News

Wednesday, January 16, 2008

SecurityFocus Newsletter #436

SecurityFocus Newsletter #436
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Finding a Cure for Data Loss
2.Real Flaws in Virtual Worlds
II. BUGTRAQ SUMMARY
1. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
2. Funkwerk X2300 DNS Request Denial Of Service Vulnerability
3. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
4. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
5. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
7. Sun Java System Access Manager Multiple Vulnerabilities
8. Garment Center 'index.cgi' Local File Include Vulnerability
9. DVRHOST PDVRATL.DLL ActiveX Control Heap Based Buffer Overflow Vulnerability
10. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
11. Qvod Player 'QvodInsert.dll' ActiveX Control Remote Buffer Overflow Vulnerability
12. FreeSeat Unspecified Security Bypass Vulnerability
13. Dansie Search Engine 'search.pl' Cross Site Scripting Vulnerability
14. PHP Running Management 'index.php' Cross Site Scripting Vulnerability
15. GForge Multiple Unspecified SQL Injection Vulnerabilities
16. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
17. minimal Gallery Multiple Information Disclosure Vulnerabilities
18. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
19. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
20. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
21. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
22. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
23. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
24. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability
25. RETIRED: Million Dollar Script 'index.php' Local File Include Vulnerability
26. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
27. IBM Lotus Sametime Client Chat Message Cross-Site Scripting Vulnerability
28. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
29. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
30. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
31. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
32. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
33. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
34. Pixelpost 'index.php' SQL Injection Vulnerability
35. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
36. aliTalk Multiple SQL Injection And Access Validation Vulnerabilties
37. Cisco Unified Communications Manager CTL Provider Heap Buffer Overflow Vulnerability
38. Oracle January 2008 Critical Patch Update Multiple Vulnerabilities
39. 8E6 R3000 Internet Filter URI Security Bypass Vulnerability
40. cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
41. paramiko Random Number Generator Weakness
42. OSC Radiator RADIUS Packet Remote Denial of Service Vulnerability
43. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
44. RTS Sentry Digital Surveillance PTZCamPanel ActiveX Control Buffer Overflow Vulnerability
45. FaName 'page.php' SQL Injection Vulnerability
46. Multiple FaScript Packages 'show.php' SQL Injection Vulnerability
47. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
48. Linux Kernel VFS Unauthorized File Access Vulnerability
49. TIBCO SmartSockets Multiple Pointer Offset Remote Code Execution Vulnerabilities
50. TIBCO SmartSockets Untrusted Pointer Multiple Remote Code Execution Vulnerabilities
51. TIBCO SmartSockets Request Heap Buffer Overflow Vulnerability
52. TIBCO SmartSockets RTServer Multiple Remote Unspecified Loop Bounds Vulnerabilities
53. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
54. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
55. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability
56. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
57. Apple Safari for iPhone and iPod Touch 'Foundation' Unspecified Memory Corruption Vulnerability
58. Apple iPhone Passcode Lock Security Bypass Vulnerability
59. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
60. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
61. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
62. MyBB 'moderation.php' Multiple SQL Injection Vulnerabilities
63. MyBB Multiple Remote PHP Code Execution Vulnerabilities
64. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
65. PHP-Residence 'visualizza_tabelle.php' SQL Injection Vulnerability
66. MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities
67. ngIRCd PART Command Parsing Denial Of Service Vulnerability
68. BLOG:CMS Multiple Input Validation Vulnerabilities
69. MailBee WebMail Pro 'download_view_attachment.aspx' Local File Include Vulnerability
70. ARIA 'effect.php' Local File Include Vulnerability
71. RichStrong CMS 'showproduct.asp' SQL Injection Vulnerability
72. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities
73. Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download Vulnerabilities
74. SpamBam WordPress Plugin Key Calculation Security Bypass Vulnerability
75. Apple Safari Subframe Same Origin Policy Violation Vulnerability
76. Cisco VPN Client for Windows Local Denial of Service Vulnerability
77. Micro News 'admin.php' Authentication Bypass Vulnerability
78. PHP F1 Max's File Uploader 'index.php' Arbitrary File Upload Vulnerability
79. Netchemia oneSCHOOL 'login.asp' SQL Injection Vulnerability
80. Peter's Math Anti-Spam for WordPress Plugin Audio CAPTCHA Security Bypass Vulnerability
81. Article Dashboard 'admin/login.php' Multiple SQL Injection Vulnerabilities
82. Xoops Flashgames Module Game.PHP SQL Injection Vulnerability
83. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
84. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
85. Adobe Flash Player HTTP Response Splitting Vulnerability
86. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
87. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
88. Adobe Flash Player DNS Rebinding Vulnerability
89. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
90. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
91. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
92. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
93. FreeBSD pty Handling Multiple Local Information Disclosure Vulnerabilities
94. FreeBSD 'inet_network()' Off-by-One Buffer Overflow Vulnerability
95. pMachine Pro Multiple Cross-Site Scripting Vulnerabilities
96. RichStrong CMS 'showproduct.asp' SQL Injection Vulnerability
97. Xforum 'liretopic.php' SQL Injection Vulnerability
98. X7 Chat Index.PHP SQL Injection Vulnerability
99. Fortinet Fortigate CRLF Characters URL Filtering Bypass Vulnerability
100. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. Legitimate sites serving up stealthy attacks
2. Malware hitches a ride on digital devices
3. Senate delays vote on spy bill
4. Researchers reverse Netflix anonymization
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Quality Assurance, Alpharetta
2. [SJ-JOB] Security Consultant, Leatherhead
3. [SJ-JOB] Senior Software Engineer, Santa Fe, NM
4. [SJ-JOB] Security Engineer, San Francisco Bay Area
5. [SJ-JOB] Security Researcher, Pune
6. [SJ-JOB] Security Consultant, Leatherhead
7. [SJ-JOB] Security Architect, Cheltenham
8. [SJ-JOB] Sr. Security Engineer, Chantilly
9. [SJ-JOB] Security Consultant, Sydney
10. [SJ-JOB] Developer, Livonia
11. [SJ-JOB] Developer, Columbia
12. [SJ-JOB] Security Engineer, Atlanta
13. [SJ-JOB] Disaster Recovery Coordinator, Aberdeen & Dubai
14. [SJ-JOB] Security Engineer, Melbourne
15. [SJ-JOB] Application Security Engineer, King of Prussia
16. [SJ-JOB] Security Engineer, Bethesda
17. [SJ-JOB] Security Architect, Glendale
18. [SJ-JOB] Account Manager, Reston
19. [SJ-JOB] Disaster Recovery Coordinator, Miami
20. [SJ-JOB] Senior Software Engineer, Foxboro
21. [SJ-JOB] Management, Dubai
22. [SJ-JOB] Security Architect, Reading
23. [SJ-JOB] Sr. Security Engineer, Edison
24. [SJ-JOB] Information Assurance Engineer, Schaumburg
25. [SJ-JOB] Information Assurance Analyst, Chantilly
26. [SJ-JOB] Security Consultant, Cambridgeshire
27. [SJ-JOB] Certification & Accreditation Engineer, Washington, DC
28. [SJ-JOB] Security Researcher, Cupertino
29. [SJ-JOB] Manager, Information Security, Rochelle Park
30. [SJ-JOB] Information Assurance Engineer, Chantilly
31. [SJ-JOB] Security Architect, Leatherhead
32. [SJ-JOB] Forensics Engineer, Cambridgeshire
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SQL scalar function to convert big int to dot notation
2. Country by Country Computer Sets now available for ISA 2004
3. Country by Country ISA Computer Sets
4. At long last - Extra Outlooks!
5. SecurityFocus Microsoft Newsletter #376
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462

