module is enabled. This module is disabled by default.

27. TuMusika Evolution Remote File Include Vulnerability
BugTraq ID: 26632
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26632
Summary:
TuMusika Evolution is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects TuMusika Evolution 1.7R5; other versions may also be vulnerable.

28. Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26549
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26549
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer.

This issue occurs when handling specially crafted RTSP Response headers.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3 is vulnerable to this issue; other versions may also be affected.

UPDATE (December 4, 2007): Attackers are exploiting this issue through the Second Life Viewer to steal Linden dollars from unsuspecting victims.

29. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.

This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

30. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 26593
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26593
Summary:
The Mozilla Foundation has released a security advisory disclosing three unspecified memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute code, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.

Versions prior to Mozilla Firefox 2.0.0.10 and Mozilla SeaMonkey 1.1.7 are vulnerable to these issues.

31. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability
BugTraq ID: 26385
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26385
Summary:
Mozilla Firefox is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

32. PHP-CON Include.PHP Remote File Include Vulnerability
BugTraq ID: 26622
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26622
Summary:
PHP-CON is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

PHP-CON 1.3 is vulnerable; other versions may also be affected.

33. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
BugTraq ID: 26694
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26694
Summary:
HP Select Identity is prone to an unauthorized-access vulnerability.

A remote attacker can exploit this issue to gain unauthorized access to affected computers.

Select Identity 4.01 to 4.01.011 and 4.10 to 4.13.002 are vulnerable.

34. wpQuiz Viewimage.PHP SQL Injection Vulnerability
BugTraq ID: 26611
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26611
Summary:
wpQuiz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects wpQuiz 2.7; other versions may also be affected.

35. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch a forwarded X11 session through SSH in an unauthorized manner. Further details are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions may be affected as well.

36. OpenSSL DTLS Heap Buffer Overflow Vulnerability
BugTraq ID: 26055
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26055
Summary:
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

37. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

38. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

39. Rsync Daemon Excludes Multiple File Access Vulnerabilities
BugTraq ID: 26639
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26639
Summary:
The rsync daemon is prone to multiple file-access vulnerabilities because it fails to properly validate 'exclude'-type options set in the daemon's configuration file 'rsyncd.conf'.

Attackers can exploit these issues to read sensitive information or overwrite files with writable permissions.

40. Rsync Use Chroot Insecure File Creation Vulnerability
BugTraq ID: 26638
Remote: No
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26638
Summary:
The 'rsync' utility is prone to a security vulnerability because it creates files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

This issue affects versions prior to rsync 3.0.0pre6.

41. Joomla! Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 26707
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26707
Summary:
Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Joomla! 1.5 RC3 is vulnerable; other versions may also be affected.

42. Mambo/Joomla! RSGallery2 CATID Parameter SQL Injection Vulnerability
BugTraq ID: 26704
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26704
Summary:
Mambo/Joomla! RSGallery2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RSGallery2 2.0 beta 5 is vulnerable; other versions may also be affected.

43. OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability
BugTraq ID: 26703
Remote: Yes
Last Updated: 2007-12-05
Relevant URL: http://www.securityfocus.com/bid/26703
Summary:
OpenOffice is prone to a code-execution vulnerability.

Successful exploits allow remote attackers to execute arbitrary Java code in the context of the vulnerable application.

Versions of OpenOffice prior to 2.3.1 are vulnerable.

44. PHPHeaven PHPMyChat Start-Page.CSS.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 13627
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/13627
Summary:
phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

45. SING Log Option Local Privilege Escalation Vulnerability
BugTraq ID: 26679
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26679
Summary:
SING is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

SING 1.1 is vulnerable to this issue; other versions may also be affected.

46. PHPHeaven PHPMyChat Style.CSS.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 13628
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/13628
Summary:
phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

47. phpMyChat Multiple Scripts and Parameters Cross-Site Scripting Vulnerabilities
BugTraq ID: 26698
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26698
Summary:
phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

phpMyChat 0.14.5 is vulnerable; other versions may also be affected.

48. PHPMyChat Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15679
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/15679
Summary:
phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

phpMyChat 0.14.5 is vulnerable; other versions may also be affected.

49. VideoLAN VLC axvlc.dll ActiveX Control Multiple Memory Corruption Vulnerabilities
BugTraq ID: 26675
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26675
Summary:
VideoLAN VLC media player is prone to multiple memory-corruption vulnerabilities.

Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of the application using the affectecd ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect VLC media player 0.8.6 to 0.8.6c.

50. Battle for Wesnoth turn_cmd Remote Denial of Service Vulnerability
BugTraq ID: 26625
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26625
Summary:
Battle for Wesnoth is prone to a remote denial-of-service vulnerability because it fails to handle unexpected input.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to Battle for Wesnoth 1.2.8 are affected by this issue.

51. Neocrome Seditio PLUG.PHP SQL Injection Vulnerability
BugTraq ID: 26655
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26655
Summary:
Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions of Seditio 121 released prior to November 30, 2007 are vulnerable.

52. Battle for Wesnoth WML Preprocessor Directory Traversal Vulnerability
BugTraq ID: 26626
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26626
Summary:
Battle for Wesnoth is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

Versions prior to Battle for Wesnoth 1.2.8 are vulnerable.

53. BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities
BugTraq ID: 26620
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26620
Summary:
BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build date, and server version. Information harvested can aid in further attacks.

The following versions are vulnerable:

BEA Plumtree Foundation in the 5.0 series, version 6.0 through service pack 1 on all platforms
BEA AquaLogic Interaction 6.1 through service pack 1 on all platforms

54. @Mail Util.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26635
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26635
Summary:
@Mail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects versions prior to @Mail 5.2.

55. p.mapper Multiple Remote File Include Vulnerabilities
BugTraq ID: 26614
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26614
Summary:
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.

56. Cisco Unified IP Phone RTP Audio Stream Eavesdropping Vulnerability
BugTraq ID: 26668
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26668
Summary:
Cisco Unified IP Phone is prone to a vulnerability that allows eavesdropping.

An attacker can exploit this issue to transmit or receive audio stream data to an unsuspecting victim.

Successfully exploiting this issue will allow the attacker to access sensitive information.

57. BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 26210
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26210
Summary:
BitDefender Online Scanner is prone a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

58. Asterisk res_config_pgsql SQL Injection Vulnerability
BugTraq ID: 26645
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26645
Summary:
Asterisk package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to Asterisk 1.4.15.

59. PHPDevShell Remote Privilege Escalation Vulnerability
BugTraq ID: 26615
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26615
Summary:
PHPDevShell is prone to a remote privilege-escalation vulnerability due to an unspecified error.

Successfully exploiting this issue allows remote attackers to gain administrative privileges to the application and execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the webserver and the underlying system; other attacks are also possible.

The issue affects versions prior to PHPDevShell 0.7.0.

60. Eurologon CMS files.php Directory Traversal Vulnerability
BugTraq ID: 26600
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26600
Summary:
Eurologon CMS is prone to a vulnerability that lets attackers access arbitrary files because the application fails to sufficiently sanitize user-supplied input.

This issue affects the application's download module.

An attacker can exploit this issue using directory-traversal strings ('../') to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

61. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
BugTraq ID: 26612
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26612
Summary:
Project Alumni is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Project Alumni 1.0.9 is vulnerable to this issue; other versions may also be affected.

62. ISPmanager Responder Local Privilege Escalation Vulnerability
BugTraq ID: 26503
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26503
Summary:
ISPmanager is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer.

ISPmanager 4.2.15.1 is reported vulnerable; other versions may be affected as well.

63. Ruby-GNOME2 Gtk::MessageDialog.new Function Format String Vulnerability
BugTraq ID: 26616
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26616
Summary:
The Ruby-GNOME2 library is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker can exploit this issue to execute arbitrary machine code in the context of an application using the affected library. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.

This issue affects Ruby-GNOME2 0.16.0; other version may be also vulnerable.

64. Sun Solaris RPC Module Unspecified Local Denial of Service Vulnerability
BugTraq ID: 26627
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26627
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability caused by a race condition.

A local unprivileged attacker can exploit this issue to cause a system panic on an affected computer, resulting in a denial-of-service condition.

