WINDOWS CENTER: SecurityFocus Newsletter #455

SecurityFocus Newsletter #455
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Anti-Social Networking
2. Thinking Beyond the Ivory Towers
II. BUGTRAQ SUMMARY
1. Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities
2. ClassSystem Multiple SQL Injection Vulnerabilities and Arbitrary File Upload Vulnerability
3. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
4. SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
5. Mozilla Firefox JSframe Heap Corruption Denial of Service Vulnerability
6. Cisco Service Control Engine SSH Server Multiple Denial of Service Vulnerabilities
7. Cisco Unified Customer Voice Portal Unspecified Privilege Escalation Vulnerability
8. Cisco IOS SSH Multiple Denial of Service Vulnerabilities
9. IBM Lotus Domino Web Server Unspecified Cross Site Scripting Vulnerability
10. libxslt XSL File Processing Buffer Overflow Vulnerability
11. IBM Lotus Domino Web Server 'Accept Language' HTTP Header Buffer Overflow Vulnerability
12. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
13. Php-Jokesite 'jokes_category.php' SQL Injection Vulnerability
14. MX-System 'index.php' SQL Injection Vulnerability
15. OpenSSH ForceCommand Command Execution Weakness
16. EntertainmentScript 'page.php' Local File Include Vulnerability
17. eCMS Multiple Security Vulnerabilities
18. Borland InterBase Malformed Packet Remote Stack Based Buffer Overflow Vulnerability
19. Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
20. ComicShout 'index.php' SQL Injection Vulnerability
21. DizaynPlus Nobetci Eczane Takip 'ayrinti.asp' Parameter SQL Injection Vulnerability
22. Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
23. Mantis Multiple Input Validation Vulnerabilities
24. FireFTP 'MLSD' And 'LIST' Commands Directory Traversal Vulnerability
25. Apple iCal 'TRIGGER' Parameter Denial of Service Vulnerability
26. IBM AIX 'pioout' Local Buffer Overflow Vulnerability
27. OpenSSH X Connections Session Hijacking Vulnerability
28. phpFix Multiple SQL Injection Vulnerabilities
29. Excuse Online 'pwd.asp' SQL Injection Vulnerability
30. miniCWB 'connector.php' Multiple Cross-Site Scripting Vulnerabilities
31. Zina 'index.php' Multiple Input Validation Vulnerabilities
32. WordPress Upload File Plugin 'wp-uploadfile.php' SQL Injection Vulnerability
33. Joomla! and Mambo Alberghi Component 'id' Parameter SQL Injection Vulnerability
34. Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service Vulnerability
35. Debian OpenSSL Package Random Number Generator Weakness
36. AbleSpace 'adv_cat.php' SQL Injection Vulnerability
37. Lenovo System Update SSL Certificate Validation Security Bypass Vulnerability
38. PCPIN Chat 'inc/url_redirection.inc.php' Cross-Site Scripting Vulnerability
39. Horde Kronolith Multiple Cross-Site Scripting Vulnerabilities
40. SaraB DAR Encryption Ciphers Local Information Disclosure Vulnerability
41. Core FTP 'LIST' Command Directory Traversal Vulnerability
42. eMule Plus Unspecified Security Vulnerability
43. libpam-pgsql 'pam_pgsql.c' Authentication Bypass Vulnerability
44. Xomol CMS 'index.php' Local File Include Vulnerability
45. Xomol CMS 'index.php' SQL Injection Vulnerability
46. plusPHP Short URL Multi-User Script Remote File Include Vulnerability
47. phpRaider phpbb3 Bridge 'phpbb3.functions.php' Remote File Include Vulnerability
48. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
49. RoomPHPlanning 'resaopen.php' SQL Injection Vulnerability
50. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
51. DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability
52. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
53. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
54. Campus Bulletin Board SQL Injection and Cross-Site Scripting Vulnerabilities
55. OneCMS 'load' Parameter Local File Include Vulnerability
56. RETIRED: BosDev BosNews '/admin/index.php' Authentication Bypass Vulnerability
57. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
58. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
59. PCRE Character Class Buffer Overflow Vulnerability
60. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
61. Quate CMS Multiple Input Validation Vulnerabilities
62. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
