SecurityFocus Newsletter #442
----------------------------------------
This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East, 12th-14th May, Bahrain, Ritz-Carlton
Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather together for the MIS training.s CISO Executive Summit Middle East, Sheraton Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international speaker line up will provide a broad perspective on the security threats faced today and in the future. Take away actionable strategies that will enable you to limit the risk within your organisation. International case studies from the industries leading associations and organisations will provide you with the knowledge to identify the warning signs of key threats to your company.
Register now at www.mistieruope.com/CISOME
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. The Laws of Full Disclosure
2. Tweaking Social Security to Combat Fraud
II. BUGTRAQ SUMMARY
1. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
2. Double-Take Denial of Service and Information Disclosure Vulnerabilities
3. phpProfiles 'body_comm.inc.php' Remote File Include Vulnerability
4. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
5. CruxCMS 'search.php' Cross-Site Scripting Vulnerability
6. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
7. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability
8. PADL 'nss_ldap' Race Condition Security Vulnerability
9. Mozilla Firefox Domain Extensions Insecure Cookie Access Vulnerability
10. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
11. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
12. Joomla!, Mambo and PHP-Nuke Quran Component SQL Injection Vulnerability
13. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
14. ImageMagick ReadDIBImage Integer Overflow Vulnerability
15. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
16. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
17. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
18. Wireshark 0.99.6 Multiple Remote Vulnerabilities
19. Wireshark 0.99.6 Multiple Denial of Service Vulnerabilities
20. Multiple Horde Products Security Bypass Vulnerability
21. BestWebApp Dating Site Multiple Input Validation Vulnerabilities
22. PCRE Character Class Buffer Overflow Vulnerability
23. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
24. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
26. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
27. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
28. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities
29. QEMU Translation Block Local Denial of Service Vulnerability
30. QEMU Multiple Local Vulnerabilities
31. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability
32. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
33. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
34. Nukedit 'email' Parameter SQL Injection Vulnerability
35. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability
36. ZyXEL Gateway Products Multiple Vulnerabilities
37. Novell Client 'nwspool.dll' EnumPrinters RPC Request Buffer Overflow Vulnerability
38. Ghostscript Unspecified Buffer Overflow Vulnerability
39. InterVideo WinDVD Media Center Remote Denial of Service Vulnerabilities
40. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
41. Spyce Sample Scripts Multiple Input Validation Vulnerabilities
42. CUPS Multiple Remote Denial of Service Vulnerabilities
43. Asterisk Multiple Remote Denial of Service Vulnerabilities
44. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
45. Softbiz Jokes and Funny Pictures Script 'sbcat_id' Parameter SQL Injection Vulnerability
46. Xpdf Multiple Remote Stream.CC Vulnerabilities
47. Aeries Browser Interface 'LostPwd.asp' SQL Injection Vulnerability
48. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
49. Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability
50. Move Media Player Quantum Streaming 'qsp2ie07074039.dl ActiveX Control Buffer Overflow Vulnerability
51. DrBenHur.com DBHcms 'mod.extmanager.php' Remote File Include Vulnerability
52. SurgeFTP 'Content-Length' Parameter NULL Pointer Denial Of Service Vulnerability
53. SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability
54. SurgeMail and WebMail 'Page' Command Remote Format String Vulnerability
55. PORAR Webboard 'question.asp' SQL Injection Vulnerability
56. Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability
57. phpRaider Resistance Field HTML Injection Vulnerability
58. H-Sphere SiteStudio Unspecified Vulnerability
59. WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
60. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
61. Galore Simple Shop 'section' Parameter SQL Injection Vulnerability
62. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
63. Matt's Whois 'mwhois.php' Cross-Site Scripting Vulnerability
64. wyrd Insecure Temporary File Creation Vulnerability
65. PHP-Nuke Kose_Yazilari Module 'artid' Parameter Multiple SQL Injection Vulnerabilities
66. XOOPS XM-Memberstats Module 'letter' and 'sortby' Parameters Multiple SQL Injection Vulnerabilities
67. PHP-Nuke Sell Module 'cid' Parameter SQL Injection Vulnerability
68. Joomla! and Mambo 'com_wines' Component 'id' Parameter SQL Injection Vulnerability
69. Joomla! and Mambo 'com_inter' Component 'id' Parameter SQL Injection Vulnerability
70. Gary's Cookbook 'id' Parameter SQL Injection Vulnerability
71. Joomla! and Mambo 'com_blog' Component 'pid' Parameter SQL Injection Vulnerability
72. Multiple Vendor PEAP Certificate Verification Security Bypass Vulnerability
73. Linux Kernel Prior to 2.6.24.1 'copy_from_user_mmap_sem()' Memory Access Vulnerability
74. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
75. Pagetool Index.PHP SQL Injection Vulnerability
76. F5 BIG-IP Application Security Manager 'report_type' Cross-Site Scripting Vulnerability
77. Symark PowerBroker Client Multiple Local Buffer Overflow Vulnerabilities
78. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
79. Microsoft Word Unspecified Remote Code Execution Vulnerability
80. Various IP Security Camera ActiveX Controls 'url' Attribute Buffer Overflow Vulnerability
81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
82. Nortel UNIStim IP Phone Remote Ping Denial of Service Vulnerability
83. S9Y Serendipity 'Real Name' Field HTML Injection Vulnerability
84. KVM Block Device Backend Local Security Bypass Vulnerability
85. MiniNuke 'members.asp' SQL Injection Vulnerability
86. Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL Injection Vulnerability
87. Sun Solaris Internet Protocol 'ip(7P)' Security Bypass and Denial Of Service Vulnerability
88. TikiWiki 'tiki-edit_article.php' Cross-Site Scripting Vulnerability
89. Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
90. OpenBSD IPv6 Routing Headers Remote Denial of Service Vulnerability
91. Portail Web Php Multiple Remote And Local File Include Vulnerabilities
92. LWS php User Base 'unverified.inc.php' Local File Include Vulnerability
93. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
94. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
95. PHPEcho CMS 'Smarty.class.php' Remote File Include Vulnerability
96. auraCMS 'lihatberita' Module 'id' Parameter SQL Injection Vulnerability
97. Joomla! and Mambo 'com_hello_world' Component 'id' Parameter SQL Injection Vulnerability
98. PHP-Nuke Gallery Module 'aid' Parameter SQL Injection Vulnerability
99. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
100. PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Worries over "good worms" rise again
2. Federal agencies miss deadline on secure configs
3. Universities fend off phishing attacks
4. Antivirus firms, test labs to form standards group
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Technical Support Engineer, San Mateo
2. [SJ-JOB] Disaster Recovery Coordinator, Kansas City
3. [SJ-JOB] Penetration Engineer, Redmond
4. [SJ-JOB] Security Consultant, New York
5. [SJ-JOB] Sales Engineer, San Jose
6. [SJ-JOB] Customer Support, South Plainfield
7. [SJ-JOB] Security Consultant, Copenhagen
8. [SJ-JOB] Sales Engineer, Reston
9. [SJ-JOB] Sales Engineer, Alpharetta
10. [SJ-JOB] Customer Support, South Plainfield
11. [SJ-JOB] Sales Engineer, Reston
12. [SJ-JOB] Software Engineer, Alpharetta
13. [SJ-JOB] Sales Engineer, San Jose
14. [SJ-JOB] Sales Engineer, Philadelphia
15. [SJ-JOB] Customer Support, South Plainfield
16. [SJ-JOB] Security Engineer, Canberra
17. [SJ-JOB] Sales Engineer, Canberra
18. [SJ-JOB] Sales Engineer, Ottawa
19. [SJ-JOB] Security Researcher, South Plainfield
20. [SJ-JOB] Certification & Accreditation Engineer, Arlinton
21. [SJ-JOB] Information Assurance Analyst, Herndon
22. [SJ-JOB] Security Architect, South Plainfield
23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
24. [SJ-JOB] Sr. Security Engineer, South Plainfield
25. [SJ-JOB] Sr. Security Analyst, Arlington
26. [SJ-JOB] Sr. Security Engineer, South Plainfield
27. [SJ-JOB] Senior Software Engineer, South Plainfield
28. [SJ-JOB] Security Consultant, Copenhagen
29. [SJ-JOB] Sr. Security Engineer, South Plainfield
30. [SJ-JOB] Sales Engineer, Deerfield Beach
31. [SJ-JOB] Sr. Security Engineer, South Plainfield
32. [SJ-JOB] Security Consultant, Boston
33. [SJ-JOB] Sr. Security Engineer, South Plainfield
34. [SJ-JOB] Application Security Architect, South Plainfield
35. [SJ-JOB] Security Consultant, Dallas
36. [SJ-JOB] Principal Software Engineer, Deerfield Beach
37. [SJ-JOB] Security Architect, LONDON
38. [SJ-JOB] Sales Engineer, Dallas
39. [SJ-JOB] Sales Engineer, Chicago
40. [SJ-JOB] Security Engineer, Chicago
41. [SJ-JOB] Management, Pentagon City
42. [SJ-JOB] Jr. Security Analyst, Washington, DC
43. [SJ-JOB] Manager, Information Security, Chicago
44. [SJ-JOB] Management, Reston
45. [SJ-JOB] Security Engineer, Reston
46. [SJ-JOB] Director, Computer Security, New Jersey
47. [SJ-JOB] Management, San Mateo
48. [SJ-JOB] Training / Awareness Specialist, San Mateo
49. [SJ-JOB] Security Engineer, New Jersey
50. [SJ-JOB] Security Engineer, Arlington
51. [SJ-JOB] Management, Alpharetta
52. [SJ-JOB] Security Consultant, Los Angeles
53. [SJ-JOB] Sales Engineer, New York
54. [SJ-JOB] Auditor, Columbia
55. [SJ-JOB] Application Security Engineer, Ottawa
56. [SJ-JOB] Sales Representative, Boston
57. [SJ-JOB] Software Engineer, Palm Beach Gardens
58. [SJ-JOB] Sales Representative, Atlanta
59. [SJ-JOB] Database Security Architect, Houston
60. [SJ-JOB] Technology Risk Consultant, Various
61. [SJ-JOB] Information Assurance Analyst, London
62. [SJ-JOB] Sales Representative, Chicago
63. [SJ-JOB] Security Consultant, Thousand Oaks
64. [SJ-JOB] Security Engineer, Huntsville
65. [SJ-JOB] Forensics Engineer, Various
66. [SJ-JOB] Application Security Engineer, Dover
67. [SJ-JOB] Security Consultant, Various
68. [SJ-JOB] Security Engineer, Arlington
69. [SJ-JOB] Penetration Engineer, Dallas
70. [SJ-JOB] Threat Analyst, Huntsville
71. [SJ-JOB] Sr. Security Engineer, Stamford
72. [SJ-JOB] Sr. Security Engineer, Washington, DC Metro Area
73. [SJ-JOB] Chief Scientist, Huntsville
74. [SJ-JOB] Chief Scientist, Huntsville
75. [SJ-JOB] Security Engineer, Huntsville
76. [SJ-JOB] Security Engineer, Kansas City
77. [SJ-JOB] Security Engineer, San Francisco
78. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
79. [SJ-JOB] Security Consultant, Thousand Oaks
80. [SJ-JOB] Security Engineer, Seattle
81. [SJ-JOB] Sr. Security Engineer, Austin/Richardson
82. [SJ-JOB] Security Consultant, Thousand Oaks
83. [SJ-JOB] Security Engineer, Arlington
84. [SJ-JOB] Information Assurance Engineer, Annapolis Junction
85. [SJ-JOB] Senior Software Engineer, St. Paul
86. [SJ-JOB] Management, Phoenix
87. [SJ-JOB] Management, New York
88. [SJ-JOB] CISO, London
89. [SJ-JOB] Application Security Architect, Washington
90. [SJ-JOB] Software Engineer, Columbia
V. INCIDENTS LIST SUMMARY
1. CanSecWest 2008 Mar 26-28
2. Possible Mail server compromise ?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. GNU objdump 2.15 [FreeBSD] 2004-05-23 shows: ... "BFD: Please report this bug." While analyzing crafted ELF.
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2008 Mar 26-28
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.The Laws of Full Disclosure
By Federico Biancuzzi
Full disclosure has a long tradition in the security community worldwide, yet different European countries have different views on the legality of vulnerability research. SecurityFocus contributor Federico Biancuzzi investigates the subject of full disclosure and the law by interviewing lawyers from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece, Hungary, Ireland, Italy, Poland, Romania, and the UK.
http://www.securityfocus.com/columnists/466
2. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing.
http://www.securityfocus.com/columnists/465
II. BUGTRAQ SUMMARY
--------------------
1. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
BugTraq ID: 27913
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27913
Summary:
Symantec Decomposer is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363.and prior
2. Double-Take Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 27951
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27951
Summary:
Double-Take is prone to multiple remote multiple denial-of-service and information-disclosure vulnerabilities.
An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users.
These issues affect Double-Take 5.0.0.2865 and 4.5; other versions may also be affected.
3. phpProfiles 'body_comm.inc.php' Remote File Include Vulnerability
BugTraq ID: 27952
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27952
Summary:
phpProfiles is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
phpProfiles 4.5.2 is vulnerable; other versions may also be affected.
4. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
BugTraq ID: 10632
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/10632
Summary:
The OpenPROM Linux kernel driver contains multiple integer-overflow vulnerabilities.
Two vulnerabilities reside in the OpenPROM driver; both involve overflowing an integer value. These values are used to allocate kernel memory and then to copy data into the kernel. Attackers could exploit this to overwrite large amounts of kernel memory.
Exploits could crash the system or possibly execute code in the context of the kernel.
NOTE: Some versions of the Linux kernel are vulnerable to both overflows; other versions are prone to only one. Kernel version 2.6.6 does not appear to be vulnerable.
5. CruxCMS 'search.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27588
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27588
Summary:
CruxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
CruxCMS 3.0 is vulnerable; other versions may also be affected.
6. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
BugTraq ID: 27907
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27907
Summary:
hwdVideoShare is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
7. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability
BugTraq ID: 27944
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27944
Summary:
Multiple VMware products are prone to a directory-traversal vulnerability that affects shared folders.
Attackers who can access a guest operating system can exploit this issue to gain full read and write access to the filesystem of the host operating system. Successful attacks could compromise the affected host OS. Other attacks are possible.
NOTE: This vulnerability occurs only on Windows hosts when 'Shared Folders' is enabled and when a shared folder exists.
The issue affects the following:
VMware Workstation 6.0.2, 5.5.4, and earlier
VMware Player 2.0.2, 1.0.4, and earlier
VMware ACE 2.0.2, 1.0.2, and earlier.
NOTE: This issue occurs because of a fix that was introduced to address a similar issue (CVE-2007-1744) that is documented in BID 23721 (VMware Workstation Shared Folders Directory Traversal Vulnerability).
8. PADL 'nss_ldap' Race Condition Security Vulnerability
BugTraq ID: 26452
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26452
Summary:
PADL 'nss_ldap' is prone to a race-condition security vulnerability; fixes are available.
An attacker may exploit this condition to obtain potentially sensitive data or to launch other attacks against an application that employs the vulnerable function.
The issue affects versions prior to PADL 'nss_ldap' Build 259.
9. Mozilla Firefox Domain Extensions Insecure Cookie Access Vulnerability
BugTraq ID: 27950
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27950
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to set cookies for certain domain extensions.
The browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks.
Mozilla Firefox 2.x is vulnerable; other versions may also be affected.
10. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.
An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.
Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.
11. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
BugTraq ID: 27751
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27751
Summary:
ClamAV is prone to a heap-corruption vulnerability and an integer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Failed exploit attempts likely result in application crashes.
Versions prior to ClamAV 0.92.1 are affected by these issues.
12. Joomla!, Mambo and PHP-Nuke Quran Component SQL Injection Vulnerability
BugTraq ID: 27842
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27842
Summary:
The 'Quran' component for Joomla!, Mambo, and PHP-Nuke is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects Quran 1.1 and prior versions.
13. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25766
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25766
Summary:
ImageMagick is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application.
Versions prior to ImageMagick 6.3.5-9 are vulnerable.
14. ImageMagick ReadDIBImage Integer Overflow Vulnerability
BugTraq ID: 25765
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25765
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to ImageMagick 6.3.5-9 are vulnerable to this issue.
15. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 25764
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25764
Summary:
ImageMagick is prone to multiple remote denial-of-service vulnerabilities.
An attacker could exploit these issues by enticing an unsuspecting victim to open a malicious image file.
Successfully exploiting these issues will allow the attacker to consume excessive amounts of CPU resources on affected computers, denying service to legitimate users.
These issues affect ImageMagick 6.3.4; prior versions are also affected.
16. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25763
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25763
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
These issues affect versions prior to ImageMagick 6.3.5-9.
17. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
BugTraq ID: 27893
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27893
Summary:
BEA has released 17 advisories identifying various vulnerabilities affecting WebLogic Server, WebLogic Portal, WebLogic Workshop, AquaLogic Interaction, BEA Plumtree Foundation, AquaLogic Collaboration, and BEA Plumtree Collaboration. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.
18. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
Versions prior to Wireshark 0.99.7 are affected.
19. Wireshark 0.99.6 Multiple Denial of Service Vulnerabilities
BugTraq ID: 27071
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27071
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
Versions prior to Wireshark 0.99.7 are affected.
20. Multiple Horde Products Security Bypass Vulnerability
BugTraq ID: 27844
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27844
Summary:
Horde products are prone to a security-bypass vulnerability.
Attackers can use this issue to bypass certain security restrictions and edit arbitrary contacts in shared and personal address books. This may aid in further attacks.
This issue affects Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4, and Turba Contact Manager 2.1.6; other versions may also be vulnerable.
21. BestWebApp Dating Site Multiple Input Validation Vulnerabilities
BugTraq ID: 21158
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/21158
Summary:
BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input.
An attacker could exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
22. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of an application using the library. Failed exploit attempts will likely cause denial-of-service conditions.
The issue affects versions prior to PCRE 7.6.
23. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
24. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
BugTraq ID: 25807
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.
Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.
25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.
Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.
This issue affects the Linux kernel 2.6 series.
26. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to 2.4.33.5 are vulnerable to this issue.
27. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
BugTraq ID: 27911
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27911
Summary:
Symantec Decomposer is prone to a denial-of-service vulnerability because it fails to adequately parse certain user-supplied input.
Attackers can exploit this issue to exhaust memory resources and cause denial-of-service conditions.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to 3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as 5.0.4.363.and prior
28. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities
BugTraq ID: 27683
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27683
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.11 and prior versions.
Exploiting these issues can allow attackers to:
- remotely execute arbitrary code
- cause denial-of-service conditions
- hide contents of security warnings
- access sensitive information
- escape sandbox and execute scripts with chrome privileges
- inject script code into other sites and violate the same-origin policy
Other attacks are possible.
These issues are present in Firefox 2.0.0.11 and prior versions. Mozilla Thunderbird 2.0.0.9 and prior versions as well as SeaMonkey 1.1.7 and prior versions are also affected by many of these vulnerabilities.
29. QEMU Translation Block Local Denial of Service Vulnerability
BugTraq ID: 26666
Remote: No
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/26666
Summary:
QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
QEMU 0.9.0 is vulnerable; other versions may also be affected.
30. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.
Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.
31. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability
BugTraq ID: 27406
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27406
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript, images and stylesheets files.
Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.
Firefox 2.0.0.11 is vulnerable; other versions may also be affected.
NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file. The attacker would have to target a specific addon that uses "flat" packaging.
32. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 27441
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27441
Summary:
MPlayer is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
MPlayer 1.0 rc2 is vulnerable; other versions may also be affected.
33. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 24949
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/24949
Summary:
Asterisk is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause a denial-of-service condition.
34. Nukedit 'email' Parameter SQL Injection Vulnerability
BugTraq ID: 28009
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28009
Summary:
Nukedit is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
35. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability
BugTraq ID: 27826
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27826
Summary:
Firefox and Opera browsers are prone to a vulnerability that can result in information disclosure or a denial of service.
An attacker can exploit this issue to harvest sensitive information that may be used to launch further attacks or to crash the affected application, denying service to legitimate users.
Mozilla Firefox 2.0.0.11 and Opera 9.50 Beta are affected.
36. ZyXEL Gateway Products Multiple Vulnerabilities
BugTraq ID: 27918
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27918
Summary:
ZyXEL gateway products are prone to multiple vulnerabilities, including privilege-escalation, unauthorized-access, HTML-injection, session-hijacking, and information-disclosure issues.
Attackers can exploit these issues to gain elevated privileges, execute HTML or script code in the context of vulnerable sections of the web interface, and perform other attacks that may facilitate a complete compromise of the affected device.
37. Novell Client 'nwspool.dll' EnumPrinters RPC Request Buffer Overflow Vulnerability
BugTraq ID: 27741
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27741
Summary:
Novell Client is prone to a buffer-overflow vulnerability.
A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application, denying service to legitimate users.
NOTE: This issue may have been caused by an incomplete patch for the vulnerability documented in BID 25092 ('Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability').
Novell Client 4.91 SP2 through SP4 are vulnerable; other versions may also be affected.
38. Ghostscript Unspecified Buffer Overflow Vulnerability
BugTraq ID: 28017
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28017
Summary:
Ghostscript is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
39. InterVideo WinDVD Media Center Remote Denial of Service Vulnerabilities
BugTraq ID: 28016
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28016
Summary:
InterVideo WinDVD Media Center is prone to multiple remote denial-of-service vulnerabilities arising from NULL-pointer dereference errors.
Successful attacks will deny service to legitimate users.
InterVideo WinDVD Media Center 2.11.15.0 is vulnerable; other versions may be affected as well.
40. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
BugTraq ID: 28013
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28013
Summary:
activePDF Server is prone to a remote heap-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.
This issue affects the activePDF Server 3.8.4 and 3.8.5.14; other versions may be affected as well.
41. Spyce Sample Scripts Multiple Input Validation Vulnerabilities
BugTraq ID: 27898
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27898
Summary:
Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can also obtain a server's webroot path.
The issues affect Spyce 2.1.3; other versions may also be vulnerable.
42. CUPS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 27988
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27988
Summary:
CUPS is prone to two remote denial-of-service vulnerabilities.
Attackers may exploit these issues to crash the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.
CUPS 1.1.17 and 1.1.22 are vulnerable to these issues; other versions may also be affected.
43. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.
Exploiting these issues allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
44. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
BugTraq ID: 27906
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27906
Summary:
CUPS is prone to a remote denial-of-service vulnerability because it fails to protect against a double-free condition.
Attackers may exploit this issue to crash the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.
CUPS 1.3.5 is vulnerable to this issue; other versions may also be affected.
45. Softbiz Jokes and Funny Pictures Script 'sbcat_id' Parameter SQL Injection Vulnerability
BugTraq ID: 27973
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27973
Summary:
The Jokes and Funny Pictures script from Softbiz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
46. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.
Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.
Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.
47. Aeries Browser Interface 'LostPwd.asp' SQL Injection Vulnerability
BugTraq ID: 26962
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/26962
Summary:
Aeries Browser Interface is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
48. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
BugTraq ID: 27987
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can allow arbitrary shell commands to run.
Successful exploits will compromise the application and possibly the underlying webserver.
SWORD 1.5.9 is vulnerable; other versions may also be affected.
49. Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 27997
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27997
Summary:
Rising Web Scan Object 'OL2005.dll' ActiveX control is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
This issue affects Rising Web Scan Object 'OL2005.dll' 18.0.0.7; other versions may also be affected.
50. Move Media Player Quantum Streaming 'qsp2ie07074039.dl ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27995
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27995
Summary:
Move Media Player Quantum Streaming 'qsp2ie07074039.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
This issue affects Quantum Streaming 'qsp2ie07074039.dll' ActiveX control 7.7.4.39; other versions may also be vulnerable.
51. DrBenHur.com DBHcms 'mod.extmanager.php' Remote File Include Vulnerability
BugTraq ID: 27996
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27996
Summary:
DrBenHur.com DBHcms is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects DBHcms 1.1.4 and prior versions.
52. SurgeFTP 'Content-Length' Parameter NULL Pointer Denial Of Service Vulnerability
BugTraq ID: 27993
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27993
Summary:
SurgeFTP is prone to a remote denial-of-service vulnerability because it fails to perform adequately boundary checks on user-supplied input.
Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users.
SurgeFTP 2.3a2 is vulnerable; other versions may also be affected.
53. SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability
BugTraq ID: 27992
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27992
Summary:
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.
SurgeMail 38k4 and prior versions are vulnerable.
54. SurgeMail and WebMail 'Page' Command Remote Format String Vulnerability
BugTraq ID: 27990
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27990
Summary:
SurgeMail and WebMail are prone to a remote format-string vulnerability because the applications fail to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
This issue affects the following:
SurgeMail 38k4, beta 39a and earlier
Netwin WebMail 3.1s and earlier
55. PORAR Webboard 'question.asp' SQL Injection Vulnerability
BugTraq ID: 27989
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27989
Summary:
PORAR Webboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
56. Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 27986
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27986
Summary:
Alkacon OpenCms is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
OpenCms 7.0.3 is vulnerable; other versions may also be affected.
57. phpRaider Resistance Field HTML Injection Vulnerability
BugTraq ID: 27976
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27976
Summary:
phpRaider is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
phpRaider 1.0.7 is vulnerable; other versions may also be affected.
58. H-Sphere SiteStudio Unspecified Vulnerability
BugTraq ID: 28002
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28002
Summary:
H-Sphere SiteStudio is prone to an unspecified vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Successful attacks can compromise the application.
Versions prior to H-Sphere SiteStudio 1.8b are affected.
59. WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
BugTraq ID: 27985
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27985
Summary:
WordPress Sniplets plugin is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple cross-site scripting vulnerabilities, a remote file-include vulnerability, and a remote command-execution vulnerability.
A successful exploit may allow an attacker to compromise the application, steal cookie-based authentication credentials, and execute arbitrary code and commands within the context of the webserver process.
WordPress Sniplets 1.1.2 is vulnerable; other versions may also be affected.
60. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
BugTraq ID: 27642
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27642
Summary:
The KAME project is prone to a denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to crash affected computers, denying service to legitimate users.
Operating systems that have IPv6 networking derived from the KAME project's IPv6 implementation may be vulnerable to this issue. Please see the references for a list of vendors that may be affected by this issue.
61. Galore Simple Shop 'section' Parameter SQL Injection Vulnerability
BugTraq ID: 27977
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27977
Summary:
Simple Shop component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
62. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of Service Vulnerabilities
BugTraq ID: 27981
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27981
Summary:
MyServer is prone to multiple remote denial-of-service vulnerabilities because it fails to adequately handle HTTP method requests that return a '204 No Content' error.
Successful attacks will deny service to legitimate users.
MyServer 0.8.11 is vulnerable; other versions may also be affected.
63. Matt's Whois 'mwhois.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27974
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27974
Summary:
Matt's Whois is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
64. wyrd Insecure Temporary File Creation Vulnerability
BugTraq ID: 27848
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27848
Summary:
The 'wyrd' program is prone to a security vulnerability that allows attackers to create temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects wyrd 1.4.3-b3; other versions may also be vulnerable.
65. PHP-Nuke Kose_Yazilari Module 'artid' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27991
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27991
Summary:
The Kose_Yazilari module for PHP-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
66. XOOPS XM-Memberstats Module 'letter' and 'sortby' Parameters Multiple SQL Injection Vulnerabilities
BugTraq ID: 27979
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27979
Summary:
XOOPS XM-Memberstats is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect XOOPS XM-Memberstats 2.0e; other versions may also be affected.
67. PHP-Nuke Sell Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27980
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27980
Summary:
The 'Sell' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
68. Joomla! and Mambo 'com_wines' Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27975
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27975
Summary:
The 'com_wines' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
69. Joomla! and Mambo 'com_inter' Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27994
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27994
Summary:
The Joomla! and Mambo 'com_inter' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
70. Gary's Cookbook 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27972
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27972
Summary:
Gary's Cookbook module for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
71. Joomla! and Mambo 'com_blog' Component 'pid' Parameter SQL Injection Vulnerability
BugTraq ID: 27971
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27971
Summary:
The 'com_blog' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
72. Multiple Vendor PEAP Certificate Verification Security Bypass Vulnerability
BugTraq ID: 27935
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27935
Summary:
Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks.
The following products are prone to this issue:
- Vocera Communications System badges
- Cisco Wireless IP Phone 7921
Other devices and packages may also be affected.
73. Linux Kernel Prior to 2.6.24.1 'copy_from_user_mmap_sem()' Memory Access Vulnerability
BugTraq ID: 27796
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27796
Summary:
The Linux kernel is prone to a memory-access vulnerability because it fails to adequately validate a user-supplied pointer value.
A local attacker can exploit this issue to read arbitrary memory locations on the affected computer.
This issue affects Linux Kernel 2.6.22 through 2.6.24.
74. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23674
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/23674
Summary:
IncrediMail is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.
Successful exploits will corrupt process memory, allowing attacker-supplied arbitrary code to run in the context of the client application using the affected ActiveX control.
75. Pagetool Index.PHP SQL Injection Vulnerability
BugTraq ID: 24640
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/24640
Summary:
Pagetool is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pagetool 1.07 is vulnerable to this issue; other versions may also be vulnerable.
76. F5 BIG-IP Application Security Manager 'report_type' Cross-Site Scripting Vulnerability
BugTraq ID: 27462
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27462
Summary:
F5 BIG-IP Application Security Manager is prone to a cross-site scripting vulnerability because the web management interface fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects F5 BIG-IP Application Security Manager 9.4.3; other versions may also be vulnerable.
77. Symark PowerBroker Client Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 28015
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28015
Summary:
Symark PowerBroker Client is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. The issues affect the following setuid binaries: 'pbksh', 'pbsh' and 'pbrun'.
Attackers can exploit these issues to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.
These issues affect versions 2.8 2.8 upto and including 5.0.1
78. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 28012
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.
Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.
The issue affects Mozilla Thunderbird versions prior to 2.0.0.12.
79. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28011
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28011
Summary:
Microsoft Word is prone to an unspecified remote code-execution vulnerability.
Very few details are available regarding this issue. We will update this BID as more information emerges.
It is unknown at this time which specific versions of the application are affected.
80. Various IP Security Camera ActiveX Controls 'url' Attribute Buffer Overflow Vulnerability
BugTraq ID: 28010
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28010
Summary:
Various IP Security Camera ActiveX controls are prone to a remote buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
This issue affects the following ActiveX controls:
- D-Link MPEG4 SHM Audio Control ('VAPGDecoder.dll') 1.7.0.5.
- 4xem VatCtrl Class ('VATDecoder.dll') 1.0.0.51.
- Vivotek RTSP MPEG4 SP Control ('RtspVapgDecoderNew.dll') 2.0.0.39.
81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
BugTraq ID: 28007
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28007
Summary:
VideoLAN VLC media player is prone to a remote code-execution vulnerability because it fails to adequately parse specially crafted MP4 files.
An attacker can exploit this issue to execute arbitrary code, which can result in the complete compromise of the computer. Failed exploit attempts will result in a denial-of-service condition.
VideoLAN VLC media player versions prior to 0.8.6e are vulnerable.
82. Nortel UNIStim IP Phone Remote Ping Denial of Service Vulnerability
BugTraq ID: 28004
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28004
Summary:
Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams.
Successfully exploiting this issue allows remote attackers to crash affected phones, denying service to legitimate users.
Phones with firmware 0604DAS is vulnerable to this issue; other versions are also reportedly affected, but specific version information is not currently available.
83. S9Y Serendipity 'Real Name' Field HTML Injection Vulnerability
BugTraq ID: 28003
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28003
Summary:
Serendipity is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Serendipity versions prior to 1.3-beta1 are vulnerable.
84. KVM Block Device Backend Local Security Bypass Vulnerability
BugTraq ID: 28001
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28001
Summary:
KVM (Kernel-based Virtual Machine) is prone to a local security-bypass vulnerability because it fails to validate user-supplied input.
Local attackers can leverage this issue to access memory outside of the virtualization jail. This could allow attackers to write to arbitrary host memory locations or crash the underlying KVM host. Other attacks may also be possible.
85. MiniNuke 'members.asp' SQL Injection Vulnerability
BugTraq ID: 28000
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28000
Summary:
MiniNuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
86. Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL Injection Vulnerability
BugTraq ID: 27970
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27970
Summary:
The Joomla! and Mambo 'com_publication' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
87. Sun Solaris Internet Protocol 'ip(7P)' Security Bypass and Denial Of Service Vulnerability
BugTraq ID: 27967
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27967
Summary:
Sun Solaris is prone to a security-bypass and denial-of-service vulnerability because of an unspecified error in the Internet Protocol implementation.
A successful attack of this issue will allow privileged remote users to bypass firewall rules or create denial-of-service conditions.
This issue affects Solaris 8, 9, and 10 for SPARC and x86 platforms.
88. TikiWiki 'tiki-edit_article.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27968
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27968
Summary:
TikiWiki is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects versions prior to TikiWiki 1.9.10.1.
89. Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
BugTraq ID: 27966
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27966
Summary:
Fujitsu Interstage Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.
This issue affects the following applications:
Interstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Apworks Enterprise Edition 8.0.0
Interstage Apworks Standard-J Edition 8.0.0
Interstage Studio Enterprise Edition 8.0.1 and 9.0.0
Interstage Studio Standard-J Edition 8.0.1 and 9.0.0
90. OpenBSD IPv6 Routing Headers Remote Denial of Service Vulnerability
BugTraq ID: 27965
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27965
Summary:
OpenBSD is prone to a remote denial-of-service vulnerability because of a flaw in the affected kernel when processing certain TCP packets.
Exploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users.
OpenBSD 4.2 is vulnerable to this issue; other versions may also be affected.
91. Portail Web Php Multiple Remote And Local File Include Vulnerabilities
BugTraq ID: 27962
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27962
Summary:
Portail Web Php is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or access potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
These issues affect Portail Web Php 2.5.1.1 and prior versions.
92. LWS php User Base 'unverified.inc.php' Local File Include Vulnerability
BugTraq ID: 27964
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27964
Summary:
LWS php User Base is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
This issue affects php User Base 1.3 BETA; other versions may also be vulnerable.
93. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
BugTraq ID: 27963
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27963
Summary:
LWS php User Base is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
php User Base 1.3 BETA is vulnerable; other versions may also be affected.
94. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
BugTraq ID: 27961
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27961
Summary:
LWS php Download Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
This issue affects php Download Manager 1.1 and 1.0; other versions may also be vulnerable.
95. PHPEcho CMS 'Smarty.class.php' Remote File Include Vulnerability
BugTraq ID: 27960
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27960
Summary:
PHPEcho CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PHPEcho CMS 2.0-rc3 is vulnerable; other versions may also be affected.
96. auraCMS 'lihatberita' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27959
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27959
Summary:
auraCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
97. Joomla! and Mambo 'com_hello_world' Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27956
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27956
Summary:
The Joomla! and Mambo 'com_hello_world' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
98. PHP-Nuke Gallery Module 'aid' Parameter SQL Injection Vulnerability
BugTraq ID: 27957
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27957
Summary:
The Gallery module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Gallery 1.3 is vulnerable; other versions may also be affected.
99. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27958
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27958
Summary:
The Sections module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
100. PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection Vulnerability
BugTraq ID: 27955
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27955
Summary:
The Recipe module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Recipe 1.3 is vulnerable; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506
2. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505
3. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for usernames and passwords.
http://www.securityfocus.com/news/11504
4. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored testing labs have agreed to create an industry group to standardize on methods of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Technical Support Engineer, San Mateo
http://www.securityfocus.com/archive/77/488605
2. [SJ-JOB] Disaster Recovery Coordinator, Kansas City
http://www.securityfocus.com/archive/77/488619
3. [SJ-JOB] Penetration Engineer, Redmond
http://www.securityfocus.com/archive/77/488578
4. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/488604
5. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/488610
6. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488566
7. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/488574
8. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/488577
9. [SJ-JOB] Sales Engineer, Alpharetta
http://www.securityfocus.com/archive/77/488603
10. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488557
11. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/488575
12. [SJ-JOB] Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/488580
13. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/488582
14. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/488559
15. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488561
16. [SJ-JOB] Security Engineer, Canberra
http://www.securityfocus.com/archive/77/488562
17. [SJ-JOB] Sales Engineer, Canberra
http://www.securityfocus.com/archive/77/488563
18. [SJ-JOB] Sales Engineer, Ottawa
http://www.securityfocus.com/archive/77/488558
19. [SJ-JOB] Security Researcher, South Plainfield
http://www.securityfocus.com/archive/77/488564
20. [SJ-JOB] Certification & Accreditation Engineer, Arlinton
http://www.securityfocus.com/archive/77/488565
21. [SJ-JOB] Information Assurance Analyst, Herndon
http://www.securityfocus.com/archive/77/488573
22. [SJ-JOB] Security Architect, South Plainfield
http://www.securityfocus.com/archive/77/488581
23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
http://www.securityfocus.com/archive/77/488549
24. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488554
25. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/488555
26. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488556
27. [SJ-JOB] Senior Software Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488576
28. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/488579
29. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488550
30. [SJ-JOB] Sales Engineer, Deerfield Beach
http://www.securityfocus.com/archive/77/488552
31. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488560
32. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/488544
33. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488546
34. [SJ-JOB] Application Security Architect, South Plainfield
http://www.securityfocus.com/archive/77/488547
35. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/488548
36. [SJ-JOB] Principal Software Engineer, Deerfield Beach
http://www.securityfocus.com/archive/77/488541
37. [SJ-JOB] Security Architect, LONDON
http://www.securityfocus.com/archive/77/488542
38. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/488543
39. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/488545
40. [SJ-JOB] Security Engineer, Chicago
http://www.securityfocus.com/archive/77/488553
41. [SJ-JOB] Management, Pentagon City
http://www.securityfocus.com/archive/77/488534
42. [SJ-JOB] Jr. Security Analyst, Washington, DC
http://www.securityfocus.com/archive/77/488536
43. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/488538
44. [SJ-JOB] Management, Reston
http://www.securityfocus.com/archive/77/488539
45. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/488540
46. [SJ-JOB] Director, Computer Security, New Jersey
http://www.securityfocus.com/archive/77/488518
47. [SJ-JOB] Management, San Mateo
http://www.securityfocus.com/archive/77/488519
48. [SJ-JOB] Training / Awareness Specialist, San Mateo
http://www.securityfocus.com/archive/77/488520
49. [SJ-JOB] Security Engineer, New Jersey
http://www.securityfocus.com/archive/77/488533
50. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488523
51. [SJ-JOB] Management, Alpharetta
http://www.securityfocus.com/archive/77/488526
52. [SJ-JOB] Security Consultant, Los Angeles
http://www.securityfocus.com/archive/77/488530
53. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/488537
54. [SJ-JOB] Auditor, Columbia
http://www.securityfocus.com/archive/77/488535
55. [SJ-JOB] Application Security Engineer, Ottawa
http://www.securityfocus.com/archive/77/488513
56. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/488516
57. [SJ-JOB] Software Engineer, Palm Beach Gardens
http://www.securityfocus.com/archive/77/488521
58. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/488527
59. [SJ-JOB] Database Security Architect, Houston
http://www.securityfocus.com/archive/77/488529
60. [SJ-JOB] Technology Risk Consultant, Various
http://www.securityfocus.com/archive/77/488504
61. [SJ-JOB] Information Assurance Analyst, London
http://www.securityfocus.com/archive/77/488508
62. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/488517
63. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488522
64. [SJ-JOB] Security Engineer, Huntsville
http://www.securityfocus.com/archive/77/488507
65. [SJ-JOB] Forensics Engineer, Various
http://www.securityfocus.com/archive/77/488510
66. [SJ-JOB] Application Security Engineer, Dover
http://www.securityfocus.com/archive/77/488512
67. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/488524
68. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488505
69. [SJ-JOB] Penetration Engineer, Dallas
http://www.securityfocus.com/archive/77/488509
70. [SJ-JOB] Threat Analyst, Huntsville
http://www.securityfocus.com/archive/77/488532
71. [SJ-JOB] Sr. Security Engineer, Stamford
http://www.securityfocus.com/archive/77/488501
72. [SJ-JOB] Sr. Security Engineer, Washington, DC Metro Area
http://www.securityfocus.com/archive/77/488525
73. [SJ-JOB] Chief Scientist, Huntsville
http://www.securityfocus.com/archive/77/488528
74. [SJ-JOB] Chief Scientist, Huntsville
http://www.securityfocus.com/archive/77/488531
75. [SJ-JOB] Security Engineer, Huntsville
http://www.securityfocus.com/archive/77/488503
76. [SJ-JOB] Security Engineer, Kansas City
http://www.securityfocus.com/archive/77/488506
77. [SJ-JOB] Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/488511
78. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
http://www.securityfocus.com/archive/77/488497
79. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488498
80. [SJ-JOB] Security Engineer, Seattle
http://www.securityfocus.com/archive/77/488499
81. [SJ-JOB] Sr. Security Engineer, Austin/Richardson
http://www.securityfocus.com/archive/77/488500
82. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488502
83. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488487
84. [SJ-JOB] Information Assurance Engineer, Annapolis Junction
http://www.securityfocus.com/archive/77/488488
85. [SJ-JOB] Senior Software Engineer, St. Paul
http://www.securityfocus.com/archive/77/488491
86. [SJ-JOB] Management, Phoenix
http://www.securityfocus.com/archive/77/488494
87. [SJ-JOB] Management, New York
http://www.securityfocus.com/archive/77/488496
88. [SJ-JOB] CISO, London
http://www.securityfocus.com/archive/77/488489
89. [SJ-JOB] Application Security Architect, Washington
http://www.securityfocus.com/archive/77/488490
90. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/488495
V. INCIDENTS LIST SUMMARY
---------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/75/488624
2. Possible Mail server compromise ?
http://www.securityfocus.com/archive/75/487488
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. GNU objdump 2.15 [FreeBSD] 2004-05-23 shows: ... "BFD: Please report this bug." While analyzing crafted ELF.
http://www.securityfocus.com/archive/82/488729
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter
http://www.securityfocus.com/archive/88/488429
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/91/488611
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East, 12th-14th May, Bahrain, Ritz-Carlton
Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather together for the MIS training.s CISO Executive Summit Middle East, Sheraton Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international speaker line up will provide a broad perspective on the security threats faced today and in the future. Take away actionable strategies that will enable you to limit the risk within your organisation. International case studies from the industries leading associations and organisations will provide you with the knowledge to identify the warning signs of key threats to your company.
Register now at www.mistieruope.com/CISOME