SecurityFocus Newsletter #456

SecurityFocus Newsletter #456
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Anti-Social Networking
2. Thinking Beyond the Ivory Towers
II. BUGTRAQ SUMMARY
1. ikiwiki Blank Password Authentication Bypass Vulnerability
2. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
3. International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities
4. Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
5. dvbbs 'login.asp' Multiple SQL Injection Vulnerabilities
6. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
7. PicoFlat CMS 'pagina' Parameter Local File Include and Directory Traversal Vulnerabilities
8. SyntaxCMS 'upload.php' Arbitrary File Upload Vulnerability
9. Pan '.nzb' File Parsing Heap Overflow Vulnerability
10. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
11. Wikiwig WK_lang.PHP Remote File Include Vulnerability
12. QEMU Multiple Local Vulnerabilities
13. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
14. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
15. MPlayer 'sdpplin_parse()' RTSP Integer Overflow Vulnerability
16. Mongrel 'DirHandler' Class Directory Traversal Information Disclosure Vulnerability
17. Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
18. Libpng Library Multiple Remote Denial of Service Vulnerabilities
19. Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability
20. Apple Mac OS X ubc_subr.c Local Denial of Service Vulnerability
21. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
22. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
23. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
24. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
25. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
26. Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
27. Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability
28. RETIRED: Apple Mac OS X 2008-003 Multiple Security Vulnerabilities
29. Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
30. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
31. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
32. Linux Kernel Tehuti Network Driver 'BDX_OP_WRITE' Memory Corruption Vulnerability
33. Computer Associates eTrust Secure Content Manager Multiple Vulnerabilities
34. Gnome Evolution iCalendar Multiple Buffer Overflow Vulnerabilities
35. DotNetNuke Prior to 4.8.3 Multiple Remote Vulnerabilites
36. Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
37. Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
38. libxslt XSL File Processing Buffer Overflow Vulnerability
39. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
40. Libpng Library Unknown Chunk Handler Vulnerability
41. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
42. libvorbis Multiple Remote Vulnerabilities
43. RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
44. SiteXS CMS 'upload.php' Arbitrary File Upload Vulnerability
45. Apple Mac OS X Mail Memory Corruption Vulnerability
46. TotalECommerce SQL Injection Vulnerability
47. Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
48. Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
49. Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
50. Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
51. Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
52. Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
53. Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
54. Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
55. RETIRED: SiteXS CMS 'adm/visual/upload.php' Arbitrary File Upload Vulnerability
56. Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
57. Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
58. Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
59. Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
60. Booby 'renderer' Parameter Multiple Local and Remote File Include Vulnerabilities
61. HP Instant Support ActiveX Control in 'HPISDataManager.dll' Arbitrary File Download Vulnerability
62. HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities
63. QuickerSite Multiple Vulnerabilities
64. LimeSurvey Prior to 1.71 Multiple Remote Vulnerabilities
65. meBiblio Multiple Input Validation Vulnerabilities
66. ComicShout 'news.php' SQL Injection Vulnerability
67. Phoenix View CMS 'admin_frame.php' Cross-Site Scripting Vulnerability
68. Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
69. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
70. CMSimple Multiple Input Validation Vulnerabilities
71. OpenSSL Multiple Denial of Service Vulnerabilities
72. BP Blog Multiple SQL Injection Vulnerabilities
73. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
74. Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities
75. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
76. Sun Cluster Global File System Unspecified Security Vulnerability
77. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
78. freeSSHd SFTP 'opendir' Buffer Overflow Vulnerability
79. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
80. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
81. ASUS Remote Console DPC Proxy Buffer Overflow Vulnerability
82. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
83. Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
84. Debian OpenSSL Package Random Number Generator Weakness
85. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
86. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
87. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
88. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
89. TorrentTrader Classic 'scrape.php' SQL Injection Vulnerability
90. PsychoStats Multiple SQL Injection Vulnerabilities
91. LokiCMS 'admin.php' Security Bypass Vulnerability
92. Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
93. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
94. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow Vulnerability
95. VMware VMCI Arbitrary Code Execution Vulnerability
96. DotNetNuke 'Default.aspx' Cross-Site Scripting Vulnerability
97. Joomla! and Mambo MambAds Component 'ma_cat' Parameter SQL Injection Vulnerability
98. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
99. TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
100. Now SMS/MMS Gateway Multiple Buffer Overflow Vulnerabilities
III. SECURITYFOCUS NEWS
1. Hired gun blamed for business outage
2. Legal experts wary of MySpace hacking charges
3. Admins warned of brute-force SSH attacks
4. Groups warn travelers to limit laptop data
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, San Antonio
2. [SJ-JOB] Security Consultant, Dallas
3. [SJ-JOB] Security Auditor, San Antonio
4. [SJ-JOB] Technical Support Engineer, Alpharetta
5. [SJ-JOB] Sales Engineer, Chicago
6. [SJ-JOB] Manager, Information Security, Chicago
7. [SJ-JOB] Application Security Architect, San Fransisco
8. [SJ-JOB] Certification & Accreditation Engineer, San Antonio
9. [SJ-JOB] Management, Newark
10. [SJ-JOB] Sr. Security Analyst, Seattle/Bellevue
11. [SJ-JOB] Security Consultant, Any City
12. [SJ-JOB] Information Assurance Analyst, Information Risk Analyst
13. [SJ-JOB] Sales Representative, Chicago
14. [SJ-JOB] Sr. Security Analyst, San Antonio
15. [SJ-JOB] Threat Analyst, Washington
16. [SJ-JOB] Penetration Engineer, Washington
17. [SJ-JOB] Security Engineer, Linthicum Heights
18. [SJ-JOB] Instructor, any
19. [SJ-JOB] Security Engineer, Pune
20. [SJ-JOB] Sales Engineer, Alpharetta
21. [SJ-JOB] Forensics Engineer, London
22. [SJ-JOB] Penetration Engineer, sydney
23. [SJ-JOB] Security Auditor, Chennai
24. [SJ-JOB] Sales Engineer, San Francisco
V. INCIDENTS LIST SUMMARY
1. Unusual entry in Apache logs
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. ISA as a proxy
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. ARP handler Inspection tool released
2. Spam sent through server using authid=apache or mysql
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473

2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

http://www.securityfocus.com/columnists/472

II. BUGTRAQ SUMMARY
--------------------
1. ikiwiki Blank Password Authentication Bypass Vulnerability
BugTraq ID: 29479
Remote: Yes
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29479
Summary:
The 'ikiwiki' program is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected application.

Versions between ikiwiki 1.34 and 2.47 are vulnerable.

2. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
BugTraq ID: 29076
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29076
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25.2 and 2.4.36.4 are vulnerable.

3. International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities
BugTraq ID: 27455
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/27455
Summary:
The International Components for Unicode library (libicu) is prone to multiple memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to corrupt and overflow memory and possibly execute remote code. Failed exploit attempts will likely crash applications.

These issues affect libicu 3.8.1 and prior versions.

4. Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29430
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29430
Summary:
Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Xerox DocuShare 6 and prior versions are vulnerable.

5. dvbbs 'login.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 29429
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29429
Summary:
The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect dvbbs 8.2; other versions may also be affected.

6. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
BugTraq ID: 28695
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/28695
Summary:
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.

Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.

7. PicoFlat CMS 'pagina' Parameter Local File Include and Directory Traversal Vulnerabilities
BugTraq ID: 29424
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29424
Summary:
PicoFlat CMS is prone to a local file-include vulnerability and a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to include local scripts in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

PicoFlat CMS 0.5.9 is vulnerable; other versions may also be affected.

8. SyntaxCMS 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29422
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29422
Summary:
SyntaxCMS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary script code on an affected computer with the privileges of the webserver process.

SyntaxCMS 1.3 is vulnerable; other versions may also be affected.

9. Pan '.nzb' File Parsing Heap Overflow Vulnerability
BugTraq ID: 29421
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29421
Summary:
Pan is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed '.nzb' files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

10. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 29420
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29420
Summary:
Acrobat Reader is prone to a remote denial-of-service vulnerability. The cause of this issue is unknown.

Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

11. Wikiwig WK_lang.PHP Remote File Include Vulnerability
BugTraq ID: 18291
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/18291
Summary:
Wikiwig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Versions prior to Wikiwig 4.3 are vulnerable.

12. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.

Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.

13. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29309
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29309
Summary:
Stunnel is prone to a security-bypass vulnerability because the OCSP functionality fails to properly check revoked certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.

This issue affects versions prior to Stunnel 4.24.

14. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
BugTraq ID: 27642
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/27642
Summary:
The KAME project is prone to a denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash affected computers, denying service to legitimate users.

Operating systems that have IPv6 networking derived from the KAME project's IPv6 implementation may be vulnerable to this issue. Please see the references for a list of vendors that may be affected by this issue.

15. MPlayer 'sdpplin_parse()' RTSP Integer Overflow Vulnerability
BugTraq ID: 28851
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/28851
Summary:
MPlayer is prone to an interger-overflow vulnerability because it fails to perform adequate checks on externally supplied input.

Attackers can leverage this vulnerability to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

16. Mongrel 'DirHandler' Class Directory Traversal Information Disclosure Vulnerability
BugTraq ID: 27133
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/27133
Summary:
Mongrel is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to view sensitive files within the context of the webserver process. Information obtained may lead to other attacks.

This issue affects Mongrel 1.0.4 and versions prior to 1.1.3.

17. Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
BugTraq ID: 25957
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/25957
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.21 and prior versions.

18. Libpng Library Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25956
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/25956
Summary:
The 'libpng' library is prone to multiple remote denial-of-service vulnerabilities because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect 'libpng' 1.2.20 and prior versions.

19. Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability
BugTraq ID: 26468
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/26468
Summary:
Microsoft Jet Database Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Further details report that attackers are using malicious Word files to load specially crafted MDB files. Microsoft has released a knowledge base article (950627) documenting this attack vector.

This issue does not affect Windows Server 2003 Service Pack 2, Windows XP Service Pack 3, Windows XP x64 edition Server Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008 because they run a version of the Jet Database Engine that isn't vulnerable.

This issue does affect the Jet Database Engine, Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

20. Apple Mac OS X ubc_subr.c Local Denial of Service Vulnerability
BugTraq ID: 26840
Remote: No
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/26840
Summary:
Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle exceptional conditions.

Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users.

21. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
BugTraq ID: 28697
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/28697
Summary:
Adobe Flash Player is prone to a vulnerability with an unspecified impact. The issue can be exploited by DNS rebinding.

Successfully exploiting this issue could allow the attacker to bypass the application's same-origin policy; other attacks are also possible.

NOTE: This issue may be a variant of the issue described in BID 26930, but currently not enough details are available to verify this. We will update this BID as more information emerges.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

22. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
BugTraq ID: 28694
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/28694
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

23. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

24. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

25. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

26. Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 19204
Remote: Yes
Last Updated: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow condition.

The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.

An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may be possible as well.

27. Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability
BugTraq ID: 29521
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29521
Summary:
Apple Mac OS X Image Capture is prone to a vulnerability that allows local attackers to overwrite arbitrary files.

A local attacker can exploit this issue to overwrite files with the privileges of another user running the affected application.

This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

28. RETIRED: Apple Mac OS X 2008-003 Multiple Security Vulnerabilities
BugTraq ID: 29412
Remote: Yes
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29412
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3.

The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.

NOTE: This BID is being retired; the following individual records have been created to better document the issues:

29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
29500 Apple Mac OS X Mail Memory Corruption Vulnerability
29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness
29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability

29. Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
BugTraq ID: 29520
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29520
Summary:
Apple Mac OS X is prone to a local information-disclosure vulnerability that affects the Single Sign-On 'sso_util' utility.

Local attackers can leverage this issue to gain access to sensitive information that will aid in further attacks.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

30. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
BugTraq ID: 29003
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29003
Summary:
The Linux kernel is prone to a local race-condition vulnerability.

A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.

31. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
BugTraq ID: 27555
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/27555
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.

32. Linux Kernel Tehuti Network Driver 'BDX_OP_WRITE' Memory Corruption Vulnerability
BugTraq ID: 29014
Remote: No
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29014
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of insufficient boundary checks in the Tehuti network driver.

Local attackers could exploit this issue to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.

These issues affect versions prior to Linux 2.6.25.1.

33. Computer Associates eTrust Secure Content Manager Multiple Vulnerabilities
BugTraq ID: 29528
Remote: Yes
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29528
Summary:
Computer Associates eTrust Secure Content Manages is prone to multiple vulnerabilities due to unspecified boundary condition errors.

Successfully exploiting these issues will allow an attacker to execute arbitrary code in the context of the application or cause denial-of-service conditions.

These issues affect Computer Associates eTrust Secure Content Manager 8.0.

34. Gnome Evolution iCalendar Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29527
Remote: Yes
Last Updated: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29527
Summary:
Gnome Evolution is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers. The issues arise when the application handles the iCalendar attachments.

Successfully exploiting these issues will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the application.

Gnome Evolution 2.21.1 is vulnerable to these issues; other versions may also be affected.

35. DotNetNuke Prior to 4.8.3 Multiple Remote Vulnerabilites
BugTraq ID: 29482
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29482
Summary:
DotNetNuke is prone to multiple remote issues:

- A denial-of-service vulnerability
- A security-bypass vulnerability
- An information-disclosure weakness.

An attacker can exploit these issues to cause the application to stop responding, to upload arbitrary 'safe' files to restricted folders, and to obtain sensitive information.

These issues affect DotNetNuke 3.0 to 4.8.2.

36. Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
BugTraq ID: 29514
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29514
Summary:
Apple Mac OS X is prone to a vulnerability that lets attackers run arbitrary code because the ImageIO component fails to properly handle certain image files.

Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

37. Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
BugTraq ID: 29513
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29513
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

38. libxslt XSL File Processing Buffer Overflow Vulnerability
BugTraq ID: 29312
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29312
Summary:
The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects libxslt 1.1.23 and prior versions.

39. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 29290
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29290
Summary:
The 'mtr' utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

40. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

41. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29417
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29417
Summary:
The 'imlib2' library is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data.

An attacker can exploit these issues to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

The issues affect imlib2 1.4.0; other versions may also be affected.

42. libvorbis Multiple Remote Vulnerabilities
BugTraq ID: 29206
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29206
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a heap-overflow issue and multiple integer-overflow issues.

An attacker can exploit these issues to execute arbitrary code within the context of an affected application or cause the application to crash.

These issues affect libvorbis 1.2.0; other versions of the library may also be affected.

43. RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 29108
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29108
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on May 13, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

NOTE: The following individual records have been created to document these vulnerabilities:

29104 Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
29105 Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
29158 Microsoft Publisher Memory Object Handler Data Execution Vulnerability
26468 Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
29060 Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
29073 Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability

44. SiteXS CMS 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29029
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29029
Summary:
SiteXS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

SiteXS CMS 0.1.1 Pre-Alpha is vulnerable; other versions may also be affected.

45. Apple Mac OS X Mail Memory Corruption Vulnerability
BugTraq ID: 29500
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29500
Summary:
Apple Mac OS X is prone to a memory-corruption vulnerability that affects the Mail application.

Successful exploits may allow attackers to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, or obtain potentially sensitive information.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

This issue affects Mac OS X v10.4.11 and Mac OS X Server 10.4.11. Computers running Mac OS X v10.5 or later are not affected by this issue.

46. TotalECommerce SQL Injection Vulnerability
BugTraq ID: 16960
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/16960
Summary:
TotalECommerce is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Version 1.0 is vulnerable; other versions may also be affected.

47. Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
BugTraq ID: 29501
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29501
Summary:
Apple's Image Capture is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to gain access to arbitrary files in the context of the affected server. Information gathered may lead to other attacks.

This vulnerability affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

48. Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
BugTraq ID: 29492
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29492
Summary:
Apple Mac OS X is prone to a remote code-execution vulnerability affecting Apple Type Services (ATS).

Successful exploits will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

49. Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
BugTraq ID: 29493
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29493
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability because it improperly responds to client certificate requests from webservers.

An attacker could leverage this vulnerability to obtain potentially sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

50. Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
BugTraq ID: 29491
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29491
Summary:
Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreFoundation.

Successful exploits will allow attackers to execute arbitrary code in the context of the affected component. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

51. Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
BugTraq ID: 29490
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29490
Summary:
Apple Mac OS X is prone to an unauthorized file-access vulnerability that occurs in the AFP Server.

Successfully exploiting this issue will allow attackers to obtain potentially sensitive information that may lead to other attacks.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

52. Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
BugTraq ID: 29487
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29487
Summary:
Apple Mac OS X is prone to a remote code-execution vulnerability that occurs in AppKit.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.

This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

53. Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
BugTraq ID: 29486
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29486
Summary:
Apple Mac OS X iCal is prone to a remote code-execution vulnerability when handling malicious iCalendar files.

Attackers can leverage this issue to execute arbitrary code with the privileges of the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

54. Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
BugTraq ID: 29484
Remote: No
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29484
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability that affects the CUPS scheduler daemon. This issue may be triggered when printing to a password-protected printer while debug logging is enabled.

Attackers can exploit this issue to harvest sensitive information that can aid in further attacks.

This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

55. RETIRED: SiteXS CMS 'adm/visual/upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29497
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29497
Summary:
SiteXS CMS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary script code on an affected computer with the privileges of the webserver process.

SiteXS CMS 0.1.1 Pre-Alpha and prior versions are vulnerable.

RETIRED: This BID is being retired because the issue is already covered in BID 29029.

56. Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 29489
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29489
Summary:
Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that occur in Apple Pixlet Video.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.

These issues affect Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: These issues were previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but have been given this record to better document them.

57. Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
BugTraq ID: 29488
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29488
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied input.

An attacker could leverage this vulnerability to bypass content filters and perform cross-site scripting attacks or obtain sensitive information that could aid in further attacks.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

58. Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
BugTraq ID: 29483
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29483
Summary:
Apple Mac OS X Help Viewer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks before copying user-supplied data to an insufficiently-sized buffer.

Attackers can leverage this issue to execute arbitrary code with the privileges of the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

59. Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
BugTraq ID: 29481
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29481
Summary:
Apple Mac OS X is prone to a security weakness in CoreTypes; it may not prevent users from opening unsafe file types.

This issue can lead to a false sense of security, potentially aiding in network-based attacks.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

60. Booby 'renderer' Parameter Multiple Local and Remote File Include Vulnerabilities
BugTraq ID: 29469
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29469
Summary:
Booby is prone to multiple local and remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying system; other attacks are also possible.

The issue affects Booby 1.0.1; other versions may also be vulnerable.

61. HP Instant Support ActiveX Control in 'HPISDataManager.dll' Arbitrary File Download Vulnerability
BugTraq ID: 29530
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29530
Summary:
HP Instant Support ActiveX control in 'HPISDataManager.dll' is prone to an arbitrary file-download vulnerability.

An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The attacker can also specify arbitrary download locations on the target system.

62. HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities
BugTraq ID: 29526
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29526
Summary:
HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to multiple unspecified vulnerabilities that allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer).

Failed exploit attempts likely result in denial-of-service conditions.

HP Instant Support 1.0.0.22 and earlier versions are affected.

63. QuickerSite Multiple Vulnerabilities
BugTraq ID: 29524
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29524
Summary:
QuickerSite is prone to multiple vulnerabilities, including an SQL-injection issue, an authentication-bypass issue, multiple cross-site scripting issues and a file upload vulnerability.

Successful exploit may allow attackers to:
- access or modify data
- exploit latent vulnerabilities in the underlying database
- obtain sensitive information
- gain unauthorized access to the affected application
- upload arbitrary files and execute arbitrary server-side script code
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site

This will compromise the application and may help in further attacks.

The issues affects QuickerSite 1.8.5; other versions may also be vulnerable.

64. LimeSurvey Prior to 1.71 Multiple Remote Vulnerabilities
BugTraq ID: 29506
Remote: Yes
Last Updated: 2008-06-03
Relevant URL: http://www.securityfocus.com/bid/29506
Summary:
LimeSurvey is prone to multiple remote vulnerabilities, including:

- An input-validation vulnerability
- Multiple unspecified vulnerabilities

An attacker can exploit the input-validation issue to modify quota settings. Very little information is known about the unspecified issues. We will update this BID as soon as more information becomes available.

LimeSurvey versions prior to 1.71 are vulnerable.

65. meBiblio Multiple Input Validation Vulnerabilities
BugTraq ID: 29465
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29465
Summary:
meBiblio is prone to multiple input-validation vulnerabilities, including an SQL injection issue, an arbitrary-file-upload issue, and multiple cross-site scripting issues.

Successful exploits will allow attackers to execute arbitrary script code in the context of the application or the browser of an unsuspecting user and compromise the application. Attackers can also access or modify data or exploit latent vulnerabilities in the underlying database. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

meBiblio 0.4.7 is vulnerable; other versions may also be affected.

66. ComicShout 'news.php' SQL Injection Vulnerability
BugTraq ID: 29464
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29464
Summary:
ComicShout is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ComicShout 2.8 is vulnerable; other versions may also be affected.

67. Phoenix View CMS 'admin_frame.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29130
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29130
Summary:
Phoenix View CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Phoenix View CMS Pre Alpha2 is vulnerable; other versions may also be affected.

UPDATE (June 2, 2008): The vendor reports that the application is not vulnerable to the issue, but this has not been confirmed.

68. Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
BugTraq ID: 29480
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29480
Summary:
Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreGraphics.

Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

69. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple Vulnerabilities
BugTraq ID: 27893
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/27893
Summary:
BEA has released 17 advisories identifying various vulnerabilities affecting WebLogic Server, WebLogic Portal, WebLogic Workshop, AquaLogic Interaction, BEA Plumtree Foundation, AquaLogic Collaboration, and BEA Plumtree Collaboration. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

70. CMSimple Multiple Input Validation Vulnerabilities
BugTraq ID: 29450
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29450
Summary:
CMSimple is prone to two input-validation vulnerabilities, including a local file-include vulnerability and an arbitrary-file-upload vulnerability.

An attacker can exploit these issues to retrieve webserver-readable files from the computer or to upload arbitrary files to the computer. The attacker may be able to execute files that have been uploaded, for example, if the attacker uploads a malicious PHP script.

71. OpenSSL Multiple Denial of Service Vulnerabilities
BugTraq ID: 29405
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29405
Summary:
OpenSSL is prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to cause a client or server application to crash. Successful exploits will deny service to legitimate users.

OpenSSL 0.9.8f and 0.9.8g are reported vulnerable. Other versions may be affected as well.

72. BP Blog Multiple SQL Injection Vulnerabilities
BugTraq ID: 29460
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29460
Summary:
BP Blog is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BP Blog 6.0 and prior versions are vulnerable.

73. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.

74. Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities
BugTraq ID: 12195
Remote: No
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/12195
Summary:
The MOXA serial driver in the Linux kernel is reported prone to multiple buffer-overflow vulnerabilities. The driver fails to perform proper bounds checks before copying user-supplied data to fixed-size memory buffers.

These vulnerabilities reside in the 'drivers/char/moxa.c' file.

The vulnerable functions perform a 'copy_from_user()' call to copy user-supplied, user-space data to a fixed-size, static kernel memory buffer (moxaBuff) of 10240 bytes in length while using the user-supplied length argument as passed from 'MoxaDriverIoctl()'. This reportedly results in improperly bounded operations, potentially causing locally exploitable buffer overflows.

Linux kernels from 2.2 through 2.4 and 2.6 are all reported prone to these vulnerabilities.

75. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
BugTraq ID: 29397
Remote: No
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29397
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when mapping memory addresses on SPARC-based computers.

Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.

Linux kernels prior to 2.6.25.3 are vulnerable.

76. Sun Cluster Global File System Unspecified Security Vulnerability
BugTraq ID: 29458
Remote: No
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29458
Summary:
Sun Cluster is prone to an unspecified vulnerability that affects the 'Global File System'

Local unprivileged attackers may exploit this issue to read data from deleted files owned by other users.

This issue affects these versions:

Sun Cluster 3.1 for Solaris 8, 9, and 10 on SPARC
Sun Cluster 3.1 for Solaris 9 and 10 on x86.

77. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
BugTraq ID: 29445
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29445
Summary:
A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Microsoft XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting.

Third-party sources have indicated that the vulnerability in Safari is the "carpet-bombing" issue reported by Nitesh Dhanjani. If the issue is exploited, attacked-specified content is downloaded to the user's desktop without prompting. However, the Safari issue alone does not let an attacker execute the content. Presumably, an additional issue in Microsoft Windows can be exploited in tandem with this issue to run the content that is downloaded to the user's desktop.

78. freeSSHd SFTP 'opendir' Buffer Overflow Vulnerability
BugTraq ID: 29453
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29453
Summary:
freeSSHd is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects freeSSHd 1.2.1; other versions may also be affected.

79. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Samba 3.0.0 through 3.0.26a are vulnerable.

80. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.

Samba 3.0.0 through 3.0.26a are vulnerable.

81. ASUS Remote Console DPC Proxy Buffer Overflow Vulnerability
BugTraq ID: 28394
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/28394
Summary:
ASUS Remote Console is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

ASUS Remote Console 2.0.0.19 is vulnerable; other versions may also be affected.

82. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when the 'domain logons' option is enabled.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

83. Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
BugTraq ID: 29135
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29135
Summary:
Sun Solaris Print Service is prone to an unspecified remote code-execution vulnerability.

This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges on affected computers. Failed exploit attempts will result in denial-of-service conditions.

No further technical details are currently available. We will update this BID as more information emerges.

84. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

85. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
BugTraq ID: 29292
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29292
Summary:
GnuTLS is prone to multiple remote vulnerabilities, including:

- A buffer-overflow vulnerability
- Multiple denial-of-service vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Versions prior to GnuTLS 2.2.5 are vulnerable.

86. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
BugTraq ID: 29404
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29404
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs when the application processes SMB packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issue affects Samba 3.0.28a and 3.0.29; other versions may also be affected.

NOTE: This BID was originally titled 'Samba 'lib/util_sock.c' Buffer Overflow Vulnerability'. The title was changed to better identify the issue.

87. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
BugTraq ID: 29086
Remote: No
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29086
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when process traces are performed on 64-bit computers.

Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.

88. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
BugTraq ID: 29294
Remote: No
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29294
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain large timer expiry values.

Attackers can exploit this issue to cause the application to enter an infinite loop, denying service to legitimate users.

This issue affects the Linux kernel 2.6.21-rc4 and prior version srunning on 64-bit architectures.

89. TorrentTrader Classic 'scrape.php' SQL Injection Vulnerability
BugTraq ID: 29451
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29451
Summary:
TorrentTrader Classic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

90. PsychoStats Multiple SQL Injection Vulnerabilities
BugTraq ID: 29449
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29449
Summary:
PsychoStats is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

91. LokiCMS 'admin.php' Security Bypass Vulnerability
BugTraq ID: 29448
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29448
Summary:
LokiCMS is prone to a vulnerability that may allow users to bypass authentication to access administrative facilities of the application.

This issue may be related to BID 28985 (LokiCMS 'admin.php' Arbitrary File Deletion Vulnerability).

This issue was reported to affect LokiCMS 0.3.4. Other versions may also be affected.

92. Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 29446
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29446
Summary:
Ourgame 'GLIEDown2.dll' ActiveX control is prone to a remote code-execution vulnerability because it fails to sufficiently verify user-supplied input.

An attacker can exploit this issue to run arbitrary attacker-supplied code in the context of the currently logged-in user. Failed exploits attempts will trigger denial-of-service conditions.

Note that GlobalLink 2.8.1.2 beta is also affected by this issue.

93. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
BugTraq ID: 29502
Remote: Yes
Last Updated: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29502
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. The issue affects the Host Manager web application.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 5.5.9 to 5.5.26
Tomcat 6.0.0 to 6.0.16

94. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 28245
Remote: Yes
Last Updated: 2008-05-31
Relevant URL: http://www.securityfocus.com/bid/28245
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized buffer.

Attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

Alt-N MDaemon 9.64 is vulnerable; other versions may also be affected.

95. VMware VMCI Arbitrary Code Execution Vulnerability
BugTraq ID: 29443
Remote: No
Last Updated: 2008-05-31
Relevant URL: http://www.securityfocus.com/bid/29443
Summary:
Multiple VMware hosted products with VMCI enabled are prone to a vulnerability that lets attackers execute arbitrary code. This issue affects Microsoft Windows-based hosts only.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue can completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue affects the following VMware products:

VMware Workstation prior to 6.0.4 build 93057
VMware Player prior to 2.0.4 build 93057
VMware ACE prior to 2.0.2 build 93057

96. DotNetNuke 'Default.aspx' Cross-Site Scripting Vulnerability
BugTraq ID: 29437
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/29437
Summary:
DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

DotNetNuke 4.8.3 is vulnerable; other versions may also be affected.

97. Joomla! and Mambo MambAds Component 'ma_cat' Parameter SQL Injection Vulnerability
BugTraq ID: 29433
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/29433
Summary:
The MambAds component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects MamAds 1.0 RC1 and 1.0 RC1 Beta. Other versions may also be vulnerable.

98. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.

99. TCL/TK Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
BugTraq ID: 26056
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/26056
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible but has not been confirmed.

Versions prior to TCL/TK 8.4.13 are vulnerable to this issue.

100. Now SMS/MMS Gateway Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 27896
Remote: Yes
Last Updated: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/27896
Summary:
Now SMS/MMS Gateway is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect Now SMS/MMS Gateway 2007.06.27 and prior versions.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Hired gun blamed for business outage
By: Robert Lemos
Video-content firm Revision3 accuses anti-piracy company MediaDefender -- known for its aggressive tactics against file sharers -- of attacking its servers over the weekend.
http://www.securityfocus.com/news/11521

2. Legal experts wary of MySpace hacking charges
By: Robert Lemos
Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
http://www.securityfocus.com/news/11519

3. Admins warned of brute-force SSH attacks
By: Robert Lemos
Normally considered a low-level threat on the Internet, scans for default-configured secure shell servers spiked this week.
http://www.securityfocus.com/news/11518

4. Groups warn travelers to limit laptop data
By: Robert Lemos
In a letter to Congress, nearly three dozen organizations protest the seizures of electronic devices by U.S. customs officials, an act upheld by a federal appeals court in a recent ruling.
http://www.securityfocus.com/news/11516

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/492865

2. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/492871

3. [SJ-JOB] Security Auditor, San Antonio
http://www.securityfocus.com/archive/77/492870

4. [SJ-JOB] Technical Support Engineer, Alpharetta
http://www.securityfocus.com/archive/77/492872

5. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/492873

6. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/492858

7. [SJ-JOB] Application Security Architect, San Fransisco
http://www.securityfocus.com/archive/77/492860

8. [SJ-JOB] Certification & Accreditation Engineer, San Antonio
http://www.securityfocus.com/archive/77/492866

9. [SJ-JOB] Management, Newark
http://www.securityfocus.com/archive/77/492867

10. [SJ-JOB] Sr. Security Analyst, Seattle/Bellevue
http://www.securityfocus.com/archive/77/492855

11. [SJ-JOB] Security Consultant, Any City
http://www.securityfocus.com/archive/77/492857

12. [SJ-JOB] Information Assurance Analyst, Information Risk Analyst
http://www.securityfocus.com/archive/77/492861

13. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/492862

14. [SJ-JOB] Sr. Security Analyst, San Antonio
http://www.securityfocus.com/archive/77/492864

15. [SJ-JOB] Threat Analyst, Washington
http://www.securityfocus.com/archive/77/492856

16. [SJ-JOB] Penetration Engineer, Washington
http://www.securityfocus.com/archive/77/492859

17. [SJ-JOB] Security Engineer, Linthicum Heights
http://www.securityfocus.com/archive/77/492863

18. [SJ-JOB] Instructor, any
http://www.securityfocus.com/archive/77/492843

19. [SJ-JOB] Security Engineer, Pune
http://www.securityfocus.com/archive/77/492845

20. [SJ-JOB] Sales Engineer, Alpharetta
http://www.securityfocus.com/archive/77/492846

21. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/492853

22. [SJ-JOB] Penetration Engineer, sydney
http://www.securityfocus.com/archive/77/492854

23. [SJ-JOB] Security Auditor, Chennai
http://www.securityfocus.com/archive/77/492842

24. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/492844

V. INCIDENTS LIST SUMMARY
---------------------------
1. Unusual entry in Apache logs
http://www.securityfocus.com/archive/75/492775

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ISA as a proxy
http://www.securityfocus.com/archive/88/492690

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. ARP handler Inspection tool released
http://www.securityfocus.com/archive/91/492905

2. Spam sent through server using authid=apache or mysql
http://www.securityfocus.com/archive/91/492810

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com