63. Cerberus Helpdesk Controller Authentication Information Disclosure Vulnerability
64. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
65. F5 Networks FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting Vulnerability
66. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
67. Sava CMS SQL Injection and Cross-Site Scripting Vulnerabilities
68. Xerox WorkCentre Unspecified HTML Injection Vulnerability
69. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
70. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
71. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
72. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
73. AbleDating 'search_results.php' Multiple Input Validation Vulnerabilities
74. WWW File Share Pro Unspecified Arbitrary File Upload Vulnerability
75. Barracuda Spam Firewall 'ldap_test.cgi' Cross-Site Scripting Vulnerability
76. BMForum Multiple Cross Site Scripting Vulnerabilities
77. phpSQLiteCMS Multiple Cross-Site Scripting Vulnerabilities
78. phpFreeForum Multiple Cross Site Scripting Vulnerabilities
79. FishSound Library Remote Speex Decoding Code Execution Vulnerability
80. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
81. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
82. Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
83. CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
84. Cerberus Helpdesk Unspecified Security Vulnerability
85. Interchange Unspecified HTTP POST Request Denial Of Service Vulnerability
86. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
87. Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities
88. Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities
89. 6rbScript 'news.php' SQL Injection Vulnerability
90. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
91. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
92. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
93. IBM Lotus Sametime Multiplexer Buffer Overflow Vulnerability
94. Snort Time To Live Fragment Reassembly Security Bypass Weakness
95. Sun Solaris 10 STREAM Administrative Driver Denial of Service Vulnerability
96. IBM AIX Kernel Local Buffer Overflow Vulnerability
97. IBM AIX 'iostat' Command Local Privilege Escalation Vulnerability
98. IBM AIX 'errpt' Local Buffer Overflow Vulnerability
99. Netious CMS 'index.php' SQL Injection Vulnerability
100. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Legal experts wary of MySpace hacking charges
2. Admins warned of brute-force SSH attacks
3. Groups warn travelers to limit laptop data
4. Patches pose significant risk, researchers say
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Fort Worth
2. [SJ-JOB] Forensics Engineer, Cambridgeshire
3. [SJ-JOB] Security Engineer, New Castle
4. [SJ-JOB] Security Consultant, New Castle
5. [SJ-JOB] Technology Risk Consultant, Boston
6. [SJ-JOB] Security Consultant, San Francisco
7. [SJ-JOB] Forensics Engineer, London
8. [SJ-JOB] Manager, Information Security, London
9. [SJ-JOB] Security Consultant, San Francisco
10. [SJ-JOB] Account Manager, San Jose
11. [SJ-JOB] Incident Handler, Wilmington
12. [SJ-JOB] Application Security Architect, New York
13. [SJ-JOB] Security Consultant, Open Location
14. [SJ-JOB] Director, Information Security, South Florida
15. [SJ-JOB] Sales Engineer, New York
16. [SJ-JOB] Application Security Engineer, Ottawa
17. [SJ-JOB] Senior Software Engineer, Alpharetta
18. [SJ-JOB] Security Engineer, Torrance
19. [SJ-JOB] Security Engineer, Reston
20. [SJ-JOB] Security Auditor, New York
21. [SJ-JOB] Security Auditor, Washington
22. [SJ-JOB] Security Auditor, chicago
23. [SJ-JOB] Sales Engineer, Philadelphia
24. [SJ-JOB] Security Auditor, San Francisco
25. [SJ-JOB] Application Security Engineer, Dallas
26. [SJ-JOB] Security Consultant, Long Island
27. [SJ-JOB] Application Security Engineer, Washington
28. [SJ-JOB] Security Consultant, New York
29. [SJ-JOB] Application Security Engineer, Los Angeles
30. [SJ-JOB] Security Consultant, chicago
31. [SJ-JOB] Security System Administrator, San Jose
32. [SJ-JOB] Application Security Engineer, San Jose
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #395
2. Binding Windows Services to Specific Addresses Only
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CfP hack.lu 2008
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473

2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

http://www.securityfocus.com/columnists/472

II. BUGTRAQ SUMMARY
--------------------
1. Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities
BugTraq ID: 29373
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29373
Summary:
Mambo is prone to an SQL-injection vulnerability and an HTTP-response-splitting issue because the application fails to properly sanitize user-supplied input.

An attacker could exploit these vulnerabilities to access or modify data, exploit latent vulnerabilities in the underlying database, or coax victims into a false sense of security so they may divulge sensitive information.

Versions prior to Mambo 4.6.4 are vulnerable.

2. ClassSystem Multiple SQL Injection Vulnerabilities and Arbitrary File Upload Vulnerability
BugTraq ID: 29372
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29372
Summary:
ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.

Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable.

3. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
BugTraq ID: 29320
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29320
Summary:
SETroubleShoot sealert creates temporary files in an insecure way.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

4. SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
BugTraq ID: 29317
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29317
Summary:
SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SAP Web Application Server 7.0 is vulnerable; other versions may also be affected.

5. Mozilla Firefox JSframe Heap Corruption Denial of Service Vulnerability
BugTraq ID: 29318
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29318
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects Firefox 2.0.0.14; other versions may also be vulnerable.

6. Cisco Service Control Engine SSH Server Multiple Denial of Service Vulnerabilities
BugTraq ID: 29316
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29316
Summary:
Cisco SCE (Service Control Engine) devices are prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to disrupt system stability or cause devices to reload. Successful exploits will deny service to legitimate users.

SCE devices running versions prior to SCOS (Service Control Operating System) 3.1.6 may be affected.

7. Cisco Unified Customer Voice Portal Unspecified Privilege Escalation Vulnerability
BugTraq ID: 29315
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29315
Summary:
Cisco Unified Customer Voice Portal is prone to an unspecified privilege-escalation vulnerability. Note that this issue is exploitable only by users with administrative access to the affected software.

Successfully exploiting this issue allows attackers to gain superuser access, facilitating the complete compromise of affected computers.

This issue is documented as Cisco Bug ID CSCsj93874.

8. Cisco IOS SSH Multiple Denial of Service Vulnerabilities
BugTraq ID: 29314
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29314
Summary:
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities affecting the SSH (Secure Shell) implementation.

Successfully exploiting these issues allows remote attackers to generate spurious memory-access errors or cause the targeted device to reload. Repeated attacks will lead to denial-of-service conditions.

These issues are tracked by Cisco Bug IDs CSCsk42419, CSCsk60020, and CSCsh51293.

These issues affect devices running 12.4-based IOS releases that have SSH configured. Note that SSH is not configured by default.

9. IBM Lotus Domino Web Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 29311
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29311
Summary:
IBM Lotus Domino Web server is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The issue affects IBM Lotus Domino 6.0, 6.5, 7.0, and 8.0.

10. libxslt XSL File Processing Buffer Overflow Vulnerability
BugTraq ID: 29312
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29312
Summary:
The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects libxslt 1.1.23 and prior versions.

11. IBM Lotus Domino Web Server 'Accept Language' HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 29310
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29310
Summary:
IBM Lotus Domino Server Web server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application, which usually runs with LocalSystem privileges. Failed exploit attempts will result in a denial of service.

The issue affects IBM Lotus Domino 6.0, 6.5, 7.0, and 8.0.

12. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29309
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29309
Summary:
Stunnel is prone to a security-bypass vulnerability because the OCSP functionality fails to properly check revoked certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.

This issue affects versions prior to Stunnel 4.24.

13. Php-Jokesite 'jokes_category.php' SQL Injection Vulnerability
BugTraq ID: 29308
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29308
Summary:
Php-Jokesite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Php-Jokesite 2.0 is vulnerable; other versions may also be affected.

14. MX-System 'index.php' SQL Injection Vulnerability
BugTraq ID: 29307
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29307
Summary:
MX-System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MX-System 2.7.3 is vulnerable; other versions may also be affected.

15. OpenSSH ForceCommand Command Execution Weakness
BugTraq ID: 28531
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28531
Summary:
OpenSSH is prone to a weakness that may allow attackers to execute arbitrary commands.

Successful exploits may allow attackers to execute arbitrary commands, contrary to the wishes of administrators and bypassing the intent of the 'ForceCommand' option.

Versions prior to OpenSSH 4.9 are vulnerable.

16. EntertainmentScript 'page.php' Local File Include Vulnerability
BugTraq ID: 29306
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29306
Summary:
EntertainmentScript is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The issue affects EntertainmentScript 1.4.0; other versions may also be vulnerable.

17. eCMS Multiple Security Vulnerabilities
BugTraq ID: 29304
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29304
Summary:
eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue.

Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the application. The attacker can also exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This will compromise the application and may aid in further attacks.

These issues affect eCMS 0.4.2; other versions may also be affected.

18. Borland InterBase Malformed Packet Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29302
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29302
Summary:
Borland InterBase is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

Please note that if the application runs as a Windows service, successful attacks will allow arbitrary code to run with SYSTEM-level privileges. This will lead to a complete compromise of an affected computer.

The issue affects Borland InterBase 2007 SP2; other versions may also be vulnerable.

19. Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
BugTraq ID: 29303
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29303
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple cross-site scripting vulnerabilities because of a design error. The HTML parser used by these applications fails to properly handle certain character encodings.

An attacker can exploit these issues to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

20. ComicShout 'index.php' SQL Injection Vulnerability
BugTraq ID: 29301
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29301
Summary:
ComicShout is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ComicShout 2.5 is vulnerable; other versions may also be affected.

21. DizaynPlus Nobetci Eczane Takip 'ayrinti.asp' Parameter SQL Injection Vulnerability
BugTraq ID: 29300
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29300
Summary:
DizaynPlus Nobetci Eczane Takip is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DizaynPlus Nobetci Eczane Takip 1.0 is vulnerable; other versions may also be affected.

22. Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
BugTraq ID: 29299
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29299
Summary:
Site Tanitimlari Scripti is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

23. Mantis Multiple Input Validation Vulnerabilities
BugTraq ID: 29297
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29297
Summary:
Mantis is prone to a cross-site scripting vulnerability and an arbitrary-script-execution vulnerability because it fails to adequately sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers with a valid administrator account may be able to execute PHP code.

Mantis 1.1.1 is vulnerable; other versions may also be affected.

24. FireFTP 'MLSD' And 'LIST' Commands Directory Traversal Vulnerability
BugTraq ID: 29289
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29289
Summary:
FireFTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

FireFTP 0.97.1 is vulnerable; other versions may also be affected.

25. Apple iCal 'TRIGGER' Parameter Denial of Service Vulnerability
BugTraq ID: 28632
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/28632
Summary:
Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.

26. IBM AIX 'pioout' Local Buffer Overflow Vulnerability
BugTraq ID: 27428
Remote: No
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/27428
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

27. OpenSSH X Connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.

Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.

This issue affects OpenSSH 4.3p2; other versions may also be affected.

NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.

28. phpFix Multiple SQL Injection Vulnerabilities
BugTraq ID: 29371
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29371
Summary:
phpFix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpFix 2.0 is vulnerable; other versions may also be affected.

29. Excuse Online 'pwd.asp' SQL Injection Vulnerability
BugTraq ID: 29370
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29370
Summary:
Excuse Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

30. miniCWB 'connector.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29368
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29368
Summary:
miniCWB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

miniCWB 2.1.1 is vulnerable; other versions may also be affected.

31. Zina 'index.php' Multiple Input Validation Vulnerabilities
BugTraq ID: 29367
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29367
Summary:
Zina is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the browser of a victim in the context of the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks.

Zina 1.0rc3 vulnerable; other versions may also be affected.

32. WordPress Upload File Plugin 'wp-uploadfile.php' SQL Injection Vulnerability
BugTraq ID: 29352
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29352
Summary:
The Upload File plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

33. Joomla! and Mambo Alberghi Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 28331
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/28331
Summary:
The Alberghi component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Alberghi 2.1.3; other versions may also be affected.

34. Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service Vulnerability
BugTraq ID: 29023
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29023
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability because of SCTP (Stream Control Transmission Protocol) protocol processing.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

35. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

36. AbleSpace 'adv_cat.php' SQL Injection Vulnerability
BugTraq ID: 29369
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29369
Summary:
AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AbleSpace 1.0 is vulnerable; other versions may also be affected.

37. Lenovo System Update SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29366
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29366
Summary:
Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer.

This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable.

38. PCPIN Chat 'inc/url_redirection.inc.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29363
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29363
Summary:
PCPIN Chat is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to PCPIN Chat 6.11.

39. Horde Kronolith Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29365
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29365
Summary:
Horde Kronolith is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Specific vulnerable versions have not been provided. We will update this BID as more information emerges.

40. SaraB DAR Encryption Ciphers Local Information Disclosure Vulnerability
BugTraq ID: 29364
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29364
Summary:
SaraB is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

The issue affects versions prior to SaraB 0.2.4.

41. Core FTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29362
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29362
Summary:
Core FTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

Core FTP LE/PRO 2.1 Build 1565 is vulnerable; other versions may also be affected.

42. eMule Plus Unspecified Security Vulnerability
BugTraq ID: 29361
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29361
Summary:
eMule Plus is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to eMule Plus 1.2d.

43. libpam-pgsql 'pam_pgsql.c' Authentication Bypass Vulnerability
BugTraq ID: 29360
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29360
Summary:
The 'libpam-pgsql' module is prone to an authentication-bypass vulnerability that could let an attacker bypass authentication in applications that use this module for authenticating users.

The issue affects libpam-pgsql 0.6.3 and prior versions.

44. Xomol CMS 'index.php' Local File Include Vulnerability
BugTraq ID: 29359
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29359
Summary:
Xomol CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Xomol CMS 1 is vulnerable; other versions may also be affected.

45. Xomol CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29358
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29358
Summary:
Xomol CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Xomol CMS 1 is vulnerable; other versions may also be affected.

46. plusPHP Short URL Multi-User Script Remote File Include Vulnerability
BugTraq ID: 29357
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29357
Summary:
plusPHP Short URL Multi-User Script is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

plusPHP Short URL Multi-User Script 1.6 is vulnerable; other versions may also be affected.

47. phpRaider phpbb3 Bridge 'phpbb3.functions.php' Remote File Include Vulnerability
BugTraq ID: 29356
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29356
Summary:
phpRaider is prone to a remote file-include vulnerability that affects the phpbb3 bridge functionality because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpRaider 1.0.7 is vulnerable; other versions may also be affected.

48. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
BugTraq ID: 29355
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29355
Summary:
Sun Java System Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that uses the affected functionality. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sun Java System Web Server 6.1 and 7.0 for SPARC, x86, Linux, Windows, HP-UX, and AIX platforms.

49. RoomPHPlanning 'resaopen.php' SQL Injection Vulnerability
BugTraq ID: 29354
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29354
Summary:
RoomPHPlanning is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RoomPHPlanning 1.5 is vulnerable; other versions may also be affected.

50. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 29290
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29290
Summary:
The 'mtr' utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

51. DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability
BugTraq ID: 29353
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29353
Summary:
DZOIC Handshakes is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DZOIC Handshakes 3.5 is vulnerable; other versions may also be affected.

52. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
BugTraq ID: 29292
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29292
Summary:
GnuTLS is prone to multiple remote vulnerabilities, including:

- A buffer-overflow vulnerability
- Multiple denial-of-service vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Versions prior to GnuTLS 2.2.5 are vulnerable.

53. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
BugTraq ID: 29377
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29377
Summary:
RoomPHPlanning is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts used for created accounts.

An attacker can exploit this vulnerability to gain unauthorized administrative access to the application; other attacks are also possible.

RoomPHPlanning 1.5 is vulnerable; other versions may also be vulnerable.

54. Campus Bulletin Board SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29375
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29375
Summary:
Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected.

55. OneCMS 'load' Parameter Local File Include Vulnerability
BugTraq ID: 29374
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29374
Summary:
OneCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue allows remote attackers to view local files within the context of the webserver process.

56. RETIRED: BosDev BosNews '/admin/index.php' Authentication Bypass Vulnerability
BugTraq ID: 28792
Remote: Yes
Last Updated: 2008-05-24
Relevant URL: http://www.securityfocus.com/bid/28792
Summary:
BosDev BosNews is prone to an authentication-bypass vulnerability because it fails to restrict access to certain scripts.

Attackers can leverage this issue to create arbitrary administrative user accounts and gain unauthorized access to the application. Successful attacks will compromise the application and possibly the underlying webserver.

BosNews 4.0 and 2002 through 2006 are vulnerable; other versions may also be affected.

RETIRED: This BID is being retired because the vendor states that only guest user accounts can be created in the described manner.

57. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29343
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29343
Summary:
SAFARI Montage is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

SAFARI Montage 3.1.3 is vulnerable; other versions may also be affected.

58. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

59. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of an application using the library. Failed exploit attempts will likely cause denial-of-service conditions.

The issue affects versions prior to PCRE 7.6.

60. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
BugTraq ID: 28392
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28392
Summary:
PHP 5 is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of a webserver affected by the issue. Failed attempts will likely result in denial-of-service conditions.

PHP 5.2.5 and prior versions are vulnerable.

61. Quate CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 29348
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29348
Summary:
Quate CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include remote and local file-include vulnerabilities, cross-site scripting vulnerabilities, and a directory-traversal vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary local or remote script code in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information, or compromise the affected application and possibly the underlying system.

Quate CMS 0.3.4 is vulnerable; other versions may also be affected.

62. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
BugTraq ID: 28288
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28288
Summary:
UnZip is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted ZIP file ('.zip').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

UnZip 5.52 is vulnerable; other versions may be affected as well.

63. Cerberus Helpdesk Controller Authentication Information Disclosure Vulnerability
BugTraq ID: 29347
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29347
Summary:
Cerberus Helpdesk is prone to an information-disclosure vulnerability because of an authentication error on certain webpages.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

64. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
BugTraq ID: 28695
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28695
Summary:
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

65. F5 Networks FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 26659
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/26659
Summary:
F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

F5 Networks FirePass 4100 SSL VPNs running these firmware versions are vulnerable:

5.4.1 through 5.5.2
6.0
6.0.1

66. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27015
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/27015
Summary:
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.

VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.

67. Sava CMS SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29346
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29346
Summary:
Sava CMS is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Versions prior to Sava CMS 5.0.122 are vulnerable.

68. Xerox WorkCentre Unspecified HTML Injection Vulnerability
BugTraq ID: 29345
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29345
Summary:
Xerox WorkCentre Web Server is prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

The following Xerox WorkCentre versions are affected:

WorkCentre 7132
WorkCentre 7228
WorkCentre 7235
WorkCentre 7245

69. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
BugTraq ID: 29344
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29344
Summary:
e107 BLOG Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

e107 BLOG Engine 2.2 is vulnerable; other versions may also be affected.

70. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
BugTraq ID: 29322
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29322
Summary:
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

71. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
BugTraq ID: 26468
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/26468
Summary:
Microsoft Jet DataBase Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Further details report that attackers are using malicious Word files to load specially crafted MDB files. Microsoft has released a knowledge base article (950627) documenting this attack vector.

This issue does not affect Windows Server 2003 Service Pack 2, Windows XP Service Pack 3, Windows XP x64 edition Server Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008 because they run a version of the Jet Database Engine that isn't vulnerable.

This issue does affect the Jet Database Engine, Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

72. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
BugTraq ID: 29288
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29288
Summary:
Foxit Reader is prone to a remote buffer-overflow vulnerability when handling PDF files with specially crafted JavaScript code.

Exploiting this issue may allow attackers to corrupt memory and execute arbitrary machine code in the context of users running the affected application. Failed exploits will likely cause denial-of-service conditions.

This issue affects Foxit Reader 2.3 build 2825; other versions may also be affected.

73. AbleDating 'search_results.php' Multiple Input Validation Vulnerabilities
BugTraq ID: 29342
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29342
Summary:
AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.

These issues affect AbleDating 2.4; other versions may also be vulnerable.

74. WWW File Share Pro Unspecified Arbitrary File Upload Vulnerability
BugTraq ID: 29341
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29341
Summary:
WWW File Share Pro is prone to a vulnerability that lets attackers upload arbitrary files.

An attacker can exploit this vulnerability to upload files and execute arbitrary script code in the context of the webserver process. This may aid in further attacks.

Few details are available about this issue; we will update this BID as more information is disclosed.

This issue is reported to affect WWW File Share Pro 5.30.

75. Barracuda Spam Firewall 'ldap_test.cgi' Cross-Site Scripting Vulnerability
BugTraq ID: 29340
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29340
Summary:
Barracuda Spam Firewall is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Firmware prior to Barracuda Spam Firewall 3.5.11.025 is vulnerable.

76. BMForum Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29339
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29339
Summary:
BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

BMForum 5.6 is vulnerable; other versions may also be affected.

77. phpSQLiteCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29338
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29338
Summary:
phpSQLiteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

phpSQLiteCMS 1 RC2 is vulnerable; other versions may also be affected.

78. phpFreeForum Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29337
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29337
Summary:
phpFreeForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

79. FishSound Library Remote Speex Decoding Code Execution Vulnerability
BugTraq ID: 28665
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28665
Summary:
The FishSound 'libfishsound' library is prone to a remote code-execution vulnerability because the software fails to properly bounds-check user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to FishSound 0.9.1 are vulnerable.

The following applications use the library and are also vulnerable:

- Speex
- Annodex plugin for Firefox
- Illiminable DirectShow Filters
- gstreamer-plugins-good
- SDL_sound
- Sweep
- vorbis-tools
- VLC Media Player
- xine-lib
- XMMS speex plugin

Other applications may also be affected.

80. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
BugTraq ID: 28816
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28816
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

81. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28370
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28370
Summary:
The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

These issues affect xine-lib 1.1.11; other versions may also be affected.

82. Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 29330
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29330
Summary:
Trillian is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Remote attackers can exploit these issues to execute arbitrary code with the privileges of the user running the application.

Versions prior to Trillian 3.1.10.0 are vulnerable.

83. CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 28268
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28268
Summary:
The Unicenter DSM r11 List Control ATX ActiveX control, included with CA BrightStor ARCserve Backup, is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of an application running the control (typically Internet Explorer). Failed attacks will cause denial-of-service conditions.

84. Cerberus Helpdesk Unspecified Security Vulnerability
BugTraq ID: 29335
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29335
Summary:
Cerberus Helpdesk is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to Cerberus Helpdesk 4.0 (Build 603).

85. Interchange Unspecified HTTP POST Request Denial Of Service Vulnerability
BugTraq ID: 29334
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29334
Summary:
Interchange is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to stop responding, denying further service to legitimate users.

This issue affects versions prior to Interchange 5.6.0.

86. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

87. Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities
BugTraq ID: 29333
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29333
Summary:
Netbutikker is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netbutikker 4 and prior versions are vulnerable.

88. Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29332
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29332
Summary:
Weblosninger is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Weblosninger 4 and prior versions are vulnerable.

89. 6rbScript 'news.php' SQL Injection Vulnerability
BugTraq ID: 29331
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29331
Summary:
6rbScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

90. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

91. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

92. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
BugTraq ID: 26188
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26188
Summary:
Gnome-screensaver is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.

This issue affects gnome-screensaver released with Ubuntu 7.10; fixes from Ubuntu are available; other versions may also be affected.

93. IBM Lotus Sametime Multiplexer Buffer Overflow Vulnerability
BugTraq ID: 29328
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29328
Summary:
IBM Lotus Sametime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

94. Snort Time To Live Fragment Reassembly Security Bypass Weakness
BugTraq ID: 29327
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29327
Summary:
Snort is prone to a security-bypass weakness because of a design error affected by the Time To Live values of disassembled network packets.

Attackers can exploit this issue to bypass all Snort rules. This may facilitate further attacks.

This issue affects Snort 2.8 and 2.6 on multiple platforms.

95. Sun Solaris 10 STREAM Administrative Driver Denial of Service Vulnerability
BugTraq ID: 29326
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29326
Summary:
Sun Solaris is prone to a denial-of-service vulnerability due to a race-condition error.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

96. IBM AIX Kernel Local Buffer Overflow Vulnerability
BugTraq ID: 29329
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29329
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

97. IBM AIX 'iostat' Command Local Privilege Escalation Vulnerability
BugTraq ID: 29325
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29325
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability caused by an environment variable error.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue may result in the complete compromise of affected computers.

The following versions are vulnerable:

AIX 5.2
AIX 5.3
AIX 6.1

98. IBM AIX 'errpt' Local Buffer Overflow Vulnerability
BugTraq ID: 29323
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29323
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

99. Netious CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29319
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29319
Summary:
Netious CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netious CMS 0.4 is vulnerable; other versions may also be affected.

100. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
BugTraq ID: 29324
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29324
Summary:
SETroubleShoot sealert is prone to a script-injection vulnerability when handling certain log records.

Attackers can exploit the issue to execute arbitrary script code in the browser of an unsuspecting user.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Legal experts wary of MySpace hacking charges
By: Robert Lemos
Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
http://www.securityfocus.com/news/11519

2. Admins warned of brute-force SSH attacks
By: Robert Lemos
Normally considered a low-level threat on the Internet, scans for default-configured secure shell servers spiked this week.
http://www.securityfocus.com/news/11518

3. Groups warn travelers to limit laptop data
By: Robert Lemos
In a letter to Congress, nearly three dozen organizations protest the seizures of electronic devices by U.S. customs officials, an act upheld by a federal appeals court in a recent ruling.
http://www.securityfocus.com/news/11516

4. Patches pose significant risk, researchers say
By: Robert Lemos
A group of four computer scientists say Windows Update -- and other patch services -- should be redesigned, after they create a technique to quickly produce attack code from a distributed patch.
http://www.securityfocus.com/news/11514

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sr. Security Analyst, Fort Worth
http://www.securityfocus.com/archive/77/492490

2. [SJ-JOB] Forensics Engineer, Cambridgeshire
http://www.securityfocus.com/archive/77/492480

3. [SJ-JOB] Security Engineer, New Castle
http://www.securityfocus.com/archive/77/492488

4. [SJ-JOB] Security Consultant, New Castle
http://www.securityfocus.com/archive/77/492483

5. [SJ-JOB] Technology Risk Consultant, Boston
http://www.securityfocus.com/archive/77/492487

6. [SJ-JOB] Security Consultant, San Francisco
http://www.securityfocus.com/archive/77/492489

7. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/492481

8. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/492482

9. [SJ-JOB] Security Consultant, San Francisco
http://www.securityfocus.com/archive/77/492484

10. [SJ-JOB] Account Manager, San Jose
http://www.securityfocus.com/archive/77/492485

11. [SJ-JOB] Incident Handler, Wilmington
http://www.securityfocus.com/archive/77/492351

12. [SJ-JOB] Application Security Architect, New York
http://www.securityfocus.com/archive/77/492352

13. [SJ-JOB] Security Consultant, Open Location
http://www.securityfocus.com/archive/77/492353

14. [SJ-JOB] Director, Information Security, South Florida
http://www.securityfocus.com/archive/77/492354

15. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/492355

16. [SJ-JOB] Application Security Engineer, Ottawa
http://www.securityfocus.com/archive/77/492345

17. [SJ-JOB] Senior Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/492348

18. [SJ-JOB] Security Engineer, Torrance
http://www.securityfocus.com/archive/77/492349

19. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/492350

20. [SJ-JOB] Security Auditor, New York
http://www.securityfocus.com/archive/77/492342

21. [SJ-JOB] Security Auditor, Washington
http://www.securityfocus.com/archive/77/492347

22. [SJ-JOB] Security Auditor, chicago
http://www.securityfocus.com/archive/77/492356

23. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/492357

24. [SJ-JOB] Security Auditor, San Francisco
http://www.securityfocus.com/archive/77/492358

25. [SJ-JOB] Application Security Engineer, Dallas
http://www.securityfocus.com/archive/77/492336

26. [SJ-JOB] Security Consultant, Long Island
http://www.securityfocus.com/archive/77/492340

27. [SJ-JOB] Application Security Engineer, Washington
http://www.securityfocus.com/archive/77/492343

28. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/492344

29. [SJ-JOB] Application Security Engineer, Los Angeles
http://www.securityfocus.com/archive/77/492339

30. [SJ-JOB] Security Consultant, chicago
http://www.securityfocus.com/archive/77/492341

31. [SJ-JOB] Security System Administrator, San Jose
http://www.securityfocus.com/archive/77/492337

32. [SJ-JOB] Application Security Engineer, San Jose
http://www.securityfocus.com/archive/77/492338

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #395
http://www.securityfocus.com/archive/88/492421

2. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CfP hack.lu 2008
http://www.securityfocus.com/archive/91/492320

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

News

Monday, May 26, 2008

SecurityFocus Newsletter #455

No comments:

WINDOWS CENTER

Blog Archive