This issue affects Solaris 8, 9, and 10 for SPARC and x86 architectures.

65. Cygwin Filename Filename Buffer Overflow Vulnerability
BugTraq ID: 26557
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26557
Summary:
Cygwin is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to overflow a buffer and execute arbitrary machine-code in the context of the vulnerable application. This may facilitate a compromise of the vulnerable computer.

This issue affects Cygwin 1.5.7 and earlier; other versions may also be vulnerable.

66. Charray's CMS ccms_library_path Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 26619
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26619
Summary:
Charray's CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Charray's CMS 0.9.3 is vulnerable; other versions may also be affected.

67. Powerschool Javascript File Request Information Disclosure Vulnerability
BugTraq ID: 22611
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/22611
Summary:
Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables.

An attacker can exploit these issue to obtain sensitive information that may aid in other attacks.

This issue affects Powerschool 4.3.6; other versions may also be affected.

UPDATE: Powerschool 5.1.2 is also reportedly affected by this issue, in a limited fashion.

68. ehcp easy hosting control panel Multiple Remote File Include Vulnerabilities
BugTraq ID: 26623
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26623
Summary:
The 'ehcp' (easy hosting control panel) program is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect ehcp 0.22.8; other versions may also be affected.

69. Lhaplus LZH Archive Processing Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 26531
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26531
Summary:
Lhaplus is prone to an unspecified remote buffer-overflow vulnerability when handling LZH archives.

Exploiting this issue may allow attackers to corrupt memory and execute arbitrary machine code in the context of users running the affected application.

This issue affects Lhaplus 1.55 and prior versions.

70. amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote Shell Command Execution Vulnerabilities
BugTraq ID: 26541
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26541
Summary:
K+B-Bestellsystem is prone to multiple vulnerabilities that allow attackers to execute arbitrary shell commands. These issues occur because the application fails to sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary shell commands on an affected computer.

71. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
BugTraq ID: 26606
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26606
Summary:
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Liferay Portal 4.3.1 is vulnerable; other versions may also be affected.

72. Microsoft Optical Desktop Wireless Keyboard Weak Encryption Information Disclosure Vulnerability
BugTraq ID: 26693
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26693
Summary:
Microsoft Optical Desktop is prone to an information-disclosure vulnerability.

Successfully exploiting this issue will allow an attacker to obtain sensitive information that may lead to other attacks.

This issue affects Microsoft Optical Desktop 1000 and 2000; other versions may also be affected.

73. Absolute News Manager .NET Multiple Input Validation and Information Disclosure Vulnerabilities
BugTraq ID: 26692
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26692
Summary:
Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues.

Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Absolute News Manager .NET 5.1; other versions may also be vulnerable.

74. Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
BugTraq ID: 26687
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26687
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to perform boundary checks before copying user-supplied data into process buffers.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users. Attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects Squid 2.6.STABLE16 and prior versions. All Squid-3 snapshots and prereleases up to the November 28 snapshot are also vulnerable.

75. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
BugTraq ID: 25132
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/25132
Summary:
The RVD daemon in TIBCO Rendezvous is prone to two remote denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to consume excessive memory or to trigger network instability, leading to denial-of-service conditions.

Rendezvous 7.5.2, 7.4.3, and 7.5.4 are vulnerable to these issues; other versions may also be affected.

76. SonicWALL Global VPN Client Remote Format String Vulnerability
BugTraq ID: 26689
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26689
Summary:
SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.

Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected.

77. Snitz Forums 2000 Active.ASP SQL Injection Vulnerability
BugTraq ID: 26688
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26688
Summary:
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

All versions are considered vulnerable.

78. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue outlined in MFSA 2007-02. Pages followed through 'href' links and embedded iframes inherit the character set of parent pages when a user has manually set the browser charset.

79. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
BugTraq ID: 26650
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26650
Summary:
Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.

80. Linux Kernel wait_task_stopped Local Denial of Service Vulnerability
BugTraq ID: 26477
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26477
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain process-exit conditions.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are vulnerable.

81. Linux Kernel TCP_Input.C Remote Denial of Service Vulnerability
BugTraq ID: 26474
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26474
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize specially crafted ACK responses.

Attackers can exploit this issue to cause a NULL-pointer dereference and crash the kernel.

Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are vulnerable.

82. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

83. ht://Dig Htsearch Cross Site Scripting Vulnerability
BugTraq ID: 26610
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26610
Summary:
ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

This issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable.

84. PHP ZendEngine Variable Destruction Remote Denial of Service Vulnerability
BugTraq ID: 22764
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/22764
Summary:
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects all versions of PHP.

85. PHP EXT/Session HTTP Response Header Injection Vulnerability
BugTraq ID: 24268
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/24268
Summary:
PHP is prone to an HTTP-response-header-injection vulnerability because it fails to sanitize user-supplied input.

An attacker can exploit this issue to inject additional cookie attributes into session cookies. This may lead to other attacks.

This issue affects PHP 5.2.3 (and prior versions) and PHP 4.4.7 (and prior versions).

86. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

87. PHP Chunk_Split() Function Integer Overflow Vulnerability
BugTraq ID: 24261
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/24261
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to PHP 5.2.3.

88. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26245
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26245
Summary:
OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue.

Attackers can exploit these issues to deny service to legitimate users.

Versions prior to OpenLDAP 2.3.39 are vulnerable.

89. CRM-CTT CheckCustomerAccess Security Bypass Vulnerability
BugTraq ID: 26685
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26685
Summary:
CRM-CTT is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.

A successful attack allows unauthorized users to modify other users' accounts, which may aid in further attacks.

This issue affects versions prior to CRM-CTT 4.2.0.

90. Microsoft Web Proxy Auto-Discovery Proxy Spoofing Vulnerability
BugTraq ID: 26686
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26686
Summary:
Microsoft Web Proxy Auto-Discovery is prone to a vulnerability that may allow attackers to obtain sensitive information that may lead to further attacks.

91. GTD-PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 17366
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/17366
Summary:
The 'gtd-php' application is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.

92. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

93. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
BugTraq ID: 25653
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/25653
Summary:
Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.

Web pages generated by the affected source code may be prone to a cross-site scripting issue.

Versions prior to Apache 2.2.6 are affected.

NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.

94. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BugTraq ID: 23520
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.

This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.

A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.

Vixie Cron versions prior to 4.1-r10 are vulnerable.

95. PhpBBGarage Garage.PHP SQL Injection Vulnerability
BugTraq ID: 26683
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26683
Summary:
PhpBBGarage is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects PhpBBGarage 1.2.0 Beta 3; other versions may also be affected.

96. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects version 2.6.23.1; previous versions may also be affected.

97. Rayzz Class_HeaderHandler.Lib.PHP Remote File Include Vulnerability
BugTraq ID: 26681
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26681
Summary:
Rayzz is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Rayzz 2.0 is vulnerable; other versions may also be affected.

98. Citrix EdgeSight for Endpoints and Presentation Server Database Credential Disclosure Weakness
BugTraq ID: 26705
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26705
Summary:
Citrix EdgeSight for Endpoints and Presentation Server is prone to a database credential disclosure weakness.

An attacker can exploit this issue to obtain sensitive information that may be used to gain unauthorized access to the affected systems.

This issue affects all versions of Citrix EdgeSight for Endpoints, Citrix EdgeSight for Presentation Server, and Citrix EdgeSight for NetScaler.

99. avast! Home/Professional TAR File Handling Unspecified Vulnerability
BugTraq ID: 26702
Remote: Yes
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26702
Summary:
avast! is prone to an unspecified vulnerability.

This issue occurs when the application handles a TAR file.

Versions of avast! Home and Professional prior to 4.7.1098 are affected.

100. Apple Mac OS X Mach_Loader.C Local Denial of Service Vulnerability
BugTraq ID: 26700
Remote: No
Last Updated: 2007-12-04
Relevant URL: http://www.securityfocus.com/bid/26700
Summary:
Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle exceptional conditions.

Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users.

