WINDOWS CENTER: SecurityFocus Newsletter #444

SecurityFocus Newsletter #444
----------------------------------------

This issue is sponsored by bMighty

How Much Will A Security Breech Cost Your Company?
Many smaller businesses have lax security policies, leaving their customers' confidential data vulnerable to identity thieves. Learn the steps to protect sensitive data.
www.bMighty.com
http://www.bmighty.com/security/showArticle.jhtml?articleID=206901276&cid=LSM-sfS

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Integrating More Intelligence into Your IDS, Part 1
2.Let's Go Crazy
II. BUGTRAQ SUMMARY
1. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
2. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
3. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
4. IBM WebSphere Application Server WebContainer HTTP Request Header Security Weakness
5. DeluxeBB CP.PHP Security Bypass Vulnerability
6. Fcron Convert-FCronTab Directory Traversal Vulnerability
7. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
8. ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities
9. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
10. ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password Vulnerability
11. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
12. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption Vulnerability
13. XWork AltSyntax OGNL Input Validation Vulnerability
14. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass Vulnerability
15. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service Vulnerability
16. CourseMill Enterprise Learning Management System 'userlogin.jsp' SQL Injection Vulnerability
17. Asterisk Host-Based Authentication Security Bypass Vulnerability
18. PhpBBGarage Garage.PHP SQL Injection Vulnerability
19. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
20. RemotelyAnywhere 'Accept-Charset' Parameter NULL Pointer Denial Of Service Vulnerability
21. EncapsGallery 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities
22. PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability
23. QuickTicket 'qti_usr.php' SQL Injection Vulnerability
24. Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer Overflow Vulnerability
25. Argon Technology Client Management Services TFTP Server Directory Traversal Vulnerability
26. Acronis True Image Echo Enterprise Server Multiple Remote Denial of Service Vulnerabilities
27. MySQL Rename Table Function Access Validation Vulnerability
28. Apple QuickTime MOV File STSD Heap Buffer Overflow Vulnerability
29. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
30. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
31. Project Alumni View and News Multiple SQL Injection Vulnerabilities
32. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
33. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
34. ELinks HTTPS POST Request Information Disclosure Weakness
35. Gallery Multiple Unauthorized Access Vulnerability
36. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
37. Vim HelpTags Command Remote Format String Vulnerability
38. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
39. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
40. Yahoo! Toolbar Helper Class ActiveX Control Remote Buffer Overflow Denial of Service Vulnerability
41. CHCounter Stats/Index.PHP HTML Injection Vulnerability
42. Novell GroupWise Man In The Middle Vulnerability
43. MySQL Alter Table Function Information Disclosure Vulnerability
44. Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
45. File(1) Command File_PrintF Integer Underflow Vulnerability
46. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
47. I Hear U Multiple Remote Denial Of Service Vulnerabilities
48. FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
49. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation Vulnerability
50. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
51. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability
52. ngIRCd PART Command Parsing Denial Of Service Vulnerability
53. Xen mov_to_rr RID Local Security Bypass Vulnerability
54. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
55. Tellmatic tm_includepath Parameter Multiple Remote File Include Vulnerabilities
56. APC Switched Rack PDU Authentication Bypass Vulnerability
57. Dora Emlak Script Multiple SQL Injection Vulnerabilities
58. ISC BIND Query_AddSOA Denial Of Service Vulnerability
59. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
60. Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
61. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
62. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
63. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
64. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
65. QEMU Translation Block Local Denial of Service Vulnerability
66. scponly Local Arbitrary Command Execution Weakness
67. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
68. Microsoft Windows Media Player AIFF Parsing Divide-By-Zero Denial of Service Vulnerability
69. MySQL Security Invoker Privilege Escalation Vulnerability
70. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
71. Adobe Bridge Update Installer Local Privilege Escalation Vulnerability
72. X-Kryptor Secure Client Privilege Escalation Vulnerability
73. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
74. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
75. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
76. Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
77. RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability
78. SARG User-Agent Processing HTML Injection and Stack Buffer Overflow Vulnerabilities
79. Sun Java SE Multiple Security Vulnerabilities
80. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
82. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
83. onlinetools.org EasyImageCatalogue Multiple Cross-Site Scripting Vulnerabilities
84. Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting Vulnerability
85. Adobe ColdFusion Administration Interface Failed Login Audit Vulnerability
86. Red Hat Directory Server 7.1 Local Insecure Permissions Vulnerability
87. PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection Vulnerability
88. Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
89. Bloo 'index.php' Multiple SQL Injection Vulnerabilities
90. Savvy Content Manager 'searchterms' Parameter Multiple Cross Site Scripting Vulnerabilities
91. RemotelyAnywhere HTTP Service Cross-Site Scripting Vulnerability
92. PHP-Nuke NukeC30 Module 'id_catg' Parameter SQL Injection Vulnerability
93. Mapbender 'factor' Parameter Remote Code Injection Vulnerability
94. Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability
95. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
96. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
97. phpBB Filebase Module 'filebase.php' SQL Injection Vulnerability
98. phpMyNewsLetter 'archives.php' SQL Injection Vulnerability
99. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
100. Amber Script Show_Content.PHP Local File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Browser makers focus on beating malware
2. Law makers voice concerns over cybersecurity plan
3. Worries over "good worms" rise again
4. Federal agencies miss deadline on secure configs
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Temp directory is odd
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Integrating More Intelligence into Your IDS, Part 1
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1898

2.Let's Go Crazy
By Mark Rasch
On February 7, 2007 Stephanie Lenz of Gallatzin, Pennsylvania posted an innocuous video of her 18-month-old son Holden pushing a baby toy while dancing to a barely recognizable song in the background.

http://www.securityfocus.com/columnists/467

II. BUGTRAQ SUMMARY
--------------------
1. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
BugTraq ID: 26612
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26612
Summary:
Project Alumni is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Project Alumni 1.0.9 is vulnerable to this issue; other versions may also be affected.

2. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
BugTraq ID: 24658
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

3. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:

- A heap-based buffer-overflow vulnerability
- A stack-based buffer-overflow vulnerability
- A denial-of-service vulnerability
- An arbitrary-file-deletion vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible.

These issues affect ASG-Sentry 7.0.0; other versions may also be affected.

4. IBM WebSphere Application Server WebContainer HTTP Request Header Security Weakness
BugTraq ID: 26457
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26457
Summary:
IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

5. DeluxeBB CP.PHP Security Bypass Vulnerability
BugTraq ID: 26572
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26572
Summary:
DeluxeBB is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.

A successful exploit will allow the attacker to change other users' details, including email details and passwords. This in turn may lead to a compromise of the affected application.

This issue affects DeluxeBB 1.09 and prior versions.

6. Fcron Convert-FCronTab Directory Traversal Vulnerability
BugTraq ID: 25693
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25693
Summary:
Fcron is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data to 'convert-fcrontab'.

Attackers can exploit this issue via symbolic-link attacks to create or overwrite arbitrary files with superuser privileges.

Fcron 2.9.5 is vulnerable; other versions may also be affected.

7. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues will allow attackers to crash the affected application, denying further service to legitimate users.

8. ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities
BugTraq ID: 22685
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/22685
Summary:
ZephyrSoft Toolbox Address Book Continued is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

ZephyrSoft Toolbox Address Book Continued versions 1.00 and 1.01 are confirmed vulnerable to these issues.

9. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
BugTraq ID: 26274
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26274
Summary:
Adobe Flash Player is prone to an unspecified vulnerability.

This issue occurs when Flash Player is running on Opera Browser for the Mac OS X operating system.

Very few technical details are currently available. We will update this BID as more information emerges.

Flash Player 9.0.47.0 and prior versions are vulnerable when running on Mac OS X.

10. ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password Vulnerability
BugTraq ID: 28184
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28184
Summary:
ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra daemon processes. The device fails to change the default password when a legitimate user sets a new password.

Attackers can use this default password to gain unauthorized access to the device. By gaining administrative access to Quagga or Zebra, an attacker can modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. The attacker may also be able to exploit latent vulnerabilities in the daemon itself.

ZyWALL 1050 is vulnerable; other devices may also be affected.

11. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25627
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25627
Summary:
RealPlayer and Helix Player are prone to a denial-of-service vulnerability when handling malformed AU media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

12. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption Vulnerability
BugTraq ID: 28183
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28183
Summary:
SAP MaxDB is prone to a heap-based memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.

This issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected.

13. XWork AltSyntax OGNL Input Validation Vulnerability
BugTraq ID: 25524
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25524
Summary:
XWork is prone to an input-validation vulnerability because it fails to adequately handle user-supplied input.

NOTE: This issue will occur only when the 'altSyntax' feature is enabled.

Attackers can exploit this issue to execute arbitrary OGNL expressions with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.

Versions prior to XWork 2.0.4 are vulnerable.

14. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass Vulnerability
BugTraq ID: 27644
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/27644
Summary:
Symantec Ghost Solution Suite is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue by sending a spoofed ARP packet to the affected client.

Successfully exploiting this issue will allow attackers to impersonate the Symantec Ghost Solution Suite server and execute arbitrary commands on the client with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

This issue affects Symantec Ghost Solution Suite 1.1, 2.0.0, and 2.0.1.

NOTE: Users who do not use the Ghost Console or the Ghost Management Agent are not affected.

15. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28187
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28187
Summary:
PacketTrap pt360 Tool Suite PRO TFTP server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

PacketTrap pt360 Tool Suite PRO TFTP server 2.0.3901.0 is affected; other versions may also be vulnerable.

16. CourseMill Enterprise Learning Management System 'userlogin.jsp' SQL Injection Vulnerability
BugTraq ID: 26865
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26865
Summary:
CourseMill Enterprise Learning Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CourseMill Enterprise Learning Management 4.1 SP4 is vulnerable; other versions may also be affected.

17. Asterisk Host-Based Authentication Security Bypass Vulnerability
BugTraq ID: 26928
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26928
Summary:
Asterisk is prone to a security-bypass vulnerability that affects the SIP and IAX protocols.

An attacker can exploit this issue to bypass the host-based authentication mechanism. Successfully exploiting this issue will allow an attacker to impersonate any user. This may lead to false sense of security.

This issue affects versions prior to:

Asterisk Open Source 1.2.26
Asterisk Open Source 1.4.16
Asterisk Business Edition B.2.3.6
Asterisk Business Edition C.1.0-beta8

18. PhpBBGarage Garage.PHP SQL Injection Vulnerability
BugTraq ID: 26683
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26683
Summary:
PhpBBGarage is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects PhpBBGarage 1.2.0 Beta 3; other versions may also be affected.

19. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.

Exploiting these issues will allow attackers to obtain sensitive information or crash the affected application, denying further service to legitimate users.

20. RemotelyAnywhere 'Accept-Charset' Parameter NULL Pointer Denial Of Service Vulnerability
BugTraq ID: 28175
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28175
Summary:
RemotelyAnywhere is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users.

This issue affects RemotelyAnywhere Server and Workstation 8.0.688; other versions may also be affected.

21. EncapsGallery 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 28178
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28178
Summary:
EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be affected.

22. PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28171
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28171
Summary:
The Hadith module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

23. QuickTicket 'qti_usr.php' SQL Injection Vulnerability
BugTraq ID: 28176
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28176
Summary:
QuickTicket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

QuickTicket 1.4 and 1.5.0.3 are vulnerable; other versions may also be affected.

24. Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28172
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28172
Summary:
Kingsoft Antivirus Online Update Module ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of an application running the control (typically Internet Explorer). Failed attacks will cause denial-of-service conditions.

25. Argon Technology Client Management Services TFTP Server Directory Traversal Vulnerability
BugTraq ID: 28160
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28160
Summary:
Argon Technology Client Management Services TFTP server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to access arbitrary files outside of the TFTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.

Client Management Services 1.31 and prior versions are vulnerable.

26. Acronis True Image Echo Enterprise Server Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 28169
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28169
Summary:
Acronis True Image Echo Enterprise Server is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

27. MySQL Rename Table Function Access Validation Vulnerability
BugTraq ID: 24016
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24016
Summary:
MySQL is prone to an access-validation vulnerability because it fails to perform adequate access control.

Attackers can exploit this issue to rename arbitrary tables. This could result in denial-of-service conditions and may aid in other attacks.

Versions prior to MySQL 4.1.23, 5.0.42, and 5.1.18 are vulnerable.

28. Apple QuickTime MOV File STSD Heap Buffer Overflow Vulnerability
BugTraq ID: 23923
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23923
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insuficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted 'MOV' QuickTime movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

Versions of QuickTime 7 prior to 7.1.3 are vulnerable.

29. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

30. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
BugTraq ID: 28181
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28181
Summary:
Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.

Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.

NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.

31. Project Alumni View and News Multiple SQL Injection Vulnerabilities
BugTraq ID: 26564
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26564
Summary:
Project Alumni is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

32. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

33. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch a forwarded X11 session through SSH in an unauthorized manner. Further details are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions may be affected as well.

34. ELinks HTTPS POST Request Information Disclosure Weakness
BugTraq ID: 25799
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25799
Summary:
ELinks is prone to an information disclosure weakness.

In certain circumstances, the application may not encrypt HTTP POST data sent to servers using SSL.

This issue creates a false sense of security for a user because they may assume that sensitive data is being encrypted before it is sent to the remote server.

Versions prior to ELinks 0.11.3 are vulnerable to this issue.

35. Gallery Multiple Unauthorized Access Vulnerability
BugTraq ID: 25580
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25580
Summary:
Gallery is prone to multiple unauthorized-access vulnerabilities in the WebDAC and Reupload modules.

An attacker can exploit these issues to rename items, modify items, retrieve item properties, locate items, replace items, and edit item data.

These issues affect versions prior to Gallery 2.2.3.

36. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
BugTraq ID: 26806
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26806
Summary:
Perforce P4Web is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests.

An attacker can exploit this issue to cause the application to consume excessive CPU and memory resources. Successful attacks will deny service to legitimate users.

P4Web 2006.2 and prior versions running on Windows are affected.

37. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

38. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.6 and prior versions.

39. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 25318
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25318
Summary:
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 38k is vulnerable; other versions may also be affected.

40. Yahoo! Toolbar Helper Class ActiveX Control Remote Buffer Overflow Denial of Service Vulnerability
BugTraq ID: 26656
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26656
Summary:
Yahoo! Toolbar ActiveX Control is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Reports indicate that code execution is not possible, but this has not been confirmed.

Yahoo! Toolbar 1.4.1 is vulnerable to this issue; other versions may also be affected.

41. CHCounter Stats/Index.PHP HTML Injection Vulnerability
BugTraq ID: 23462
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23462
Summary:
chCounter is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

chCounter 3.1.3 is vulnerable; other versions may also be affected.

42. Novell GroupWise Man In The Middle Vulnerability
BugTraq ID: 24258
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24258
Summary:
Novell GroupWise is prone to a man-in-the-middle vulnerability. This issue stems from a design error in the affected application.

An attacker may exploit this issue to access sensitive contents of encrypted network traffic, such as authentication credentials. This may lead to other attacks.

Versions of Novell GroupWise prior to 6.5 post-SP6 and 7 SP2 are vulnerable to this issue.

43. MySQL Alter Table Function Information Disclosure Vulnerability
BugTraq ID: 24008
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24008
Summary:
MySQL is prone to an information-disclosure vulnerability because it fails to perform adequate access control.

Exploiting this issue can allow an attacker to obtain potentially sensitive information from partitioned tables. Information gained could aid in further attacks.

Versions prior to 5.1.18 are vulnerable.

44. Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
BugTraq ID: 23438
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23438
Summary:
Apache suEXEC is prone to multiple local privilege-escalation weaknesses.

To exploit these issues, attackers must have permission to execute the application. Permission is granted only to the same user as the webserver, typically 'httpd', 'apache', or 'nobody'. Attackers may gain such permissions by exploiting other applications running on the webserver such as CGI and PHP scripts.

A local attacker can exploit these issues to execute arbitrary code with the privileges of another user. Successful exploits may facilitate a compromise of vulnerable computers.

Apache suEXEC 2.2.3 is vulnerable to these issues; other versions may also be affected.

45. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

46. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26565
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26565
Summary:
Project Alumni is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

47. I Hear U Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 26516
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26516
Summary:
Multiple denial-of-service vulnerabilities affect I Hear U because the application fails to handle specially crafted packets.

An attacker may leverage these issues to cause a remote denial-of-service condition in affected applications.

These issues affect versions prior to I Hear U 0.5.7.

48. FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26472
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26472
Summary:
FatWire Content Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

FatWire Content Server 6.3 is vulnerable; other versions may also be affected.

49. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 26420
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26420
Summary:
Novell Client for Windows is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input.

Authenticated attackers with the privileges to invoke executables can exploit this issue to execute arbitrary code with kernel-level privileges.

Novell Client for Windows 4.91 is vulnerable; other versions may also be affected.

50. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 28012
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

The issue affects versions prior to Mozilla Thunderbird 2.0.0.12.

51. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability
BugTraq ID: 27944
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27944
Summary:
Multiple VMware products are prone to a directory-traversal vulnerability that affects shared folders.

Attackers who can access a guest operating system can exploit this issue to gain full read and write access to the filesystem of the host operating system. Successful attacks could compromise the affected host OS. Other attacks are possible.

NOTE: This vulnerability occurs only on Windows hosts when 'Shared Folders' is enabled and when a shared folder exists.

The issue affects the following:

VMware Workstation 6.0.2, 5.5.4, and earlier
VMware Player 2.0.2, 1.0.4, and earlier
VMware ACE 2.0.2, 1.0.2, and earlier.

NOTE: This issue occurs because of a fix that was introduced to address a similar issue (CVE-2007-1744) that is documented in BID 23721 (VMware Workstation Shared Folders Directory Traversal Vulnerability).

52. ngIRCd PART Command Parsing Denial Of Service Vulnerability
BugTraq ID: 27318
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27318
Summary:
ngIRCd is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to deny service to legitimate users.

Versions prior to ngIRCd 0.10.4 and 0.11.0-pre2 are vulnerable.

53. Xen mov_to_rr RID Local Security Bypass Vulnerability
BugTraq ID: 26716
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26716
Summary:
Xen is prone to a local security-bypass vulnerability because it fails to validate user-supplied input.

Local attackers can leverage this issue to read memory from VT-i domains other than the one they have access to. This could allow attackers to obtain potentially sensitive information that could aid in further attacks.

Versions prior to Xen 3.1.2 on IA64 platforms are vulnerable.

54. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
BugTraq ID: 26483
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26483
Summary:
IceBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IceBB 1.0-rc6 and prior versions are vulnerable.

55. Tellmatic tm_includepath Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 26678
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26678
Summary:
Tellmatic is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Tellmatic 1.0.7 and 1.0.7.1 are vulnerable; other versions may also be affected.

56. APC Switched Rack PDU Authentication Bypass Vulnerability
BugTraq ID: 26636
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26636
Summary:
APC Switched Rack PDUs (Power Distribution Units) are prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access to affected devices. Successful exploits will allow attackers to control the power distribution to rack-mounted computer equipment. Attackers could leverage this to cause denial-of-service conditions and possibly physical damage.

The following firmware versions running on PDU part number AP9732 are vulnerable:

rpdu 3.5.5
aos 3.5.6

Other versions and devices may also be affected.

57. Dora Emlak Script Multiple SQL Injection Vulnerabilities
BugTraq ID: 26574
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26574
Summary:
Dora Emlak Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Dora Emlak Script 2.0; other versions may also be vulnerable.

58. ISC BIND Query_AddSOA Denial Of Service Vulnerability
BugTraq ID: 23738
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.

NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.

An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.

ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.

59. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23395
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23395
Summary:
Einfacher Passworschutz is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

60. Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
BugTraq ID: 26427
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26427
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because it fails to adequately handle user-supplied input to certain DHTML object methods.

Attackers can exploit this issue to execute arbitrary code in the context of a user running the application. Successful attacks would compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

61. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 26072
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26072
Summary:
The TRAMP extension for Emacs creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to TRAMP 2.1.11 are vulnerable.

62. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
BugTraq ID: 25606
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25606
Summary:
The X.Org X Window System is prone to a local buffer-overflow vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. This may facilitate a compromise of the affected computer.

63. The SWORD Project Diatheke Unspecified Remote Command Execution Vulnerability
BugTraq ID: 27987
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can allow arbitrary shell commands to run.

Successful exploits will compromise the application and possibly the underlying webserver.

SWORD 1.5.9 is vulnerable; other versions may also be affected.

64. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
BugTraq ID: 25430
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25430
Summary:
Sylpheed and Sylpheed-Claws are prone to a format-string vulnerability.

This issue presents itself because the applications fail to properly sanitize POP3 server error responses that contain format specifiers.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Sylpheed 2.4.4, Sylpheed-Claws 1.9.100, and Sylpheed-Claws 'Claws Mail' 2.10.0 are vulnerable to this issue; other versions may also be affected.

65. QEMU Translation Block Local Denial of Service Vulnerability
BugTraq ID: 26666
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26666
Summary:
QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

QEMU 0.9.0 is vulnerable; other versions may also be affected.

66. scponly Local Arbitrary Command Execution Weakness
BugTraq ID: 26900
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26900
Summary:
The 'scponly' program is prone to a weakness that can allow attackers to execute arbitrary commands.

Attackers with scponly access can exploit this issue to bypass scponly security restrictions. Successful attacks could compromise affected computers.

This issue affects scponly 4.6; other versions may also be affected.

67. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.

This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

68. Microsoft Windows Media Player AIFF Parsing Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 26648
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26648
Summary:
Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AIFF file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft Windows Media Player 11; other versions may also be affected.

69. MySQL Security Invoker Privilege Escalation Vulnerability
BugTraq ID: 24011
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24011
Summary:
MySQL is prone to a privilege-escalation vulnerability because it fails to adequately restore access privileges during certain routines.

A remote authenticated attacker can exploit this issue to gain elevated privileges on an affected database.

These versions are vulnerable:

MySQL 5 prior to 5.0.40
MySQL 5.1 prior to 5.1.18

70. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
BugTraq ID: 24313
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24313
Summary:
Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.

Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.

Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.

71. Adobe Bridge Update Installer Local Privilege Escalation Vulnerability
BugTraq ID: 23404
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23404
Summary:
Adobe Bridge Update Installer is prone to a local privilege-escalation vulnerability. This issue stems from a flaw in the update installer that allows a nonadministrative user to gain administrative privileges.

Exploiting this issue allows local attackers to gain elevated privileges, potentially leading to a complete compromise of affected computers.

This issue affects the Bridge 1.0.3 update on the Mac OS.

72. X-Kryptor Secure Client Privilege Escalation Vulnerability
BugTraq ID: 22424
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/22424
Summary:
X-Kryptor Secure Client is is prone to a local privilege-escalation vulnerability.

A local attacker may execute arbitrary code with SYSTEM privileges to completely compromise a vulnerable computer.

73. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
BugTraq ID: 23119
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/23119
Summary:
PHP is prone to an arbitrary-code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver.

This issue affects PHP 4 (prior to 4.4.5) and PHP 5 (prior to 5.2.1).

74. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

75. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to adequately validate user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the currently logged-in user. This will facilitate the remote compromise of affected computers.

76. Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
BugTraq ID: 27223
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/27223
Summary:
Horde IMP and Groupware Webmail Edition are prone to multiple input-validation vulnerabilities because the software fails to sanitize certain HTML and HTTP data.

Attackers can leverage these issues to have malicious HTML rendered in the client, to delete arbitrary email messages, and to purge deleted email messages.

IMP 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 are vulnerable; other versions may also be affected.

77. RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28157
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28157
Summary:
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to a memory-corruption vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.

78. SARG User-Agent Processing HTML Injection and Stack Buffer Overflow Vulnerabilities
BugTraq ID: 28077
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28077
Summary:
SARG is prone to an HTML-injection vulnerability and a stack-based buffer-overflow vulnerability.

An attacker can exploit these issues to execute arbitrary HTML and attacker-supplied code in the context of the affected webserver, steal cookie-based authentication credentials, and cause a denial-of-service condition.

This issue affects SARG 2.2.3.1; prior versions may also be affected.

79. Sun Java SE Multiple Security Vulnerabilities
BugTraq ID: 28083
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28083
Summary:
Sun has released advisories addressing multiple vulnerabilities affecting the following software:

JDK and JRE 6 Update 5
JDK and JRE 5.0 Update 15
SDK and JRE 1.4.2_17
SDK and JRE 1.3.1_22

80. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
BugTraq ID: 28007
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28007
Summary:
VideoLAN VLC media player is prone to a remote code-execution vulnerability because it fails to adequately parse specially crafted MP4 files.

An attacker can exploit this issue to execute arbitrary code, which can result in the complete compromise of the computer. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to VideoLAN VLC media player 0.8.6e are vulnerable.

82. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28025
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28025
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Wireshark 0.6.0 to 0.99.7 are affected.

83. onlinetools.org EasyImageCatalogue Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 28164
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28164
Summary:
onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

EasyImageCatalogue 1.31 is vulnerable; other versions may also be affected.

84. Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting Vulnerability
BugTraq ID: 28209
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28209
Summary:
Adobe LiveCycle Workflow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

85. Adobe ColdFusion Administration Interface Failed Login Audit Vulnerability
BugTraq ID: 28207
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28207
Summary:
Adobe ColdFusion is prone to a vulnerability that allows attackers to conceal login attempts to the administrative interface.

Attackers can exploit this issue to hide or obfuscate actual attack traces.

This issue affects ColdFusion MX 7 and ColdFusion 8.

86. Red Hat Directory Server 7.1 Local Insecure Permissions Vulnerability
BugTraq ID: 28204
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28204
Summary:
Red Hat Directory Server is prone to an insecure-permissions vulnerability.

A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running Directory Server or its applications.

Red Hat Directory Server 7.1 prior to Service Pack 4 is vulnerable.

87. PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28211
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28211
Summary:
The zClassifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 28205
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28205
Summary:
Adobe ColdFusion is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect Adobe ColdFusion MX7 and 8.

89. Bloo 'index.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 28203
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28203
Summary:
Bloo is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bloo 1.0 is vulnerable; other versions may also be affected.

90. Savvy Content Manager 'searchterms' Parameter Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 28200
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28200
Summary:
Savvy Content Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

91. RemotelyAnywhere HTTP Service Cross-Site Scripting Vulnerability
BugTraq ID: 28199
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28199
Summary:
RemotelyAnywhere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

92. PHP-Nuke NukeC30 Module 'id_catg' Parameter SQL Injection Vulnerability
BugTraq ID: 28197
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28197
Summary:
The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The NukeC30 module 3.0 is affected; other versions may also be vulnerable.

93. Mapbender 'factor' Parameter Remote Code Injection Vulnerability
BugTraq ID: 28195
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28195
Summary:
Mapbender is prone to a remote code-injection vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary code within the context of the webserver.

This issue affects Mapbender 2.4 to 2.4.4; other versions may also be affected.

94. Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability
BugTraq ID: 28193
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28193
Summary:
Mapbender is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Mapbender 2.4.5 rc1 are vulnerable.

95. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
BugTraq ID: 28191
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is vulnerable; other versions may be affected as well.

96. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
BugTraq ID: 28100
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28100
Summary:
The 'lighttpd' program is prone to a vulnerability that in certain circumstances may allow attackers to access source code because the application fails to properly handle exceptional conditions.

Attackers can exploit this vulnerability to obtain potentially sensitive information that may aid in further attacks.

This issue affects lighttpd 1.4.18; other versions may also be vulnerable.

97. phpBB Filebase Module 'filebase.php' SQL Injection Vulnerability
BugTraq ID: 28194
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28194
Summary:
phpBB Filebase module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

All versions are considered vulnerable.

98. phpMyNewsLetter 'archives.php' SQL Injection Vulnerability
BugTraq ID: 28189
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28189
Summary:
phpMyNewsLetter is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpMyNewsLetter 0.8 beta 5 is vulnerable; other versions may also be affected.

99. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 28185
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.

This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue.

100. Amber Script Show_Content.PHP Local File Include Vulnerability
BugTraq ID: 26561
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26561
Summary:
Amber Script is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Amber Script 1.0 is vulnerable to this issue; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browser makers focus on beating malware
By: Robert Lemos
Microsoft announces two features in Internet Explorer 8 aimed at better securing Web surfers, and Mozilla incorporates more security into Firefox 3.
http://www.securityfocus.com/news/11508

2. Law makers voice concerns over cybersecurity plan
By: Robert Lemos
Members of Congress seek more details of cyber attacks targeting the federal government and worry that the recently announced Cyber Initiative will undermine privacy.
http://www.securityfocus.com/news/11507

3. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506

4. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Temp directory is odd
http://www.securityfocus.com/archive/88/489429

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by bMighty

News

Thursday, March 13, 2008

SecurityFocus Newsletter #444

No comments:

WINDOWS CENTER

Blog Archive