----------------------------------------
This issue is sponsored by Offensive Security
From one of the creators of BackTrack comes a series of intense, 5-day, live training sessions that will change the way you view security.
No more theory, no more talking - these hands-on classes will not just discuss why but will show you HOW.
Join the Offensive Security training team for some of the best security training in the market today.
http://www.offensive-security.com/seccourse.php
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. BUGTRAQ SUMMARY
1. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
2. Nokia 6131 Multiple Vulnerabilities
3. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
4. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
5. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
6. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
7. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
8. Linux Kernel Tehuti Network Driver 'BDX_OP_WRITE' Memory Corruption Vulnerability
9. Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
10. Microsoft Windows Event System Array Index Verification Remote Code Execution Vulnerability
11. Microsoft Windows Event System User Subscription Request Remote Code Execution Vulnerability
12. Microsoft Office WPG Image File Remote Code Execution Vulnerability
13. Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
14. HAVP 'sockethandler.cpp' Client Connect Infinite Loop Denial of Service Vulnerability
15. Openfire 'login.jsp' Cross-Site Scripting Vulnerability
16. Red Hat yum-rhn-plugin RHN Updates Denial of Service Vulnerability
17. Openwsman Multiple Remote Security Vulnerabilities
18. PartyPoker Client Update Remote Code Execution Vulnerability
19. E-Shop Shopping Cart Script 'search_results.php' SQL Injection Vulnerability
20. CyBoards PHP Lite Multiple Remote Vulnerabilities
21. Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
22. Clever Internet ActiveX Suite CLINetSuiteX6.OCX Arbitrary File Download Or Overwrite Vulnerability
23. Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability
24. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
25. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
26. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
27. OpenSSH X Connections Session Hijacking Vulnerability
28. OpenSSL Public Key Processing Denial of Service Vulnerability
29. OpenSSH ForceCommand Command Execution Weakness
30. OpenSSL ASN.1 Structures Denial of Service Vulnerability
31. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
32. Drupal Remote Vulnerabilities
33. PADL 'nss_ldap' Race Condition Security Vulnerability
34. Microsoft Windows 'NSlookup.exe' Unspecified Remote Code Execution Vulnerability
35. PHPOutsourcing Zorum RollID SQL Injection Vulnerability
36. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
37. FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability
38. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
39. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
40. VidiScript Remote File Upload Vulnerability
41. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
42. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
43. PHPBasket 'pro_id' Parameter SQL Injection Vulnerability
44. Ipswitch WS_FTP Client Format String Vulnerability
45. XNova Project XNova 'todofleetcontrol.php' Remote File Include Vulnerability
46. phpArcadeScript 'cat' Parameter SQL Injection Vulnerability
47. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
48. VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability
49. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability
50. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
51. Joomla! 'com_user' Component Token Input Validation Vulnerability
52. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
53. xine-lib OGG Processing Remote Denial of Service Vulnerability
54. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
55. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
56. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
57. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
58. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
59. Sun Java SE Secure Static Versioning Applet Execution Weakness
60. Sun Java Web Start Multiple Vulnerabilities
61. Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability
62. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
63. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
64. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
65. Sun Java Runtime Environment Multiple Security Vulnerabilities
66. PromoProducts 'view_product.php' Multiple SQL Injection Vulnerabilities
67. Quick Poll 'code.php' SQL Injection Vulnerability
68. EchoVNC Remote Buffer Overflow Vulnerability
69. FipsCMS 'forum/neu.asp' SQL Injection Vulnerability
70. ZEEJOBSITE 'bannerclick.php' SQL Injection Vulnerability
71. Neon Digest Authentication Null Pointer Exception Denial Of Service Vulnerability
72. FlexCMS 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting Vulnerability
73. Mambo Multiple Cross-Site Scripting Vulnerabilities
74. PHPizabi 'id' Parameter Local File Include Vulnerability
75. Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery and Security Bypass Vulnerabilities
76. mUnky 'index.php' Remote Code Execution Vulnerability
77. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
78. dotCMS 'id' Parameter Multiple Local File Include Vulnerabilities
79. mktemp Predictable Temporary Filename Vulnerability
80. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
81. Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
82. Microsoft Internet Explorer HTML Component Handling Memory Corruption Vulnerability
83. Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability
84. Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
85. Microsoft Excel Indexing Validation Remote Code Execution Vulnerability
86. Microsoft Excel Index Array Remote Code Execution Vulnerability
87. Microsoft Excel Record Parsing Remote Code Execution Vulnerability
88. Microsoft Excel Credential Caching Vulnerability
89. Microsoft Windows Image Color Management Remote Code Execution Vulnerability
90. Symantec Storage Foundation for Windows Security Update Circumvention Vulnerability
91. OpenLDAP BER Decoding Remote Denial of Service Vulnerability
92. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
93. Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities
94. Datafeed Studio 'search.php' Cross-Site Scripting Vulnerability
95. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
96. Datafeed Studio 'patch.php' Remote File Include Vulnerability
97. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
98. Sun Cluster TCP Port Conflict Denial Of Service Vulnerability
99. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
100. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
III. SECURITYFOCUS NEWS
1. Researchers race to zero in record time
2. Gov't charges alleged TJX credit-card thieves
3. Poisoned DNS servers pop up as ISPs patch
4. E-Gold pleads guilty to money laundering
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Technical Writer, Riyadh
2. [SJ-JOB] Security System Administrator, Los Angeles
3. [SJ-JOB] Software Engineer, Los Angeles
4. [SJ-JOB] Security Researcher, Los Angeles
5. [SJ-JOB] Security Consultant, Denver
6. [SJ-JOB] Security Consultant, Seattle
7. [SJ-JOB] Security Consultant, Dallas
8. [SJ-JOB] Security Consultant, Santa Fe
9. [SJ-JOB] Security Consultant, Portland
10. [SJ-JOB] Security Consultant, Chicago
11. [SJ-JOB] Auditor, Miami
12. [SJ-JOB] Security Consultant, Des Moines
13. [SJ-JOB] Security Consultant, UK Wide
14. [SJ-JOB] Sales Engineer, NY
15. [SJ-JOB] Security Auditor, Arlington
16. [SJ-JOB] Certification & Accreditation Engineer, Rockville
17. [SJ-JOB] Security Architect, Springfield
18. [SJ-JOB] Auditor, Miami
19. [SJ-JOB] Sr. Security Engineer, Lombard
20. [SJ-JOB] Security Consultant, Leesburg
21. [SJ-JOB] VP, Information Security, Calgary
22. [SJ-JOB] Jr. Security Analyst, Knoxville
23. [SJ-JOB] Security Engineer, Schaumburg
24. [SJ-JOB] Security Consultant, london
25. [SJ-JOB] Manager, Information Security, Jersey City
26. [SJ-JOB] Security Product Manager, Atlanta
27. [SJ-JOB] Security Engineer, San Antonio
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Step-by-step instructions for debugging Cisco IOS using gdb
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477
2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476
II. BUGTRAQ SUMMARY
--------------------
1. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BugTraq ID: 21363
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/21363
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects VUPlayer 2.44; earlier versions may also be vulnerable.
2. Nokia 6131 Multiple Vulnerabilities
BugTraq ID: 30716
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30716
Summary:
Nokia 6131 is prone to multiple vulnerabilities.
The device is affected by URI spoofing and denial-of-service issues.
Remote attackers may spoof the source URI of a site to direct users to a malicious location and trigger crashes in an affected device.
3. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.
4. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
BugTraq ID: 29134
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
This issue affects kernel versions 2.6.22 through to 2.6.25.2.
5. Linux Kernel 'dnotify.c' Local Race Condition Vulnerability
BugTraq ID: 29003
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29003
Summary:
The Linux kernel is prone to a local race-condition vulnerability.
A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.
6. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.
Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.
7. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
BugTraq ID: 29076
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29076
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.
Versions prior to Linux kernel 2.6.25.2 and 2.4.36.4 are vulnerable.
8. Linux Kernel Tehuti Network Driver 'BDX_OP_WRITE' Memory Corruption Vulnerability
BugTraq ID: 29014
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29014
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of insufficient boundary checks in the Tehuti network driver.
Local attackers could exploit this issue to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.
These issues affect versions prior to Linux 2.6.25.1.
9. Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
BugTraq ID: 30551
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30551
Summary:
Microsoft Windows Messenger is prone to an information-disclosure vulnerability.
An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page.
Successfully exploiting this issue allows remote attackers to gain access to sensitive information. Information obtained may aid in further attacks.
10. Microsoft Windows Event System Array Index Verification Remote Code Execution Vulnerability
BugTraq ID: 30586
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30586
Summary:
Microsoft Windows Event System is prone to a remote code-execution vulnerability.
Remote authenticated attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.
A successful attack can result in a full compromise of the affected computer.
11. Microsoft Windows Event System User Subscription Request Remote Code Execution Vulnerability
BugTraq ID: 30584
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30584
Summary:
Microsoft Windows Event System is prone to a remote code-execution vulnerability.
Remote authenticated attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.
A successful attack can result in a full compromise of the affected computer.
12. Microsoft Office WPG Image File Remote Code Execution Vulnerability
BugTraq ID: 30600
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30600
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious WPG (WordPerfect Graphics) file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
13. Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
BugTraq ID: 30723
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30723
Summary:
Reflection for Secure IT is prone to multiple unspecified vulnerabilities.
Very few details are available regarding these issues. We will update this BID as more information emerges. Due to the nature of this application, it is assumed that these issues are remote in nature but Symantec has not verified this information.
These issues affect Reflection for Secure IT UNIX Client and Server 7.0 versions prior to Service Pack 1 (SP1).
14. HAVP 'sockethandler.cpp' Client Connect Infinite Loop Denial of Service Vulnerability
BugTraq ID: 30697
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30697
Summary:
HAVP is prone to a remote denial-of-service vulnerability because unresponsive servers can trigger an infinite loop.
Attackers may flood the HAVP server with requests, exhausting available resources. Legitimate clients will be unable to access the server.
HAVP 0.88 is vulnerable; earlier versions may also be affected.
15. Openfire 'login.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 30696
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30696
Summary:
Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Openfire 3.5.2 is vulnerable; prior versions are also affected.
16. Red Hat yum-rhn-plugin RHN Updates Denial of Service Vulnerability
BugTraq ID: 30695
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30695
Summary:
The Red Hat yum-rhn-plugin is prone to a denial-of-service vulnerability because it fails to adequately validate communication with Red Hat Network (RHN) servers.
Attackers can exploit this issue to deny users from accessing to security updates. This can provide a window of opportunity for an attacker to exploit a vulnerability addressed by a security update.
NOTE: This issue can not be leveraged to install malicious packages because packages signatures are still verified prior to installation.
17. Openwsman Multiple Remote Security Vulnerabilities
BugTraq ID: 30694
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30694
Summary:
Openwsman is prone to multiple remote security vulnerabilities, including two buffer-overflow issues and an SSL session replay issue.
Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application. Other attacks may also be possible.
18. PartyPoker Client Update Remote Code Execution Vulnerability
BugTraq ID: 30693
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30693
Summary:
The PartyPoker client is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of update servers and the files obtained from the servers.
This issue can be exploited by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker controlled computer.
PartyPoker client build number 121/120 is vulnerable; other versions may also be affected.
19. E-Shop Shopping Cart Script 'search_results.php' SQL Injection Vulnerability
BugTraq ID: 30692
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30692
Summary:
E-Shop Shopping Cart Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
20. CyBoards PHP Lite Multiple Remote Vulnerabilities
BugTraq ID: 30688
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30688
Summary:
CyBoards PHP Lite is prone to multiple vulnerabilities, including cross-site scripting, local file-include, and remote file-include issues.
Attackers can exploit the issues to
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- view files and execute local scripts in the context of the webserver process
- execute arbitrary server-side script code on an affected computer in the context of the webserver process
These issues affect CyBoards PHP Lite 1.21; other versions may also be affected.
21. Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
BugTraq ID: 30585
Remote: Yes
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/30585
Summary:
Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler.
Please note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of Outlook Express and Windows Mail. Successful exploits will allow the attacker to bypass Internet Explorer domain restrictions and to read data from a different Internet Explorer domain, or security zone.
22. Clever Internet ActiveX Suite CLINetSuiteX6.OCX Arbitrary File Download Or Overwrite Vulnerability
BugTraq ID: 25063
Remote: Yes
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/25063
Summary:
Clever Internet ActiveX Suite ActiveX control is prone to an arbitrary file-overwrite vulnerability due to a design error.
An attacker can exploit this issue to overwrite or download arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions or to access sensitive information; other consequences are possible.
This issue affects Clever Internet ActiveX Suite 6.2; other versions may also be affected.
23. Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability
BugTraq ID: 28512
Remote: No
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/28512
Summary:
Multiple applications that use X11 are prone to a vulnerability that can allow local attackers to execute arbitrary commands in the context of a user running the application.
This issue affects rxvt 2.6.4 and Eterm 0.9.4; other versions and applications may also be affected.
24. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 25344
Remote: Yes
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/25344
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to a vulnerability that lets attackers overwrite files.
An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.
Version 5.1 of the control is vulnerable to this issue; other versions may also be affected.
25. ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 29750
Remote: Yes
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/29750
Summary:
ClamAV is prone to a denial-of-service vulnerability caused by an invalid memory access during a 'memcpy()' call.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.
Versions prior to ClamAV 0.93.1 are vulnerable.
26. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
BugTraq ID: 29990
Remote: No
Last Updated: 2008-08-13
Relevant URL: http://www.securityfocus.com/bid/29990
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of the issue, arbitrary code execution may also be possible, but this has not been confirmed.
27. OpenSSH X Connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.
This issue affects OpenSSH 4.3p2; other versions may also be affected.
NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.
28. OpenSSL Public Key Processing Denial of Service Vulnerability
BugTraq ID: 20247
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server using OpenSSL.
29. OpenSSH ForceCommand Command Execution Weakness
BugTraq ID: 28531
Remote: No
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/28531
Summary:
OpenSSH is prone to a weakness that may allow attackers to execute arbitrary commands.
Successful exploits may allow attackers to execute arbitrary commands, contrary to the wishes of administrators and bypassing the intent of the 'ForceCommand' option.
Versions prior to OpenSSH 4.9 are vulnerable.
30. OpenSSL ASN.1 Structures Denial of Service Vulnerability
BugTraq ID: 20248
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users.
31. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
32. Drupal Remote Vulnerabilities
BugTraq ID: 30689
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30689
Summary:
Drupal is prone to multiple vulnerabilities including arbitrary file-upload, cross-site scripting, cross-site request-forgery, and privilege escalation.
Attackers can exploit these issues to:
- control how the site is rendered to users
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- add or delete access control rules
- edit Drupal nodes or delete files
- upload and execute arbitrary server-side script code.
These issues affect Drupal 5.x before 5.10 and Drupal 6.x before 6.4.
33. PADL 'nss_ldap' Race Condition Security Vulnerability
BugTraq ID: 26452
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/26452
Summary:
PADL 'nss_ldap' is prone to a race-condition security vulnerability; fixes are available.
An attacker may exploit this condition to obtain potentially sensitive data or to launch other attacks against an application that employs the vulnerable function.
The issue affects versions prior to PADL 'nss_ldap' Build 259.
34. Microsoft Windows 'NSlookup.exe' Unspecified Remote Code Execution Vulnerability
BugTraq ID: 30636
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30636
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability due to an unspecified error in 'NSlookup.exe'.
Successfully exploiting this issue would allow the attacker to execute arbitrary code on an affected computer. Failed attacks will cause denial-of-service conditions.
Microsoft Windows XP Professional SP2 is vulnerable; other versions and products may also be affected.
35. PHPOutsourcing Zorum RollID SQL Injection Vulnerability
BugTraq ID: 16131
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/16131
Summary:
Zorum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
36. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 30481
Remote: No
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30481
Summary:
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability that occurs in the 'VBoxDrv.sys' driver.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
Sun xVM VirtualBox 1.6.0 and 1.6.2 running on Windows are vulnerable; other versions may also be affected.
37. FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability
BugTraq ID: 30685
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30685
Summary:
FlashGet is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
FlashGet version 1.9 is vulnerable; other versions may also be affected.
38. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30578
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30578
Summary:
WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected.
The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS versions 23, 25 and 26 prior to 26.49.9.2838
39. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
BugTraq ID: 30728
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30728
Summary:
Ipswitch WS_FTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
40. VidiScript Remote File Upload Vulnerability
BugTraq ID: 30721
Remote: Yes
Last Updated: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30721
Summary:
VidiScript is prone to a vulnerability that allows an attacker to upload arbitrary script code and execute it in the context of the webserver process. This may help the attacker gain unauthorized access or escalate privileges; other attacks are also possible.
41. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 30698
Remote: Yes
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30698
Summary:
The 'xine-lib' library is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.
Versions of 'xine-lib' prior to 1.1.15 are affected.
42. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
BugTraq ID: 30691
Remote: No
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30691
Summary:
Postfix is prone to a local privilege-escalation vulnerability and a local information-disclosure vulnerability.
Local attackers can exploit this issue to read other users mail or execute arbitrary commands with superuser privileges.
Versions prior to Postfix 2.5.4 Patchlevel 4 are vulnerable.
43. PHPBasket 'pro_id' Parameter SQL Injection Vulnerability
BugTraq ID: 30726
Remote: Yes
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30726
Summary:
PHPBasket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
44. Ipswitch WS_FTP Client Format String Vulnerability
BugTraq ID: 30720
Remote: Yes
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30720
Summary:
Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects the WS_FTP Home and WS_FTP Professional clients.
45. XNova Project XNova 'todofleetcontrol.php' Remote File Include Vulnerability
BugTraq ID: 30715
Remote: Yes
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30715
Summary:
XNova is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
XNova 0.8 SP1 and prior versions are affected.
46. phpArcadeScript 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 30714
Remote: Yes
Last Updated: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30714
Summary:
phpArcadeScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpArcadeScript 4.0 is vulnerable; other versions may also be affected.
47. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 30719
Remote: No
Last Updated: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30719
Summary:
ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
ESET Smart Security 3.0.667.0 is vulnerable; other versions may also be affected.
48. VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability
BugTraq ID: 30718
Remote: Yes
Last Updated: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30718
Summary:
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6i is vulnerable; other versions may also be affected.
49. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability
BugTraq ID: 30717
Remote: Yes
Last Updated: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30717
Summary:
eo-video is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when handling playlist files.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
eo-video 1.36 is vulnerable; other versions may also be affected.
50. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30662
Remote: No
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30662
Summary:
A report indicates that Amarok may create temporary files in an insecure manner. These findings have not yet been corroborated.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Amarok 1.4.9.1 is affected; other versions may also be vulnerable.
51. Joomla! 'com_user' Component Token Input Validation Vulnerability
BugTraq ID: 30667
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30667
Summary:
The 'com_user' component for Joomla! is prone to an input-validation vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue could allow an attacker to obtain administrative privileges and compromise the application.
This issue affects Joomla! 1.5.5; other versions may also be affected. Mambo may also be affected by this issue.
NOTE: This BID was previously titled 'Joomla! 'com_user' Component SQL Injection Vulnerability'. The title was updated to better reflect the issue.
52. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23194
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/23194
Summary:
Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files.
An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers.
This issue affects Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions and client applications may also be affected.
Microsoft has recently disclosed that Outlook 2007 is not vulnerable, that Windows Mail on Vista is vulnerable in replying to or forwarding emails containing malicious ANI files, and that Outlook Express is vulnerable to this issue.
Third-party applications such as browsers that handle ANI files and call the ANI rendering functionality in GDI pose an attack vector for this vulnerability.
53. xine-lib OGG Processing Remote Denial of Service Vulnerability
BugTraq ID: 30699
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30699
Summary:
The 'xine-lib' library is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Versions of 'xine-lib' prior to 1.1.15 are affected.
54. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
BugTraq ID: 29641
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/29641
Summary:
FreeType2 is prone to a remote code-execution vulnerability because of an error when freeing memory.
An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.
NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on an affected computer.
FreeType2 2.3.5 is vulnerable; other versions may also be affected.
55. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
BugTraq ID: 29640
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/29640
Summary:
FreeType2 is prone to an integer-overflow vulnerability because it fails to perform adequate checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of applications using the FreeType2 library. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue can allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.
FreeType2 2.3.5 is vulnerable; other versions may also be affected.
56. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
BugTraq ID: 29639
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/29639
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.
NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.
FreeType 2.3.5 is vulnerable; other versions may also be affected.
57. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
BugTraq ID: 29637
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/29637
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.
NOTE: This issue may allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.
Successfully exploiting this issue will result in the complete compromise of affected computers.
FreeType 2.3.5 is vulnerable; other versions may also be affected.
58. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
BugTraq ID: 30140
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30140
Summary:
Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.
An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions.
The following are affected:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.x_22 and earlier
59. Sun Java SE Secure Static Versioning Applet Execution Weakness
BugTraq ID: 30142
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30142
Summary:
Sun JDK and JRE are prone to a weakness that may allow arbitrary applets to run on older releases of the software. This issue may lead to various attacks.
An attacker may exploit this weakness to potentially leverage vulnerabilities that may reside in older releases of the applications. This can lead to various attacks, depending on the presence of vulnerabilities in the older release of JDK/JRE on the vulnerable computer.
This issue affects the following versions on Windows VISTA:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 6 through 15
60. Sun Java Web Start Multiple Vulnerabilities
BugTraq ID: 30148
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30148
Summary:
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.
Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.
This issue affects the following versions:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
61. Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability
BugTraq ID: 30141
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30141
Summary:
Sun Java Runtime Environment Virtual Machine is prone to a privilege-escalation vulnerability when running untrusted applications or applets.
Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application in the affected virtual machine. This may result in a compromise of the underlying system.
This issue affects the following versions:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
62. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
BugTraq ID: 30146
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30146
Summary:
JMX is prone to an unspecified unauthorized-access vulnerability.
The vulnerability allows a JMX client to perform unauthorized actions on a computer running JMX with local monitoring enabled.
The issue affects the following versions for Windows, Solaris, and Linux:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
63. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
BugTraq ID: 30143
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30143
Summary:
Sun Java Runtime Environment is prone to multiple remote vulnerabilities.
An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users.
These issues affect the following versions on Solaris, Linux, and Windows platforms:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
64. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
BugTraq ID: 30147
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30147
Summary:
Sun Java Runtime Environment is prone to a buffer-overflow vulnerability when running untrusted applications or applets.
Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application. This may result in a compromise of the underlying system.
This issue affects the following versions on Solaris, Windows, and Linux:
JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.1_22 and earlier
65. Sun Java Runtime Environment Multiple Security Vulnerabilities
BugTraq ID: 30144
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30144
Summary:
A privilege-escalation issue and an information-disclosure issue affect multiple implementations of Java Runtime Environment (JRE).
Sun has released an advisory addressing these vulnerabilities in the following software:
JDK and JRE 6 Update 6 and earlier.
66. PromoProducts 'view_product.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 30725
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30725
Summary:
PromoProducts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
67. Quick Poll 'code.php' SQL Injection Vulnerability
BugTraq ID: 30724
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30724
Summary:
Quick Poll is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
68. EchoVNC Remote Buffer Overflow Vulnerability
BugTraq ID: 30722
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30722
Summary:
EchoVNC is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied data before copying it into insufficiently sized buffers.
An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects EchoVNC for Linux versions prior to 1.1.2.
69. FipsCMS 'forum/neu.asp' SQL Injection Vulnerability
BugTraq ID: 30712
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30712
Summary:
fipsCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
fipsCMS 2.1 is vulnerable; other versions may also be affected.
70. ZEEJOBSITE 'bannerclick.php' SQL Injection Vulnerability
BugTraq ID: 30711
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30711
Summary:
ZEEJOBSITE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ZEEJOBSITE 2.0 is vulnerable; other versions may also be affected.
71. Neon Digest Authentication Null Pointer Exception Denial Of Service Vulnerability
BugTraq ID: 30710
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30710
Summary:
The Neon library is prone to a remote denial-of-service vulnerability that occurs in the digest authentication mechanism.
An attacker can exploit this vulnerability to crash the application using the library, effectively denying service to legitimate users.
Neon versions 0.28.0 through 0.28.2 are vulnerable; other versions may also be affected.
72. FlexCMS 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30709
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30709
Summary:
FlexCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
FlexCMS 2.5 is vulnerable; other versions may also be affected.
73. Mambo Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30708
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30708
Summary:
Mambo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Mambo 4.6.2 is vulnerable; other versions may also be affected.
74. PHPizabi 'id' Parameter Local File Include Vulnerability
BugTraq ID: 30707
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30707
Summary:
PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
PHPizabi 0.848b C1 HFP3 is vulnerable; other versions may also be affected.
75. Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery and Security Bypass Vulnerabilities
BugTraq ID: 30706
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30706
Summary:
Harmoni is prone to a cross-site request-forgery vulnerability and a security-bypass vulnerability
An attacker can exploit these issues to gain unauthorized accsss to the affected application, create new user accounts and delete arbitrary content within the context of the affected application. Other attacks are also possible
Versions prior to Harmoni 1.6.0 are vulnerable.
76. mUnky 'index.php' Remote Code Execution Vulnerability
BugTraq ID: 30705
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30705
Summary:
mUnky is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to cause the application to execute arbitrary script code in the context of the application; other attacks are also possible.
77. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
Versions since Linux kernel 2.6.17-rc1 are vulnerable.
78. dotCMS 'id' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 30703
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30703
Summary:
dotCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
dotCMS 1.6 is vulnerable; other versions may also be affected.
79. mktemp Predictable Temporary Filename Vulnerability
BugTraq ID: 30701
Remote: No
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30701
Summary:
mktemp may create temporary files with names based on the current process ID. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Attackers may be able to gain elevated privileges.
This vulnerability exists in Todd Miller's mktemp 1.5; other versions may also be vulnerable. GNU coreutils mktemp is not currently believed to be vulnerable.
80. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
BugTraq ID: 30700
Remote: Yes
Last Updated: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30700
Summary:
MailScan is prone to multiple remote vulnerabilities, including:
- A directory-traversal vulnerability
- An authentication-bypass vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
An attacker can exploit these issues to gain access to sensitive information, gain unauthorized access to the affected application, execute arbitrary script code within the context of the website and steal cookie-based authentication credentials. Other attacks are also possible.
MailScan 5.6.a espatch1 is vulnerable; other versions may also be affected.
81. Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
BugTraq ID: 30614
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30614
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application attempts to parse a specially-crafted web page.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
82. Microsoft Internet Explorer HTML Component Handling Memory Corruption Vulnerability
BugTraq ID: 30612
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30612
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application attempts to parse a specially-crafted web page.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
83. Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability
BugTraq ID: 30610
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30610
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application attempts to parse a specially-crafted web page.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
84. Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
BugTraq ID: 30611
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30611
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application attempts to parse a specially-crafted web page.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
85. Microsoft Excel Indexing Validation Remote Code Execution Vulnerability
BugTraq ID: 30638
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30638
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.
86. Microsoft Excel Index Array Remote Code Execution Vulnerability
BugTraq ID: 30639
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30639
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
87. Microsoft Excel Record Parsing Remote Code Execution Vulnerability
BugTraq ID: 30640
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30640
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
88. Microsoft Excel Credential Caching Vulnerability
BugTraq ID: 30641
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30641
Summary:
Microsoft Excel is prone to a vulnerability that allows unauthorized access to remote data source credentials that have been cached in Excel files.
This issue is limited to Microsoft Excel 2007 and Microsoft Office 2008 for Mac.
89. Microsoft Windows Image Color Management Remote Code Execution Vulnerability
BugTraq ID: 30594
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30594
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability. This issue is due to a flaw in the Microsoft Color Management System (MSCMS) module of the Image Color Management System (ICM).
An attacker could exploit this issue by enticing a victim to open a malicious image file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
90. Symantec Storage Foundation for Windows Security Update Circumvention Vulnerability
BugTraq ID: 30596
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30596
Summary:
Symantec Storage Foundation for Windows is prone to a security update circumvention vulnerability in the Volume Manager Scheduler Service.
Successful exploits of this issue allow attackers to circumvent a previous security update that resolved authentication bypass and remote code execution vulnerabilities. This may facilitate the complete compromise of affected computers.
Storage Foundation for Windows 5.0, 5.0 RP1, and 5.1 are vulnerable.
91. OpenLDAP BER Decoding Remote Denial of Service Vulnerability
BugTraq ID: 30013
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30013
Summary:
OpenLDAP is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users by crashing affected servers.
OpenLDAP 2.3.41 is vulnerable to this issue; earlier versions back to approximately 2.1.18 as well as newer versions may also be affected.
92. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.
93. Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities
BugTraq ID: 26912
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/26912
Summary:
Trend Micro ServerProtect is prone to multiple vulnerabilities that let remote attackers gain full access to the filesystem. The issues occur because the application fails to properly restrict access to certain DCE/RPC methods.
Will full access to the filesystem, attackers may be able to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers.
These issues were reported to affect ServerProtect 5.58 (Security Patch 3). Earlier versions may also be affected.
Reports indicate that these vulnerabilities have been fixed in Security Patch 4.
Update August 14, 2008: Reports indicate that Security Patch 4 is still vulnerable, but Security Patch 5 is not.
94. Datafeed Studio 'search.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30660
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30660
Summary:
Datafeed Studio is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Datafeed Studio 1.6.2 is vulnerable; other versions may also be affected.
95. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
BugTraq ID: 30683
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30683
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.
Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the 'hpssd' process to crash, denying service to legitimate users.
These issues affect HPLIP 1.6.7; other versions may also be affected.
96. Datafeed Studio 'patch.php' Remote File Include Vulnerability
BugTraq ID: 30659
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30659
Summary:
Datafeed Studio is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
97. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
BugTraq ID: 29404
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29404
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs when the application processes SMB packets in a client context.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.
The issue affects Samba 3.0.28a and 3.0.29; other versions may also be affected.
NOTE: This BID was originally titled 'Samba 'lib/util_sock.c' Buffer Overflow Vulnerability'. The title was changed to better identify the issue.
98. Sun Cluster TCP Port Conflict Denial Of Service Vulnerability
BugTraq ID: 9137
Remote: No
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/9137
Summary:
A vulnerability has been discovered in the handling of some applications on local systems in a Sun Cluster. Because of this, it is possible for an attacker to create a denial of service.
Update: Reportedly the issue can only be triggered when the following conditions are true:
The Sun Cluster Oracle OPS/RAC packages 'ORCLudlm' and 'SUNWudlm' are installed
The Solaris Secure Shell server daemon ('sshd(1M)') is running
The system is configured to enable X11 forwarding
99. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29309
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/29309
Summary:
Stunnel is prone to a security-bypass vulnerability because the OCSP functionality fails to properly check revoked certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.
This issue affects versions prior to Stunnel 4.24.
100. CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
BugTraq ID: 28781
Remote: Yes
Last Updated: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/28781
Summary:
CUPS is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.
CUPS 1.3.7 is vulnerable; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Researchers race to zero in record time
By: Robert Lemos
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.
http://www.securityfocus.com/news/11531
2. Gov't charges alleged TJX credit-card thieves
By: Robert Lemos
U.S. prosecutors charge eleven people with taking part in an identity-theft ring that stole millions of credit-card accounts from major retailers, among them TJX Companies.
http://www.securityfocus.com/news/11530
3. Poisoned DNS servers pop up as ISPs patch
By: Robert Lemos
An online attacker poisons at least one domain-name server at a major Internet service provider to send Google lookups to a pay-per-click ad network.
http://www.securityfocus.com/news/11529
4. E-Gold pleads guilty to money laundering
By: Robert Lemos
In a plea agreement with the U.S. government, the company's founders agree to charges of operating an unlicensed money transfer business, but the business aims to continue.
http://www.securityfocus.com/news/11528
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Technical Writer, Riyadh
http://www.securityfocus.com/archive/77/495477
2. [SJ-JOB] Security System Administrator, Los Angeles
http://www.securityfocus.com/archive/77/495478
3. [SJ-JOB] Software Engineer, Los Angeles
http://www.securityfocus.com/archive/77/495479
4. [SJ-JOB] Security Researcher, Los Angeles
http://www.securityfocus.com/archive/77/495480
5. [SJ-JOB] Security Consultant, Denver
http://www.securityfocus.com/archive/77/495403
6. [SJ-JOB] Security Consultant, Seattle
http://www.securityfocus.com/archive/77/495404
7. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/495407
8. [SJ-JOB] Security Consultant, Santa Fe
http://www.securityfocus.com/archive/77/495408
9. [SJ-JOB] Security Consultant, Portland
http://www.securityfocus.com/archive/77/495409
10. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/495410
11. [SJ-JOB] Auditor, Miami
http://www.securityfocus.com/archive/77/495378
12. [SJ-JOB] Security Consultant, Des Moines
http://www.securityfocus.com/archive/77/495380
13. [SJ-JOB] Security Consultant, UK Wide
http://www.securityfocus.com/archive/77/495394
14. [SJ-JOB] Sales Engineer, NY
http://www.securityfocus.com/archive/77/495395
15. [SJ-JOB] Security Auditor, Arlington
http://www.securityfocus.com/archive/77/495376
16. [SJ-JOB] Certification & Accreditation Engineer, Rockville
http://www.securityfocus.com/archive/77/495392
17. [SJ-JOB] Security Architect, Springfield
http://www.securityfocus.com/archive/77/495405
18. [SJ-JOB] Auditor, Miami
http://www.securityfocus.com/archive/77/495406
19. [SJ-JOB] Sr. Security Engineer, Lombard
http://www.securityfocus.com/archive/77/495372
20. [SJ-JOB] Security Consultant, Leesburg
http://www.securityfocus.com/archive/77/495379
21. [SJ-JOB] VP, Information Security, Calgary
http://www.securityfocus.com/archive/77/495393
22. [SJ-JOB] Jr. Security Analyst, Knoxville
http://www.securityfocus.com/archive/77/495396
23. [SJ-JOB] Security Engineer, Schaumburg
http://www.securityfocus.com/archive/77/495368
24. [SJ-JOB] Security Consultant, london
http://www.securityfocus.com/archive/77/495370
25. [SJ-JOB] Manager, Information Security, Jersey City
http://www.securityfocus.com/archive/77/495371
26. [SJ-JOB] Security Product Manager, Atlanta
http://www.securityfocus.com/archive/77/495377
27. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/495369
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Step-by-step instructions for debugging Cisco IOS using gdb
http://www.securityfocus.com/archive/82/495441
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Offensive Security
From one of the creators of BackTrack comes a series of intense, 5-day, live training sessions that will change the way you view security.
No more theory, no more talking - these hands-on classes will not just discuss why but will show you HOW.
Join the Offensive Security training team for some of the best security training in the market today.
http://www.offensive-security.com/seccourse.php
No comments:
Post a Comment