Apple Mac OS X version 10.4 and 10.5.1 are vulnerable to this issue; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Researchers reverse Netflix anonymization
By: Robert Lemos
Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information.
http://www.securityfocus.com/news/11497

2. Group drafts rules to nix credit-card storage
By: Robert Lemos
The organization responsible for technical and best-practice standards in the payment industry plans to require the makers of merchant software to certify that their programs do not store sensitive data.
http://www.securityfocus.com/news/11496

3. Task force aims to improve U.S. cybersecurity
By: Robert Lemos
A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve cybersecurity by the time the next president takes office.
http://www.securityfocus.com/news/11494

4. Court filings double estimate of TJX breach
By: Robert Lemos
Online attackers stole information on more than 94 million credit- and debit-card accounts, more than double the original estimates, according to court documents.
http://www.securityfocus.com/news/11493

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Memphis
http://www.securityfocus.com/archive/77/484529

2. [SJ-JOB] Application Security Engineer, New York
http://www.securityfocus.com/archive/77/484538

3. [SJ-JOB] Application Security Architect, Cincinnati
http://www.securityfocus.com/archive/77/484539

4. [SJ-JOB] Sr. Security Analyst, San Jose
http://www.securityfocus.com/archive/77/484526

5. [SJ-JOB] Security Engineer, Memphis
http://www.securityfocus.com/archive/77/484528

6. [SJ-JOB] Security Consultant, Springfield
http://www.securityfocus.com/archive/77/484532

7. [SJ-JOB] Sr. Security Analyst, Charlotte
http://www.securityfocus.com/archive/77/484534

8. [SJ-JOB] Sales Engineer, Concord
http://www.securityfocus.com/archive/77/484523

9. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/484525

10. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/484527

11. [SJ-JOB] Sales Representative, Livonia
http://www.securityfocus.com/archive/77/484531

12. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/484536

13. [SJ-JOB] Software Engineer, Bethesda
http://www.securityfocus.com/archive/77/484521

14. [SJ-JOB] Security System Administrator, Columbia
http://www.securityfocus.com/archive/77/484522

15. [SJ-JOB] Software Engineer, Livonia
http://www.securityfocus.com/archive/77/484524

16. [SJ-JOB] Security Architect, Arlington
http://www.securityfocus.com/archive/77/484530

17. [SJ-JOB] Database Security Engineer, Washington
http://www.securityfocus.com/archive/77/484533

18. [SJ-JOB] Security Architect, Arlington
http://www.securityfocus.com/archive/77/484514

19. [SJ-JOB] Security Consultant, Washington
http://www.securityfocus.com/archive/77/484515

20. [SJ-JOB] Forensics Engineer, McLean
http://www.securityfocus.com/archive/77/484518

21. [SJ-JOB] Sr. Security Analyst, Moncton
http://www.securityfocus.com/archive/77/484519

22. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/484510

23. [SJ-JOB] Database Security Architect, Suffolk
http://www.securityfocus.com/archive/77/484517

24. [SJ-JOB] Security Architect, Folsom
http://www.securityfocus.com/archive/77/484520

25. [SJ-JOB] Sr. Security Analyst, Pune
http://www.securityfocus.com/archive/77/484508

26. [SJ-JOB] Management, washington
http://www.securityfocus.com/archive/77/484509

27. [SJ-JOB] Security Consultant, Gaithersburg
http://www.securityfocus.com/archive/77/484511

28. [SJ-JOB] Sr. Security Analyst, Chicago
http://www.securityfocus.com/archive/77/484516

29. [SJ-JOB] Sr. Security Engineer, McLean
http://www.securityfocus.com/archive/77/484537

30. [SJ-JOB] Application Security Architect, St. Louis
http://www.securityfocus.com/archive/77/484512

31. [SJ-JOB] Management, washington
http://www.securityfocus.com/archive/77/484535

V. INCIDENTS LIST SUMMARY
---------------------------
1. Anyone have a reason for 2x the email flow today?
http://www.securityfocus.com/archive/75/484505

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. SEH and overwrite EIP
http://www.securityfocus.com/archive/82/484427

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #370
http://www.securityfocus.com/archive/88/484378

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Watchfire

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009400

News

Wednesday, December 05, 2007

SecurityFocus Newsletter #430

No comments:

WINDOWS CENTER

Blog Archive