----------------------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Firing Up Browser Security
2.Racing Against Reversers
II. BUGTRAQ SUMMARY
1. XChangeboard 'newThread.php' SQL Injection Vulnerability
2. plx Ad Trader 'ad.php' SQL Injection Vulnerability
3. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
4. Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
5. Python zlib Module Remote Buffer Overflow Vulnerability
6. RETIRED: PHPmotion SQL Injection and Arbitrary File Upload Vulnerabilities
7. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
8. Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10. Apache Tomcat Information Disclosure Vulnerability
11. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
12. Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13. Apache HTTP Server Tomcat Directory Traversal Vulnerability
14. Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15. Apache Tomcat Servlet Path Disclosure Vulnerability
16. Apache Tomcat Invoker Servlet File Disclosure Vulnerability
17. Apache Tomcat DefaultServlet File Disclosure Vulnerability
18. MySQL User-Defined Function Buffer Overflow Vulnerability
19. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
20. Apple Mac OS X VPND Remote Denial of Service Vulnerability
21. Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
22. Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext Vulnerability
23. Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
24. Open Motif libUil Open_source_file Buffer Overflow Vulnerability
25. Open Motif libUil Diag_issue_diagnostic Buffer Overflow Vulnerability
26. LibXPM Multiple Unspecified Vulnerabilities
27. Joomla! and Mambo 'com_is' Component Multiple SQL Injection Vulnerabilities
28. Joomla! and Mambo Brightcode Weblinks Component 'catid' Parameter SQL Injection Vulnerability
29. VLC Media Player WAV File Buffer Overflow Vulnerability
30. Novell iPrint Client ActiveX Control Multiple Stack Overflow Vulnerabilities
31. GraphicsMagick Multiple Denial Of Service Vulnerabilities
32. Joomla! and Mambo Versioning Component 'id' Parameter SQL Injection Vulnerability
33. EfesTECH Shop 'cat_id' Parameter SQL Injection Vulnerability
34. CAT2 'spaw_root' Parameter Local File Include Vulnerability
35. CMS little 'index.php' Local File Include Vulnerability
36. Sisplet CMS 'index.php' SQL Injection Vulnerability
37. Palm Centro System Lockout Authentication Bypass Vulnerability
38. Simple PHP Agenda 'index.php' Local File Include Vulnerability
39. VanGogh CMS 'get_article.php' SQL Injection Vulnerability
40. HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
41. AShop Deluxe 'catalogue.php' SQL Injection Vulnerability
42. Soldner Secret Wars Endless Loop Remote Denial of Service Vulnerability
43. QNX Neutrino RTOS 'phgrafx' Local Buffer Overflow Vulnerability
44. TYPO3 PDF Generator 2 Extension Multiple Unspecified Vulnerabilities
45. TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
46. TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
47. TYPO3 DAM Frontend Extension Multiple Unspecified Vulnerabilities
48. TYPO3 KB Unpack Extension Unspecified Remote Vulnerability
49. TYPO3 Packman Extension Unspecified Remote Vulnerability
50. TYPO3 Address Directory Unspecified SQL Injection Vulnerability
51. Wireshark 1.0.0 Multiple Vulnerabilities
52. TYPO3 Industry Database Security Bypass Vulnerability
53. TYPO3 Address Directory Unspecified Cross Site Scripting Vulnerability
54. TYPO3 Support view Extension SQL Injection Vulnerability
55. TYPO3 Codeon Petition Extension Unspecified SQL Injection Vulnerability
56. TYPO3 phpMyAdmin Extension Unspecified Cross Site Scripting Vulnerability
57. TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
58. TYPO3 WEC Discussion Forum Security Bypass and Multiple Cross Site Scripting Vulnerabilities
59. TYPO3 Send-A-Card Multiple Cross-Site Scripting Vulnerabilities
60. Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
61. pSys 'chatbox.php' SQL Injection Vulnerability
62. HIOX Banner Rotator 'hioxBannerRotate.php' Remote File Include Vulnerability
63. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
64. Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
65. Yukihiro Matsumoto Ruby 'rb_ary_fill()' Remote Denial Of Service Vulnerability
66. DC++ NULL Pointer Remote Denial of Service Vulnerability
67. DC++ Private Message Remote Denial of Service Vulnerability
68. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerability
69. OpenLDAP BER Decoding Remote Denial of Service Vulnerability
70. OpenSSH X Connections Session Hijacking Vulnerability
71. Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities
72. ServerView 'SnmpGetMibValues.exe' Multiple Unspecified Buffer Overflow Vulnerabilities
73. phpwebnews 'bukutamu.php' SQL Injection Vulnerability
74. phpwebnews 'index.php' SQL Injection Vulnerability
75. Linux Kernel x86_64 ptrace Local Memory Corruption Vulnerability
76. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
77. Microsoft July 2008 Advance Notification Multiple Vulnerabilities
78. WebBlizzard CMS 'index.php' SQL Injection Vulnerability
79. Mercurial 'patch.py' Directory Traversal Vulnerability
80. FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability
81. Opera Web Browser Remote Code Execution and Information Disclosure Vulnerabilities
82. Pivot 't' Parameter Directory Traversal Vulnerability
83. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
84. Sun Solaris Unspecified 'snmpXdmid(1M)' Remote Denial of Service Vulnerability
85. Vim Vim Script Multiple Command Execution Vulnerabilities
86. Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
87. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
88. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
89. Linux Kernel Direction Flag Local Memory Corruption Vulnerability
90. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
91. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
92. SyndeoCMS Cross Site Scripting and Local File Include Vulnerabilities
93. Motion 'read_client()' Off-By-One Buffer Overflow Vulnerability
94. Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow Vulnerability
95. BareNuked CMS 'admin/users.php' SQL Injection Vulnerability
96. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
97. Linux Kernel DCCP Subsystem Buffer Overflow Vulnerability
98. GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
99. Sympa 'Content-Type' Header Remote Denial Of Service Vulnerability
100. Hitachi Cosminexus Remote Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS
1. Web surfers, it's time to patch
2. Breach-notification laws not working?
3. Ransomware resisting crypto cracking efforts
4. Boycott spotlights antivirus testing issues
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Researcher, Columbia
2. [SJ-JOB] Security Researcher, Columbia
3. [SJ-JOB] Security Researcher, Mountain View
4. [SJ-JOB] Application Security Architect, Springfield
5. [SJ-JOB] CISO, New York
6. [SJ-JOB] Principal Software Engineer, Arlington
7. [SJ-JOB] Application Security Engineer, Tampa
8. [SJ-JOB] Account Manager, Houston
9. [SJ-JOB] Customer Support, Columbia
10. [SJ-JOB] Security System Administrator, Columbia
11. [SJ-JOB] Sales Engineer, DC
12. [SJ-JOB] Instructor, any
13. [SJ-JOB] Software Engineer, Columbia
14. [SJ-JOB] Software Engineer, Columbia
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #400
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Hardening CentOS
2. BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Firing Up Browser Security
By Federico Biancuzzi
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.
http://www.securityfocus.com/columnists/475
2.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.
http://www.securityfocus.com/columnists/474
II. BUGTRAQ SUMMARY
--------------------
1. XChangeboard 'newThread.php' SQL Injection Vulnerability
BugTraq ID: 30059
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30059
Summary:
XChangeboard is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects XChangeboard 1.70; other versions may also be vulnerable.
2. plx Ad Trader 'ad.php' SQL Injection Vulnerability
BugTraq ID: 30046
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30046
Summary:
plx Ad Trader is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Ad Trader 3.2 is vulnerable; other versions may also be affected.
3. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors' products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks.
4. Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28749
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/28749
Summary:
Python is prone to multiple remote buffer-overflow vulnerabilities because certain functions in the core API fail to properly verify user-supplied data.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running an application that uses the affected functions. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Python 2.5.2; earlier versions may also be vulnerable.
5. Python zlib Module Remote Buffer Overflow Vulnerability
BugTraq ID: 28715
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/28715
Summary:
Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Python 2.5.2; other versions may also be vulnerable.
6. RETIRED: PHPmotion SQL Injection and Arbitrary File Upload Vulnerabilities
BugTraq ID: 29949
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29949
Summary:
PHPmotion is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include an SQL-injection vulnerability and an arbitrary-file-upload vulnerability.
Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHPmotion 2.0 and prior versions are affected.
NOTE: Information from the vendor and further analysis show that the application is not affected by these issues.
7. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
BugTraq ID: 26070
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/26070
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability
Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.
8. Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
BugTraq ID: 8824
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/8824
Summary:
Apache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types.
When certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted.
9. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
BugTraq ID: 24475
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/24475
Summary:
Apache Tomcat Manager and Host Manager are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
10. Apache Tomcat Information Disclosure Vulnerability
BugTraq ID: 19106
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/19106
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files.
Apache Tomcat 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this issue; other versions may also be affected.
Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 ship with an affected version of Tomcat and are vulnerable as well.
11. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
BugTraq ID: 24524
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/24524
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.
12. Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24058
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/24058
Summary:
Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following Tomcat versions are affected:
4.0.0 to 4.0.6
4.1.0 to 4.1.36
5.0.0 to 5.0.30
5.5.0 to 5.5.23
6.0.0 to 6.0.10
13. Apache HTTP Server Tomcat Directory Traversal Vulnerability
BugTraq ID: 22960
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.
Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.
14. Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
BugTraq ID: 15325
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/15325
Summary:
A remote denial-of-service vulnerability affects Apache Tomcat because the application fails to efficiently handle multiple requests for directory listings.
When this issue is triggered, the application fails to serve further requests to legitimate users until the Tomcat processes have been restarted.
15. Apache Tomcat Servlet Path Disclosure Vulnerability
BugTraq ID: 4575
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/4575
Summary:
Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies. Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows.
Apache Tomcat ships with a number of example classes (SnoopServlet and TroubleShooter) that may reveal the absolute path of the Tomcat installation when requested.
Disclosure of this type of sensitive information may aid in further attacks against the host running the vulnerable software.
16. Apache Tomcat Invoker Servlet File Disclosure Vulnerability
BugTraq ID: 6562
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/6562
Summary:
An information-disclosure vulnerability has been reported to reside in Apache Tomcat. The vulnerability allows an attacker to cause Tomcat to return the unprocessed source of a JSP page or, in certain circumstances, a resource that would otherwise have been secured.
The vulnerability occurs when using the invoker servlet in conjunction with the default servlet.
NOTE: This issue is a variant of the vulnerability described in BID 5786.
17. Apache Tomcat DefaultServlet File Disclosure Vulnerability
BugTraq ID: 5786
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/5786
Summary:
The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data such as database usernames and passwords.
18. MySQL User-Defined Function Buffer Overflow Vulnerability
BugTraq ID: 14509
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/14509
Summary:
MySQL is prone to a buffer-overflow vulnerability. The application fails to perform sufficient boundary checks on data supplied as an argument in a user-defined function.
A database user with sufficient access to create a user-defined function can exploit this issue. Attackers may also be able to exploit this issue through latent SQL-injection vulnerabilities in third-party applications that use the database as a backend.
Successful exploits will allow arbitrary code to run in the context of the database server process.
19. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is prone to multiple remote vulnerabilities:
1. A buffer-overflow vulnerability occurs because the software fails to perform sufficient boundary checks of user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of affected database servers. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
2. Two information-disclosure vulnerabilities occur because the software fails to sufficiently sanitize and check boundaries of user-supplied data. These issues allow remote users to gain access to potentially sensitive information that may aid in further attacks.
20. Apple Mac OS X VPND Remote Denial of Service Vulnerability
BugTraq ID: 26699
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/26699
Summary:
Apple Mac OS X is prone to a remote denial-of-service vulnerability because the virtual private network daemon ('vpnd') fails to handle specially crafted network packets.
An attacker can exploit this issue to crash affected computers, denying service to legitimate users.
This issue affects Apple Mac OS X 10.5; other versions may also be affected.
21. Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29903
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29903
Summary:
Ruby is prone to multiple vulnerabilities including four integer-overflow issues and an issue caused by insecure memory-allocation use of 'alloca()'.
Successful exploits allow attackers to run arbitrary code in the context of applications implemented with Ruby. Failed exploit attempts may result in denial-of-service conditions.
22. Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext Vulnerability
BugTraq ID: 16802
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/16802
Summary:
Crypt::CBC is prone to a weak-ciphertext vulnerability. This issue stems from a flaw in its creation of IVs (Initialization Vectors) for ciphers with a blocksize larger than 8.
This issue results in the creation of ciphertext that contains bytes encrypted with a constant null IV. This ciphertext is prone to differential cryptanalysis, aiding attackers in compromising the plaintext of encrypted data.
The level of difficulty attackers may face trying to exploit this flaw is currently unknown, but data encrypted with vulnerable versions of Crypt::CBC should be considered insecure.
Versions prior to Crypt::CBC 2.17 are vulnerable to this issue if they use the 'RandomIV' header style.
23. Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
BugTraq ID: 30018
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/30018
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
24. Open Motif libUil Open_source_file Buffer Overflow Vulnerability
BugTraq ID: 15686
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/15686
Summary:
A buffer-overflow vulnerability affects libUil (User Interface Language) and can leave applications that link to the library vulnerable.
Successful exploits may result in a remote compromise or local privilege escalation, depending on the affected application linked to the library.
Open Motif is derived from the original Motif code maintained by the Open Group. Motif is likely also vulnerable.
NOTE: This issue was originally reported in BID 15678 (Open Motif libUil Buffer Overflow Vulnerabilities); it is now being assigned a new record.
25. Open Motif libUil Diag_issue_diagnostic Buffer Overflow Vulnerability
BugTraq ID: 15684
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/15684
Summary:
A buffer-overflow vulnerability affects libUil (User Interface Language); applications that link to the library are vulnerable.
Successful exploits may result in a remote compromise or local privilege escalation, depending on the affected application linked to the library.
Open Motif is derived from the original Motif code maintained by the Open Group. Motif is likely also vulnerable.
This issue was originally reported in BID 15678 (Open Motif libUil Buffer Overflow Vulnerabilities); it is now being assigned a new record.
26. LibXPM Multiple Unspecified Vulnerabilities
BugTraq ID: 11694
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/11694
Summary:
The libXpm library is reported prone to multiple vulnerabilities. These issues may be triggered when handling malformed XPM images. The following issues are reported:
- integer-overflow vulnerabilities
- out-of-bounds memory access vulnerabilities
- a shell command-execution vulnerability
- a path-traversal vulnerability
- endless-loop vulnerabilities.
The details regarding each of these issues were not specified at the time of writing; this BID will be updated as more details regarding these vulnerabilities become available.
27. Joomla! and Mambo 'com_is' Component Multiple SQL Injection Vulnerabilities
BugTraq ID: 30063
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30063
Summary:
The 'com_is' component for Joomla! and Mambo is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect 'com_is' 1.0.1; other versions may also be affected.
28. Joomla! and Mambo Brightcode Weblinks Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 30060
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30060
Summary:
The Brightcode Weblinks component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
29. VLC Media Player WAV File Buffer Overflow Vulnerability
BugTraq ID: 30058
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30058
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the WAV file decoder fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6h is vulnerable; other versions may also be affected.
30. Novell iPrint Client ActiveX Control Multiple Stack Overflow Vulnerabilities
BugTraq ID: 29736
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/29736
Summary:
Novell iPrint Client ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.
An attacker can exploit these issues by tricking a victim into viewing a malicious web page. A successful attack will allow attacker-supplied code to run in the context of the currently logged-in user.
The issue affects versions prior to iPrint Client 4.36.
31. GraphicsMagick Multiple Denial Of Service Vulnerabilities
BugTraq ID: 30055
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30055
Summary:
GraphicsMagick is prone to multiple denial-of-service vulnerabilities.
Successfully exploiting these issues will allow an attacker to crash the affected application.
The vulnerabilities affect versions prior to GraphicsMagick 1.2.4.
32. Joomla! and Mambo Versioning Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 30050
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30050
Summary:
The Versioning component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versioning 1.0.2 is vulnerable; other versions may also be affected.
33. EfesTECH Shop 'cat_id' Parameter SQL Injection Vulnerability
BugTraq ID: 30044
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30044
Summary:
EfesTECH Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
EfesTECH Shop 2.0 is vulnerable; other versions may also be affected.
34. CAT2 'spaw_root' Parameter Local File Include Vulnerability
BugTraq ID: 30042
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30042
Summary:
CAT2 is prone to a local file-include vulnerability.
An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
CAT2 1.2 is vulnerable; other versions may also be affected.
35. CMS little 'index.php' Local File Include Vulnerability
BugTraq ID: 30061
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30061
Summary:
'CMS little' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
CMS little 0.0.1 is vulnerable to this issue; other versions may also be affected.
36. Sisplet CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 30032
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30032
Summary:
Sisplet CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Sisplet CMS 2008-01-24 is vulnerable; other versions may also be affected.
37. Palm Centro System Lockout Authentication Bypass Vulnerability
BugTraq ID: 30030
Remote: No
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30030
Summary:
Palm Centro is prone to an authentication-bypass vulnerability.
An attacker with physical access to the device can bypass the lockout security feature to gain access to certain functions of the device.
38. Simple PHP Agenda 'index.php' Local File Include Vulnerability
BugTraq ID: 30034
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30034
Summary:
Simple PHP Agenda is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can exploit this vulnerability to gain access to arbitrary files on the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.
Simple PHP Agenda 2.2.4 is vulnerable; other versions may also be affected.
39. VanGogh CMS 'get_article.php' SQL Injection Vulnerability
BugTraq ID: 30033
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30033
Summary:
VanGogh CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
VanGogh CMS 0.9 is vulnerable; other versions may also be affected.
40. HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
BugTraq ID: 30029
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30029
Summary:
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
SMH 2.1.10 and 2.1.11 for Linux and Windows are vulnerable.
41. AShop Deluxe 'catalogue.php' SQL Injection Vulnerability
BugTraq ID: 30022
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30022
Summary:
AShop Deluxe is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AShop Deluxe 4 is vulnerable; other versions may also be affected.
42. Soldner Secret Wars Endless Loop Remote Denial of Service Vulnerability
BugTraq ID: 30031
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30031
Summary:
Soldner is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker could exploit this issue to cause the affected server to become unresponsive, denying service to legitimate users.
Soldner 33724 and earlier versions are vulnerable.
43. QNX Neutrino RTOS 'phgrafx' Local Buffer Overflow Vulnerability
BugTraq ID: 30024
Remote: No
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30024
Summary:
QNX Neutrino RTOS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'phgrafx' utility.
Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
QNX Neutrino RTOS 6.3.2 and 6.3.0 are vulnerable; other versions may be affected as well.
44. TYPO3 PDF Generator 2 Extension Multiple Unspecified Vulnerabilities
BugTraq ID: 30057
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30057
Summary:
The PDF Generator 2 extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize input before using it in an SQL-query. This application is also prone to unspecified denial-of-service and information-disclosure vulnerabilities.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting the denial-of-service issue could prevent legitimate use of the application.
Attackers may also leverage the information-disclosure vulnerability to obtain potentially sensitive information that may aid in further attacks.
Versions up to and including PDF Generator 2 0.5.0 are vulnerable.
45. TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
BugTraq ID: 30051
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30051
Summary:
The SQL Frontend extension for TYPO3 is prone to an unspecified SQL-injection issue and an unspecified denial-of-services issue because it fails to sufficiently sanitize user-supplied data.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting the denial-of-service issue could prevent legitimate use of the application.
Few details regarding these vulnerabilities are available; we will update this BID when more information emerges.
Versions up to and including SQL Frontend 1.0.11 are vulnerable.
46. TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 30056
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30056
Summary:
The TYPO3 News Calendar extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including News Calendar 1.0.7 are vulnerable.
47. TYPO3 DAM Frontend Extension Multiple Unspecified Vulnerabilities
BugTraq ID: 30054
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30054
Summary:
The DAM Frontend extension of TYPO3 is prone to multiple vulnerabilities, including an SQL-injection issue, an information-disclosure issue, and multiple unspecified issues.
A successful exploit may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or obtain sensitive information. Other attacks are also possible.
DAM Frontend 0.1.0 and prior versions are affected.
48. TYPO3 KB Unpack Extension Unspecified Remote Vulnerability
BugTraq ID: 30053
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30053
Summary:
The KB Unpack extension for TYPO3 is prone to an unspecified vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
KB Unpack 0.1.0 and prior versions are vulnerable.
49. TYPO3 Packman Extension Unspecified Remote Vulnerability
BugTraq ID: 30052
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30052
Summary:
The Packman extension for TYPO3 is prone to an unspecified vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Packman 0.2.1 and prior versions are vulnerable.
50. TYPO3 Address Directory Unspecified SQL Injection Vulnerability
BugTraq ID: 30049
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30049
Summary:
Address Directory is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Address Directory 0.2.10 and prior versions are vulnerable.
51. Wireshark 1.0.0 Multiple Vulnerabilities
BugTraq ID: 30020
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30020
Summary:
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.
Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.9.5 up to and including 1.0.0.
52. TYPO3 Industry Database Security Bypass Vulnerability
BugTraq ID: 30047
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30047
Summary:
Industry Database is prone to a vulnerability that may allow unauthorized users to modify data owned by other users.
This issue affects Industry Database 1.0.0 and prior versions.
53. TYPO3 Address Directory Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 30048
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30048
Summary:
The Address Directory extension for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects Address Directory 0.2.10 and prior versions.
54. TYPO3 Support view Extension SQL Injection Vulnerability
BugTraq ID: 30041
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30041
Summary:
The TYPO3 'Support view' extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Support view 0.0.102 and prior versions are vulnerable.
55. TYPO3 Codeon Petition Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 30040
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30040
Summary:
The Codeon Petition extension for TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
TYPO3 Codeon Petition 0.0.2 and prior versions are vulnerable.
56. TYPO3 phpMyAdmin Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 30039
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30039
Summary:
The phpMyAdmin extension for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects versions prior to phpMyAdmin 3.2.0.
57. TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 30045
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30045
Summary:
TYPO3 Branchenbuch extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Few details regarding this vulnerability are available; we will update this BID when more information emerges.
Versions up to and including TYPO3 Branchenbuch 0.8.1 are vulnerable.
58. TYPO3 WEC Discussion Forum Security Bypass and Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30026
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30026
Summary:
WEC Discussion Forum is prone to a security-bypass issue and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
An attacker may exploit the security-bypass vulnerability to upload arbitrary files and execute script code in the context of the webserver process.
The attacker may also leverage the cross-site scripting issues to execute script code in an unsuspecting user's browser or to steal cookie-based authentication credentials; other attacks are also possible.
These issues affect versions prior to WEC Discussion Forum 1.6.3.
59. TYPO3 Send-A-Card Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30028
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30028
Summary:
Send-A-Card is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Versions prior to Send-A-Card 2.2.4 are vulnerable.
60. Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
BugTraq ID: 30027
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30027
Summary:
Wordtrans-web is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary shell commands in the context of the webserver hosting the vulnerable application. This may facilitate the remote compromise of affected computers.
This issue affects Wordtrans-web 1.1.pre15; previous versions may also be vulnerable.
61. pSys 'chatbox.php' SQL Injection Vulnerability
BugTraq ID: 30023
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30023
Summary:
pSys is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
pSys 0.7.0 Alpha is vulnerable; other versions may also be affected.
62. HIOX Banner Rotator 'hioxBannerRotate.php' Remote File Include Vulnerability
BugTraq ID: 30021
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30021
Summary:
HIOX Banner Rotator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects HIOX Banner Rotator 1.3; other versions may also be affected.
63. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
BugTraq ID: 30038
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30038
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.14 and prior versions.
Exploiting these issues can allow attackers to:
- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- upload arbitrary files to affected computers
- cause denial-of-service conditions
- execute arbitrary code
Other attacks are also possible.
These issues are present in Firefox 2.0.0.14 and prior versions.
Mozilla Thunderbird is affected by the issues described in Mozilla advisories MFSA 2008-21, MFSA 2008-24, and MFSA 2008-25. Please note that these issues only arise in Thunderbird when JavaScript is enabled. JavaScript is not enabled in the default installation.
64. Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
BugTraq ID: 30070
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30070
Summary:
The Organic Groups module for Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect the following versions of Organic Groups:
- Organic Groups 5.x versions prior to 5.x-7.3
- Organic Groups 6.x versions prior to 6.x-1.0-RC1
65. Yukihiro Matsumoto Ruby 'rb_ary_fill()' Remote Denial Of Service Vulnerability
BugTraq ID: 30036
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30036
Summary:
Ruby is prone to a remote denial-of-service vulnerability.
Successful exploits may allow remote attackers to cause denial-of-service conditions.
66. DC++ NULL Pointer Remote Denial of Service Vulnerability
BugTraq ID: 29924
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/29924
Summary:
DC++ is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects DC++ 0.706 and earlier versions.
67. DC++ Private Message Remote Denial of Service Vulnerability
BugTraq ID: 30037
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30037
Summary:
DC++ is prone to a remote denial-of-service vulnerability because the application fails to handle private messages properly.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects DC++ 0.706 and earlier versions.
68. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerability
BugTraq ID: 11385
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/11385
Summary:
Squid is prone to a denial-of-service vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by default as provided by the vendor, but may be enabled by default when Squid is included as a binary application in certain unconfirmed operating systems.
This vulnerability allows remote attackers to crash affected Squid proxies with single UDP datagrams that may be spoofed. Squid will attempt to restart itself automatically, but an attacker sending repeated malicious SNMP packets can effectively deny service to legitimate users.
Squid 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702, are reported vulnerable.
69. OpenLDAP BER Decoding Remote Denial of Service Vulnerability
BugTraq ID: 30013
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30013
Summary:
OpenLDAP is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users by crashing affected servers.
OpenLDAP 2.3.41 is vulnerable to this issue; earlier versions back to approximately 2.1.18 as well as newer versions may also be affected.
70. OpenSSH X Connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.
This issue affects OpenSSH 4.3p2; other versions may also be affected.
NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.
71. Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities
BugTraq ID: 29602
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/29602
Summary:
Novell GroupWise Messenger is prone to two buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Novell GroupWise Messenger 2.0.3 HP1 are vulnerable.
72. ServerView 'SnmpGetMibValues.exe' Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 30081
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30081
Summary:
ServerView is prone to multiple unspecified buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data.
An attacker can exploit these issues to execute arbitrary machine code in the context of affected applications. Failed exploit attempts will likely cause denial-of-service conditions.
ServerView 4.60.07 is vulnerable; other versions may also be affected.
73. phpwebnews 'bukutamu.php' SQL Injection Vulnerability
BugTraq ID: 30080
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30080
Summary:
phpwebnews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
phpwebnews 0.2 is vulnerable; other versions may also be affected.
74. phpwebnews 'index.php' SQL Injection Vulnerability
BugTraq ID: 30079
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30079
Summary:
phpwebnews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
phpwebnews 0.2 is vulnerable; other versions may also be affected.
75. Linux Kernel x86_64 ptrace Local Memory Corruption Vulnerability
BugTraq ID: 30077
Remote: No
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30077
Summary:
The Linux Kernel is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input. The issue affects x86_64 ptrace and causes an overflow that subsequently results in the insecure freeing of a structure.
An attacker may exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.
Linux Kernel prior to 2.6.25.10 is vulnerable.
76. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.
Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Due to the nature of these issues, remote code execution may be possible, but that has not been confirmed.
These issues affect the Linux kernel prior to version 2.6.25.10.
77. Microsoft July 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 30075
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30075
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on July 8, 2008. The highest severity rating for these issues is 'Important'.
Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.
Individual records will be created to document the issues when the bulletins are released.
78. WebBlizzard CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 30074
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30074
Summary:
WebBlizzard CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
79. Mercurial 'patch.py' Directory Traversal Vulnerability
BugTraq ID: 30072
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30072
Summary:
Mercurial is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to create or overwrite arbitrary files on a computer hosting the affected application.
Mercurial 1.0.1 is vulnerable; other versions may also be affected.
80. FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 30071
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30071
Summary:
FreeStyle Wiki is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects FreeStyle Wiki version 3.6.2 and prior, and version 3.6.3 dev3 and prior.
81. Opera Web Browser Remote Code Execution and Information Disclosure Vulnerabilities
BugTraq ID: 30068
Remote: Yes
Last Updated: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30068
Summary:
Opera Web Browser is prone to multiple security vulnerabilities including a remote code-execution issue and an information-disclosure issue.
Successful exploits of these issues may allow remote attackers to execute arbitrary code in the context of the application or disclose potentially sensitive information.
Versions prior to Opera 9.51 are vulnerable.
82. Pivot 't' Parameter Directory Traversal Vulnerability
BugTraq ID: 30012
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/30012
Summary:
Pivot is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Pivot 1.40.5 is vulnerable; other versions may also be affected.
83. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
BugTraq ID: 28781
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/28781
Summary:
CUPS is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.
CUPS 1.3.7 is vulnerable; other versions may also be affected.
84. Sun Solaris Unspecified 'snmpXdmid(1M)' Remote Denial of Service Vulnerability
BugTraq ID: 29965
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29965
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability because of an unspecified issue in the Solstice Enterprise SNMP-DMI mapper subagent daemon ('snmpXdmid(1M)').
An attacker can exploit this issue to cause the affected daemon to crash, resulting in a denial-of-service condition.
This issue affects Solaris 8, 9, and 10 operating systems.
85. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.
Vim 7.1.298 is vulnerable; other versions may also be affected.
86. Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 29957
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29957
Summary:
Commtouch Anti-Spam Enterprise Gateway is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Commtouch Anti-Spam Enterprise Gateway 4 and 5 are vulnerable; other versions may also be affected.
87. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
BugTraq ID: 28925
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/28925
Summary:
Trillian is prone to a remote denial-of-service vulnerability because it fails to sufficiently bounds-check user-supplied data.
Few details regarding this vulnerability are available; we will update this BID when more information emerges.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions, denying further service to legitimate users.
Trillian 3.1 is vulnerable; other versions may also be affected.
88. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
BugTraq ID: 29003
Remote: No
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29003
Summary:
The Linux kernel is prone to a local race-condition vulnerability.
A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.
89. Linux Kernel Direction Flag Local Memory Corruption Vulnerability
BugTraq ID: 29084
Remote: No
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29084
Summary:
The Linux kernel is prone to a vulnerability that can corrupt kernel memory.
A local attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
90. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
BugTraq ID: 29081
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29081
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
NOTE: This issue occurs on computers that have NetScreen firewalls or Cisco PIX installed.
91. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
BugTraq ID: 29086
Remote: No
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29086
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when process traces are performed on 64-bit computers.
Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.
92. SyndeoCMS Cross Site Scripting and Local File Include Vulnerabilities
BugTraq ID: 29644
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29644
Summary:
SyndeoCMS is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploiting the local file-include issues allows remote attackers to view local files within the context of the webserver process.
SyndeoCMS 2.6.0 is vulnerable; other versions may also be affected.
93. Motion 'read_client()' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 29636
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29636
Summary:
Motion is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue may compromise the affected application and possibly the underlying computer. Failed exploit attempts will result in a denial-of-service condition.
Motion 3.2.10 and prior versions are vulnerable.
94. Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow Vulnerability
BugTraq ID: 29836
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29836
Summary:
Apple Safari WebKit is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
95. BareNuked CMS 'admin/users.php' SQL Injection Vulnerability
BugTraq ID: 30011
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/30011
Summary:
BareNuked CMS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.
BareNuked CMS 1.1.0 is vulnerable; other versions may also be affected.
96. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.
Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.
97. Linux Kernel DCCP Subsystem Buffer Overflow Vulnerability
BugTraq ID: 29603
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29603
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability caused by insufficient boundary checking.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Linux kernel 2.6.18 is known to be vulnerable, but other versions are likely affected as well.
98. GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
BugTraq ID: 29958
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/29958
Summary:
GNOME Rhythmbox is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input.
Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.
GNOME Rhythmbox 0.11.5 is vulnerable; other versions may also be affected.
99. Sympa 'Content-Type' Header Remote Denial Of Service Vulnerability
BugTraq ID: 28539
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/28539
Summary:
Sympa is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted 'Content-Type' headers.
An attacker can exploit this issue to cause the application to crash. Successful attacks will deny service to legitimate users.
Versions prior to Sympa 5.4 are affected.
100. Hitachi Cosminexus Remote Information Disclosure Vulnerability
BugTraq ID: 15003
Remote: Yes
Last Updated: 2008-07-02
Relevant URL: http://www.securityfocus.com/bid/15003
Summary:
Hitachi Cosminexus is affected by an information-disclosure vulnerability.
An attacker may obtain potentially sensitive information such as other users' personal information sent through previous HTTP POST requests.
Information gathered may aid in other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Web surfers, it's time to patch
By: Robert Lemos
Nearly 640 million Internet users visit sites with a behind-the-times Web browser, and that's only the tip of the iceberg, researchers say.
http://www.securityfocus.com/news/11525
2. Breach-notification laws not working?
By: Robert Lemos
Research fails to find a correlation between states with disclosure laws and reduced identity theft, suggesting the best defense for concerned citizens is to take action themselves.
http://www.securityfocus.com/news/11524
3. Ransomware resisting crypto cracking efforts
By: Robert Lemos
Kaspersky calls for a massive effort to break the code keys used by a malicious program that encrypts its victim's data and asks for ransom, but other experts doubt the keys can be found or that finding them will help.
http://www.securityfocus.com/news/11523
4. Boycott spotlights antivirus testing issues
By: Robert Lemos
Security firm Trend Micro refuses to apply for future VB100 certifications, highlighting a debate over how to best test antivirus software.
http://www.securityfocus.com/news/11522
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Researcher, Columbia
http://www.securityfocus.com/archive/77/493924
2. [SJ-JOB] Security Researcher, Columbia
http://www.securityfocus.com/archive/77/493919
3. [SJ-JOB] Security Researcher, Mountain View
http://www.securityfocus.com/archive/77/493922
4. [SJ-JOB] Application Security Architect, Springfield
http://www.securityfocus.com/archive/77/493914
5. [SJ-JOB] CISO, New York
http://www.securityfocus.com/archive/77/493916
6. [SJ-JOB] Principal Software Engineer, Arlington
http://www.securityfocus.com/archive/77/493917
7. [SJ-JOB] Application Security Engineer, Tampa
http://www.securityfocus.com/archive/77/493918
8. [SJ-JOB] Account Manager, Houston
http://www.securityfocus.com/archive/77/493909
9. [SJ-JOB] Customer Support, Columbia
http://www.securityfocus.com/archive/77/493911
10. [SJ-JOB] Security System Administrator, Columbia
http://www.securityfocus.com/archive/77/493921
11. [SJ-JOB] Sales Engineer, DC
http://www.securityfocus.com/archive/77/493923
12. [SJ-JOB] Instructor, any
http://www.securityfocus.com/archive/77/493908
13. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/493910
14. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/493912
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #400
http://www.securityfocus.com/archive/88/493739
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Hardening CentOS
http://www.securityfocus.com/archive/91/493893
2. BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
http://www.securityfocus.com/archive/91/493743
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
No comments:
Post a Comment