News

Wednesday, August 06, 2008

SecurityFocus Newsletter #465

SecurityFocus Newsletter #465
----------------------------------------

This issue is sponsored by Sponsored by IBM® Rational® AppScan
Copy: Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. BUGTRAQ SUMMARY
1. Kshop 'kshop_search.php' Cross-Site Scripting Vulnerability
2. HP-UX 'libc' Unspecified Remote Denial Of Service Vulnerability
3. SyzygyCMS 'index.php' Local File Include Vulnerability
4. OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
5. Keld PHP-MySQL News Script 'login.php' SQL Injection Vulnerability
6. Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability
7. America's Army Malformed UDP Packet Remote Denial of Service Vulnerability
8. TGS Content Management Arbitrary Script Injection Vulnerability
9. Joomla! and Mambo EZ Store Component SQL Injection Vulnerability
10. moziloCMS 'download.php' File Disclosure Vulnerability
11. OpenTTD Multiple Buffer Overflow Vulnerabilities
12. MagicScripts Multiple E-Store Scripts 'viewdetails.php' SQL Injection Vulnerability
13. Xerox Phaser 8400 Empty UDP Packet Remote Denial of Service Vulnerability
14. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
15. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
16. Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
17. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
18. PowerDVD '.m3u' and '.pls' File Multiple Buffer Overflow Vulnerabilities
19. ARWScripts Gallery Script Lite 'download.html' File Disclosure Vulnerability
20. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
21. HydraIRC Remote Denial Of Service Vulnerability
22. IntelliTamper HTML Parser 'IMG' Tag Buffer Overflow Vulnerability
23. K-Link SQL Injection and Cross Site Scripting Vulnerabilities
24. freeForum 'acuparam' Parameter Cross-Site Scripting Vulnerability
25. Pligg 'CAPTCHA' Registration Automation Security Bypass Weakness
26. Pligg 'category' Parameter Cross Site Scripting Vulnerability
27. Free Hosting Manager Administrator Cookie Authentication Bypass Vulnerability
28. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
29. OpenSSL Multiple Denial of Service Vulnerabilities
30. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
31. LiteNews 'index.php' SQL Injection Vulnerability
32. DD-WRT Site Survey SSID Script Injection Vulnerability
33. Quate CMS Multiple Cross-Site Scripting Vulnerabilities
34. libxslt RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability
35. VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
36. Mono Multiple Cross-Site Scripting Vulnerabilities
37. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
38. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
39. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
40. FishSound Library Remote Speex Decoding Code Execution Vulnerability
41. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
42. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
43. xine-lib Matroska Demuxer Remote Buffer Overflow Vulnerability
44. PHP-Nuke Kleinanzeigen Module 'lid' Parameter SQL Injection Vulnerability
45. PHP-Nuke Book Catalog Module 'catid' Parameter SQL Injection Vulnerability
46. KAPhotoservice Multiple Cross-Site Scripting Vulnerabilities
47. Multiple WebmasterSite Products Remote Command Execution Vulnerability
48. com_uchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
49. Ingres Database Multiple Local Vulnerabilities
50. Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities
51. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
52. phpKF-Portal Multiple Local File Include Vulnerabilities
53. Battle.net Clan Script 'index.php' Multiple SQL Injection Vulnerabilities
54. Chupix CMS Contact Module 'index.php' Multiple Local File Include Vulnerabilities
55. Python Multiple Buffer Overflow Vulnerabilities
56. Quate CMS Multiple Input Validation Vulnerabilities
57. Requestit Index.PHP Remote File Include Vulnerability
58. Gallery Multiple Remote Vulnerabilities
59. POWERGAP Shopsystem 's03.php' SQL Injection Vulnerability
60. Xpdf PDFTOPS Multiple Integer Overflow Vulnerabilities
61. Net-SNMP Perl Module Buffer Overflow Vulnerability
62. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
63. Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
64. LoveCMS Multiple Security Bypass Vulnerabilities
65. Mozilla Firefox URI Splitting Security Bypass Vulnerability
66. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
67. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
68. Sun Solaris 'pthread_mutex_reltimedlock_np(3C)' API Local Denial of Service Vulnerability
69. Sun Netra T5220 Server Local Denial of Service Vulnerability
70. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
71. Sun Solaris 'snoop(1M)' Utility Remote Command Execution
72. Wireshark 1.0.0 Multiple Vulnerabilities
73. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
74. Net-SNMP Remote Authentication Bypass Vulnerability
75. LiteNews Administrator Cookie Authentication Bypass Vulnerability
76. Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability
77. Git Pathname Multiple Buffer Overflow Vulnerabilities
78. Aurigma Image Uploader Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
79. Plogger Multiple SQL Injection Vulnerabilities
80. Softbiz Photo Gallery Multiple Cross Site Scripting Vulnerabilities
81. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
82. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
83. IGES CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
84. Crafty Syntax Live Help 'livehelp_js.php' Cross-Site Scripting Vulnerability
85. Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities
86. 8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability
87. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
88. Pan '.nzb' File Parsing Heap Overflow Vulnerability
89. Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
90. JBoss Enterprise Application Platform Information Disclosure Vulnerability
91. Winamp 'NowPlaying' Unspecified Security Vulnerability
92. Dayfox Blog 'index.php' Multiple Local File Include Vulnerabilities
93. Sun Java Server Faces Cross-Site Scripting Vulnerability
94. Python zlib Module Remote Buffer Overflow Vulnerability
95. E.Z.Poll 'admin/login.asp' Multiple SQL Injection Vulnerabilities
96. XAMPP for Linux 'text' Parameter Multiple Cross-Site Scripting Vulnerabilities
97. Pcshey Portal 'kategori.asp' SQL Injection Vulnerability
98. UNAK-CMS 'connector.php' Local File Include Vulnerability
99. MRBS 'area' Parameter Multiple Cross-Site Scripting Vulnerabilities
100. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. Gov't charges alleged TJX credit-card thieves
2. Poisoned DNS servers pop up as ISPs patch
3. E-Gold pleads guilty to money laundering
4. Senate amends FISA, allows immunity
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, Dearborn
2. [SJ-JOB] Sr. Security Engineer, Andover
3. [SJ-JOB] CISO, Washington DC
4. [SJ-JOB] Software Engineer, Andover
5. [SJ-JOB] Security Consultant, London
6. [SJ-JOB] Disaster Recovery Coordinator, Waterloo, Ontario
7. [SJ-JOB] Security Architect, Arlington
8. [SJ-JOB] Manager, Information Security, White Plains
9. [SJ-JOB] Sales Engineer, Chicagoland
10. [SJ-JOB] Security Consultant, Las Vegas
11. [SJ-JOB] Jr. Security Analyst, Calgary
12. [SJ-JOB] Manager, Information Security, Irving
V. INCIDENTS LIST SUMMARY
1. Anyone has a sample of http://abc.verynx.cn/w.js ?
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #405
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. root shell auditing
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476


II. BUGTRAQ SUMMARY
--------------------
1. Kshop 'kshop_search.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30576
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30576
Summary:
Kshop is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Kshop 2.22 is vulnerable; other versions may also be affected.

2. HP-UX 'libc' Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 30581
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30581
Summary:
HP-UX is prone to a remote denial-of-service vulnerability. The cause of this issue is unknown.

Exploiting this issue allows remote attackers to trigger denial-of-service conditions.

HP-UX B.11.23 and B.11.31 using libc are affected.

3. SyzygyCMS 'index.php' Local File Include Vulnerability
BugTraq ID: 30530
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30530
Summary:
SyzygyCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

SyzygyCMS 0.3 is vulnerable; other versions may also be affected.

4. OpenVPN Client 'lladdr' and 'iproute' Configuration Directive Remote Code Execution Vulnerability
BugTraq ID: 30532
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30532
Summary:
In certain circumstances, the OpenVPN client is prone to a remote code-execution vulnerability when handling specially crafted configuration directives.

Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will likely result in denial-of-service conditions.

NOTE: Only non-Windows clients are affected.

This issue affects OpenVPN clients 2.1-beta14 through 2.1-rc8.

5. Keld PHP-MySQL News Script 'login.php' SQL Injection Vulnerability
BugTraq ID: 30529
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30529
Summary:
Keld PHP-MySQL News Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Keld PHP-MySQL News Script 0.7.1 is vulnerable; other versions may also be affected.

6. Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability
BugTraq ID: 30273
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30273
Summary:
Oracle mod_wl (formerly BEA mod_wl) is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

7. America's Army Malformed UDP Packet Remote Denial of Service Vulnerability
BugTraq ID: 30519
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30519
Summary:
America's Army is prone to a remote denial-of-service vulnerability because the application fails to properly handle malicious UDP packets.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

America's Army 2.8.3.1 is vulnerable; other versions may also be affected.

8. TGS Content Management Arbitrary Script Injection Vulnerability
BugTraq ID: 30528
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30528
Summary:
TGS Content Management is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

This issue affects TGS Content Management 0.3.2r2; other versions may also be affected.

9. Joomla! and Mambo EZ Store Component SQL Injection Vulnerability
BugTraq ID: 30527
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30527
Summary:
The EZ Store component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

10. moziloCMS 'download.php' File Disclosure Vulnerability
BugTraq ID: 30526
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30526
Summary:
moziloCMS is prone to a file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal attacks to view local files in the context of the webserver process. This may aid in further attacks.

This issue affects moziloCMS 1.10.1; other versions may also be affected.

11. OpenTTD Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30525
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30525
Summary:
OpenTTD is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers.

Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect versions prior to OpenTTD 0.6.2.

12. MagicScripts Multiple E-Store Scripts 'viewdetails.php' SQL Injection Vulnerability
BugTraq ID: 30524
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30524
Summary:
Multiple E-Store scripts are prone to an SQL-injection vulnerability because the applications fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the vulnerable applications, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are affected:

E-Store Kit-1
E-Store Kit-2
E-Store Kit-1 Pro PayPal Edition
E-Store Kit-2 PayPal Edition

13. Xerox Phaser 8400 Empty UDP Packet Remote Denial of Service Vulnerability
BugTraq ID: 30522
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30522
Summary:
Xerox Phaser 8400 is prone to a remote denial-of-service vulnerability because the printer fails to properly handle malicious UDP packets.

Exploiting this issue allows remote attackers to cause the device to restart, effectively denying service to legitimate users.

14. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

These issues affect versions prior to Linux kernel 2.6.25.10.

15. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.

16. Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
BugTraq ID: 29004
Remote: No
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/29004
Summary:
The Linux kernel is prone to a local security-bypass vulnerability because it fails to properly handle certain RLIMIT_CPU time limitations.

Attackers can exploit this issue to bypass certain security restrictions, which may lead to further attacks.

Versions prior to Linux kernel 2.6.22 are affected.

17. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 30177
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30177
Summary:
Oracle has released the July 2008 Critical Patch Update that addresses 44 new vulnerabilities affecting the following products:

Oracle Database
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle E-Business Suite and Application
Oracle Enterprise Manager
Oracle PeopleSoft Enterprise
Oracle BEA Products

18. PowerDVD '.m3u' and '.pls' File Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30341
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30341
Summary:
PowerDVD is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

PowerDVD 8.0 is vulnerable; prior versions may also be affected.

19. ARWScripts Gallery Script Lite 'download.html' File Disclosure Vulnerability
BugTraq ID: 28718
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/28718
Summary:
ARWScripts Gallery Script Lite is prone to a file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal attacks to view local files in the context of the webserver process. This may aid in further attacks.

20. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
BugTraq ID: 30473
Remote: No
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30473
Summary:
OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4.

Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.

NOTE: This issue cannot be leveraged to access an existing PIN number.

This issue occurs in versions prior to OpenSC 0.11.5.

21. HydraIRC Remote Denial Of Service Vulnerability
BugTraq ID: 30523
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30523
Summary:
HydraIRC is prone to a remote denial-of-service vulnerability because the application fails to validate user-supplied data.

An attacker may exploit this issue crash the application, resulting in a denial-of-service condition.

This issue affects HydraIRC 0.3.164 and prior versions.

22. IntelliTamper HTML Parser 'IMG' Tag Buffer Overflow Vulnerability
BugTraq ID: 30521
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30521
Summary:
IntelliTamper is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

This issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

IntelliTamper 2.07 is vulnerable; other versions may also be affected.

23. K-Link SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 30520
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30520
Summary:
K-Link Directory is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

24. freeForum 'acuparam' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 30509
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30509
Summary:
freeForum is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

freeForum 1.7 is vulnerable; other versions may also be affected.

25. Pligg 'CAPTCHA' Registration Automation Security Bypass Weakness
BugTraq ID: 30518
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30518
Summary:
Pligg is prone to a security-bypass weakness.

Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks.

Pligg 9.9.5 is vulnerable; other versions may also be affected.

26. Pligg 'category' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 30516
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30516
Summary:
Pligg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Pligg 9.9.5 is vulnerable; other versions may also be affected.

27. Free Hosting Manager Administrator Cookie Authentication Bypass Vulnerability
BugTraq ID: 30580
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30580
Summary:
Free Hosting Manger is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application.

Free Hosting Manager 1.2 and 2.0 are vulnerable; other versions may also be affected.

28. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30578
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30578
Summary:
WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected.

29. OpenSSL Multiple Denial of Service Vulnerabilities
BugTraq ID: 29405
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29405
Summary:
OpenSSL is prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to cause a client or server application to crash. Successful exploits will deny service to legitimate users.

OpenSSL 0.9.8f and 0.9.8g are reported vulnerable. Other versions may be affected as well.

30. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.

31. LiteNews 'index.php' SQL Injection Vulnerability
BugTraq ID: 30575
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30575
Summary:
LiteNews is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it an SQL-query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LiteNews 0.1 is vulnerable; other versions may also be affected.

32. DD-WRT Site Survey SSID Script Injection Vulnerability
BugTraq ID: 30573
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30573
Summary:
DD-WRT is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied data to the 'Site Survey' section of the administrative web interface.

Attackers can exploit this issue to execute arbitrary script code in the DD-WRT web interface.

Versions prior to DD-WRT 24-sp1 are vulnerable.

33. Quate CMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30570
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30570
Summary:
Quate CMS is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Quate CMS 0.3.4 is vulnerable; other versions may also be affected.

34. libxslt RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability
BugTraq ID: 30467
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30467
Summary:
The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects libxslt 1.1.8 to 1.1.24.

35. VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25729
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/25729
Summary:
VMware Workstation's DHCP server is prone to multiple remote code-execution issues, including a stack-based integer-underflow issue, a stack-based buffer-overflow issue, and an unspecified vulnerability.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.

Versions prior to VMware Workstation 6.0.1 Build 55017 are vulnerable.

36. Mono Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30471
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30471
Summary:
Mono is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

37. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
BugTraq ID: 28816
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28816
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects xine-lib 1.1.12 and prior versions.

38. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
BugTraq ID: 28312
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28312
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.10.1; other versions may also be vulnerable.

39. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28370
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28370
Summary:
The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

These issues affect xine-lib 1.1.11; other versions may also be affected.

40. FishSound Library Remote Speex Decoding Code Execution Vulnerability
BugTraq ID: 28665
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28665
Summary:
The FishSound 'libfishsound' library is prone to a remote code-execution vulnerability because the software fails to properly bounds-check user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to FishSound 0.9.1 are vulnerable.

The following applications use the library and are also vulnerable:

- Speex
- Annodex plugin for Firefox
- Illiminable DirectShow Filters
- gstreamer-plugins-good
- SDL_sound
- Sweep
- vorbis-tools
- VLC Media Player
- xine-lib
- XMMS speex plugin

Other applications may also be affected.

41. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 27441
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/27441
Summary:
MPlayer is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MPlayer 1.0 rc2 is vulnerable; other versions may also be affected.

42. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.9 and prior versions.

43. xine-lib Matroska Demuxer Remote Buffer Overflow Vulnerability
BugTraq ID: 28543
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28543
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions and possibly execute arbitrary code in the context of applications that use the library.

Versions prior to xine-lib 1.1.10.1 are vulnerable.

44. PHP-Nuke Kleinanzeigen Module 'lid' Parameter SQL Injection Vulnerability
BugTraq ID: 30577
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30577
Summary:
The Kleinanzeigen module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

45. PHP-Nuke Book Catalog Module 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 30511
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30511
Summary:
The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

46. KAPhotoservice Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30567
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30567
Summary:
KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

47. Multiple WebmasterSite Products Remote Command Execution Vulnerability
BugTraq ID: 30572
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30572
Summary:
Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.

This issue affects the following products:

WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30

Note that previous versions may also be vulnerable.

48. com_uchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
BugTraq ID: 30571
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30571
Summary:
The com_uchat component for Mambo and Joomla! is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect com_uchat 0.9.2; other versions may also be affected.

49. Ingres Database Multiple Local Vulnerabilities
BugTraq ID: 30512
Remote: No
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30512
Summary:
Ingres Database is prone to multiple local vulnerabilities:

- Multiple local privilege-escalation vulnerabilities
- A vulnerability that may allow attackers to overwrite arbitrary files.

Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user.

50. Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 30574
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30574
Summary:
Google Notebook and Google Bookmarks are prone to multiple unspecified cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

51. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

52. phpKF-Portal Multiple Local File Include Vulnerabilities
BugTraq ID: 30566
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30566
Summary:
phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

phpKF-Portal 1.10 is vulnerable; other versions may also be affected.

53. Battle.net Clan Script 'index.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 30565
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30565
Summary:
Battle.net Clan Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Battle.net Clan Script 1.5.2 is vulnerable; other versions may also be affected.

54. Chupix CMS Contact Module 'index.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 30564
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30564
Summary:
The Contact module for Chupix CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

Contact 0.1.0 is vulnerable; other versions may also be affected.

55. Python Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30491
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30491
Summary:
Python is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python modules. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

These issues affect versions prior to Python 2.5.2-r6.

56. Quate CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 29348
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29348
Summary:
Quate CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include remote and local file-include vulnerabilities, cross-site scripting vulnerabilities, and a directory-traversal vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary local or remote script code in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information, or compromise the affected application and possibly the underlying system.

Quate CMS 0.3.4 is vulnerable; other versions may also be affected.

57. Requestit Index.PHP Remote File Include Vulnerability
BugTraq ID: 23370
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/23370
Summary:
Requestit is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects Requestit 1.0b; other versions may also be vulnerable.

58. Gallery Multiple Remote Vulnerabilities
BugTraq ID: 30563
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30563
Summary:
Gallery is prone to multiple remote vulnerabilities:

1. A command-execution vulnerability
2. A cross-site scripting issue
3. A security-bypass vulnerability
4. An authentication-bypass vulnerability
5. A local file-include vulnerability
6. A denial-of-service issue
7. An unspecified information-disclosure vulnerability
8. A username-enumeration weakness

Exploiting these issues could allow an attacker to view sensitive information, execute arbitrary script code within the context of the browser, compromise the application, and modify data. Other attacks are also possible.

Versions prior to Gallery 1.5.8 are vulnerable.

59. POWERGAP Shopsystem 's03.php' SQL Injection Vulnerability
BugTraq ID: 30558
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30558
Summary:
POWERGAP Shopsystem is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

60. Xpdf PDFTOPS Multiple Integer Overflow Vulnerabilities
BugTraq ID: 11501
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/11501
Summary:
The pdftops utility is reported prone to multiple integer-overflow vulnerabilities because it fails to properly ensure that user-supplied input doesn't result in the overflowing of integer values. This may result in data being copied past the end of a memory buffer.

These overflows cause the application to allocate memory regions that are smaller than expected. Subsequent operations are likely to overwrite memory regions past the end of the allocated buffer, allowing attackers to overwrite critical memory control structures. This may allow attackers to control the flow of execution and potentially execute attacker-supplied code in the context of the affected application.

Applications using embedded xpdf code may be vulnerable to these issues as well.

61. Net-SNMP Perl Module Buffer Overflow Vulnerability
BugTraq ID: 29212
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29212
Summary:
Net-SNMP is prone a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications using the affected Net-SNMP Perl module. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects Net-SNMP 5.4.1, 5.2.4, and 5.1.4; other versions may also be vulnerable.

62. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29956
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29956
Summary:
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to Pidgin 2.4.3 are vulnerable.

63. Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
BugTraq ID: 29985
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29985
Summary:
Pidgin is prone to multiple denial-of-service vulnerabilities affecting the UPnP and Jabber protocols.

Successfully exploits will crash the application, denying service to legitimate users.

Pidgin 2.0.0 is vulnerable; other versions, including Gaim 2.0.0 beta versions, may also be affected.

64. LoveCMS Multiple Security Bypass Vulnerabilities
BugTraq ID: 30562
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30562
Summary:
LoveCMS is prone to multiple security-bypass vulnerabilities because the application fails to properly control access to some pages.

Attackers can exploit these issues to bypass certain security restrictions and modify application settings or execute arbitrary code.

The issues affect LoveCMS 1.6.2; prior versions may also be affected.

65. Mozilla Firefox URI Splitting Security Bypass Vulnerability
BugTraq ID: 30242
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30242
Summary:
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.

Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.

The issue affects Firefox 3.0 and versions prior to 2.0.0.16.

66. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
BugTraq ID: 29802
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29802
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

The issue affects Firefox 3.0 and versions prior to Firefox 2.0.0.16. Versions prior to Thunderbird 2.0.0.16 and prior to SeaMonkey 1.1.11 are also affected.

NOTE: Mozilla Thunderbird is affected by this issue only if JavaScript has been enabled in the application. This setting is disabled by default.

67. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
BugTraq ID: 30038
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30038
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.14 and prior versions.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- upload arbitrary files to affected computers
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in Firefox 2.0.0.14 and prior versions.

Mozilla Thunderbird is affected by the issues described in Mozilla advisories MFSA 2008-21, MFSA 2008-24, and MFSA 2008-25. Note that these issues arise in Thunderbird only when JavaScript is enabled. JavaScript is not enabled in the default installation.

68. Sun Solaris 'pthread_mutex_reltimedlock_np(3C)' API Local Denial of Service Vulnerability
BugTraq ID: 30561
Remote: No
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30561
Summary:
The Sun Solaris 'pthread_mutex_reltimedlock_np(3C)' (priority-inherited pthread mutex) API is prone to a local denial-of-service vulnerability.

A local unprivileged attacker can exploit this issue to trigger a system hang or panic, resulting in a denial-of-service condition.

This issue affects Solaris 10 and OpenSolaris prior to build snv_90 for SPARC and x86 platforms.

69. Sun Netra T5220 Server Local Denial of Service Vulnerability
BugTraq ID: 30557
Remote: No
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30557
Summary:
Sun Netra T5220 Server is prone to a local denial-of-service vulnerability.

A local unprivileged attacker can exploit this issue to cause a system panic that will result in a denial-of-service condition.

This issue affects Sun Netra T5220 Server with firmware version 7.1.3.

70. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
BugTraq ID: 30559
Remote: No
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30559
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.27-rc2 are vulnerable.

71. Sun Solaris 'snoop(1M)' Utility Remote Command Execution
BugTraq ID: 30556
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30556
Summary:
The Solaris 'snoop(1M)' network utility is prone to a command-execution vulnerability.

Exploiting this issue may allow attackers to execute arbitrary commands in the context of the application.

This issue affects the following systems for SPARC and x86 platforms:

Solaris 10
Solaris 9
Solaris 8
OpenSolaris builds snv_01 to snv_95

72. Wireshark 1.0.0 Multiple Vulnerabilities
BugTraq ID: 30020
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/30020
Summary:
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.

Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.5 up to and including 1.0.0.

73. Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 28818
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/28818
Summary:
The Mozilla Foundation has released a security advisory disclosing a memory-corruption vulnerability that affects Mozilla Firefox, SeaMonkey, and potentially Thunderbird.

The vulnerability stems from an unspecified error in the JavaScript garbage collector.

Attackers may exploit this issue to crash a vulnerable application or potentially execute arbitrary code in the context of the application.

The issue affects Mozilla Firefox 2.0.0.13 and Mozilla SeaMonkey 1.1.9. Note that Mozilla Thunderbird shares the browser engine with Firefox and may also be vulnerable when JavaScript is enabled in emails.

74. Net-SNMP Remote Authentication Bypass Vulnerability
BugTraq ID: 29623
Remote: Yes
Last Updated: 2008-08-06
Relevant URL: http://www.securityfocus.com/bid/29623
Summary:
Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.

Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.

Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable.

75. LiteNews Administrator Cookie Authentication Bypass Vulnerability
BugTraq ID: 30555
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30555
Summary:
LiteNews is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application.

76. Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 30553
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30553
Summary:
Pidgin is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.

Pidgin 2.4.3 is vulnerable; other versions may also be affected.

77. Git Pathname Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30549
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30549
Summary:
Git is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Git 1.5.6.3 is vulnerable; prior versions may also be affected.

78. Aurigma Image Uploader Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
BugTraq ID: 30548
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30548
Summary:
Multiple Aurigma Image Uploader ActiveX controls are prone to multiple unspecified security issues.

Very little information is known about these issues. We will update this BID as soon as more information becomes available:

Aurigma Image Uploader 4.7 and 5.1 are vulnerable; other versions may also be affected.

79. Plogger Multiple SQL Injection Vulnerabilities
BugTraq ID: 30547
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30547
Summary:
Plogger is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Plogger 3.0 and prior versions are vulnerable.

80. Softbiz Photo Gallery Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30546
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30546
Summary:
Softbiz Photo Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

81. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29670
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/29670
Summary:
The RENDER component for X Server is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

82. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
BugTraq ID: 29665
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/29665
Summary:
X.Org X Server is prone to a denial-of-service vulnerability because the software fails to properly handle exceptional conditions.

Attackers who can connect to a vulnerable X Server may exploit this issue to crash the targeted server, denying further service to legitimate users.

83. IGES CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 30544
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30544
Summary:
IGES CMS is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Attackers may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IGES CMS 2.0 is vulnerable; other versions may also be affected.

84. Crafty Syntax Live Help 'livehelp_js.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30543
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30543
Summary:
Crafty Syntax Live Help (CSLH) is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

85. Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30542
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30542
Summary:
Pluck is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Pluck 4.5.2 is vulnerable; other versions may also be affected.

86. 8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability
BugTraq ID: 30541
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30541
Summary:
8e6 Technologies R3000 Internet Filter is prone to a vulnerability that allows attackers to bypass URI filters.

Attackers can exploit this issue by sending specially crafted HTTP request packets for an arbitrary website. Successful exploits allow attackers to view sites that the device is meant to block. This could aid in further attacks.

R3000 Internet Filter 2.0.12.10 is vulnerable; other versions may also be affected.

87. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
BugTraq ID: 29669
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/29669
Summary:
X.Org X Server is prone to an information-disclosure vulnerability that lets X clients read arbitrary X server memory.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

88. Pan '.nzb' File Parsing Heap Overflow Vulnerability
BugTraq ID: 29421
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/29421
Summary:
Pan is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed '.nzb' files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

89. Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
BugTraq ID: 24953
Remote: No
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/24953
Summary:
Samsung Linux Printer Driver is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

90. JBoss Enterprise Application Platform Information Disclosure Vulnerability
BugTraq ID: 30540
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30540
Summary:
JBoss Enterprise Application Platform is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain potentially sensitive details about deployed web contexts. Information obtained may lead to further attacks.

The issue affects versions prior to JBoss Enterprise Application Platform 4.3.0.CP01 and 4.2.0.CP03.

91. Winamp 'NowPlaying' Unspecified Security Vulnerability
BugTraq ID: 30539
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30539
Summary:
Winamp is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to Winamp 5.541.

92. Dayfox Blog 'index.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 30538
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30538
Summary:
Dayfox Blog is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Dayfox Blog 4.6.12 is vulnerable; other versions may also be affected.

93. Sun Java Server Faces Cross-Site Scripting Vulnerability
BugTraq ID: 28192
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/28192
Summary:
Sun Java Server Faces is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site running an application that is based on Java Server Faces. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Sun Java Server Faces 1.2 is vulnerable; other versions may be affected as well.

94. Python zlib Module Remote Buffer Overflow Vulnerability
BugTraq ID: 28715
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/28715
Summary:
Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Python 2.5.2; other versions may also be vulnerable.

95. E.Z.Poll 'admin/login.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 30536
Remote: Yes
Last Updated: 2008-08-05
Relevant URL: http://www.securityfocus.com/bid/30536
Summary:
E.Z.Poll is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

E.Z.Poll 2 is vulnerable; other versions may also be affected.

96. XAMPP for Linux 'text' Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30535
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30535
Summary:
XAMPP for Linux is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

XAMPP 1.6.7 for Linux is vulnerable; other versions may also be affected.

97. Pcshey Portal 'kategori.asp' SQL Injection Vulnerability
BugTraq ID: 30534
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30534
Summary:
Pcshey Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

98. UNAK-CMS 'connector.php' Local File Include Vulnerability
BugTraq ID: 30533
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30533
Summary:
UNAK-CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

UNAK-CMS 1.5.5 is vulnerable; other versions may also be affected.

99. MRBS 'area' Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30531
Remote: Yes
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30531
Summary:
MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MRBS 1.2.6 is vulnerable; other versions may also be affected.

100. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 30481
Remote: No
Last Updated: 2008-08-04
Relevant URL: http://www.securityfocus.com/bid/30481
Summary:
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability that occurs in the 'VBoxDrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Sun xVM VirtualBox 1.6.0 and 1.6.2 running on Windows are vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Gov't charges alleged TJX credit-card thieves
By: Robert Lemos
U.S. prosecutors charge eleven people with taking part in an identity-theft ring that stole millions of credit-card accounts from major retailers, among them TJX Companies.
http://www.securityfocus.com/news/11530

2. Poisoned DNS servers pop up as ISPs patch
By: Robert Lemos
An online attacker poisons at least one domain-name server at a major Internet service provider to send Google lookups to a pay-per-click ad network.
http://www.securityfocus.com/news/11529

3. E-Gold pleads guilty to money laundering
By: Robert Lemos
In a plea agreement with the U.S. government, the company's founders agree to charges of operating an unlicensed money transfer business, but the business aims to continue.
http://www.securityfocus.com/news/11528

4. Senate amends FISA, allows immunity
By: Robert Lemos
Questions about the Bush Administration's use of wiretapping for much of the past decade will likely remain unanswered, as legislators grant greater international spying powers to U.S. intelligence agencies.
http://www.securityfocus.com/news/11527

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Dearborn
http://www.securityfocus.com/archive/77/495144

2. [SJ-JOB] Sr. Security Engineer, Andover
http://www.securityfocus.com/archive/77/495146

3. [SJ-JOB] CISO, Washington DC
http://www.securityfocus.com/archive/77/495147

4. [SJ-JOB] Software Engineer, Andover
http://www.securityfocus.com/archive/77/495148

5. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/495145

6. [SJ-JOB] Disaster Recovery Coordinator, Waterloo, Ontario
http://www.securityfocus.com/archive/77/495038

7. [SJ-JOB] Security Architect, Arlington
http://www.securityfocus.com/archive/77/495042

8. [SJ-JOB] Manager, Information Security, White Plains
http://www.securityfocus.com/archive/77/495043

9. [SJ-JOB] Sales Engineer, Chicagoland
http://www.securityfocus.com/archive/77/495036

10. [SJ-JOB] Security Consultant, Las Vegas
http://www.securityfocus.com/archive/77/495037

11. [SJ-JOB] Jr. Security Analyst, Calgary
http://www.securityfocus.com/archive/77/495039

12. [SJ-JOB] Manager, Information Security, Irving
http://www.securityfocus.com/archive/77/495035

V. INCIDENTS LIST SUMMARY
---------------------------
1. Anyone has a sample of http://abc.verynx.cn/w.js ?
http://www.securityfocus.com/archive/75/495044

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #405
http://www.securityfocus.com/archive/88/495002

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. root shell auditing
http://www.securityfocus.com/archive/91/494849

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by IBM® Rational® AppScan
Copy: Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

No comments:

Blog Archive