News

Wednesday, June 25, 2008

SecurityFocus Newsletter #459

SecurityFocus Newsletter #459
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Firing Up Browser Security
2.Racing Against Reversers
II. BUGTRAQ SUMMARY
1. A+ PHP Scripts News Management System Multiple Input Validation Vulnerabilities
2. cmsWorks 'config.php' Arbitrary File Upload Vulnerability
3. Relative Real Estate Systems 'listing_id' Parameter SQL Injection Vulnerability
4. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
5. Online Fantasy Football League Multiple SQL Injection Vulnerabilities
6. KbLance.com 'index.php' SQL Injection Vulnerability
7. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
8. Contenido CMS Cross Site Scripting and Multiple Remote File Include Vulnerabilities
9. Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
10. Call of Duty Server Callvote Map Command Remote Buffer Overflow Vulnerability
11. GNU Emacs '.flc' File Processing Vulnerability
12. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
13. NASM 'ppscan()' Off-By-One Buffer Overflow Vulnerability
14. Exiv2 Pretty Printing for Nikon Lens Metadata Denial of Service Vulnerability
15. Aprox CMS Engine 'index.php' Local File Include Vulnerability
16. @CMS Multiple SQL Injection Vulnerabilities
17. Ektron CMS400.NET 'ContentRatingGraph.aspx' SQL Injection Vulnerability
18. PHPAuction 'profile.php' SQL Injection Vulnerability
19. emuCMS 'index.php' SQL Injection Vulnerability
20. Jamroom 'purchase.php' Remote File Include Vulnerability
21. JaxUltraBB Cross Site Scripting and Local File Include Vulnerabilities
22. CiBlog 'links-extern.php' SQL Injection Vulnerability
23. Multiple XnView Products TAAC File Buffer Overflow Vulnerability
24. TMSNC UBX Message Remote Buffer Overflow Vulnerability
25. GL-SH Deaf Forum Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability
26. Lightweight news portal Multiple Input Validation and Authentication Bypass Vulnerabilities
27. cmsWorks 'lib.module.php' Remote File Include Vulnerability
28. Ourvideo CMS Multiple Input Validation Vulnerabilities
29. Multiple Vendor RPC.YPUpdated Command Execution Vulnerability
30. Ruby Multiple Unspecified Arbitrary Code Execution Vulnerabilities
31. Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
32. Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability
33. TinX/cms Cross Site Scripting and Local File Include Vulnerabilities
34. Softbiz Jokes and Funny Pictures Script 'sbjoke_id' Parameter SQL Injection Vulnerability
35. 5th street 'dx8render.dll' Format String Vulnerability
36. Dagger 'skins/default.php' Remote File Include Vulnerability
37. Joomla! and Mambo FacileForms Component 'ff_compath' Parameter Remote File Include Vulnerability
38. Mozilla Firefox Unspecified Arbitrary File Access Weakness
39. Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
40. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
41. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
42. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
43. Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
44. MyBlog Cross-Site Scripting and SQL Injection Vulnerabilities
45. BlogPHP 'email' Parameter Privilege Escalation Vulnerability
46. HoMaP-CMS 'index.php' SQL Injection Vulnerability
47. aspWebCalendar 'calendar_admin.asp' Arbitrary File Upload Vulnerability
48. emuCMS 'upload.php' Arbitrary File Upload Vulnerability
49. CMReams Cross Site Scripting and Local File Include Vulnerabilities
50. CMS Mini 'view/index.php' Multiple Local File Include Vulnerabilities
51. SunAge Multiple Denial of Service Vulnerabilities
52. World in Conflict NULL Pointer Remote Denial of Service Vulnerability
53. Sun Solaris TCP SYN Flooding Remote Denial of Service Vulnerability
54. Motion 'read_client()' Off-By-One Buffer Overflow Vulnerability
55. Trabajando Multiple Cross-Site Scripting Vulnerabilities
56. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
57. HTML Purifier CSS Multiple Cross-Site Scripting Vulnerabilities
58. J00lean-CMS 'includes/classes/page.php' Unspecified Remote Vulnerability
59. benja CMS Multiple Input Validation and Unauthorized Access Vulnerabilities
60. Chipmunk Blog 'membername' Parameter Multiple Cross Site Scripting Vulnerabilities
61. JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
62. Open Digital Assets Repository System Remote File Include Vulnerability
63. phpDMCA Multiple Remote File Include Vulnerabilities
64. Mozilla Client Products Multiple Remote Vulnerabilities
65. IGSuite 'formid' Parameter SQL Injection Vulnerability
66. HoMaP 'plugin_admin.php' Remote File Include Vulnerability
67. CCleague Pro 'u' Cookie Parameter SQL Injection Vulnerability
68. sHibby sHop 'default.asp' SQL Injection Vulnerability
69. MiGCMS Multiple Remote File Include Vulnerabilities
70. RSS-aggregator 'display.php' Remote File Include Vulnerability
71. CCleague Pro 'type' Cookie Parameter Authentication Bypass Vulnerability
72. PageSquid CMS 'index.php' SQL Injection Vulnerability
73. EXP Shop Joomla! 'com_expshop' Component SQL Injection Vulnerability
74. IDMOS 'site_absolute_path' Parameter Multiple Remote File Include Vulnerabilities
75. PEGames Multiple Cross Site Scripting Vulnerabilities
76. le.cms 'submit0' Parameter Authentication Bypass Vulnerability
77. le.cms 'admin/upload.php' Arbitrary File Upload Vulnerability
78. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
79. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
80. Mozilla Firefox Unspecified Remote Code Execution Vulnerability
81. OpenSSL Multiple Denial of Service Vulnerabilities
82. phpAuction 'item.php' SQL Injection Vulnerability
83. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
84. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
85. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
86. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
87. libvorbis Multiple Remote Vulnerabilities
88. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
89. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
90. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
91. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
92. uTorrent and BitTorrent HTTP 'Range' Header Remote Denial of Service Vulnerability
93. AJ HYIP Acme 'news.php' SQL Injection Vulnerability
94. Scientific Image DataBase 'projects.php' SQL Injection Vulnerability
95. E-topbiz Link ADS 1 'out.php' SQL Injection Vulnerability
96. E-topbiz Viral DX 1 'adclick.php' SQL Injection Vulnerability
97. TOKOKITA Multiple SQL Injection Vulnerabilities
98. DUcalendar 'detail.asp' SQL Injection Vulnerability
99. Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
100. ShareCMS Multiple SQL Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. Ransomware resisting crypto cracking efforts
2. Boycott spotlights antivirus testing issues
3. Hired gun blamed for business outage
4. Legal experts wary of MySpace hacking charges
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Engineer, Herndon
2. [SJ-JOB] Sales Engineer, Philadelphia
3. [SJ-JOB] Sales Engineer, Chicago
4. [SJ-JOB] Sales Engineer, Raleigh
5. [SJ-JOB] Security Consultant, Boston
6. [SJ-JOB] Sales Engineer, New York
7. [SJ-JOB] Sales Engineer, Washington D.C.
8. [SJ-JOB] Jr. Security Analyst, Calgary
9. [SJ-JOB] Security Consultant, Edison
10. [SJ-JOB] Manager, Information Security, Boca Raton
11. [SJ-JOB] Security Consultant, Minneapolis
12. [SJ-JOB] Software Engineer, St. Paul
13. [SJ-JOB] Sales Engineer, San Jose
14. [SJ-JOB] Security Engineer, St. Paul
15. [SJ-JOB] Sales Engineer, Los Angeles
16. [SJ-JOB] Sales Engineer, San Jose
17. [SJ-JOB] Security Researcher, San Jose
18. [SJ-JOB] Software Engineer, Alpharetta
19. [SJ-JOB] Sr. Security Analyst, El Segundo
20. [SJ-JOB] Application Security Engineer, Anywhere in North America
21. [SJ-JOB] Forensics Engineer, London
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #399
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Vulnerability and Patch-Management in Linux (and other Unix)
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Firing Up Browser Security
By Federico Biancuzzi
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.

http://www.securityfocus.com/columnists/475

2.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.

http://www.securityfocus.com/columnists/474


II. BUGTRAQ SUMMARY
--------------------
1. A+ PHP Scripts News Management System Multiple Input Validation Vulnerabilities
BugTraq ID: 29912
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29912
Summary:
A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue.

An attacker can exploit these vulnerabilities to include and execute local and remote scripts in the context of the webserver process. Attackers can also execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

These issues affect News Management System 0.3; other versions may also be vulnerable.

2. cmsWorks 'config.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29914
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29914
Summary:
cmsWorks is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

cmsWorks 2.2 RC4 is vulnerable; other versions may also be affected.

3. Relative Real Estate Systems 'listing_id' Parameter SQL Injection Vulnerability
BugTraq ID: 29915
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29915
Summary:
Relative Real Estate Systems is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Relative Real Estate Systems 3.0 is vulnerable; other versions may also be affected.

4. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
BugTraq ID: 29913
Remote: No
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29913
Summary:
Red Hat Linux SBLIM packages are prone to a local privilege-escalation vulnerability because they were built with insecure library search paths.

Exploiting this issue allows local attackers to execute arbitrary code with elevated privileges.

SBLIM packages built and shipped with the following versions of Red Hat are affected:

Red Hat Enterprise Linux Workstation version 5
Red Hat Desktop version 4
Red Hat Enterprise Linux version 5 server
Red Hat Enterprise Linux AS version 4
Red Hat Enterprise Linux Desktop version 5 client
Red Hat Enterprise Linux ES version 4
Red Hat Enterprise Linux WS version 4

5. Online Fantasy Football League Multiple SQL Injection Vulnerabilities
BugTraq ID: 29861
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29861
Summary:
Online Fantasy Football League is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Online Fantasy Football League 0.2.6 and prior versions are vulnerable.

6. KbLance.com 'index.php' SQL Injection Vulnerability
BugTraq ID: 29859
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29859
Summary:
KbLance.com is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

7. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.6 and prior versions are vulnerable.

8. Contenido CMS Cross Site Scripting and Multiple Remote File Include Vulnerabilities
BugTraq ID: 29719
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29719
Summary:
Contenido CMS is prone to a cross-site scripting vulnerability and multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system, execute script code in an unsuspecting user's browser, or steal cookie-based authentication credentials; other attacks are also possible.

These issues affect Contenido CMS 4.8.4; other versions may also be vulnerable.

9. Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
BugTraq ID: 12978
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/12978
Summary:
Call of Duty and the followup Call of Duty: United Offensive are vulnerable to a remotely exploitable denial-of-service vulnerability. When a client sends the server a message or command that is larger than 1024 characters, the server will crash. This will result in a denial of service.

10. Call of Duty Server Callvote Map Command Remote Buffer Overflow Vulnerability
BugTraq ID: 20180
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/20180
Summary:
Call of Duty server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

11. GNU Emacs '.flc' File Processing Vulnerability
BugTraq ID: 29176
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29176
Summary:
Emacs processes fast-lock files in an insecure manner.

An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application.

This issue affects Emacs 21.3.1; other versions may also be vulnerable.

12. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

13. NASM 'ppscan()' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 29656
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29656
Summary:
NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NASM 2.02 and prior versions are vulnerable.

14. Exiv2 Pretty Printing for Nikon Lens Metadata Denial of Service Vulnerability
BugTraq ID: 29586
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29586
Summary:
The Exiv2 library is prone to a denial-of-service vulnerability caused by a divide-by-zero error when processing certain Nikon lens metadata.

An attacker can exploit this issue to cause denial-of-service conditions in applications using a vulnerable version of the library.

The issue affects Exiv2 0.16; other versions may also be vulnerable.

15. Aprox CMS Engine 'index.php' Local File Include Vulnerability
BugTraq ID: 29860
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29860
Summary:
Aprox CMS Engine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

Aprox CMS Engine 5.1.0.4 is vulnerable to this issue; other versions may also be affected.

16. @CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 29858
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29858
Summary:
@CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

@CMS 2.1.1 is vulnerable; other versions may also be affected.

17. Ektron CMS400.NET 'ContentRatingGraph.aspx' SQL Injection Vulnerability
BugTraq ID: 29857
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29857
Summary:
CMS400.NET is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CMS400.NET 7.5.2 and prior versions are vulnerable.

