WINDOWS CENTER: SecurityFocus Newsletter #470

SecurityFocus Newsletter #470
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.iroky.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. BUGTRAQ SUMMARY
1. kses Multiple Input Validation Vulnerabilities
2. Microsoft Windows Image Color Management Remote Code Execution Vulnerability
3. AvailScript Job Portal Script 'applynow.php' SQL Injection Vulnerability
4. AvailScript Classmate Script 'viewprofile.php' SQL Injection Vulnerability
5. AvailScript Article Script Multiple Input Validation Vulnerabilities
6. AvailScript Photo Album Script Multiple Input Validation Vulnerabilities
7. Live TV Script 'mid' Parameter SQL Injection Vulnerability
8. Hot Links SQL-PHP 'report.php' SQL Injection Vulnerability
9. Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
10. