WINDOWS CENTER: SecurityFocus Newsletter #448

SecurityFocus Newsletter #448
----------------------------------------

This issue is sponsored by Industry Brains

Download MICROSOFT SEARCH SERVER EXPRESS 2008 FREE
Search file shares, SharePoint sites, Exchange Public Folders, Lotus Notes repositories, and more!
http://newsletter.industrybrains.com/c?fe;1;762df;21061;4a9;0;da4

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. BUGTRAQ SUMMARY
1. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
2. ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities
3. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
4. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
5. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
6. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
7. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
8. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
9. Interwoven Worksite Web 'iManFile.cab' TransferCtrl Class ActiveX Control Double Free Vulnerability
10. Poplar Gedcom Viewer Search Page Multiple Cross-Site Scripting Vulnerabilities
11. Sun Java Plug-in Multiple Applet Vulnerabilities
12. Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
13. Multiple Vendor RPC.YPUpdated Command Execution Vulnerability
14. Advanced Software Engineering ChartDirector For PHP Information Disclosure Vulnerability
15. 724CMS SQL Injection Vulnerability
16. My Gaming Ladder SQL Injection Vulnerability
17. iScripts SocialWare Arbitrary File Upload Vulnerability
18. iScripts SocialWare 'events.php' SQL Injection Vulnerability
19. CDNetworks Nefficient Download 'NeffyLauncher.dll' ActiveX Control Multiple Vulnerabilities
20. FishSound Library Remote Speex Decoding Code Execution Vulnerability
21. openMosix 'libmosix.c' Remote Stack-Based Buffer Overflow Vulnerability
22. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
23. Dragoon 'header.inc.php' Remote File Include Vulnerability
24. Mole 'viewsource.php' Multiple Local File Include Vulnerabilities
25. Drake CMS HTTP 'Via' Header SQL Injection Vulnerability
26. Links Directory 'links.php' SQL Injection Vulnerability
27. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
28. Microsoft Windows GDI Heap Overflow Vulnerability
29. Microsoft Windows GDI Stack Overflow Vulnerability
30. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
31. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
32. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
33. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
34. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
35. Yahoo! Music Jukebox 'mediagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
36. Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
37. Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer Overflow Vulnerability
38. IBM WebSphere Application Server serveServletsByClassnameEnabled Info Disclosure Vulnerability
39. Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
40. ProZilla Freelancers 'project.php' SQL Injection Vulnerability
41. HP Integrity Servers iLO-2 Management Processors Denial Of Service Vulnerability
42. HP OpenView Network Node Manager 'ovalarmsrv.exe' Multiple Remote Vulnerabilities
43. LinPHA Maps Plugin 'db_handler.php' Local File Include Vulnerability
44. SCO UnixWare Reliant HA 'RELIANT_PATH' Local Input Validation Vulnerability
45. Sun Java System Messenger Express 'sid' Cross-Site Scripting Vulnerability
46. SCO UnixWare Merge mcd 'HISTFILE' Local Input Validation Vulnerability
47. Wikipage Opus 'index.php' Multiple Directory Traversal Vulnerabilities
48. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
49. TaskFreak! 'index.php' SQL Injection Vulnerability
50. Comdev News Publisher 'index.php' SQL Injection Vulnerability
51. WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness
52. Xpose PRO 'mail.html' SQL Injection Vulnerability
53. RobotStats 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
54. bzip2 Unspecified File Handling Vulnerability
55. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
56. Nuke ET 'mensaje' Parameter HTML Injection Vulnerability
57. e-Classifieds 'hsx/classifieds.hsx' Cross-Site Scripting Vulnerability
58. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
59. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability
60. KwsPHP ConcoursPhoto Module 'VIEW' Parameter Cross-Site Scripting Vulnerability
61. Glossaire 'glossaire.php' Cross-Site Scripting Vulnerability
62. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
63. SILC Client and Server Key Negotiation Protocol Remote Buffer Overflow Vulnerability
64. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
65. Lighttpd mod_userdir Information Disclosure Vulnerability
66. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
67. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
68. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
69. phpTournois Avatar Arbitrary File Upload Vulnerability
70. Avaya SIP Enablement Services and Communications Manager Multiple SQL Injection Vulnerabilities
71. Pligg 'editlink.php' SQL Injection Vulnerability
72. Swiki HTML Injection and Cross-Site Scripting Vulnerabilities
73. LICQ File Descriptor Remote Denial of Service Vulnerability
74. Woltlab Burning Board WCF Cross Site Scripting And Information Disclosure Vulnerabilities
75. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
76. Microsoft Visio Object Header Remote Code Execution Vulnerability
77. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
78. OpenSSH ForceCommand Command Execution Weakness
79. CUPS 'gif_read_lzw()' GIF File Buffer Overflow Vulnerability
80. CUPS Multiple Unspecified Input Validation Vulnerabilities
81. JV2 Quick Gallery 'index.php' Cross-Site Scripting Vulnerability
82. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
83. Module jeuxflash for KwsPHP 'cat' Parameter SQL Injection Vulnerability
84. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
85. lighttpd SSL Error Denial of Service Vulnerability
86. lighttpd File Descriptor Array Remote Denial of Service Vulnerability
87. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
88. JV2 Folder Gallery 'index.php' Cross-Site Scripting Vulnerability
89. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
90. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
91. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
92. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
93. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
94. Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
95. MySQL Server Privilege Escalation And Denial Of Service Vulnerabilities
96. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
97. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
98. McAfee ePolicy Orchestrator 'FrameworkService.exe' Remote Denial of Service Vulnerability
99. OpenSSH X connections Session Hijacking Vulnerability
100. OTRS SOAP Interface Security Bypass Vulnerability
III. SECURITYFOCUS NEWS
1. Web developers, fix thy Flash
2. Hacking contest highlights value of vulnerabilities
3. House aims to scrutinize warrantless taps
4. Browser makers focus on beating malware
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Application Security Engineer, Cleveland
2. [SJ-JOB] Security Engineer, Seattle
3. [SJ-JOB] Application Security Engineer, Anywhere in CA, Telecommute, Travel
4. [SJ-JOB] Sales Representative, Cleveland/Columbus/Cincinnati/Indy/Detroit
5. [SJ-JOB] Security Consultant, Copenhagen
6. [SJ-JOB] Security Consultant, Copenhagen
7. [SJ-JOB] Information Assurance Engineer, Suffolk
8. [SJ-JOB] Application Security Engineer, Portland
9. [SJ-JOB] Manager, Information Security, San Diego
10. [SJ-JOB] Security Auditor, Cleveland
11. [SJ-JOB] Privacy Officer, Santiago del Estero
12. [SJ-JOB] Security Engineer, San Diego
13. [SJ-JOB] Application Security Engineer, San Diego
14. [SJ-JOB] Information Assurance Engineer, Arlington
15. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
16. [SJ-JOB] Sr. Security Analyst, Hartford
17. [SJ-JOB] Application Security Engineer, Anywhere in California, Telecommute, Travel
18. [SJ-JOB] Sr. Security Engineer, Sydney
19. [SJ-JOB] Application Security Architect, New York
20. [SJ-JOB] Security Engineer, Boston
21. [SJ-JOB] Application Security Engineer, San Diego
22. [SJ-JOB] Application Security Engineer, Anywhere in Washington, Telecommute, Travel
23. [SJ-JOB] Application Security Engineer, Anywhere in Oregon, Telecommute, Travel
24. [SJ-JOB] Application Security Engineer, Anywhere in Washington, Telecommute, Travel
25. [SJ-JOB] Director, Information Security, San Francisco Bay Area
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Windows Vista winsat.exe Integer Overflow
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #388
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
BugTraq ID: 28554
Remote: No
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

The vulnerability resides in the Windows Kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.

2. ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 19787
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/19787
Summary:
ExBB is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect version 1.9.1; other versions may also be vulnerable.

3. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

4. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.

5. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

6. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

7. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

8. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

9. Interwoven Worksite Web 'iManFile.cab' TransferCtrl Class ActiveX Control Double Free Vulnerability
BugTraq ID: 28628
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28628
Summary:
Interwoven Worksite Web TransferCtrl Class ActiveX control is prone a double-free vulnerability because of a flaw in the way that it uses a certain JavaScript variable.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

WorkSite Web versions prior to 8.2 SP1 P2 are vulnerable.

10. Poplar Gedcom Viewer Search Page Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 28608
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28608
Summary:
Poplar Gedcom Viewer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Poplar Gedcom Viewer 2.0 is vulnerable; other versions may also be affected.

11. Sun Java Plug-in Multiple Applet Vulnerabilities
BugTraq ID: 12317
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/12317
Summary:
The Sun Java Plug-in is prone to multiple vulnerabilities.

The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet.

This issue occurs only in Internet Explorer running on Windows.

The second issue allows an untrusted applet to interfere with another applet embedded in the same web page.

This issue occurs in Java running on Windows, Solaris, and Linux.

12. Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 27752
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27752
Summary:
Apache mod_jk2 is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow attackers to execute arbitrary code in the context of a vulnerable application; failed attempts will likely cause denial-of-service conditions.

Versions prior to mod_jk2 2.0.4 are vulnerable.

NOTE: mod_jk2 is a legacy branch of mod_jk that is now deprecated; mod_jk is a currently supported module and is reportedly unaffected by these issues.

13. Multiple Vendor RPC.YPUpdated Command Execution Vulnerability
BugTraq ID: 1749
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/1749
Summary:
The 'rpc.ypupdated' deamon is part of the Network Information Service (NIS) or Yellow Pages (YP). It allows clients to update NIS maps. A vulnerability in 'rpc.ypupdated' allows a malicious user to execute commands as root.

After receiving a request to update the Yello Pages maps, 'ypupdated' executes a copy of the bource shell to run the 'make' command to recompute the maps whether the request for changes was sucessful or not. Because of bad input validation while executing 'make', an attacker can pass shell metacharacters to the shell and can execute commands.

This is issue is tracked by Sun BugIDs 1230027 and 1232146.

14. Advanced Software Engineering ChartDirector For PHP Information Disclosure Vulnerability
BugTraq ID: 28674
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28674
Summary:
ChartDirector for PHP is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files from the current directory of the script in the context of the webserver process. This may aid in further attacks.

ChartDirector for PHP version 4.1 is vulnerable; other versions may also be affected.

15. 724CMS SQL Injection Vulnerability
BugTraq ID: 28672
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28672
Summary:
724Networks 724CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The issue affects 724CMS versions 4.01 and prior.

16. My Gaming Ladder SQL Injection Vulnerability
BugTraq ID: 28671
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28671
Summary:
My Gaming Ladder is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The issue affects My Gaming Ladder 7.5 and prior versions.

17. iScripts SocialWare Arbitrary File Upload Vulnerability
BugTraq ID: 28670
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28670
Summary:
iScripts SocialWare is prone to a vulnerability that lets an attacker upload and execute arbitrary script code in the context of the affected webserver process. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

18. iScripts SocialWare 'events.php' SQL Injection Vulnerability
BugTraq ID: 28669
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28669
Summary:
iScripts SocialWare is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

19. CDNetworks Nefficient Download 'NeffyLauncher.dll' ActiveX Control Multiple Vulnerabilities
BugTraq ID: 28666
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28666
Summary:
CDNetworks Nefficient Download is prone to an arbitrary file-upload vulnerability and an authentication-bypass vulnerability that affect the 'NeffyLauncher.dll' ActiveX control library.

Attackers can leverage these issues to upload malicious data to an arbitrary location on a user's computer or to bypass keycode authentication security. Successful attacks will compromise affected computers.

NeffyLauncher.dll 1.0.5 is vulnerable.

20. FishSound Library Remote Speex Decoding Code Execution Vulnerability
BugTraq ID: 28665
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28665
Summary:
The FishSound 'libfishsound' library is prone to a remote code-execution vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications utilizing the library. Failed exploit attempts likely result in denial-of-service conditions.

FishSound versions prior to 0.9.1 are vulnerable to this issue. The following applications utilize the library and are also vulnerable:
- Speex
- the Annodex plugin for Firefox
- Illiminable DirectShow Filters

Other applications may also be affected.

21. openMosix 'libmosix.c' Remote Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 28663
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28663
Summary:
openMosix is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions and possibly execute arbitrary code in the context of applications that use the openMosix API.

openMosix 2.4.20-3 is vulnerable; other versions may also be affected.

22. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28662
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28662
Summary:
Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

23. Dragoon 'header.inc.php' Remote File Include Vulnerability
BugTraq ID: 28660
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28660
Summary:
Dragoon is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Dragoon 0.1 is vulnerable; other versions may also be affected.

24. Mole 'viewsource.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 28659
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28659
Summary:
Mole is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

Mole 2.1.0 is vulnerable; other versions may also be affected.

25. Drake CMS HTTP 'Via' Header SQL Injection Vulnerability
BugTraq ID: 28656
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28656
Summary:
Drake CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Drake CMS 0.4.11 is vulnerable; other versions may also be affected.

26. Links Directory 'links.php' SQL Injection Vulnerability
BugTraq ID: 28655
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28655
Summary:
Links Directory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Links Directory 1.1 is vulnerable; other versions may also be affected.

27. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28606
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28606
Summary:
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

28. Microsoft Windows GDI Heap Overflow Vulnerability
BugTraq ID: 28571
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28571
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

29. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

30. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
BugTraq ID: 21219
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/21219
Summary:
JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to read, create, delete, and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.

JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that use the affected JBoss Java class may also be affected.

31. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
BugTraq ID: 28556
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28556
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

32. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
BugTraq ID: 28553
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28553
Summary:
Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

33. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25255
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/25255
Summary:
HP OpenView applications are prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on input that is supplied to opcode handlers of affected services.

These vulnerabilities affect the 'ovtrcsvc.exe' and the 'OVTrace.exe' service.

Attackers can exploit these issues to execute arbitrary code with superuser privileges.

34. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
BugTraq ID: 28552
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data.

Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.

35. Yahoo! Music Jukebox 'mediagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 27578
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/27578
Summary:
Yahoo! Music Jukebox 'mediagrid.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue affects 'mediagrid.dll' 2.2.2.56; other versions may also be vulnerable.

36. Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 27579
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/27579
Summary:
Yahoo! Music Jukebox 'datagrid.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue affects 'datagrid.dll' 2.2.2.56; other versions may also be vulnerable.

37. Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer Overflow Vulnerability
BugTraq ID: 27590
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/27590
Summary:
Yahoo! Music Jukebox 'datagrid.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue affects 'datagrid.dll' 2.2.2.56; other versions may also be vulnerable.

38. IBM WebSphere Application Server serveServletsByClassnameEnabled Info Disclosure Vulnerability
BugTraq ID: 27371
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/27371
Summary:
IBM WebSphere Application Server is prone to vulnerability due to a default setting that can result in the disclosure of potentially sensitive information.

Information harvested could aid attackers in further exploits.

WebSphere Application Server 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 are vulnerable.

39. Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 18303
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/18303
Summary:
The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

40. ProZilla Freelancers 'project.php' SQL Injection Vulnerability
BugTraq ID: 28653
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28653
Summary:
ProZilla Freelancers is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

41. HP Integrity Servers iLO-2 Management Processors Denial Of Service Vulnerability
BugTraq ID: 28673
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28673
Summary:
HP Integrity Servers running iLO-2 Management Processors (iLO-2 MP) are prone to a denial-of-service vulnerability that affects the embedded management console.

Remote attackers can exploit this issue to deny service to legitimate users.

The following products are affected:
- HP Integrity Server model numbers rx2660, rx3600, rx6600 with iLO-2 MP firmware F.01.58 and earlier
- HP Integrity Blade Server model bl860c with iLO-2 MP firmware T.01.22 and earlier

42. HP OpenView Network Node Manager 'ovalarmsrv.exe' Multiple Remote Vulnerabilities
BugTraq ID: 28668
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28668
Summary:
HP OpenView Network Node Manager is prone to multiple vulnerabilities affecting the 'ovalarmsrv.exe' process. These issues include a format-string vulnerability, multiple buffer-overflow vulnerabilities, and a denial-of-service vulnerability.

Attackers can exploit these issues to execute arbitrary code with the privileges of the affected application or to consume excessive system resources. Successful exploits will compromise affected computers or cause denial-of-service conditions.

HP OpenView Network Node Manager 7.53 is vulnerable; other versions may also be affected.

43. LinPHA Maps Plugin 'db_handler.php' Local File Include Vulnerability
BugTraq ID: 28654
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28654
Summary:
LinPHA is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

NOTE: The 'ChangeLog' file that comes with the affected package contains code that executes arbitrary commands. If the changelog is present on an affected webserver, attackers could leverage the local file-include issue to include the changelog code and execute arbitrary commands in the context of the webserver.

LinPHA 1.3.2 and 1.3.3 are vulnerable to this issue; other versions may also be affected.

44. SCO UnixWare Reliant HA 'RELIANT_PATH' Local Input Validation Vulnerability
BugTraq ID: 28624
Remote: No
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28624
Summary:
SCO UnixWare Reliant HA is prone to a local input-validation vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers.

Reliant HA 1.1.4 is vulnerable; other versions may also be affected.

45. Sun Java System Messenger Express 'sid' Cross-Site Scripting Vulnerability
BugTraq ID: 28649
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28649
Summary:
Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Sun Java System Messenger Express 6.1-13-15 is vulnerable; other versions may also be affected.

46. SCO UnixWare Merge mcd 'HISTFILE' Local Input Validation Vulnerability
BugTraq ID: 28625
Remote: No
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28625
Summary:
SCO UnixWare Merge 'mcd' is prone to a local input-validation vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers.

47. Wikipage Opus 'index.php' Multiple Directory Traversal Vulnerabilities
BugTraq ID: 28664
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28664
Summary:
Wikepage Opus is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

Wikepage Opus 13 2007.2 is affected; other versions may also be vulnerable.

48. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

49. TaskFreak! 'index.php' SQL Injection Vulnerability
BugTraq ID: 27257
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/27257
Summary:
TaskFreak! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects TaskFreak! 0.81; other versions may also be vulnerable.

50. Comdev News Publisher 'index.php' SQL Injection Vulnerability
BugTraq ID: 28622
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28622
Summary:
News Publisher is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

51. WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness
BugTraq ID: 28619
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28619
Summary:
WatchGuard Firebox is prone to a user-enumeration weakness.

An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.

Versions prior to WatchGuard Firebox 10 are vulnerable.

52. Xpose PRO 'mail.html' SQL Injection Vulnerability
BugTraq ID: 28618
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28618
Summary:
Xpose PRO is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Xpose PRO 3.05 is vulnerable; other versions may also be affected.

53. RobotStats 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 28615
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28615
Summary:
RobotStats is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

RobotStats 0.1 is vulnerable; other versions may also be affected.

54. bzip2 Unspecified File Handling Vulnerability
BugTraq ID: 28286
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28286
Summary:
The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.

Successful exploits may allow remote code to run, but this has not been confirmed. Exploit attempts will likely crash the application.

This issue affects bzip2 1.0.4; prior versions may also be affected.

55. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
BugTraq ID: 28667
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28667
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed.

This issue may be related to the vulnerability discussed in BID 28581 (Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).

56. Nuke ET 'mensaje' Parameter HTML Injection Vulnerability
BugTraq ID: 28614
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28614
Summary:
Nuke ET is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Attackers will likely require access to a user account to perform attacks.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Nuke ET 3.4 is vulnerable; other versions may also be affected.

57. e-Classifieds 'hsx/classifieds.hsx' Cross-Site Scripting Vulnerability
BugTraq ID: 28613
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28613
Summary:
e-Classifieds is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

e-Classifieds Corporate edition is vulnerable; other versions may also be affected.

58. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
BugTraq ID: 28616
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28616
Summary:
Computer Associates ARCserve Backup for Laptops and Desktops is prone to multiple remote issues, including a buffer-overflow vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges. This will result in a complete compromise of affected computers. Attackers may also trigger application crashes, denying service to legitimate users.

These issues are related to the ones documented in BID 24348 (Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities). The fixes for CVE-2007-3216 and CVE-2007-5005 did not completely resolve the previous issues.

59. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability
BugTraq ID: 28610
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28610
Summary:
SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it will crash.

Remote attackers can exploit this issue to deny service to legitimate users.

SmarterMail 5.0 is vulnerable; other versions may also be affected.

60. KwsPHP ConcoursPhoto Module 'VIEW' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 28612
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28612
Summary:
KwsPHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

61. Glossaire 'glossaire.php' Cross-Site Scripting Vulnerability
BugTraq ID: 28609
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28609
Summary:
Glossaire is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Glossaire 2.0 is vulnerable; other versions may also be affected.

62. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
BugTraq ID: 24959
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/24959
Summary:
Data Dynamics ActiveBar ActiveX control is prone to multiple vulnerabilities caused by insecure methods. The problem stems from a design error in the affected application.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in a denial-of-service condition.

These issues affect Data Dynamics ActiveBar 3.1; other versions may also be affected.

63. SILC Client and Server Key Negotiation Protocol Remote Buffer Overflow Vulnerability
BugTraq ID: 28373
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28373
Summary:
SILC Client and Server are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

This issue affects versions prior to SILC Client 1.1.4 and SILC Server 1.1.2.

64. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28370
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28370
Summary:
The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

These issues affect xine-lib 1.1.11; other versions may also be affected.

65. Lighttpd mod_userdir Information Disclosure Vulnerability
BugTraq ID: 28226
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28226
Summary:
The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions.

Information obtained may aid in further attacks.

This issue affects lighttpd 1.4.18; other versions may also be vulnerable.

66. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
BugTraq ID: 28100
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28100
Summary:
The 'lighttpd' program is prone to a vulnerability that in certain circumstances may allow attackers to access source code because the application fails to properly handle exceptional conditions.

Attackers can exploit this vulnerability to obtain potentially sensitive information that may aid in further attacks.

This issue affects lighttpd 1.4.18; other versions may also be vulnerable.

67. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28485
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28485
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.2 up to and including 0.99.8.

68. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

69. phpTournois Avatar Arbitrary File Upload Vulnerability
BugTraq ID: 28685
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28685
Summary:
phpTournois is prone to a vulnerability that lets an attacker upload and execute arbitrary script code in the context of the affected webserver process. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

This issue affects phpTournois G4; other versions may also be vulnerable.

70. Avaya SIP Enablement Services and Communications Manager Multiple SQL Injection Vulnerabilities
BugTraq ID: 28682
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28682
Summary:
Avaya SIP Enablement Services (SES) and Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. These issues affect the SIP Personal Information Manager (SPIM) pages.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

71. Pligg 'editlink.php' SQL Injection Vulnerability
BugTraq ID: 28681
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28681
Summary:
Pligg is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Pligg 9.9.0 is vulnerable; other versions may also be affected.

72. Swiki HTML Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 28680
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28680
Summary:
Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Swiki 1.5 is vulnerable; other versions may also be affected.

73. LICQ File Descriptor Remote Denial of Service Vulnerability
BugTraq ID: 28679
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28679
Summary:
LICQ is prone to a remote denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

74. Woltlab Burning Board WCF Cross Site Scripting And Information Disclosure Vulnerabilities
BugTraq ID: 28678
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28678
Summary:
WoltLab Community Framework (WCF) included in Woltlab Burning Board is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly handle exceptional conditions and sanitize user-supplied input.

An attacker may leverage these issues to gain access to potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect WCF version 1.0.6 included in WoltLab Burning Board 3.0.5; other versions may also be vulnerable.

75. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
BugTraq ID: 28607
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28607
Summary:
Microsoft Project is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

76. Microsoft Visio Object Header Remote Code Execution Vulnerability
BugTraq ID: 28555
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28555
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

77. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
BugTraq ID: 28551
Remote: Yes
Last Updated: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28551
Summary:
Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input.

Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim.

These versions are affected:

VBScript 5.6 and earlier
JScript 5.6 and earlier

78. OpenSSH ForceCommand Command Execution Weakness
BugTraq ID: 28531
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28531
Summary:
OpenSSH is prone to a weakness that may allow attackers to execute arbitrary commands.

Successful exploits may allow attackers to execute arbitrary commands, contrary to the wishes of administrators and bypassing the intent of the 'ForceCommand' option.

Versions prior to OpenSSH 4.9 are vulnerable.

79. CUPS 'gif_read_lzw()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 28544
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28544
Summary:
CUPS is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

CUPS 1.3.6 is vulnerable; other versions may also be affected.

80. CUPS Multiple Unspecified Input Validation Vulnerabilities
BugTraq ID: 28334
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28334
Summary:
CUPS is prone to multiple unspecified input-validation vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-privileges. Failed attacks will cause denial-of-service conditions.

Very few technical details are currently available. We will update this BID as more information is disclosed.

NOTE: This vulnerability was previously covered in BID 28304 (Apple Mac OS X 2008-002 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

81. JV2 Quick Gallery 'index.php' Cross-Site Scripting Vulnerability
BugTraq ID: 28511
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28511
Summary:
JV2 Quick Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

JV2 Quick Gallery 1.1 is vulnerable; other versions may also be affected.

82. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
BugTraq ID: 28288
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28288
Summary:
UnZip is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted ZIP file ('.zip').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

UnZip 5.52 is vulnerable; other versions may be affected as well.

83. Module jeuxflash for KwsPHP 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28601
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28601
Summary:
Module jeuxflash for KwsPHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

84. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

85. lighttpd SSL Error Denial of Service Vulnerability
BugTraq ID: 28489
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28489
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue allows remote attackers to close foreign SSL connections, denying service to legitimate users.

The issue affects lighttpd 1.4.19 and prior versions.

86. lighttpd File Descriptor Array Remote Denial of Service Vulnerability
BugTraq ID: 27943
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27943
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

The issue affects lighttpd 1.4.18; other versions may also be vulnerable.

87. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.

88. JV2 Folder Gallery 'index.php' Cross-Site Scripting Vulnerability
BugTraq ID: 28508
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28508
Summary:
JV2 Folder Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

JV2 Folder Gallery 3.1 is vulnerable; other versions may also be affected.

89. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
BugTraq ID: 27234
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27234
Summary:
Apache 'mod_proxy_ftp' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue is reported to affect versions prior to Apache 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev.

90. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
BugTraq ID: 27236
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27236
Summary:
The Apache 'mod_proxy_balancer' module is prone to multiple vulnerabilities, including denial-of-service, memory-corruption, cross-site scripting, HTML-injection, and cross-site request-forgery issues.

Attackers can exploit these issues to inject arbitrary script code into vulnerable sections of the application, execute this script code in the browser of a user in the context of the affected site, and perform certain actions using the user's active session. Attackers can exploit the denial-of-service issue to deny further service to legitimate users. Exploiting the memory-corruption vulnerability is likely to cause a crash and could allow arbitrary code to run, but this has not been confirmed.

The issues affect Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0; other versions may also be vulnerable.

91. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

92. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

93. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

94. Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
BugTraq ID: 19661
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/19661
Summary:
Apache HTTP server is prone to an HTTP request header security weakness.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

95. MySQL Server Privilege Escalation And Denial Of Service Vulnerabilities
BugTraq ID: 26832
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/26832
Summary:
MySQL is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the database server to crash, denying service to legitimate users.

These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL 6.0.4.

96. MySQL Server RENAME TABLE System Table Overwrite Vulnerability
BugTraq ID: 26765
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/26765
Summary:
MySQL is prone to a local denial-of-service vulnerability because the database server fails to properly handle unexpected symbolic links.

Exploiting this issue allows attackers with local access to affected computers to overwrite MySQL system tables. Further attacks against the MySQL database and potentially the underlying operating system may be possible.

This issue affects versions prior to MySQL 5.0.51.

97. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.

98. McAfee ePolicy Orchestrator 'FrameworkService.exe' Remote Denial of Service Vulnerability
BugTraq ID: 28573
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28573
Summary:
McAfee ePolicy Orchestrator is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

McAfee ePolicy Orchestrator 4.0 is vulnerable; other versions may also be affected.

99. OpenSSH X connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.

Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.

This issue affects OpenSSH 4.3p2; other versions may also be affected.

NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.

100. OTRS SOAP Interface Security Bypass Vulnerability
BugTraq ID: 28647
Remote: Yes
Last Updated: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28647
Summary:
OTRS is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.

Successful exploits will allow attackers to bypass certain security restrictions and to read and modify objects through the OTRS SOAP interface.

This issue affects these versions:

OTRS 2.1.x prior to 2.1.8
OTRS 2.2.x prior to 2.2.6

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Web developers, fix thy Flash
By: Robert Lemos
Flaws that allow cross-site scripting attacks through Adobe Flash files could let attackers compromise online accounts and local networks. Yet, Web publishers have been slow to fix their sites, a security researcher says.
http://www.securityfocus.com/news/11511

2. Hacking contest highlights value of vulnerabilities
By: Robert Lemos
After a handful of critics slammed the modest cash prizes, larger bounties will be offered to the security pros that successfully compromise any of three laptops at a coming conference.
http://www.securityfocus.com/news/11510

3. House aims to scrutinize warrantless taps
By: Robert Lemos
The fight over a law to grant the U.S. government greater surveillance capabilities intensifies as House Democrats refuse to give telcos immunity for allowing past wiretaps without warrants.
http://www.securityfocus.com/news/11509

4. Browser makers focus on beating malware
By: Robert Lemos
Microsoft announces two features in Internet Explorer 8 aimed at better securing Web surfers, and Mozilla incorporates more security into Firefox 3.
http://www.securityfocus.com/news/11508

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Application Security Engineer, Cleveland
http://www.securityfocus.com/archive/77/490448

2. [SJ-JOB] Security Engineer, Seattle
http://www.securityfocus.com/archive/77/490450

3. [SJ-JOB] Application Security Engineer, Anywhere in CA, Telecommute, Travel
http://www.securityfocus.com/archive/77/490442

4. [SJ-JOB] Sales Representative, Cleveland/Columbus/Cincinnati/Indy/Detroit
http://www.securityfocus.com/archive/77/490446

5. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/490451

6. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/490452

7. [SJ-JOB] Information Assurance Engineer, Suffolk
http://www.securityfocus.com/archive/77/490437

8. [SJ-JOB] Application Security Engineer, Portland
http://www.securityfocus.com/archive/77/490438

9. [SJ-JOB] Manager, Information Security, San Diego
http://www.securityfocus.com/archive/77/490439

10. [SJ-JOB] Security Auditor, Cleveland
http://www.securityfocus.com/archive/77/490453

11. [SJ-JOB] Privacy Officer, Santiago del Estero
http://www.securityfocus.com/archive/77/490454

12. [SJ-JOB] Security Engineer, San Diego
http://www.securityfocus.com/archive/77/490430

13. [SJ-JOB] Application Security Engineer, San Diego
http://www.securityfocus.com/archive/77/490431

14. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/490445

15. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
http://www.securityfocus.com/archive/77/490447

16. [SJ-JOB] Sr. Security Analyst, Hartford
http://www.securityfocus.com/archive/77/490449

17. [SJ-JOB] Application Security Engineer, Anywhere in California, Telecommute, Travel
http://www.securityfocus.com/archive/77/490427

18. [SJ-JOB] Sr. Security Engineer, Sydney
http://www.securityfocus.com/archive/77/490428

19. [SJ-JOB] Application Security Architect, New York
http://www.securityfocus.com/archive/77/490429

20. [SJ-JOB] Security Engineer, Boston
http://www.securityfocus.com/archive/77/490440

21. [SJ-JOB] Application Security Engineer, San Diego
http://www.securityfocus.com/archive/77/490423

22. [SJ-JOB] Application Security Engineer, Anywhere in Washington, Telecommute, Travel
http://www.securityfocus.com/archive/77/490424

23. [SJ-JOB] Application Security Engineer, Anywhere in Oregon, Telecommute, Travel
http://www.securityfocus.com/archive/77/490425

24. [SJ-JOB] Application Security Engineer, Anywhere in Washington, Telecommute, Travel
http://www.securityfocus.com/archive/77/490426

25. [SJ-JOB] Director, Information Security, San Francisco Bay Area
http://www.securityfocus.com/archive/77/490422

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Windows Vista winsat.exe Integer Overflow
http://www.securityfocus.com/archive/82/490297

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #388
http://www.securityfocus.com/archive/88/490435

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Industry Brains

News

Tuesday, April 08, 2008

SecurityFocus Newsletter #448

No comments:

WINDOWS CENTER

Blog Archive