18. PHPAuction 'profile.php' SQL Injection Vulnerability
BugTraq ID: 29856
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29856
Summary:
PHPAuction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

19. emuCMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29855
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29855
Summary:
emuCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

emuCMS 0.3 is vulnerable; other versions may also be affected.

20. Jamroom 'purchase.php' Remote File Include Vulnerability
BugTraq ID: 29854
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29854
Summary:
Jamroom is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Jamroom 3.3.5 is vulnerable; other versions may be affected as well.

21. JaxUltraBB Cross Site Scripting and Local File Include Vulnerabilities
BugTraq ID: 29853
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29853
Summary:
JaxUltraBB is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Exploiting the local file-include issues allows remote attackers to view local files within the context of the webserver process.

JaxUltraBB 2.0 is vulnerable; prior versions may also be affected.

22. CiBlog 'links-extern.php' SQL Injection Vulnerability
BugTraq ID: 29852
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29852
Summary:
CiBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CiBlog 3.1 is vulnerable; other versions may also be affected.

23. Multiple XnView Products TAAC File Buffer Overflow Vulnerability
BugTraq ID: 29851
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29851
Summary:
The XnView, NConvert, and GFL SDK products are all vulnerable to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious image files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected applications, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.

The following packages are affected by this issue:
- XnView 1.70 for Linux and FreeBSD
- XnView 1.93.6 for Windows
- GFL SDK 2.82
- NConvert 4.92

Other versions may also be affected.

24. TMSNC UBX Message Remote Buffer Overflow Vulnerability
BugTraq ID: 29850
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29850
Summary:
TMSNC is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

This issue affects TMSNC 0.3.2; other versions may also be affected.

25. GL-SH Deaf Forum Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability
BugTraq ID: 29849
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29849
Summary:
GL-SH Deaf Forum is prone to a cross-site scripting vulnerability and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can exploit the file-upload issue to execute arbitrary code in the context of the webserver.

GL-SH Deaf Forum 6.5.5 is vulnerable; prior versions may also be affected.

26. Lightweight news portal Multiple Input Validation and Authentication Bypass Vulnerabilities
BugTraq ID: 29848
Remote: Yes
Last Updated: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29848
Summary:
Lightweight news portal is prone to multiple vulnerabilities, including two cross-site scripting issues, an HTML-injection issue, an authentication-bypass issue, and an arbitrary-file-upload issue.

Attackers can leverage these issues to execute arbitrary HTML or script code in the context of the affected site or access certain administrative functions. This can allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, launch denial-of-service attacks, and compromise the application; other attacks are also possible.

Lightweight news portal 1.0b is vulnerable; other versions may also be affected.

27. cmsWorks 'lib.module.php' Remote File Include Vulnerability
BugTraq ID: 29911
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29911
Summary:
cmsWorks is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects cmsWorks 2.2 RC4; other versions may also be affected.

28. Ourvideo CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 29909
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29909
Summary:
Ourvideo CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include two remote file-include issues, a local file-include issue, and two cross-site scripting issues.

Attackers can exploit the remote file-include issues to execute arbitrary script code in the context of the webserver process. They can exploit the local file-include issue to execute arbitrary local scripts in the context of the webserver and access sensitive information. They can leverage the cross-site scripting issues to steal cookie-based authentication credentials. Other attacks are possible; information harvested can aid in further attacks.

Ourvideo CMS 9.5 is vulnerable; other versions may also be affected.

29. Multiple Vendor RPC.YPUpdated Command Execution Vulnerability
BugTraq ID: 1749
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/1749
Summary:
The 'rpc.ypupdated' deamon is part of the Network Information Service (NIS) or Yellow Pages (YP). It allows clients to update NIS maps. A vulnerability in 'rpc.ypupdated' allows a malicious user to execute commands as root.

After receiving a request to update the Yello Pages maps, 'ypupdated' executes a copy of the bource shell to run the 'make' command to recompute the maps whether the request for changes was sucessful or not. Because of bad input validation while executing 'make', an attacker can pass shell metacharacters to the shell and can execute commands.

This is issue is tracked by Sun BugIDs 1230027 and 1232146.

30. Ruby Multiple Unspecified Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29903
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29903
Summary:
Ruby is prone to multiple unspecified vulnerabilities that allow attackers to run arbitrary code in the context of applications implemented with Ruby. Failed exploit attempts may result in denial-of-service conditions.

31. Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
BugTraq ID: 29745
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29745
Summary:
Horde Turba is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Horde 3.1.7, 3.2, and prior versions are vulnerable.

32. Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability
BugTraq ID: 29908
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29908
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The following applications are affected:

- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and prior
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and prior

NOTE: This vulnerability may be related to the issue described in BID 29420 (Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability).

33. TinX/cms Cross Site Scripting and Local File Include Vulnerabilities
BugTraq ID: 29907
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29907
Summary:
TinX/cms is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

TinX/cms 1.1 is vulnerable; other versions may also be affected.

34. Softbiz Jokes and Funny Pictures Script 'sbjoke_id' Parameter SQL Injection Vulnerability
BugTraq ID: 29931
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29931
Summary:
The Jokes and Funny Pictures script from Softbiz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

35. 5th street 'dx8render.dll' Format String Vulnerability
BugTraq ID: 29928
Remote: Yes
Last Updated: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29928
Summary:
5th street is prone to a format-string vulnerability.

Exploiting this issue will allow attackers to execute arbitrary code with the privileges of a user running the application. Failed attacks will likely cause denial-of-service conditions.

36. Dagger 'skins/default.php' Remote File Include Vulnerability
BugTraq ID: 29906
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29906
Summary:
Dagger is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.

37. Joomla! and Mambo FacileForms Component 'ff_compath' Parameter Remote File Include Vulnerability
BugTraq ID: 29904
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29904
Summary:
The FacileForms component for Joomla! and Mambo is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

FacileForms 1.4.4 is vulnerable; other versions may also be affected.

38. Mozilla Firefox Unspecified Arbitrary File Access Weakness
BugTraq ID: 29905
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29905
Summary:
Mozilla Firefox is prone to a weakness that may allow attackers to gain access to arbitrary files.

Very little information is known about this issue. We will update this BID as soon as more information emerges.

An attacker can exploit this issue in conjunction with the 'carpet-bombing' issue reported by Nitest Dhanjani to gain access to arbitrary files on the affected computer. Successfully exploiting this issue may lead to other attacks.

NOTE: This issue is related to the vulnerability discussed in BID 29445 (Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability).

39. Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
BugTraq ID: 28381
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/28381
Summary:
Linksys WRT54G Wireless-G Router is prone to multiple authentication-bypass vulnerabilities.

Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible.

The issues affect firmware version v1.00.9; other versions may also be vulnerable.

40. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

41. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 29750
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29750
Summary:
ClamAV is prone to a denial-of-service vulnerability caused by an invalid memory access during a 'memcpy()' call.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to ClamAV 0.93.1 are vulnerable.

42. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
BugTraq ID: 25301
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/25301
Summary:
Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.

Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption.

Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

43. Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
BugTraq ID: 29902
Remote: No
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29902
Summary:
Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links.

Attackers can leverage this issue to change the permissions of arbitrary files.

Perl 5.10.0 is vulnerable; other versions may also be affected.

44. MyBlog Cross-Site Scripting and SQL Injection Vulnerabilities
BugTraq ID: 29900
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29900
Summary:
MyBlog is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and multiple SQL-injection issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

45. BlogPHP 'email' Parameter Privilege Escalation Vulnerability
BugTraq ID: 29898
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29898
Summary:
BlogPHP is prone to a privilege-escalation vulnerability because it fails to adequately sanitize user-supplied input during user registration.

Attackers can leverage this issue to gain administrative privileges on the application. Successful exploits will compromise the application.

BlogPHP 2.0 is vulnerable; other versions may also be affected.

46. HoMaP-CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29897
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29897
Summary:
HoMaP-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

47. aspWebCalendar 'calendar_admin.asp' Arbitrary File Upload Vulnerability
BugTraq ID: 29795
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29795
Summary:
aspWebCalendar is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

Versions prior to aspWebCalendar 4.5.3c are vulnerable.

48. emuCMS 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29892
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29892
Summary:
emuCMS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

emuCMS 0.3 is vulnerable; prior versions may also be affected.

49. CMReams Cross Site Scripting and Local File Include Vulnerabilities
BugTraq ID: 29891
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29891
Summary:
CMReams is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

CMReams 1.3.1.1beta 2 is vulnerable; other versions may also be affected.

50. CMS Mini 'view/index.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 29890
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29890
Summary:
CMS Mini is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.

CMS Mini 0.2.2 is vulnerable; other versions may also be affected.

51. SunAge Multiple Denial of Service Vulnerabilities
BugTraq ID: 29889
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29889
Summary:
SunAge is prone to multiple denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to crash affected game servers, denying service to legitimate users.

SunAge 1.08.1 is vulnerable; previous versions may also be affected.

52. World in Conflict NULL Pointer Remote Denial of Service Vulnerability
BugTraq ID: 29888
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29888
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects World in Conflict 1.008; other versions may also be affected.

53. Sun Solaris TCP SYN Flooding Remote Denial of Service Vulnerability
BugTraq ID: 29089
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29089
Summary:
Sun Solaris is prone to a remote denial-of-service vulnerability that occurs because of its TCP implementation.

A remote attacker can exploit this issue to cause the system to hang or to degrade its performance, denying service to legitimate users.

54. Motion 'read_client()' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 29636
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29636
Summary:
Motion is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue may compromise the affected application and possibly the underlying computer. Failed exploit attempts will result in a denial-of-service condition.

Motion 3.2.10 and prior versions are vulnerable.

55. Trabajando Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29887
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29887
Summary:
Trabajando is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

56. Fetchmail Verbose Mode Large Log Messages Remote Denial of Service Vulnerability
BugTraq ID: 29705
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29705
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of the issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to Fetchmail 6.3.9 are vulnerable.

57. HTML Purifier CSS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29886
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29886
Summary:
HTML Purifier is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to HTML Purifier 2.1.5 and 3.1.1 are affected.

58. J00lean-CMS 'includes/classes/page.php' Unspecified Remote Vulnerability
BugTraq ID: 29885
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29885
Summary:
J00lean-CMS is prone to an unspecified vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

J00lean-CMS 1.03 is vulnerable; other versions may also be affected.

59. benja CMS Multiple Input Validation and Unauthorized Access Vulnerabilities
BugTraq ID: 29884
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29884
Summary:
The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that allows unauthorized access to an administrative script.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to run arbitrary script code in the context of the application, or to access administrative scripts.

These issues affect 'benja CMS 0.1'; other versions may also be affected.

60. Chipmunk Blog 'membername' Parameter Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29883
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29883
Summary:
Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

61. JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
BugTraq ID: 29882
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29882
Summary:
JSCAPE Secure FTP Applet is prone to a security-bypass vulnerability because the application fails to properly validate the identity of the server.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.

The issue affects versions prior to Secure FTP Applet 4.9.0.

62. Open Digital Assets Repository System Remote File Include Vulnerability
BugTraq ID: 29881
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29881
Summary:
Open Digital Assets Repository System (ODARS) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

ODARS 1.0.2 is vulnerable; other versions may be affected as well.

63. phpDMCA Multiple Remote File Include Vulnerabilities
BugTraq ID: 29880
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29880
Summary:
phpDMCA is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpDMCA 1.0.0 is vulnerable; other versions may also be affected.

64. Mozilla Client Products Multiple Remote Vulnerabilities
BugTraq ID: 20957
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
The Mozilla Foundation has released two security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Crash the applications and potentially execute arbitrary machine code in the context of the vulnerable applications.
- Run arbitrary JavaScript bytecode.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

Mozilla Firefox 1.5.0.8
Mozilla Thunderbird 1.5.0.8
Mozilla SeaMonkey 1.0.6

65. IGSuite 'formid' Parameter SQL Injection Vulnerability
BugTraq ID: 29879
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29879
Summary:
IGSuite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IGSuite 3.2.4 is vulnerable; previous versions may also be affected.

66. HoMaP 'plugin_admin.php' Remote File Include Vulnerability
BugTraq ID: 29877
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29877
Summary:
HoMaP is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

HoMaP 0.1 is vulnerable; other versions may be affected as well.

67. CCleague Pro 'u' Cookie Parameter SQL Injection Vulnerability
BugTraq ID: 29876
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29876
Summary:
CCleague Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CCleague Pro 1.2 and prior versions are vulnerable.

