----------------------------------------
This issue is sponsored by HP
PCI Compliance - Are you ready for June 2008?
After June 2008, the PCI DSS will begin enforcing requirement 6, "Ensure that all web facing applications are protected against known attacks. This free white paper, from HP Software, 'Web application security and PCI DSS compliance: is your data secure?' provides a comprehensive overview of PCI DSS as it relates to web application security and gives you the information you need to avoid fines loss of credit card privileges.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. BUGTRAQ SUMMARY
1. Sony mylo COM-2 SSL Certificate Validation Vulnerability
2. F5 Networks FirePass 4100 SSL VPN 'installControl.php3' Cross-Site Scripting Vulnerability
3. PortailPHP 'mod_search' Remote File Include Vulnerability
4. @lex Guestbook Multiple Input Validation Vulnerabilities
5. Computer Associates BrightStor ARCServe BackUp Tape Engine Remote Code Execution Vulnerability
6. Microsoft Windows GDI Stack Overflow Vulnerability
7. Joomla! and Mambo Joomlearn LMS Component 'cat' Parameter SQL Injection Vulnerability
8. Host Directory PRO Cookie Security Bypass Vulnerability
9. Chimaera Project Aterr Multiple Local File Include Vulnerabilities
10. Acon Multiple Local Buffer Overflow Vulnerabilities
11. XOOPS Recette 'detail.php' SQL Injection Vulnerability
12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
13. GNU Emacs Insecure Temporary File Creation Vulnerability
14. PHP-Fusion 'submit.php' SQL Injection Vulnerability
15. openInvoice Security Bypass Vulnerabilities
16. YourFreeWorld Apartment Search Script 'listtest.php' SQL Injection Vulnerability
17. Simple Customer 'contact.php' SQL Injection Vulnerability
18. PortailPHP Multiple Remote File Include Vulnerabilities
19. phShoutBox Cookie Security Bypass Vulnerability
20. Voice of Web AllMyGuests 'AMG_id' SQL Injection Vulnerability
21. DBMail Authentication Bypass Vulnerability
22. MPlayer 'sdpplin_parse()' RTSP Integer Overflow Vulnerability
23. Azureus HTML WebUI Cross-Site Request Forgery Vulnerability
24. uTorrent WebUI Cross-Site Request Forgery Vulnerability
25. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
26. Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
27. RSA WebID 'IISWebAgentIF.dll' Cross-Site Scripting Vulnerability
28. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
29. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
30. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
31. Joomla! and Mambo Filiale Component 'idFiliale' Parameter SQL Injection Vulnerability
32. E RESERV 'ID_loc' Parameter SQL Injection Vulnerability
33. Horde Webmail 'addevent.php' Cross-Site Scripting Vulnerability
34. Openfire Unspecified Remote Denial Of Service Vulnerability
35. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
36. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
37. VLC Media Player 'Subtitle' Buffer Overflow Vulnerability
38. VLC Media Player 'MP4_ReadBox_rdrf()' Buffer Overflow Vulnerability
39. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
40. NetClassifieds Products Multiple SQL Injection Vulnerabilities
41. NetClassifieds Multiple Input Validation Vulnerabilities
42. QIP Unspecified Remote Memory Corruption Vulnerability
43. Magnolia Enterprise Edition Sitedesigner module 'query' Parameter Cross Site Scripting Vulnerability
44. Akiva WebBoard HTML Injection Vulnerability
45. WordPress wpSS Spreadsheet Plugin 'ss_id' Parameter SQL Injection Vulnerability
46. OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
47. Firefly Media Server 'Content-Length' Buffer Overflow Vulnerability
48. Multiple Wireless Routers Predictable Default WEP/WPA Key Security Bypass Vulnerability
49. Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
50. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
51. Sun Solaris Self Encapsulated IP Packets Remote Denial of Service Vulnerability
52. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
53. Roundup Unspecified Security Vulnerabilities
54. Microsoft .NET Framework Request Filtering Bypass Vulnerability
55. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
56. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
57. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
58. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
59. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
60. Mozilla Firefox 'document.write()' Denial of Service Vulnerability
61. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
62. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
63. S9Y Serendipity HTML Injection and Cross-Site Scripting Vulnerabilities
64. MySQL User-Defined Function Buffer Overflow Vulnerability
65. Multiple Adobe Products BMP Image Header Buffer Overflow Vulnerability
66. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
67. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
68. Computer Associates eTrust Secure Content Manager 'eCSqdmn' Remote Denial of Service Vulnerability
69. EncapsGallery Cross-Site Scripting Vulnerability and File Upload Vulnerability
70. Joomla! and Mambo FlippingBook Component 'book_id' Parameter SQL Injection Vulnerability
71. SIPp 'call.cpp' Remote Buffer Overflow Vulnerability
72. ContRay 'search' Parameter Cross Site Scripting Vulnerability
73. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
74. Swfdec Untrusted Sandbox Remote Information Disclosure Vulnerability
75. Crazy Goomba 'commentaires.php' SQL Injection Vulnerability
76. XOOPS Article Module 'article.php' SQL Injection Vulnerability
77. Tr Script News 'news.php' SQL Injection Vulnerability
78. muCommander 'credentials.xml' Local Information Disclosure Vulnerability
79. Kubelance 'ipn.php' Local File Include Vulnerability
80. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
81. RedDot CMS 'ioRD.asp' SQL Injection Vulnerability
82. OpenSSH ForceCommand Command Execution Weakness
83. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability
84. gCards GetNewsItem.PHP SQL Injection Vulnerability
85. Advanced Electron Forum 'beg' Parameter Cross Site Scripting Vulnerability
86. Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
87. bzip2 Unspecified File Handling Vulnerability
88. FishSound Library Remote Speex Decoding Code Execution Vulnerability
89. OpenSSH X Connections Session Hijacking Vulnerability
90. Red Hat 'redhat-ds-admin' Shell Command Injection and Security Bypass Vulnerabilities
91. bzip2 chmod File Permission Modification Race Condition Weakness
92. Multiple Products Forgotten Password Feature CAPTCHA Security Bypass Vulnerability
93. SMF Audio CAPTCHA Security Bypass Vulnerability
94. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
95. Acidcat CMS Multiple Input Validation Vulnerabilities
96. W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
97. MoinMoin Multiple ACL Security Bypass Vulnerabilities
98. TorrentFlux Cross-Site Request Forgery and Remote PHP Script Code Execution Vulnerabilities
99. Docebo SQL-Injection Vulnerability and Multiple Information Disclosure Vulnerabilities
100. XLPortal 'index.php' SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. U.S. gov't pushes cybersecurity at con
2. Web developers, fix thy Flash
3. Hacking contest highlights value of vulnerabilities
4. House aims to scrutinize warrantless taps
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Hertfordshire
2. [SJ-JOB] Sr. Security Analyst, New York
3. [SJ-JOB] VP of Regional Sales, DC Metro Area
4. [SJ-JOB] VP of Regional Sales, Washington
5. [SJ-JOB] Security Consultant, Hertfordshire
6. [SJ-JOB] CHECK Team Leader, lojment 200
7. [SJ-JOB] Technology Risk Consultant, Hertfordshire
8. [SJ-JOB] CISO, London
9. [SJ-JOB] Sr. Security Engineer, Washington DC
10. [SJ-JOB] Sr. Security Analyst, Bellevue
11. [SJ-JOB] Security Consultant, Hertfordshire
12. [SJ-JOB] Sales Engineer, Bedford
13. [SJ-JOB] Manager, Information Security, Cleveland
14. [SJ-JOB] Sales Engineer, Chicago
15. [SJ-JOB] Compliance Officer, UK Wide
16. [SJ-JOB] Security Architect, Washington
17. [SJ-JOB] Product Strategist, Redmond
18. [SJ-JOB] Information Assurance Analyst, Hertfordshire
19. [SJ-JOB] Security Consultant, Austin
20. [SJ-JOB] Information Assurance Engineer, Arlington
21. [SJ-JOB] Security Consultant, Hertfordshire
22. [SJ-JOB] Information Assurance Engineer, Arlington
23. [SJ-JOB] Sales Representative, London
24. [SJ-JOB] Developer, Redmond
25. [SJ-JOB] Security Consultant, Hertfordshire
26. [SJ-JOB] VP of Regional Sales, Parsippany
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. SyScan'08 Singapore - Call for Paper
2. Aztech ADSL2/2+ 4 Port default password
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #390
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470
2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469
II. BUGTRAQ SUMMARY
--------------------
1. Sony mylo COM-2 SSL Certificate Validation Vulnerability
BugTraq ID: 28905
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28905
Summary:
Sony mylo COM-2 devices are prone to a certificate-validation vulnerability because they fail to properly validate webserver certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted webservers. This will aid in further attacks.
This issue affects only the Japanese model of Sony mylo COM-2 devices running firmware versions prior to 1.002.
2. F5 Networks FirePass 4100 SSL VPN 'installControl.php3' Cross-Site Scripting Vulnerability
BugTraq ID: 28902
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28902
Summary:
F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
3. PortailPHP 'mod_search' Remote File Include Vulnerability
BugTraq ID: 28867
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28867
Summary:
PortailPHP is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
PortailPHP 2.0 is vulnerable; other versions may also be vulnerable.
4. @lex Guestbook Multiple Input Validation Vulnerabilities
BugTraq ID: 21926
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/21926
Summary:
@lex Guestbook is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker could exploit these issues to execute server-side script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Information gained could aid in further attacks.
@lex Guestbook 4.0.2 and prior versions are vulnerable to these issues.
NOTE: The vendor refutes these issues, stating that the vulnerabilities do not exist as specified.
5. Computer Associates BrightStor ARCServe BackUp Tape Engine Remote Code Execution Vulnerability
BugTraq ID: 22010
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/22010
Summary:
Computer Associates BrightStor ARCserve Backup is prone to a remote code-execution vulnerability due to a design error in the Tape Engine service.
A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.
Note that only applications on the Windows operating system are affected.
6. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file.
A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.
7. Joomla! and Mambo Joomlearn LMS Component 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28586
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28586
Summary:
The Joomlearn LMS component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
8. Host Directory PRO Cookie Security Bypass Vulnerability
BugTraq ID: 28863
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28863
Summary:
Host Directory PRO is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
Exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the application. This will compromise the application and may aid in further attacks.
9. Chimaera Project Aterr Multiple Local File Include Vulnerabilities
BugTraq ID: 28861
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28861
Summary:
Aterr is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
The issues affect Aterr 0.9.1; other versions might also be affected.
10. Acon Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 28862
Remote: No
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28862
Summary:
Acon is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit these issues to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.
These issues affect Acon 1.0.5; other versions may also be vulnerable.
11. XOOPS Recette 'detail.php' SQL Injection Vulnerability
BugTraq ID: 28859
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28859
Summary:
XOOPS Recette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Recette 2.2 is vulnerable to this issue; other versions may also be affected.
12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28858
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28858
Summary:
SubEdit Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
The issue affects SubEdit Player Build 4066; other versions may also be affected.
13. GNU Emacs Insecure Temporary File Creation Vulnerability
BugTraq ID: 28857
Remote: No
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28857
Summary:
Emacs creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects Emacs 21.4a and 22.2; other versions may also be affected.
14. PHP-Fusion 'submit.php' SQL Injection Vulnerability
BugTraq ID: 28855
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28855
Summary:
PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP-Fusion 6.00.307 is vulnerable to this issue; other versions may also be affected.
15. openInvoice Security Bypass Vulnerabilities
BugTraq ID: 28854
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28854
Summary:
openInvoice is prone to multiple security-bypass vulnerabilities because it fails to properly validate user credentials before performing certain actions.
Exploiting this issue may allow an attacker to bypass certain security restrictions and reset the passwords of arbitrary users of the vulnerable application. This may compromise the application and aid in further attacks.
This issue affects openInvoice 0.90 Beta; other versions may also be vulnerable.
16. YourFreeWorld Apartment Search Script 'listtest.php' SQL Injection Vulnerability
BugTraq ID: 28853
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28853
Summary:
Apartment Search Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
17. Simple Customer 'contact.php' SQL Injection Vulnerability
BugTraq ID: 28852
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28852
Summary:
Simple Customer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Simple Customer 1.2 is vulnerable; other versions may also be affected.
18. PortailPHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 22381
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/22381
Summary:
PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PortailPHP 2 is vulnerable to these issues; other versions may also be affected.
19. phShoutBox Cookie Security Bypass Vulnerability
BugTraq ID: 28856
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28856
Summary:
phShoutBox is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
Exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the application. This will compromise the application and may aid in further attacks.
This issue affects phShoutBox 1.5 Final and prior versions.
20. Voice of Web AllMyGuests 'AMG_id' SQL Injection Vulnerability
BugTraq ID: 28850
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28850
Summary:
Voice of Web AllMyGuests is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
21. DBMail Authentication Bypass Vulnerability
BugTraq ID: 28849
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28849
Summary:
DBMail is prone to a vulnerability that may let attackers authenticate without a valid password in some configurations. This could let an attacker gain unauthorized access to emails stored by the application.
22. MPlayer 'sdpplin_parse()' RTSP Integer Overflow Vulnerability
BugTraq ID: 28851
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28851
Summary:
MPlayer is prone to an interger-overflow vulnerability because it fails to perform adequate checks on externally supplied input.
Attackers can leverage this vulnerability to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
23. Azureus HTML WebUI Cross-Site Request Forgery Vulnerability
BugTraq ID: 28848
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28848
Summary:
Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability.
Successful exploits aid in transferring malicious content to unsuspecting users' computers, aiding in further attacks. Other actions may also be affected, but this has not been confirmed.
Azureus HTML WebUI 0.7.6 is vulnerable; other versions may also be affected.
24. uTorrent WebUI Cross-Site Request Forgery Vulnerability
BugTraq ID: 28847
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28847
Summary:
uTorrent WebUI is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to execute arbitrary actions in the context of the affected application.
uTorrent WebUI 0.310 beta 2 is vulnerable; other versions may also be affected.
25. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
BugTraq ID: 28781
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28781
Summary:
CUPS is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.
CUPS 1.3.7 is vulnerable; other versions may also be affected.
26. Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28749
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28749
Summary:
Python is prone to multiple remote buffer-overflow vulnerabilities because certain functions in the core API fail to properly verify user-supplied data.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running an application that uses the affected functions. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Python 2.5.2; earlier versions may also be vulnerable.
27. RSA WebID 'IISWebAgentIF.dll' Cross-Site Scripting Vulnerability
BugTraq ID: 28277
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28277
Summary:
RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RSA WebID 5.3 is vulnerable; other versions may also be affected.
28. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
BugTraq ID: 28904
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28904
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the Cinepak decoder fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6e is vulnerable; other versions may also be affected.
29. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 28818
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28818
Summary:
The Mozilla Foundation has released a security advisory disclosing a memory-corruption vulnerability that affects Mozilla Firefox, SeaMonkey, and potentially Thunderbird.
The vulnerability stems from an unspecified error in the JavaScript garbage collector.
Attackers may exploit this issue to crash a vulnerable application or potentially execute arbitrary code in the context of the application.
The issue affects Mozilla Firefox 2.0.0.13 and Mozilla SeaMonkey 1.1.9. Note that Mozilla Thunderbird shares the browser engine with Firefox and may also be vulnerable when JavaScript is enabled in emails.
30. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
BugTraq ID: 28901
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28901
Summary:
Asterisk is prone to a remote denial-of-service vulnerability caused by a flaw in the IAX2 protocol.
Successful exploits result in packet-amplification attacks. Malicious users can cause Asterisk to send large numbers of UDP datagrams to arbitrary addresses, potentially denying service to both the Asterisk service and networks that may become flooded.
31. Joomla! and Mambo Filiale Component 'idFiliale' Parameter SQL Injection Vulnerability
BugTraq ID: 28900
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28900
Summary:
The Filiale component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
32. E RESERV 'ID_loc' Parameter SQL Injection Vulnerability
BugTraq ID: 28899
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28899
Summary:
E RESERV is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
E RESERV 2.1 is vulnerable; other versions may also be affected.
33. Horde Webmail 'addevent.php' Cross-Site Scripting Vulnerability
BugTraq ID: 28898
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28898
Summary:
Horde Webmail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
This issue affects unknown versions of Horde Webmail; we may update this BID if more details become available.
34. Openfire Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 28722
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28722
Summary:
Openfire is prone to a remote denial-of-service vulnerability. The cause of this issue is unknown.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions, denying further service to legitimate users.
35. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
BugTraq ID: 28903
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28903
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Versions prior to VLC media player 0.8.6f are vulnerable.
36. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27015
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/27015
Summary:
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue.
Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.
VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.
37. VLC Media Player 'Subtitle' Buffer Overflow Vulnerability
BugTraq ID: 28274
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28274
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6e is vulnerable; other versions may also be affected.
38. VLC Media Player 'MP4_ReadBox_rdrf()' Buffer Overflow Vulnerability
BugTraq ID: 28433
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28433
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6e is vulnerable; other versions may also be affected.
39. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
BugTraq ID: 28312
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28312
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.10.1; other versions may also be vulnerable.
40. NetClassifieds Products Multiple SQL Injection Vulnerabilities
BugTraq ID: 15683
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/15683
Summary:
NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
41. NetClassifieds Multiple Input Validation Vulnerabilities
BugTraq ID: 24584
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/24584
Summary:
NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site scripting issues.
A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NetClassifieds Free, Standard, Professional, and Premium editions are reported vulnerable.
42. QIP Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 28896
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28896
Summary:
QIP is prone to a memory-corruption vulnerability caused by unspecified error when processing messages.
Very few technical details are currently available regarding this issue. We will update this BID as more information emerges.
Remote attackers may be able to execute code, but this has not been confirmed. Failed exploit attempts will likely crash the application, denying service to legitimate users.
43. Magnolia Enterprise Edition Sitedesigner module 'query' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 28897
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28897
Summary:
Sitedesigner is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Sitedesigner 1.1.4 is affected by this issue; other versions may also be affected.
44. Akiva WebBoard HTML Injection Vulnerability
BugTraq ID: 28895
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28895
Summary:
Akiva WebBoard is prone to an HTML-injection vulnerability when handling specially crafted values of form-field parameters of the profile update page.
An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.
Akiva WebBoard 8.0 is vulnerable to this issue; other versions may also be affected.
45. WordPress wpSS Spreadsheet Plugin 'ss_id' Parameter SQL Injection Vulnerability
BugTraq ID: 28894
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28894
Summary:
The WordPress Spreadsheet plugin (wpSS) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects wpSS 0.6 and prior versions.
46. OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 28819
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28819
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.
Remote attackers can exploit these issues by enticing victims into opening maliciously crafted ODF, Quattro Pro, EMF, or OLE files.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
The issues affect OpenOffice 2 prior to 2.4. The OLE and EMF file issues also affect OpenOffice 1.1.
47. Firefly Media Server 'Content-Length' Buffer Overflow Vulnerability
BugTraq ID: 28860
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28860
Summary:
Firefly Media Server (formerly known as mt-daapd) is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.
Versions prior to Firefly Media Server 0.2.4.2 are affected.
48. Multiple Wireless Routers Predictable Default WEP/WPA Key Security Bypass Vulnerability
BugTraq ID: 28893
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28893
Summary:
Multiple wireless routers are prone to a vulnerability that can allow an attacker to predict their default WEP/WPA encryption keys.
Attackers can exploit this issue to bypass authentication to an affected device, which can allow them to completely compromise the device or to gain access to the private network.
The following products are vulnerable:
- Thomson SpeedTouch
- BT Home Hub
49. Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
BugTraq ID: 23417
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/23417
Summary:
Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message.
A remote attacker can exploit this issue by submitting a maliciously crafted message to the application.
Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users.
Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable.
50. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25634
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/25634
Summary:
Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
These issues affect versions prior to Quagga Routing Suite 0.99.9.
51. Sun Solaris Self Encapsulated IP Packets Remote Denial of Service Vulnerability
BugTraq ID: 28732
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28732
Summary:
Sun Solaris is prone to a denial-of-service vulnerability because it fails to handle specially crafted network data.
A remote attacker can exploit this issue to cause the affected server to crash, resulting in a denial-of-service condition.
This issue affects Solaris 8, 9, and 10 for SPARC and x86 platforms.
52. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
BugTraq ID: 28338
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28338
Summary:
Apple Safari is prone to a buffer-overflow vulnerability.
Attackers may exploit this issue to execute arbitrary code or to crash the affected application. Other attacks are also possible.
This issue affects versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.
NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.
53. Roundup Unspecified Security Vulnerabilities
BugTraq ID: 28239
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28239
Summary:
Roundup is prone to multiple unspecified vulnerabilities.
Very few details are available regarding these issues. We will update this BID as more information emerges.
These issues affect versions prior to Roundup 1.4.4.
54. Microsoft .NET Framework Request Filtering Bypass Vulnerability
BugTraq ID: 20753
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/20753
Summary:
Microsoft .NET framework is prone to a vulnerability that may permit an attacker to bypass content filtering.
The attacker can exploit this issue to perform multiple input-validation attacks such as cross-site scripting, SQL-injection, and HTML-injection; other attacks are also possible.
55. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 24778
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/24778
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.
56. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
BugTraq ID: 24791
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/24791
Summary:
Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.
An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible.
57. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
BugTraq ID: 24811
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/24811
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.
58. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
BugTraq ID: 28552
Remote: Yes
Last Updated: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data.
Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.
59. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
BugTraq ID: 28891
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28891
Summary:
Apple Safari is prone to multiple remote vulnerabilities, including:
- A denial-of-service vulnerability caused by a write-access violation.
- A denial-of-service vulnerability caused by a read-access violation.
- A vulnerability that allows attackers to spoof the content contained in the address bar.
An attacker can exploit these issues to crash the affected application or cause the victim to interact with the attacker's malicious site.
This issue affects Apple Safari 3.1.1 for Windows; other versions may also be affected.
60. Mozilla Firefox 'document.write()' Denial of Service Vulnerability
BugTraq ID: 28892
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28892
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.
This issue affects Firefox 3 Beta 5; other versions may also be vulnerable.
61. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 28890
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28890
Summary:
Foxit Reader is prone to two remote memory-corruption vulnerabilities because it fails to handle specially crafted PDF files.
Remote attackers may be able to execute code, but this has not been confirmed. Failed exploit attempts will crash the application, denying service to legitimate users.
Foxit Reader 2.2 is vulnerable; other versions may also be affected.
62. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
BugTraq ID: 28889
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28889
Summary:
The 'grsecurity' application is prone to multiple local security-bypass vulnerabilities because it fails to properly handle return values to certain functions in the RBAC (Role-Based Access Control) system.
Successful exploits will allow attackers to bypass certain security restrictions.
Versions prior to grsecurity 2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21) are affected.
63. S9Y Serendipity HTML Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 28885
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28885
Summary:
S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
S9Y Serendipity 1.3 is vulnerable; other versions may also be affected.
64. MySQL User-Defined Function Buffer Overflow Vulnerability
BugTraq ID: 14509
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/14509
Summary:
MySQL is prone to a buffer-overflow vulnerability. The application fails to perform sufficient boundary checks on data supplied as an argument in a user-defined function.
A database user with sufficient access to create a user-defined function can exploit this issue. Attackers may also be able to exploit this issue through latent SQL-injection vulnerabilities in third-party applications that use the database as a backend.
Successful exploitation will result in the execution of arbitrary code in the context of the database server process.
65. Multiple Adobe Products BMP Image Header Buffer Overflow Vulnerability
BugTraq ID: 28874
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28874
Summary:
Multiple Adobe products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. The vulnerability occurs when handling malformed image header data in image files.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running one of the applications. Failed exploit attempts will result in a denial-of-service condition.
The following products are vulnerable:
Adobe Photoshop Album Starter 3.2
Adobe After Effects CS3
Other applications and versions may also be affected.
66. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of affected database servers. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-sanitization and bounds-checking of user-supplied data. These issues allow remote users to gain access to potentially sensitive information that may aid them in further attacks.
67. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
BugTraq ID: 28554
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.
The vulnerability resides in the Windows kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.
68. Computer Associates eTrust Secure Content Manager 'eCSqdmn' Remote Denial of Service Vulnerability
BugTraq ID: 28888
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28888
Summary:
Computer Associates eTrust Secure Content Manager is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
69. EncapsGallery Cross-Site Scripting Vulnerability and File Upload Vulnerability
BugTraq ID: 28887
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28887
Summary:
EncapsGallery is prone to a cross-site scripting vulnerability and a file-upload vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
EncapsGallery 2.0.2 is vulnerable to both of these issues; EncapsGallery 2.0.4 is vulnerable to the file-upload issue only.
70. Joomla! and Mambo FlippingBook Component 'book_id' Parameter SQL Injection Vulnerability
BugTraq ID: 28886
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28886
Summary:
The FlippingBook component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
71. SIPp 'call.cpp' Remote Buffer Overflow Vulnerability
BugTraq ID: 28884
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28884
Summary:
SIPp is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
The issue affects SIPp 3.0; other versions may also be affected.
72. ContRay 'search' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 28883
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28883
Summary:
ContRay is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
73. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28882
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28882
Summary:
Microsoft 'HeartbeatCtl' ActiveX control is prone to a remote buffer-overflow vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
74. Swfdec Untrusted Sandbox Remote Information Disclosure Vulnerability
BugTraq ID: 28881
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28881
Summary:
Swfdec is prone to a remote information-disclosure vulnerability because the software fails to securely implement restricted sandboxes for Macromedia Flash animation files.
Successful exploits allow remote attackers to access the contents of arbitrary files located on computers running the affected software. Information harvested may aid in further attacks.
Versions prior to Swfdec 0.6.4 are vulnerable to this issue.
75. Crazy Goomba 'commentaires.php' SQL Injection Vulnerability
BugTraq ID: 28880
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28880
Summary:
Crazy Goomba is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Crazy Goomba 1.2.1 is vulnerable; other versions may also be affected.
76. XOOPS Article Module 'article.php' SQL Injection Vulnerability
BugTraq ID: 28879
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28879
Summary:
XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
77. Tr Script News 'news.php' SQL Injection Vulnerability
BugTraq ID: 28876
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28876
Summary:
Tr Script News is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Tr Script News 2.1 is vulnerable; other versions may also be affected.
78. muCommander 'credentials.xml' Local Information Disclosure Vulnerability
BugTraq ID: 28875
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28875
Summary:
muCommander is prone to a local information-disclosure vulnerability because the application fails to set secure file permissions.
Attackers can leverage this issue to obtain sensitive information that may lead to other attacks.
Versions prior to muCommander 0.8.2 are vulnerable.
79. Kubelance 'ipn.php' Local File Include Vulnerability
BugTraq ID: 28873
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28873
Summary:
Kubelance is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
Kubelance 1.6.4 is vulnerable; other versions may also be affected.
80. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 28870
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28870
Summary:
Blender is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
The issue affects Blender 2.45; other versions may also be affected.
81. RedDot CMS 'ioRD.asp' SQL Injection Vulnerability
BugTraq ID: 28872
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28872
Summary:
RedDot CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to RedDot CMS 7.5.1.86 are vulnerable.
82. OpenSSH ForceCommand Command Execution Weakness
BugTraq ID: 28531
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28531
Summary:
OpenSSH is prone to a weakness that may allow attackers to execute arbitrary commands.
Successful exploits may allow attackers to execute arbitrary commands, contrary to the wishes of administrators and bypassing the intent of the 'ForceCommand' option.
Versions prior to OpenSSH 4.9 are vulnerable.
83. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 27536
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/27536
Summary:
Gnumeric is prone to a vulnerability that lets remote attakers execute arbitrary code.
Attackers may exploit this issue to corrupt memory and execute machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
The issue affects Gnumeric 1.6.3; other versions may also be vulnerable.
84. gCards GetNewsItem.PHP SQL Injection Vulnerability
BugTraq ID: 24175
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/24175
Summary:
gCards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
gCards 1.46 is vulnerable; other versions may also be affected.
85. Advanced Electron Forum 'beg' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 28865
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28865
Summary:
Advanced Electron Forum (AEF) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Advanced Electron Forum (AEF) 1.0.6 is vulnerable; other versions may also be affected.
86. Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
BugTraq ID: 28479
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28479
Summary:
Multiple BSD platforms are prone to an integer-overflow weakness.
An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects FreeBSD 6, 7 and NetBSD 4; other platforms may also be affected.
87. bzip2 Unspecified File Handling Vulnerability
BugTraq ID: 28286
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28286
Summary:
The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.
Successful exploits may allow remote code to run, but this has not been confirmed. Exploit attempts will likely crash the application.
This issue affects bzip2 1.0.4; prior versions may also be affected.
88. FishSound Library Remote Speex Decoding Code Execution Vulnerability
BugTraq ID: 28665
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28665
Summary:
The FishSound 'libfishsound' library is prone to a remote code-execution vulnerability because the software fails to properly bounds-check user-supplied data.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.
Versions prior to FishSound 0.9.1 are vulnerable.
The following applications use the library and are also vulnerable:
- Speex
- Annodex plugin for Firefox
- Illiminable DirectShow Filters
- gstreamer-plugins-good
- SDL_sound
- Sweep
- vorbis-tools
- VLC Media Player
- xine-lib
- XMMS speex plugin
Other applications may also be affected.
89. OpenSSH X Connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.
This issue affects OpenSSH 4.3p2; other versions may also be affected.
NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.
90. Red Hat 'redhat-ds-admin' Shell Command Injection and Security Bypass Vulnerabilities
BugTraq ID: 28802
Remote: Yes
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28802
Summary:
The 'redhat-ds-admin' application is prone to a command-injection issue and security-bypass issues that affect the Administration Server.
Attackers with access to the replication monitor web page can exploit the command-injection issue to execute arbitrary shell commands with the privileges of the Administration Server. Remote unauthenticated attackers can use the security-bypass vulnerabilities to access potentially sensitive information or perform certain unauthorized actions.
Note that combining the vulnerabilities would allow remote unauthorized attackers to execute arbitrary code with the privileges of the Administration Server.
NOTE: In default configurations, the Administration Server runs as unprivileged user 'nobody'.
These issues affect 'redhat-ds-admin' used with Red Hat Directory Server 8.
91. bzip2 chmod File Permission Modification Race Condition Weakness
BugTraq ID: 12954
Remote: No
Last Updated: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
The 'bzip2' utility is reported prone to a security weakness that is present only when an archive is extracted into a world- or group-writeable directory. Reportedly, bzip2 employs nonatomic procedures to write a file and later changes the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of target files.
This weakness is reported to affect bzip2 1.0.2 and previous versions.
92. Multiple Products Forgotten Password Feature CAPTCHA Security Bypass Vulnerability
BugTraq ID: 28877
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28877
Summary:
Multiple products are prone to a security-bypass vulnerability that occurs in the forgotten password feature.
An attacker can exploit this issue to gain access to user passwords of the affected application or perform other automated attacks.
The vulnerability occurs in the following products:
- PHP-Nuke 8.1 FINAL
- PHP Nuke 7.0
- 123tkshop 0.9.1
- phpMyBitTorrent 1.2.2
- torrentflux 2.3
- e107 0.7.11
- webZE 0.5.9
- Labgab Project 1.1
93. SMF Audio CAPTCHA Security Bypass Vulnerability
BugTraq ID: 28866
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28866
Summary:
SMF (Simple Machine Forum) is prone to a security-bypass vulnerability that occurs in the audio CAPTCHA protocol.
Successfully exploiting this issue may allow attackers to send unsolicited spam or perform other automated attacks.
94. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
BugTraq ID: 28833
Remote: No
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.
Successful exploits may allow authenticated users to elevate their privileges to LocalSystem. This facilitates the complete compromise of affected computers.
The issue affects Microsoft Windows XP Professional SP2 and all versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
95. Acidcat CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 28868
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28868
Summary:
Acidcat CMS is prone to multiple input-validation vulnerabilities, including:
- Multiple SQL-injection vulnerabilities.
- Multiple open-email-relay vulnerabilities.
- A cross-site scripting vulnerability.
- An arbitrary-file-upload vulnerability.
Exploiting these issues could allow attackers to compromise the affected application, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary code, steal cookie-based authentication credentials, and send unsolicited spam.
Acidcat CMS 3.1 is vulnerable; other versions may also be affected.
96. W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
BugTraq ID: 28871
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28871
Summary:
Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Philboard 1.0 is vulnerable; other versions may also be affected.
97. MoinMoin Multiple ACL Security Bypass Vulnerabilities
BugTraq ID: 28869
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28869
Summary:
MoinMoin is prone to multiple security-bypass vulnerabilities because it fails to properly handle Access Control List (ACL) entries.
Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to administrative functionality. This in turn may lead to a compromise of the affected application.
Versions prior to MoinMoin 1.6.3 are affected.
98. TorrentFlux Cross-Site Request Forgery and Remote PHP Script Code Execution Vulnerabilities
BugTraq ID: 28846
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28846
Summary:
TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability.
Exploiting these issues may allow a remote attacker to create administrative accounts in the application or to execute arbitrary PHP script code. This may facilitate the remote compromise of affected computers.
TorrentFlux 2.3 is vulnerable; other versions may also be affected.
99. Docebo SQL-Injection Vulnerability and Multiple Information Disclosure Vulnerabilities
BugTraq ID: 27211
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/27211
Summary:
Docebo is prone to multiple information-disclosure vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or access sensitive data that may be used to launch further attacks.
These issues affect Docebo 3.5.0.3; other versions may also be vulnerable.
100. XLPortal 'index.php' SQL Injection Vulnerability
BugTraq ID: 28408
Remote: Yes
Last Updated: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28408
Summary:
XLPortal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
XLPortal 2.2.4 is vulnerable; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. U.S. gov't pushes cybersecurity at con
By: Robert Lemos
Top Bush Administration officials descend on the RSA Security Conference laying out their plans for protecting critical networks and giving a small taste of the latest national cyber exercise, Cyber Storm II.
http://www.securityfocus.com/news/11513
2. Web developers, fix thy Flash
By: Robert Lemos
Flaws that allow cross-site scripting attacks through Adobe Flash files could let attackers compromise online accounts and local networks. Yet, Web publishers have been slow to fix their sites, a security researcher says.
http://www.securityfocus.com/news/11511
3. Hacking contest highlights value of vulnerabilities
By: Robert Lemos
After a handful of critics slammed the modest cash prizes, larger bounties will be offered to the security pros that successfully compromise any of three laptops at a coming conference.
http://www.securityfocus.com/news/11510
4. House aims to scrutinize warrantless taps
By: Robert Lemos
The fight over a law to grant the U.S. government greater surveillance capabilities intensifies as House Democrats refuse to give telcos immunity for allowing past wiretaps without warrants.
http://www.securityfocus.com/news/11509
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491103
2. [SJ-JOB] Sr. Security Analyst, New York
http://www.securityfocus.com/archive/77/491094
3. [SJ-JOB] VP of Regional Sales, DC Metro Area
http://www.securityfocus.com/archive/77/491105
4. [SJ-JOB] VP of Regional Sales, Washington
http://www.securityfocus.com/archive/77/491101
5. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491102
6. [SJ-JOB] CHECK Team Leader, lojment 200
http://www.securityfocus.com/archive/77/491104
7. [SJ-JOB] Technology Risk Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491093
8. [SJ-JOB] CISO, London
http://www.securityfocus.com/archive/77/491096
9. [SJ-JOB] Sr. Security Engineer, Washington DC
http://www.securityfocus.com/archive/77/491097
10. [SJ-JOB] Sr. Security Analyst, Bellevue
http://www.securityfocus.com/archive/77/491098
11. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491100
12. [SJ-JOB] Sales Engineer, Bedford
http://www.securityfocus.com/archive/77/491090
13. [SJ-JOB] Manager, Information Security, Cleveland
http://www.securityfocus.com/archive/77/491091
14. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/491092
15. [SJ-JOB] Compliance Officer, UK Wide
http://www.securityfocus.com/archive/77/491095
16. [SJ-JOB] Security Architect, Washington
http://www.securityfocus.com/archive/77/491086
17. [SJ-JOB] Product Strategist, Redmond
http://www.securityfocus.com/archive/77/491088
18. [SJ-JOB] Information Assurance Analyst, Hertfordshire
http://www.securityfocus.com/archive/77/491089
19. [SJ-JOB] Security Consultant, Austin
http://www.securityfocus.com/archive/77/491080
20. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/491081
21. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491084
22. [SJ-JOB] Information Assurance Engineer, Arlington
http://www.securityfocus.com/archive/77/491085
23. [SJ-JOB] Sales Representative, London
http://www.securityfocus.com/archive/77/491087
24. [SJ-JOB] Developer, Redmond
http://www.securityfocus.com/archive/77/491078
25. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/491079
26. [SJ-JOB] VP of Regional Sales, Parsippany
http://www.securityfocus.com/archive/77/491082
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. SyScan'08 Singapore - Call for Paper
http://www.securityfocus.com/archive/82/491136
2. Aztech ADSL2/2+ 4 Port default password
http://www.securityfocus.com/archive/82/491072
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #390
http://www.securityfocus.com/archive/88/490993
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP
PCI Compliance - Are you ready for June 2008?
After June 2008, the PCI DSS will begin enforcing requirement 6, "Ensure that all web facing applications are protected against known attacks. This free white paper, from HP Software, 'Web application security and PCI DSS compliance: is your data secure?' provides a comprehensive overview of PCI DSS as it relates to web application security and gives you the information you need to avoid fines loss of credit card privileges.
No comments:
Post a Comment