2.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.

http://www.securityfocus.com/columnists/461


II. BUGTRAQ SUMMARY
--------------------
1. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

2. Funkwerk X2300 DNS Request Denial Of Service Vulnerability
BugTraq ID: 27314
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27314
Summary:
Funkwerk X2300 is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to reboot affected devices, denying service to legitimate users.

This issue affects Funkwerk X2300 firmware 7.4.1 prior to Patch 9.

3. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
BugTraq ID: 27099
Remote: No
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27099
Summary:
Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

4. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
BugTraq ID: 27139
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27139
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.

NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.

5. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

6. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

7. Sun Java System Access Manager Multiple Vulnerabilities
BugTraq ID: 25842
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/25842
Summary:
Sun Java System Access Manager is prone to multiple remote vulnerabilities that result from configuration errors.

Exploiting these issues can allow remote attackers to gain unauthorized access to the application or execute arbitrary code in the context of the application.

Sun Java System Access Manager 7.1 is affected by these issues.

8. Garment Center 'index.cgi' Local File Include Vulnerability
BugTraq ID: 27273
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27273
Summary:
Garment Center is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

9. DVRHOST PDVRATL.DLL ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 27267
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27267
Summary:
The DVRHOST 'PdvrAtl.PdvrOcx.1' ActiveX control is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects 'PDVRATL.DLL' 1.0.1.25; other versions may also be vulnerable.

10. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
BugTraq ID: 25898
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/25898
Summary:
X.Org X Font Server (XFS) is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue and a heap-based memory-corruption issue.

An attacker could exploit this issue to execute arbitrary code with the privileges of the X Font Server. Failed exploit attempts will likely result in a denial-of-service condition.

NOTE: These issues are exploitable remotely only on Solaris operating systems; by default the server is listening on TCP port 7100. For other UNIX-like operating systems, an attacker can exploit these issues only locally.

These issues affect X Font Server 1.0.4; prior versions may also be affected.

11. Qvod Player 'QvodInsert.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 27271
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27271
Summary:
Qvod Player 'QvodInsert.dll' ActiveX control is prone to is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

The issue affects versions prior to Qvod Player 2.1.5 build 0053.

12. FreeSeat Unspecified Security Bypass Vulnerability
BugTraq ID: 27270
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27270
Summary:
FreeSeat is prone to a security-bypass vulnerability.

A successful attack will allow an attacker to book a seat multiple times.

This issue affects versions prior to FreeSeat 1.1.5d.

13. Dansie Search Engine 'search.pl' Cross Site Scripting Vulnerability
BugTraq ID: 27269
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27269
Summary:
Dansie Search Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Dansie Search Engine 2.7; other versions may also be vulnerable.

14. PHP Running Management 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 27268
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27268
Summary:
PHP Running Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to PHP Running Management 1.0.3.

15. GForge Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 27266
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27266
Summary:
GForge is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

16. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27272
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27272
Summary:
F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

BIG-IP firmware version 9.4.5 is vulnerable; other versions may also be affected.

17. minimal Gallery Multiple Information Disclosure Vulnerabilities
BugTraq ID: 27265
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27265
Summary:
minimal Gallery is prone to multiple local information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input and restrict access to certain scripts.

Exploiting these issues may allow an attacker to view files and to access potentially sensitive information in the context of the webserver. This may aid in further attacks.

These issues affect minimal Gallery 0.8; other versions may also be affected.

18. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25696
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/25696
Summary:
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow.

To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions.

Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data.

A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers.

19. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

20. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
BugTraq ID: 27235
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27235
Summary:
IBM Tivoli Storage Manager Express is prone to a remote heap-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM privileges. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects IBM Tivoli Storage Manager Express 5.3 for Microsoft Windows 2003 server platforms; other versions may also be vulnerable.

21. IceWarp Mail Server 'admin/index.html' Cross-Site Scripting Vulnerability
BugTraq ID: 27189
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27189
Summary:
IceWarp Mail Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects IceWarp Mail Server 9.1.1 for Windows; other versions may also be affected.

22. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
BugTraq ID: 27238
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27238
Summary:
Drupal is prone to multiple remote vulnerabilities, including multiple cross-site scripting issues and a cross-site request-forgery issue.

Attackers can exploit these issues to execute arbitrary script code in the browser of a user in the context of the affected site, steal cookie-based authentication credentials, and perform certain actions using users' active sessions; other attacks are also possible.

These issues affect versions prior to Drupal 4.7.11 and 5.6.

23. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
BugTraq ID: 26943
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/26943
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

24. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability
BugTraq ID: 27225
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27225
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected.

NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X.

25. RETIRED: Million Dollar Script 'index.php' Local File Include Vulnerability
BugTraq ID: 27174
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27174
Summary:
Million Dollar Script is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to retrieve potentially sensitive information in the context of the webserver process.

This issue affects Million Dollar Script 2.0.14; other versions may also be vulnerable.

NOTE: This BID is retired. The vendor states that the reported script is not a part of the application.

26. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
BugTraq ID: 26054
Remote: Yes
Last Updated: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/26054
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.

NOTE: By default the application's 'hpssd' daemon listens only on localhost, but it can be configured (via /etc/hp/hplip.conf) to listen to remote requests as well.

HPLIP versions in the 1.0 and 2.0 series are vulnerable.

27. IBM Lotus Sametime Client Chat Message Cross-Site Scripting Vulnerability
BugTraq ID: 27316
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27316
Summary:
IBM Lotus Sametime Client is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the context of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Lotus Sametime Client 7.5 and 7.5.1.

28. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
BugTraq ID: 27234
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27234
Summary:
Apache 'mod_proxy_ftp' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect versions prior to Apache 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev.

29. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
BugTraq ID: 27100
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27100
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.

30. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

31. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 27163
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27163
Summary:
PostgreSQL is prone to multiple remote vulnerabilities, including:

- Three privilege-escalation vulnerabilities
- Three denial-of-service vulnerabilities

An attacker can exploit these issues to gain complete control of the affected application or to cause a denial-of-service condition.

These issues affect PostgreSQL 8.2, 8.1, 8.0, 7.4, and 7.3; other versions may also be affected.

32. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reports indicate that this issue can also be used to redirect user's browser to arbitrary locations and may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

33. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27172
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27172
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Versions in the OpenPegasus 2.6 series are vulnerable.

34. Pixelpost 'index.php' SQL Injection Vulnerability
BugTraq ID: 27242
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27242
Summary:
Pixelpost is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Pixelpost 1.7 is vulnerable; other versions may also be affected.

35. Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
BugTraq ID: 25653
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/25653
Summary:
Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.

Web pages generated by the affected source code may be prone to a cross-site scripting issue.

Versions prior to Apache 2.2.6 are affected.

NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.

36. aliTalk Multiple SQL Injection And Access Validation Vulnerabilties
BugTraq ID: 27315
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27315
Summary:
aliTalk is prone to multiple SQL-injection vulnerabilities and an access-validation issue because it fails to adequately sanitize user supplied input.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

aliTalk 1.9.1.1 is vulnerable; other versions may also be affected.

37. Cisco Unified Communications Manager CTL Provider Heap Buffer Overflow Vulnerability
BugTraq ID: 27313
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27313
Summary:
Cisco Unified Communications Manager (formerly known as CallManager) Certificate Trust List (CTL) Provider is prone to a heap-based buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions.

This issue affects Unified CallManager version 4.0 and 4.1 prior to 4.1(3)SR5c, and Unified Communications Manager version 4.2 prior to 4.2(3)SR3 and 4.3 prior to 4.3(1)SR1.

38. Oracle January 2008 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 27229
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27229
Summary:
Oracle has released its critical patch update for January 2008. The advisory addresses 26 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Enterprise Manager, and Oracle People Soft Enterprise.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly compromise affected computers.

39. 8E6 R3000 Internet Filter URI Security Bypass Vulnerability
BugTraq ID: 27309
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27309
Summary:
8e6 R3000 Internet Filter is prone to a vulnerability that allows attackers to bypass URI filters.

Attackers can exploit this issue by sending specially crafted HTTP request packets for an arbitrary website. Successful exploits allow attackers to view sites that the device is meant to block access to. This could aid in further attacks.

R3000 Internet Filter 2.0.05.33 is vulnerable; other versions may also be affected.

40. cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
BugTraq ID: 27308
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27308
Summary:
cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects unknown versions of cPanel; we will update this BID when more details become available.

41. paramiko Random Number Generator Weakness
BugTraq ID: 27307
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27307
Summary:
The 'paramiko' module is prone to a random-number-generator weakness; fixes are available.

Remote attackers can exploit this issue to predict random data generated by certain applications that use paramiko for encryption purposes.

Attackers may gain access to sensitive information that may aid in further attacks.

42. OSC Radiator RADIUS Packet Remote Denial of Service Vulnerability
BugTraq ID: 27306
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27306
Summary:
OSC Radiator is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

This issue affects versions prior to Radiator 4.0.

43. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
BugTraq ID: 27299
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27299
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

44. RTS Sentry Digital Surveillance PTZCamPanel ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27304
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27304
Summary:
RTS Sentry Digital Surveillance PTZCamPanel ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects 'CamPanel.dll' 2.1.0.2; other versions may also be vulnerable.

45. FaName 'page.php' SQL Injection Vulnerability
BugTraq ID: 27303
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27303
Summary:
FaName is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

46. Multiple FaScript Packages 'show.php' SQL Injection Vulnerability
BugTraq ID: 27302
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27302
Summary:
Multiple FaScript packages are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects the following:

FaMp3 1
FaPersian Petition
FaPersianHack 1

47. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 27305
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27305
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Reportedly, the issue affects the following versions:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac.

The following versions are not affected:

Microsoft Office Excel 2007
Microsoft Office Excel 2007 Service Pack 1
Microsoft Excel 2008 for Mac
Microsoft Office Excel 2003 Service Pack 3.

Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.

48. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

49. TIBCO SmartSockets Multiple Pointer Offset Remote Code Execution Vulnerabilities
BugTraq ID: 27295
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27295
Summary:
TIBCO SmartSockets is prone to multiple remote code-execution vulnerabilities because user-supplied input is used to change valid pointer values.

Attackers can leverage these issues to execute arbitrary code with the privileges of the application. If the application is installed as a system service on Windows platforms, then the code will execute with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

SmartSockets 6.8.0 is vulnerable; other versions may also be affected.

The following components are affected:

TIBCO RTworks Server (rtserver)
TIBCO RTworks Data Archive Process (rtarchive)
TIBCO RTworks Data Playback Process (rtplayback)
TIBCO RTworks Data Acquisition Process (rtdaq)
TIBCO RTworks Human Computer Interface (rthci)
TIBCO RTworks Inference Engine (rtie)
TIBCO RTworks libraries (rtipc, rtutil)

50. TIBCO SmartSockets Untrusted Pointer Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27292
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27292
Summary:
TIBCO SmartSockets is prone to multiple remote code-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges, facilitating in the complete compromise of affected computers. Failed exploit attempts will likely crash the affected application.

The following components are affected:

TIBCO RTworks Server (rtserver)
TIBCO RTworks Data Archive Process (rtarchive)
TIBCO RTworks Data Playback Process (rtplayback)
TIBCO RTworks Data Acquisi- TIon Process (rtdaq)
TIBCO RTworks Human Computer Interface (rthci)
TIBCO RTworks Inference Engine (r- TIe)
TIBCO RTworks libraries (r- TIpc, rtu- TIl)

51. TIBCO SmartSockets Request Heap Buffer Overflow Vulnerability
BugTraq ID: 27294
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27294
Summary:
TIBCO SmartSockets is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the affected application, denying service to legitimate users.

The following components are affected:

TIBCO RTworks Server (rtserver)
TIBCO RTworks Data Archive Process (rtarchive)
TIBCO RTworks Data Playback Process (rtplayback)
TIBCO RTworks Data Acquisi- TIon Process (rtdaq)
TIBCO RTworks Human Computer Interface (rthci)
TIBCO RTworks Inference Engine (r- TIe)
TIBCO RTworks libraries (r- TIpc, rtu- TIl)

52. TIBCO SmartSockets RTServer Multiple Remote Unspecified Loop Bounds Vulnerabilities
BugTraq ID: 27293
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27293
Summary:
SmartSockets RTServer is prone to multiple unspecified remote code-execution vulnerabilities because it fails to adequately validate user-supplied input used to determine loop bounds.

Successfully exploiting these issues may allow attackers to execute code with SYSTEM privileges, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.

These issues affect SmartSockets 6.8.0; other versions may also be affected.

53. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.9 and prior versions.

54. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
BugTraq ID: 27248
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27248
Summary:
The libxml2 library is prone to a denial-of-service vulnerability because of an infinite-loop flaw.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.

Versions prior to libxml2 2.6.31 are affected by this issue.

55. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 26897
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/26897
Summary:
BalaBit IT Security 'syslog-ng' is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to syslog-ng and syslog-ng-premium-edition 2.0.6 and 2.1.8.

56. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
BugTraq ID: 26650
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/26650
Summary:
Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.

57. Apple Safari for iPhone and iPod Touch 'Foundation' Unspecified Memory Corruption Vulnerability
BugTraq ID: 27296
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27296
Summary:
Apple Safari for iPhone and iPod Touch is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.

An attacker may exploit this issue by enticing victims into viewing a maliciously crafted URI.

Successfully exploiting this issue can allow attackers to crash the application or to execute arbitrary code in the context of the affected application.

This issue affects iPhone v1.0 to v1.1.2 and iPod Touch v1.1 to v1.1.2.

58. Apple iPhone Passcode Lock Security Bypass Vulnerability
BugTraq ID: 27297
Remote: No
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27297
Summary:
Apple iPhone is prone to a security-bypass vulnerability affecting the Passcode Lock feature.

Attackers with physical access to the device can exploit this issue to gain unauthorized access to applications. This may aid in further attacks.

Versions prior to iPhone 1.1.3 are vulnerable.

59. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
BugTraq ID: 27301
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27301
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

60. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
BugTraq ID: 27298
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27298
Summary:
Apple QuickTime is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

This issue affects versions prior to QuickTime 7.4 running on the following operating systems:

Mac OS X 10.3.9
Mac OS X 10.4.9 or later
Mac OS X 10.5 or later
Microsoft Windows XP
Microsoft Windows Vista

61. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
BugTraq ID: 27300
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27300
Summary:
Apple QuickTime is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

62. MyBB 'moderation.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 27323
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27323
Summary:
MyBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to MyBB 1.2.11 are vulnerable.

63. MyBB Multiple Remote PHP Code Execution Vulnerabilities
BugTraq ID: 27322
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27322
Summary:
MyBB is prone to multiple remote PHP code-execution vulnerabilities.

An attacker can exploit these issues to facilitate a compromise of the application and the underlying system; other attacks are also possible.

MyBB 1.2.10 is vulnerable to this issue; prior versions may also be affected.

64. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
BugTraq ID: 27321
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27321
Summary:
BitTorrent and uTorrent are to a remote denial-of-service vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects the following versions of the affected applications:

- BitTorrent versions prior to 6.0
- uTorrent versions prior to 1.7.5
- uTorrent versions prior to 1.8-alpha-7834

65. PHP-Residence 'visualizza_tabelle.php' SQL Injection Vulnerability
BugTraq ID: 27320
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27320
Summary:
PHP-Residence is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP-Residence 0.7.2 is vulnerable; other versions may also be affected.

66. MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities
BugTraq ID: 27319
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27319
Summary:
MiniWeb is prone to a directory-traversal vulnerability and a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to gain access to files outside the webroot, execute arbitrary code within the context of the affected application or crash the application.

This issue affects MiniWeb 0.8.19; other versions may also be affected.

67. ngIRCd PART Command Parsing Denial Of Service Vulnerability
BugTraq ID: 27318
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27318
Summary:
ngIRCd is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to deny service to legitimate users.

Versions prior to ngIRCd 0.10.4 and 0.11.0-pre2 are vulnerable.

68. BLOG:CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 27317
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27317
Summary:
BLOG:CMS is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BLOG:CMS version 4.2.1.b is vulnerable to these issues; prior versions may also be affected.

69. MailBee WebMail Pro 'download_view_attachment.aspx' Local File Include Vulnerability
BugTraq ID: 27312
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27312
Summary:
MailBee WebMail Pro is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

This issue affects unknown versions of the application; this BID may be updated when more details become available.

70. ARIA 'effect.php' Local File Include Vulnerability
BugTraq ID: 27311
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27311
Summary:
ARIA is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

ARIA 0.99-6 is vulnerable to this issue; other versions may also be affected.

71. RichStrong CMS 'showproduct.asp' SQL Injection Vulnerability
BugTraq ID: 27310
Remote: Yes
Last Updated: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27310
Summary:
RichStrong CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

72. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27290
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27290
Summary:
LulieBlog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

These issues affect LulieBlog 1.0.1; other versions may also be affected.

NOTE: To exploit these issues, the attacker may require administrative access.

73. Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download Vulnerabilities
BugTraq ID: 27279
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27279
Summary:
Macrovision FLEXnet Connect ActiveX controls are prone to multiple vulnerabilities that attackers can exploit to download arbitrary files to affected computers.

74. SpamBam WordPress Plugin Key Calculation Security Bypass Vulnerability
BugTraq ID: 27291
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27291
Summary:
SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys.

Attackers can exploit this issue to submit arbitrary form data via automated scripts and distribute spam.

75. Apple Safari Subframe Same Origin Policy Violation Vulnerability
BugTraq ID: 26911
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26911
Summary:
Apple Safari is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for subframe access.

An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.

Safari 3 for both Microsoft Windows and Apple Mac OS X platforms is vulnerable to this issue.

76. Cisco VPN Client for Windows Local Denial of Service Vulnerability
BugTraq ID: 27289
Remote: No
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27289
Summary:
Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs.

Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users.

This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected.

77. Micro News 'admin.php' Authentication Bypass Vulnerability
BugTraq ID: 27288
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27288
Summary:
Micro News is prone to an authentication-bypass vulnerability because it fails to verify access to administrative segments of the application.

An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.

78. PHP F1 Max's File Uploader 'index.php' Arbitrary File Upload Vulnerability
BugTraq ID: 27285
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27285
Summary:
Max's File Uploader is prone to an arbitrary file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to upload arbitrary files and execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

79. Netchemia oneSCHOOL 'login.asp' SQL Injection Vulnerability
BugTraq ID: 27085
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27085
Summary:
Netchemia oneSCHOOL is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

80. Peter's Math Anti-Spam for WordPress Plugin Audio CAPTCHA Security Bypass Vulnerability
BugTraq ID: 27287
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27287
Summary:
Peter's Math Anti-Spam for WordPress is prone to a security-bypass vulnerability.

This issue occurs when presenting a visitor with challenge data to determine if they are a legitimate user or an automaton. The challenge data is poorly obfuscated and can be interpreted by script code.

Attackers can leverage this issue to bypass the security measures provided by the plugin via an automated script. This could aid in spam distribution and other attacks.

Peter's Math Anti-Spam for WordPress 0.1.6 is vulnerable; other versions may also be affected.

81. Article Dashboard 'admin/login.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 27286
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27286
Summary:
Article Dashboard is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

82. Xoops Flashgames Module Game.PHP SQL Injection Vulnerability
BugTraq ID: 23820
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/23820
Summary:
The XOOPS Flashgames module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects Flashgames 1.0.1; other versions may also be affected.

83. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27188
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27188
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Versions in the OpenPegasus 2.6 series are vulnerable.

84. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
BugTraq ID: 27236
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27236
Summary:
The Apache 'mod_proxy_balancer' module is prone to multiple vulnerabilities, including denial-of-service, memory-corruption, cross-site scripting, HTML-injection, and cross-site request-forgery issues.

Attackers can exploit these issues to inject arbitrary script code into vulnerable sections of the application, execute this script code in the browser of a user in the context of the affected site, and perform certain actions using the user's active session. Attackers can exploit the denial-of-service issue to deny further service to legitimate users. Exploiting the memory-corruption vulnerability is likely to cause a crash and could allow arbitrary code to run, but this has not been confirmed.

The issues affect Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0; other versions may also be vulnerable.

85. Adobe Flash Player HTTP Response Splitting Vulnerability
BugTraq ID: 26969
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.

A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

86. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
BugTraq ID: 26965
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.

Very few technical details are currently available. We will update this BID as more information emerges.

NOTE: This issue occurs only when the application is running on a Linux operating system.

Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.

This issue was previously covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

87. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.

88. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.

Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

89. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

90. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26951
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.

NOTE: This issue was originally covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

91. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

92. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.

An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned to this BID because of new technical details.

93. FreeBSD pty Handling Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 27284
Remote: No
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27284
Summary:
FreeBSD is prone to multiple local information-disclosure vulnerabilities due to errors in the pty-handling mechanisms.

Local attackers may exploit these issues to capture text from other users' terminals and gain access to potentially sensitive information.

The issues affect FreeBSD 5.0 and higher versions.

94. FreeBSD 'inet_network()' Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 27283
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27283
Summary:
FreeBSD is prone to an off-by-one buffer-overflow vulnerability because the 'inet_network()' libc library function fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

95. pMachine Pro Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27282
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27282
Summary:
pMachine Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The issues affect pMachine Pro 2.4.1; other versions may also be vulnerable.

NOTE: pMachine Pro has been replaced by ExpressionEngine. The vendor recommends upgrading.

96. RichStrong CMS 'showproduct.asp' SQL Injection Vulnerability
BugTraq ID: 27281
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27281
Summary:
RichStrong CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

97. Xforum 'liretopic.php' SQL Injection Vulnerability
BugTraq ID: 27278
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27278
Summary:
Xforum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Xforum 1.4; other versions may also be vulnerable.

98. X7 Chat Index.PHP SQL Injection Vulnerability
BugTraq ID: 27277
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27277
Summary:
X7 Chat is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

X7 Chat 2.0.5 is vulnerable; other versions may also be affected.

99. Fortinet Fortigate CRLF Characters URL Filtering Bypass Vulnerability
BugTraq ID: 27276
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27276
Summary:
Fortinet Fortigate is prone to a vulnerability that can allow attackers to bypass the device's URL filtering.

An attacker can exploit this issue to view unauthorized websites, bypassing certain security restrictions. This may lead to other attacks.

This issue affects Fortigate-1000 3.00; other versions may also be affected.

NOTE: This issue may be related to the vulnerability described in BID 16599 (Fortinet Fortigate URL Filtering Bypass Vulnerability).

100. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
BugTraq ID: 27275
Remote: Yes
Last Updated: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27275
Summary:
BugTracker.NET is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

These issues affect versions prior to BugTracker.NET 2.7.2.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Legitimate sites serving up stealthy attacks
By: Robert Lemos
The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time.
http://www.securityfocus.com/news/11501

2. Malware hitches a ride on digital devices
By: Robert Lemos
Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common.
http://www.securityfocus.com/news/11499

3. Senate delays vote on spy bill
By: Robert Lemos
A bill that would modernize the United States' legal framework for eavesdropping and grant telecommunications companies retroactive immunity for wiretapping customers will have to wait until January.
http://www.securityfocus.com/news/11498

4. Researchers reverse Netflix anonymization
By: Robert Lemos
Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information.
http://www.securityfocus.com/news/11497

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Quality Assurance, Alpharetta
http://www.securityfocus.com/archive/77/486146

2. [SJ-JOB] Security Consultant, Leatherhead
http://www.securityfocus.com/archive/77/486150

3. [SJ-JOB] Senior Software Engineer, Santa Fe, NM
http://www.securityfocus.com/archive/77/486151

4. [SJ-JOB] Security Engineer, San Francisco Bay Area
http://www.securityfocus.com/archive/77/486152

5. [SJ-JOB] Security Researcher, Pune
http://www.securityfocus.com/archive/77/486155

6. [SJ-JOB] Security Consultant, Leatherhead
http://www.securityfocus.com/archive/77/486156

7. [SJ-JOB] Security Architect, Cheltenham
http://www.securityfocus.com/archive/77/486138

8. [SJ-JOB] Sr. Security Engineer, Chantilly
http://www.securityfocus.com/archive/77/486153

9. [SJ-JOB] Security Consultant, Sydney
http://www.securityfocus.com/archive/77/486154

10. [SJ-JOB] Developer, Livonia
http://www.securityfocus.com/archive/77/486139

11. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/486140

12. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/486141

13. [SJ-JOB] Disaster Recovery Coordinator, Aberdeen & Dubai
http://www.securityfocus.com/archive/77/486144

14. [SJ-JOB] Security Engineer, Melbourne
http://www.securityfocus.com/archive/77/486145

15. [SJ-JOB] Application Security Engineer, King of Prussia
http://www.securityfocus.com/archive/77/486132

16. [SJ-JOB] Security Engineer, Bethesda
http://www.securityfocus.com/archive/77/486133

17. [SJ-JOB] Security Architect, Glendale
http://www.securityfocus.com/archive/77/486135

18. [SJ-JOB] Account Manager, Reston
http://www.securityfocus.com/archive/77/486136

19. [SJ-JOB] Disaster Recovery Coordinator, Miami
http://www.securityfocus.com/archive/77/486137

20. [SJ-JOB] Senior Software Engineer, Foxboro
http://www.securityfocus.com/archive/77/486142

21. [SJ-JOB] Management, Dubai
http://www.securityfocus.com/archive/77/486116

22. [SJ-JOB] Security Architect, Reading
http://www.securityfocus.com/archive/77/486134

23. [SJ-JOB] Sr. Security Engineer, Edison
http://www.securityfocus.com/archive/77/486143

24. [SJ-JOB] Information Assurance Engineer, Schaumburg
http://www.securityfocus.com/archive/77/486107

25. [SJ-JOB] Information Assurance Analyst, Chantilly
http://www.securityfocus.com/archive/77/486117

26. [SJ-JOB] Security Consultant, Cambridgeshire
http://www.securityfocus.com/archive/77/486120

27. [SJ-JOB] Certification & Accreditation Engineer, Washington, DC
http://www.securityfocus.com/archive/77/486124

28. [SJ-JOB] Security Researcher, Cupertino
http://www.securityfocus.com/archive/77/486127

29. [SJ-JOB] Manager, Information Security, Rochelle Park
http://www.securityfocus.com/archive/77/486100

30. [SJ-JOB] Information Assurance Engineer, Chantilly
http://www.securityfocus.com/archive/77/486101

31. [SJ-JOB] Security Architect, Leatherhead
http://www.securityfocus.com/archive/77/486102

32. [SJ-JOB] Forensics Engineer, Cambridgeshire
http://www.securityfocus.com/archive/77/486103

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SQL scalar function to convert big int to dot notation
http://www.securityfocus.com/archive/88/486430

2. Country by Country Computer Sets now available for ISA 2004
http://www.securityfocus.com/archive/88/486429

3. Country by Country ISA Computer Sets
http://www.securityfocus.com/archive/88/486307

4. At long last - Extra Outlooks!
http://www.securityfocus.com/archive/88/486181

5. SecurityFocus Microsoft Newsletter #376
http://www.securityfocus.com/archive/88/486115

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive