WINDOWS CENTER: SecurityFocus Newsletter #441

SecurityFocus Newsletter #441
----------------------------------------

This issue is Sponsored by: HP

HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with requirement 6 of the PCI DSS, "Ensure that all web facing applications are protected against known attacks." Join HP Software and the former SPI Dynamics for this free webinar to learn how you can easily satisfy this requirement and build a powerful web application security program at the same time. During this event, you will receive the tools and knowledge to ensure your web applications comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Tweaking Social Security to Combat Fraud
2. Skills for the Future

II. BUGTRAQ SUMMARY
1. Woltlab Burning Board 'password' SQL Injection Vulnerability
2. Group Logic ExtremeZ-IP File and Print Servers Multiple Vulnerabilities
3. Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial Of Service Vulnerability
4. Hitachi EUR Print Manager Remote Denial of Service Vulnerability
5. Symantec Storage Foundation Veritas Enterprise Administrator Heap Buffer Overflow Vulnerability
6. Jooget! 'id' Parameter SQL Injection Vulnerability
7. Cacti Multiple Input Validation Vulnerabilities
8. WP Photo Album 'photo' Parameter SQL Injection Vulnerability
9. PHPizabi 'image.php' Arbitrary File Upload Vulnerability
10. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability
11. XPWeb 'Download.php' File Disclosure Vulnerability
12. BanPro DMS 'index.php' Local File Include Vulnerability
13. 360 Degree Web PlatinumKey Access Control Bypass Application Execution Vulnerability
14. 360 Degree Web PlatinumKey Access Control Bypass Information Disclosure Vulnerability
15. Sami FTP Server User Command Buffer Overflow Vulnerability
16. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
17. e-Vision CMS 'id' Parameter Multiple SQL Injection Vulnerabilities
18. Joomla! and Mambo com_downloads Component 'cat' Parameter SQL Injection Vulnerability
19. Joomla! and Mambo com_profile Component 'oid' Parameter SQL Injection Vulnerability
20. Joomla! and Mambo Portfolio Manager Component 'categoryId' Parameter SQL Injection Vulnerability
21. Joomla! and Mambo com_ricette Component 'id' Parameter SQL Injection Vulnerability
22. Joomla! and Mambo Quran Component SQL Injection Vulnerability
23. Joomla! and Mambo com_detail Component 'id' Parameter SQL Injection Vulnerability
24. Joomla! and Mambo com_scheduling Component 'id' Parameter SQL Injection Vulnerability
25. Joomla! and Mambo com_galeria Component 'id' Parameter SQL Injection Vulnerability
26. Joomla! and Mambo com_filebase Component 'filecatid' Parameter SQL Injection Vulnerability
27. PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability
28. PHP-Nuke EasyContent Module 'page_id' Parameter SQL Injection Vulnerability
29. Symantec Storage Foundation for Windows Scheduler Service Denial of Service Vulnerability
30. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
31. PHP-Nuke Web_Links Module 'cid' Parameter SQL Injection Vulnerability
32. PHP-Nuke Books Module 'cid' Parameter SQL Injection Vulnerability
33. Claroline Multiple Remote Vulnerabilities
34. RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
35. RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
36. Multiple Horde Products Security Bypass Vulnerability
37. AuraCMS Multiple SQL Injection Vulnerabilities
38. TRUC Tracking Requirements & Use Cases 'download.php' File Disclosure Vulnerability
39. Sun Java Plug-in Multiple Applet Vulnerabilities
40. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities
41. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
42. Perl Unicode Regular Expression Buffer Overflow Vulnerability
43. Sun Ray Device Manager Daemon Multiple Vulnerabilities
44. XOOPS 'classifieds' Module 'cid' Parameter SQL Injection Vulnerability
45. XOOPS 'badliege' Module 'id' Parameter SQL Injection Vulnerability
46. XOOPS 'vacatures' Module 'cid' Parameter SQL Injection Vulnerability
47. XOOPS 'events' Module 'id' Parameter SQL Injection Vulnerability
48. XOOPS 'seminars' Module 'id' Parameter SQL Injection Vulnerability
49. XOOPS myTopics Module 'print.php' SQL Injection Vulnerability
50. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
51. Multiple Browser URI Handlers Command Injection Vulnerabilities
52. WordPress wp-people Plugin 'wp-people-popup.php' SQL Injection Vulnerability
53. WordPress Recipes Blog Plugin 'id' Parameter SQL Injection Vulnerability
54. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
55. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
56. iJoomla com_magazine Component 'pageid' Parameter SQL Injection Vulnerability
57. Joomla! and Mambo com_genealogy Component 'id' Parameter SQL Injection Vulnerability
58. Joomla! and Mambo com_formtool Component 'catid' Parameter SQL Injection Vulnerability
59. Joomla! and Mambo com_iigcatalog Component 'cat' Parameter SQL Injection Vulnerability
60. Joomla! and Mambo 'com_team' Component SQL Injection Vulnerability
61. MoinMoin Multiple Cross Site Scripting Vulnerabilities
62. IPdiva SSL VPN Security Bypass Vulnerability and Multiple Cross Site Scripting Vulnerabilities
63. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
64. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
65. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
66. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
67. Sun Java Runtime Environment Multiple Weaknesses
68. IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability
69. IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability
70. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
71. Apple iPhoto DPAP Remote Denial of Service Vulnerability
72. ATutor User Profile Multiple HTML Injection Vulnerabilities
73. RunCMS 'admin.php' Cross-Site Scripting Vulnerability
74. LightBlog 'view_member.php' Local File Include Vulnerability
75. Linux Kernel Prior to 2.6.24.1 'vmsplice_to_user()' Local Privilege Escalation Vulnerability
76. PCRE Character Class Buffer Overflow Vulnerability
77. BEA WebLogic Multiple Vulnerabilities
78. Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege Escalation Vulnerability
79. Multiple BEA WebLogic Applications Multiple Vulnerabilities
80. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
81. Dokeos Multiple SQL Injection, HTML Injection, Cross-Site Scripting, and File Upload Vulnerabilities
82. Hosting Controller Multiple Remote Vulnerabilities
83. WordPress Plugin WP-Forum SQL Injection Vulnerability
84. Nagios Plugins Location Header Remote Buffer Overflow Vulnerability
85. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
86. wyrd Insecure Temporary File Creation Vulnerability
87. GlobalLink 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities
88. XOOPS WF-Link Module Viewcat.PHP SQL Injection Vulnerability
89. Foxit WAC Server Denial of Service Vulnerability
90. Lyris ListManager Multiple Remote Vulnerabilities
91. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
92. PHP-Nuke Docum Module 'artid' Parameter SQL Injection Vulnerability
93. Globsy 'globsy_edit.php' Local File Include Vulnerability
94. PunBB Password Reset Weak Random Number Security Bypass Vulnerability
95. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
96. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
97. XOOPS eEmpregos Module 'index.php' SQL Injection Vulnerability
98. Schoolwires Academic Portal SQL Injection Vulnerability and Cross-Site Scripting Vulnerability
99. RunCMS MyAnnonces Module 'cid' Parameter SQL Injection Vulnerability
100. Opera Web Browser 9.25 Multiple Security Vulnerabilities
III. SECURITYFOCUS NEWS
1. Worries over "good worms" rise again
2. Federal agencies miss deadline on secure configs
3. Universities fend off phishing attacks
4. Antivirus firms, test labs to form standards group
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. Security log parser
2. Possible Mail server compromise ?
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing.

http://www.securityfocus.com/columnists/465

2.Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.

http://www.securityfocus.com/columnists/464

II. BUGTRAQ SUMMARY
--------------------
1. Woltlab Burning Board 'password' SQL Injection Vulnerability
BugTraq ID: 27885
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27885
Summary:
Woltlab Burning Board is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

2. Group Logic ExtremeZ-IP File and Print Servers Multiple Vulnerabilities
BugTraq ID: 27718
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27718
Summary:
ExtremeZ-IP File and Print servers are prone to multiple vulnerabilities including denial-of-service and information-disclosure issues.

Attackers can exploit these issues to cause denial-of-service conditions or gain access to potentially sensitive information.

These issues affect ExtremeZ-IP File Server and ExtremeZ-IP Print Server versions prior to 5.1.2x15.

3. Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial Of Service Vulnerability
BugTraq ID: 27900
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27900
Summary:
Hitachi SEWB/PLATFORM SEWB3 is prone to a denial-of-service vulnerability that affects both server and client messaging services.

Remote attackers can exploit this issue to deny service to legitimate users.

Very few technical details are currently available. We will update this BID as more information emerges.

The issue affects the following versions of the SEWB3/PLATFORM:
HI-UX/WE2(3050 SISC): 01-00 to 01-06-/A
HI-UX/WE2(3050 RISC): 01-00 to 01-06-/A
HI-UX/WE2(3050RX): 01-01 to 01-16-/F, 01-06 to 01-16-/B(English version)
HP-UX(9.x): 01-00 to 01-10-/A
HP-UX(10.x): 01-11 to 01-16-/B
HP-UX(11.x): 01-16-/C to 01-16-/F, 01-17 to 01-17-/F
Solaris: 01-04 to 02-14-/A
AIX: 01-10 to 02-13

The issue affects the following versions of the SEWB3/MI-PLATFORM:
HI-UX/WE2(3050 SISC): 01-00 to 01-06-/A
HI-UX/WE2(3050 RISC): 01-00 to 01-06-/A
HI-UX/WE2(3050RX): 01-02 to 01-16-/F, 01-07 to 01-16-/B(English version)
HP-UX(9.x): 01-02 to 01-10-/A
HP-UX(10.x): 01-11 to 01-16-/B
HP-UX(11.x): 01-16-/C to 01-16-/F, 01-17 to 01-17-/F
Solaris: 01-04 to 02-14-/A
AIX: 01-10 to 02-13

4. Hitachi EUR Print Manager Remote Denial of Service Vulnerability
BugTraq ID: 27899
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27899
Summary:
Hitachi EUR Print Manager is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

This issue affects EUR Print Manager, EUR Print Manager - Local Server and EUR Print Manager - Client.

5. Symantec Storage Foundation Veritas Enterprise Administrator Heap Buffer Overflow Vulnerability
BugTraq ID: 25778
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25778
Summary:
Symantec Storage Foundation is prone to a remote heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. This issue occurs in the Symantec Veritas Enterprise Administrator (VEA) component.

An attacker can exploit this issue to execute arbitrary code in the context of the SYSTEM. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

6. Jooget! 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27836
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27836
Summary:
The Joomla! and Mambo Jooget! component are prone to an SQL-injection vulnerability because the software fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

7. Cacti Multiple Input Validation Vulnerabilities
BugTraq ID: 27749
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27749
Summary:
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:

- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.

Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.

These issues affect Cacti 0.8.7a and prior versions.

8. WP Photo Album 'photo' Parameter SQL Injection Vulnerability
BugTraq ID: 27832
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27832
Summary:
WP Photo Album is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects WP Photo Album 1.1; other versions may also be vulnerable.

9. PHPizabi 'image.php' Arbitrary File Upload Vulnerability
BugTraq ID: 27847
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27847
Summary:
PHPizabi is prone to a vulnerability that lets an attacker upload and execute arbitrary script code in the context of the affected webserver process. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

This issue affects PHPizabi 0.848b; other versions may also be vulnerable.

10. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability
BugTraq ID: 27826
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27826
Summary:
Firefox and Opera browsers are prone to a vulnerability that can result in information disclosure or a denial of service.

An attacker can exploit this issue to harvest sensitive information that may be used to launch further attacks or to crash the affected application, denying service to legitimate users.

Mozilla Firefox 2.0.0.11 and Opera 9.50 Beta are affected.

11. XPWeb 'Download.php' File Disclosure Vulnerability
BugTraq ID: 27838
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27838
Summary:
XPWeb is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

This issue affects XPWeb 3.3.2; other versions may be vulnerable as well.

12. BanPro DMS 'index.php' Local File Include Vulnerability
BugTraq ID: 27831
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27831
Summary:
BanPro DMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.

This issue affects BanPro DMS 1.0; other versions may also be vulnerable.

13. 360 Degree Web PlatinumKey Access Control Bypass Application Execution Vulnerability
BugTraq ID: 7392
Remote: No
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/7392
Summary:
PlatinumKey fails not properly restrict access to the desktop when SmartCard access control is enabled. Because of this, an attacker may be able to gain access to the task bar and potentially execute applications.

Update: Acer Travelmate C300 and 8100 running Platinum Secure are also reported affected by this issue. Furthermore, by using the extra 'Web' button on keyboards, attackers may also gain access to the underlying operating system even if the Control-Escape sequence does not work.

UPDATE (February 15, 2008): Reports indicate that PlatinumKey 1.1.3a is not vulnerable to this issue.

14. 360 Degree Web PlatinumKey Access Control Bypass Information Disclosure Vulnerability
BugTraq ID: 7391
Remote: No
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/7391
Summary:
PlatinumKey fails not properly restrict access to the desktop when SmartCard access control is enabled. Because of this, an attacker may be able to obtain potentially sensitive information.

Update: Acer Travelmate C300 and 8100 running Platinum Secure are also reported affected by this issue. Furthermore, by using the extra 'Web' button on keyboards, attackers may also gain access to the underlying operating system even if the Control-Escape sequence does not work.

UPDATE (February 15, 2008): Reports indicate that PlatinumKey 1.1.3a is not vulnerable to this issue.

15. Sami FTP Server User Command Buffer Overflow Vulnerability
BugTraq ID: 16370
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/16370
Summary:
Sami FTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application. This likely occurs with SYSTEM-level privileges.

Sami FTP Server 2.0.1 is affected by this issue; other versions may also be affected.

UPDATE (February 15, 2008): This issue was reported again in a message to Bugtraq. The message states that 2.0.* is vulnerable, implying that the fixed version may still be affected. However, this has not been confirmed.

16. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27817
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27817
Summary:
Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may also be affected.

17. e-Vision CMS 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27816
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27816
Summary:
e-Vision CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

e-Vision CMS 2.02 is vulnerable; other versions may also be affected.

18. Joomla! and Mambo com_downloads Component 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 27860
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27860
Summary:
The Joomla! and Mambo 'com_downloads' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

19. Joomla! and Mambo com_profile Component 'oid' Parameter SQL Injection Vulnerability
BugTraq ID: 27851
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27851
Summary:
The Joomla! and Mambo 'com_profile' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

20. Joomla! and Mambo Portfolio Manager Component 'categoryId' Parameter SQL Injection Vulnerability
BugTraq ID: 27849
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27849
Summary:
Joomla! and Mambo Portfolio Manager component is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Portfolio Manager 1.0 is vulnerable; other versions may also be affected.

21. Joomla! and Mambo com_ricette Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27834
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27834
Summary:
The Joomla! and Mambo 'com_ricette' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

22. Joomla! and Mambo Quran Component SQL Injection Vulnerability
BugTraq ID: 27842
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27842
Summary:
Joomla! and Mambo 'Quran' component is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects Quran 1.1 and prior versions.

23. Joomla! and Mambo com_detail Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27853
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27853
Summary:
The Joomla! and Mambo 'com_detail' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

24. Joomla! and Mambo com_scheduling Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27830
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27830
Summary:
The Joomla! and Mambo 'com_scheduling' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

25. Joomla! and Mambo com_galeria Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27833
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27833
Summary:
The Joomla! and Mambo 'com_galeria' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

26. Joomla! and Mambo com_filebase Component 'filecatid' Parameter SQL Injection Vulnerability
BugTraq ID: 27829
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27829
Summary:
The Joomla! and Mambo 'com_filebase' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

27. PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability
BugTraq ID: 27909
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27909
Summary:
The PHP-Nuke Okul module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Okul 1.0 is vulnerable; other versions may also be affected.

28. PHP-Nuke EasyContent Module 'page_id' Parameter SQL Injection Vulnerability
BugTraq ID: 27897
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27897
Summary:
The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

29. Symantec Storage Foundation for Windows Scheduler Service Denial of Service Vulnerability
BugTraq ID: 27440
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27440
Summary:
Symantec Storage Foundation for Windows scheduler service is prone to a denial-of-service vulnerability because it fails to validate user-supplied input.

Attackers can exploit this issue by transmitting specially-crafted packets to the scheduler service to crash the application, denying service to legitimate users.

This issue affects Storage Foundation for Windows version 5.0.

30. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27879
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27879
Summary:
The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

31. PHP-Nuke Web_Links Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27894
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27894
Summary:
The PHP-Nuke Web_Links module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

32. PHP-Nuke Books Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27863
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27863
Summary:
PHP-Nuke Books module is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

33. Claroline Multiple Remote Vulnerabilities
BugTraq ID: 27846
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27846
Summary:
Claroline is prone to multiple remote vulnerabilities, including:

- Multiple unspecified cross-site scripting vulnerabilities.
- Multiple unspecified SQL-injection vulnerabilities.
- An unspecified vulnerability.

Attackers may exploit these vulnerabilities to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user, or to steal cookie-based authentication credentials.

These issues affect Claroline 1.8.8 and prior versions.

34. RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 27674
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27674
Summary:
Microsoft has released advance notification that the vendor will be releasing twelve security bulletins on February 12, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

The following individual records have been created to document these vulnerabilities:

27670 Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
27676 Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
27101 Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
27668 Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability
27666 Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
27689 Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
25571 Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
27634 Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
27638 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
27656 Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability
27657 Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability
27658 Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
27659 Microsoft Works File Converter Field Length Remote Code Execution Vulnerability
27661 Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
27738 Microsoft Office Execution Jump Memory Corruption Vulnerability
27739 Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability
27740 Microsoft Publisher Memory Index Code Execution Vulnerability

35. RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 27119
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27119
Summary:
Microsoft has released advance notification that the vendor will be releasing two security bulletins on January 8, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

The following individual records have been created to document these vulnerabilities:

27100 Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
27139 Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
27099 Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability

36. Multiple Horde Products Security Bypass Vulnerability
BugTraq ID: 27844
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27844
Summary:
Horde products are prone to a security-bypass vulnerability.

Attackers can use this issue to bypass certain security restrictions and edit arbitrary contacts in shared and personal address books. This may aid in further attacks.

This issue affects Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4, and Turba Contact Manager 2.1.6; other versions may also be vulnerable.

37. AuraCMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 27841
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27841
Summary:
AuraCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AuraCMS 1.62 is vulnerable; other versions may also be affected.

38. TRUC Tracking Requirements & Use Cases 'download.php' File Disclosure Vulnerability
BugTraq ID: 27839
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27839
Summary:
TRUC is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

This issue affects TRUC 0.11.0; other versions may be vulnerable as well.

39. Sun Java Plug-in Multiple Applet Vulnerabilities
BugTraq ID: 12317
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/12317
Summary:
The Sun Java Plug-in is prone to multiple vulnerabilities.

The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet.

This issue occurs only in Internet Explorer running on Windows.

The second issue allows an untrusted applet to interfere with another applet embedded in the same web page.

This issue occurs in Java running on Windows, Solaris, and Linux.

40. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities
BugTraq ID: 27641
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27641
Summary:
Adobe Acrobat and Reader are prone to multiple arbitrary remote code-execution and security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Other attacks are also possible.

Versions prior to Adobe Acrobat and Adobe Reader 8.1.2 are vulnerable to these issues.

41. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when the 'domain logons' option is enabled.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

42. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

43. Sun Ray Device Manager Daemon Multiple Vulnerabilities
BugTraq ID: 26944
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26944
Summary:
Sun Ray Device Manager daemon is prone to multiple vulnerabilities.

Attackers can leverage these issues to create or delete arbitrary directories on the affected server or to crash the daemon and deny service to legitimate users.

44. XOOPS 'classifieds' Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27895
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27895
Summary:
XOOPS 'classifieds' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

45. XOOPS 'badliege' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27892
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27892
Summary:
The XOOPS 'badliege' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

46. XOOPS 'vacatures' Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27889
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27889
Summary:
XOOPS 'vacatures' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

47. XOOPS 'events' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27890
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27890
Summary:
The XOOPS 'events' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

48. XOOPS 'seminars' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27891
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27891
Summary:
The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. XOOPS myTopics Module 'print.php' SQL Injection Vulnerability
BugTraq ID: 27861
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27861
Summary:
The XOOPS myTopics module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

50. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
BugTraq ID: 26132
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26132
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions.

These vulnerabilities allow attackers to:

- Execute arbitrary code due to memory corruption.
- Carry out content spoofing and phishing attacks.
- Gain unauthorized access to files on a user's computer running the Linux operating system.
- Execute script code with elevated privileges.

Other attacks may also be possible.

These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.

51. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

52. WordPress wp-people Plugin 'wp-people-popup.php' SQL Injection Vulnerability
BugTraq ID: 27858
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27858
Summary:
The WordPress 'wp-people' plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

53. WordPress Recipes Blog Plugin 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27856
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27856
Summary:
The WordPress Recipes Blog plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

54. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.

A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.

NOTE: This issue was introduced by the fix for MFSA 2007-20.

55. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

56. iJoomla com_magazine Component 'pageid' Parameter SQL Injection Vulnerability
BugTraq ID: 27888
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27888
Summary:
iJoomla 'com_magazine' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

57. Joomla! and Mambo com_genealogy Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27887
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27887
Summary:
The Joomla! and Mambo 'com_genealogy' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

58. Joomla! and Mambo com_formtool Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 27884
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27884
Summary:
The Joomla! and Mambo 'com_formtool' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

59. Joomla! and Mambo com_iigcatalog Component 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 27883
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27883
Summary:
The Joomla! and Mambo 'com_iigcatalog' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

60. Joomla! and Mambo 'com_team' Component SQL Injection Vulnerability
BugTraq ID: 27881
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27881
Summary:
The 'com_team' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

61. MoinMoin Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 27904
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27904
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect the following versions:

MoinMoin 1.5.8 and prior versions
MoinMoin 1.6.x prior to 1.6.1.

62. IPdiva SSL VPN Security Bypass Vulnerability and Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 27800
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27800
Summary:
IPdiva SSL VPN is prone to a security-mechanism bypass vulnerability and multiple unspecified cross-site scripting vulnerabilities.

An attacker can exploit these issues to gain unauthorized access to resources protected by the VPN, or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

These issues affect IPdiva SSL VPN 2.2 branch prior to 2.2.8.84 and 2.3 branch prior to 2.3.2.14.

63. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
BugTraq ID: 27404
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an input-validation vulnerability because it fails to properly sanitize user-supplied cookie data.

An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.

Versions in the MoinMoin 1.5 series are vulnerable.

UPDATE: The 'quicklinks' parameter may be used to insert PHP code into writable files in conjunction with this issue. Attackers could potentially inject executable script code into writable PHP files located outside of the MoinMoin installation.

64. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
BugTraq ID: 27893
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27893
Summary:
BEA has released 17 advisories identifying various vulnerabilities affecting WebLogic Server, WebLogic Portal, WebLogic Workshop, AquaLogic Interaction, BEA Plumtree Foundation, AquaLogic Collaboration, and BEA Plumtree Collaboration. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

65. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
BugTraq ID: 26185
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26185
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

66. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.

An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.

67. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow JavaScript code or applets to connect to resources other than the one the scripts or applets were downloaded from. One of the weaknesses may allow an attacker to obscure a Java warning about an untrusted applet from the user.

These issues affect the following packages for Windows, Solaris, and Linux:

JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier

68. IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability
BugTraq ID: 27871
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27871
Summary:
IBM Lotus QuickPlace is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects QuickPlace 7.0; other versions may be affected as well.

NOTE: This issue may be related to BID 27840 (IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability), but this has not been confirmed.

69. IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 27840
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27840
Summary:
IBM Lotus Quickr is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

Few details are available regarding this issue. We will update this BID as more information emerges.

The issue affects versions prior to Lotus Quickr 8.0.0.2 Hotfix 11.

70. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
BugTraq ID: 27870
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27870
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities, including denial-of-service issues and multiple issues with unspecified impact.

Successfully exploiting these issues may allow attackers to cause denial-of-service conditions and carry out other attacks.

Very few details are currently available regarding these issues. We will update this BID as more information emerges.

These issues affect IBM DB2 Universal Database 9.1 versions prior to Fixpak 4a.

71. Apple iPhoto DPAP Remote Denial of Service Vulnerability
BugTraq ID: 27867
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27867
Summary:
Apple iPhoto is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions.

This issue affects Apple iPhoto 4.0.3 and prior versions.

72. ATutor User Profile Multiple HTML Injection Vulnerabilities
BugTraq ID: 27855
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27855
Summary:
ATutor is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

ATutor 1.5.5 and prior versions are vulnerable.

73. RunCMS 'admin.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27852
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27852
Summary:
RunCMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

74. LightBlog 'view_member.php' Local File Include Vulnerability
BugTraq ID: 27837
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27837
Summary:
LightBlog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

This issue affects LightBlog 9.6; other versions may also be vulnerable.

75. Linux Kernel Prior to 2.6.24.1 'vmsplice_to_user()' Local Privilege Escalation Vulnerability
BugTraq ID: 27799
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27799
Summary:
The Linux kernel is prone to a privilege-escalation vulnerability because it fails to adequately validate a user-supplied pointer value.

A local attacker can exploit this issue to write to arbitrary memory locations on the affected computer and gain elevated privileges.

This issue affects Linux Kernel 2.6.23 through 2.6.24.

76. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of an application using the library. Failed exploit attempts will likely cause denial-of-service conditions.

The issue affects versions prior to PCRE 7.6.

77. BEA WebLogic Multiple Vulnerabilities
BugTraq ID: 16358
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/16358
Summary:
BEA has released 10 advisories identifying various vulnerabilities affecting BEA WebLogic Server, WebLogic Portal, and WebLogic Express. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

78. Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege Escalation Vulnerability
BugTraq ID: 27801
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27801
Summary:
Linux Kernel is prone to a local privilege-escalation vulnerability because it fails to adequately validate a user-supplied length value.

Attackers can leverage this issue to gain superuser privileges on affected computers.

This issue affects Linux Kernel 2.6.17 through 2.6.24.1.

79. Multiple BEA WebLogic Applications Multiple Vulnerabilities
BugTraq ID: 23979
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23979
Summary:
Multiple BEA WebLogic applications are affected by multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, directory-traversal, security-bypass, brute-force, and denial-of-service issues.

An attacker can exploit these issues to gain privileged access to affected applications, to access potentially sensitive information that could aid in further attacks, or to deny service to legitimate users. Successful attacks can result in the compromise of the applications. Other attacks are also possible.

80. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

81. Dokeos Multiple SQL Injection, HTML Injection, Cross-Site Scripting, and File Upload Vulnerabilities
BugTraq ID: 27792
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27792
Summary:
Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.

Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Dokeos 1.8.4 SP2 are affected.

82. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 26862
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26862
Summary:
Hosting Controller is prone to 14 remote vulnerabilities, including seven unauthorized-access issues, four SQL-injection issues, two information-disclosure issues, and one HTML-injection issue.

An attacker can exploit these issues to compromise the affected application, execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, access or modify data, exploit latent vulnerabilities in the underlying database, obtain sensitive information, and gain unauthorized access to the affected application.

83. WordPress Plugin WP-Forum SQL Injection Vulnerability
BugTraq ID: 27362
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27362
Summary:
WordPress plugin WP-Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects WP-Forum 1.7.4; other versions may also be vulnerable.

84. Nagios Plugins Location Header Remote Buffer Overflow Vulnerability
BugTraq ID: 25952
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25952
Summary:
Nagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software.

This issue affects Nagios Plugins 1.4.9; other versions may also be vulnerable.

85. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
BugTraq ID: 23711
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23711
Summary:
Imager is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

NOTE: The effects of successful attacks depend on how system memory is allocated. The implementation of the 'glibc' memory allocator will likely allow an attacker to trigger only denial-of-service conditions. Other allocators may allow arbitrary code execution.

Versions prior to Imager 0.57 are vulnerable.

86. wyrd Insecure Temporary File Creation Vulnerability
BugTraq ID: 27848
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27848
Summary:
The 'wyrd' program is prone to a security vulnerability that allows attackers to create temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects wyrd 1.4.3-b3; other versions may also be vulnerable.

87. GlobalLink 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 27626
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27626
Summary:
GlobalLink is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

These issues affect GlobalLink 2.8.1.2 beta and 2.6.1.29; other versions may also be affected.

88. XOOPS WF-Link Module Viewcat.PHP SQL Injection Vulnerability
BugTraq ID: 23340
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23340
Summary:
The XOOPS WF-Link module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects WF-Link 1.03; prior versions may also be affected.

89. Foxit WAC Server Denial of Service Vulnerability
BugTraq ID: 27142
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27142
Summary:
Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit WAC Server 2.0 Build 3503 and prior versions.

90. Lyris ListManager Multiple Remote Vulnerabilities
BugTraq ID: 26792
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26792
Summary:
Lyris ListManager is prone to multiple remote vulnerabilities, including:

- Two privilege-escalation vulnerabilities
- A vulnerability that allows attackers to overwrite existing accounts.

An attacker can exploit these issues to compromise the affected application, modify client-side information, overwrite arbitrary user accounts, and gain administrative access to the affected application. Other attacks are also possible.

91. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 27915
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27915
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected.

92. PHP-Nuke Docum Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27912
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27912
Summary:
The PHP-Nuke Docum module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

93. Globsy 'globsy_edit.php' Local File Include Vulnerability
BugTraq ID: 27910
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27910
Summary:
Globsy is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive information. Information obtained may lead to further attacks.

This issue affects Globsy 1.0; other versions may also be vulnerable.

94. PunBB Password Reset Weak Random Number Security Bypass Vulnerability
BugTraq ID: 27908
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27908
Summary:
PunBB is prone to a vulnerability that can allow an attacker to determine the password of an arbitrary user due to a design error in its 'Reset Password' functionality.

Attackers can exploit this issue to guess the random password generated by the 'Reset Password' feature for arbitrary users and then compromise vulnerable applications. This may aid in further attacks.

This issue affects PunBB prior to 1.2.17.

95. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
BugTraq ID: 27907
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27907
Summary:
hwdVideoShare is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

96. CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
BugTraq ID: 27906
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27906
Summary:
CUPS is prone to a remote denial-of-service vulnerability because it fails to protect against a double-free condition.

Attackers may exploit this issue to trigger crashes in the application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

CUPS version 1.3.5 is vulnerable to this issue; other versions may also be affected.

97. XOOPS eEmpregos Module 'index.php' SQL Injection Vulnerability
BugTraq ID: 27905
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27905
Summary:
The XOOPS eEmpregos module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

98. Schoolwires Academic Portal SQL Injection Vulnerability and Cross-Site Scripting Vulnerability
BugTraq ID: 27903
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27903
Summary:
Schoolwires Academic Portal is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

99. RunCMS MyAnnonces Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27902
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27902
Summary:
The RunCMS MyAnnonces module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

100. Opera Web Browser 9.25 Multiple Security Vulnerabilities
BugTraq ID: 27901
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27901
Summary:
Opera Web Browser is prone to multiple security vulnerabilities, including script code-execution and a file upload issue.

Attackers can exploit these issues to execute remote script code and obtain sensitive data.

These issues affect versions prior to Opera 9.26.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506

2. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

3. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for usernames and passwords.
http://www.securityfocus.com/news/11504

4. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored testing labs have agreed to create an industry group to standardize on methods of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. Security log parser
http://www.securityfocus.com/archive/75/488116

2. Possible Mail server compromise ?
http://www.securityfocus.com/archive/75/487488

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: HP

News

Wednesday, February 20, 2008

SecurityFocus Newsletter #441

No comments:

WINDOWS CENTER

Blog Archive