68. sHibby sHop 'default.asp' SQL Injection Vulnerability
BugTraq ID: 29875
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29875
Summary:
sHibby sHop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

sHibby sHop 2.2 is vulnerable; previous versions may also be affected.

69. MiGCMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 29874
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29874
Summary:
MiGCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

MiGCMS 2.0.5 is vulnerable; other versions may also be affected.

70. RSS-aggregator 'display.php' Remote File Include Vulnerability
BugTraq ID: 29873
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29873
Summary:
RSS-aggregator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

71. CCleague Pro 'type' Cookie Parameter Authentication Bypass Vulnerability
BugTraq ID: 29871
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29871
Summary:
CCleague Pro is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.

CCleague Pro 1.2 and prior versions are vulnerable.

72. PageSquid CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29870
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29870
Summary:
PageSquid CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PageSquid CMS 0.3 Beta is vulnerable; other versions may also be affected.

73. EXP Shop Joomla! 'com_expshop' Component SQL Injection Vulnerability
BugTraq ID: 29869
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29869
Summary:
The EXP Shop component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EXP Shop 1.0 is vulnerable; previous versions may also be affected.

74. IDMOS 'site_absolute_path' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 29868
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29868
Summary:
IDMOS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

IDMOS 1.0 is vulnerable; other versions may also be affected.

75. PEGames Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29865
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29865
Summary:
PEGames is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

76. le.cms 'submit0' Parameter Authentication Bypass Vulnerability
BugTraq ID: 29872
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29872
Summary:
The 'le.cms' program is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input.

An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.

This issue affects le.cms 1.4 and prior versions.

77. le.cms 'admin/upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29867
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29867
Summary:
The 'le.cms' program is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

This issue affects le.cms 1.4 and prior versions.

78. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

79. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

80. Mozilla Firefox Unspecified Remote Code Execution Vulnerability
BugTraq ID: 29802
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29802
Summary:
Mozilla Firefox is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

The issue affects Mozilla Firefox 3.0 and prior versions of Firefox 2.0.x.

81. OpenSSL Multiple Denial of Service Vulnerabilities
BugTraq ID: 29405
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29405
Summary:
OpenSSL is prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to cause a client or server application to crash. Successful exploits will deny service to legitimate users.

OpenSSL 0.9.8f and 0.9.8g are reported vulnerable. Other versions may be affected as well.

82. phpAuction 'item.php' SQL Injection Vulnerability
BugTraq ID: 29864
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29864
Summary:
phpAuction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpAuction 3.2 is vulnerable; other versions may also be affected.

83. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
BugTraq ID: 29640
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29640
Summary:
FreeType2 is prone to an integer-overflow vulnerability because it fails to perform adequate checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications using the FreeType2 library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue can allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

84. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
BugTraq ID: 29641
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29641
Summary:
FreeType2 is prone to a remote code-execution vulnerability because of an error when freeing memory.

An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on an affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

85. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
BugTraq ID: 29639
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29639
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

86. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
BugTraq ID: 29637
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29637
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

Successfully exploiting this issue will result in the complete compromise of affected computers.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

87. libvorbis Multiple Remote Vulnerabilities
BugTraq ID: 29206
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29206
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a heap-overflow issue and multiple integer-overflow issues.

An attacker can exploit these issues to execute arbitrary code within the context of an affected application or cause the application to crash.

These issues affect libvorbis 1.2.0; other versions of the library may also be affected.

88. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
BugTraq ID: 29404
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29404
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs when the application processes SMB packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issue affects Samba 3.0.28a and 3.0.29; other versions may also be affected.

NOTE: This BID was originally titled 'Samba 'lib/util_sock.c' Buffer Overflow Vulnerability'. The title was changed to better identify the issue.

89. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.

Samba 3.0.0 through 3.0.26a are vulnerable.

90. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Samba 3.0.0 through 3.0.26a are vulnerable.

91. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when the 'domain logons' option is enabled.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

92. uTorrent and BitTorrent HTTP 'Range' Header Remote Denial of Service Vulnerability
BugTraq ID: 29661
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29661
Summary:
The WebUI for uTorrent and BitTorrent is prone to a remote denial-of-service vulnerability.

Successful exploits will crash the application, denying service to legitimate users.

uTorrent 1.7.7 and BitTorrent 6.0.1 are vulnerable; other versions may also be affected.

93. AJ HYIP Acme 'news.php' SQL Injection Vulnerability
BugTraq ID: 29863
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29863
Summary:
AJ HYIP Acme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

94. Scientific Image DataBase 'projects.php' SQL Injection Vulnerability
BugTraq ID: 29862
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29862
Summary:
Scientific Image DataBase (SIDB) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SIDB 0.41 and prior versions are vulnerable.

95. E-topbiz Link ADS 1 'out.php' SQL Injection Vulnerability
BugTraq ID: 29923
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29923
Summary:
Link ADS 1 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

96. E-topbiz Viral DX 1 'adclick.php' SQL Injection Vulnerability
BugTraq ID: 29921
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29921
Summary:
Viral DX 1 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Viral DX 1 2.07 is vulnerable; other versions may also be affected.

97. TOKOKITA Multiple SQL Injection Vulnerabilities
BugTraq ID: 29920
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29920
Summary:
TOKOKITA is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

98. DUcalendar 'detail.asp' SQL Injection Vulnerability
BugTraq ID: 29919
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29919
Summary:
DUcalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DUcalendar 1.0 is vulnerable; other versions may also be affected.

99. Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
BugTraq ID: 29917
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29917
Summary:
Max's Image Uploader is prone to a vulnerability that lets remote attackers upload and execute
arbitrary code because it fails to properly sanitize user-supplied files.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

100. ShareCMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 29916
Remote: Yes
Last Updated: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29916
Summary:
ShareCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ShareCMS 0.1 Beta is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Ransomware resisting crypto cracking efforts
By: Robert Lemos
Kaspersky calls for a massive effort to break the code keys used by a malicious program that encrypts its victim's data and asks for ransom, but other experts doubt the keys can be found or that finding them will help.
http://www.securityfocus.com/news/11523

2. Boycott spotlights antivirus testing issues
By: Robert Lemos
Security firm Trend Micro refuses to apply for future VB100 certifications, highlighting a debate over how to best test antivirus software.
http://www.securityfocus.com/news/11522

3. Hired gun blamed for business outage
By: Robert Lemos
Video-content firm Revision3 accuses anti-piracy company MediaDefender -- known for its aggressive tactics against file sharers -- of attacking its servers over the weekend.
http://www.securityfocus.com/news/11521

4. Legal experts wary of MySpace hacking charges
By: Robert Lemos
Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
http://www.securityfocus.com/news/11519

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Engineer, Herndon
http://www.securityfocus.com/archive/77/493624

2. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/493629

3. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/493635

4. [SJ-JOB] Sales Engineer, Raleigh
http://www.securityfocus.com/archive/77/493636

5. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/493623

6. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/493621

7. [SJ-JOB] Sales Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/493622

8. [SJ-JOB] Jr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/493620

9. [SJ-JOB] Security Consultant, Edison
http://www.securityfocus.com/archive/77/493609

10. [SJ-JOB] Manager, Information Security, Boca Raton
http://www.securityfocus.com/archive/77/493605

11. [SJ-JOB] Security Consultant, Minneapolis
http://www.securityfocus.com/archive/77/493607

12. [SJ-JOB] Software Engineer, St. Paul
http://www.securityfocus.com/archive/77/493608

13. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/493601

14. [SJ-JOB] Security Engineer, St. Paul
http://www.securityfocus.com/archive/77/493602

15. [SJ-JOB] Sales Engineer, Los Angeles
http://www.securityfocus.com/archive/77/493603

16. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/493604

17. [SJ-JOB] Security Researcher, San Jose
http://www.securityfocus.com/archive/77/493606

18. [SJ-JOB] Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/493598

19. [SJ-JOB] Sr. Security Analyst, El Segundo
http://www.securityfocus.com/archive/77/493599

20. [SJ-JOB] Application Security Engineer, Anywhere in North America
http://www.securityfocus.com/archive/77/493600

21. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/493597

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #399
http://www.securityfocus.com/archive/88/493547

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Vulnerability and Patch-Management in Linux (and other Unix)
http://www.securityfocus.com/archive/91/493478

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive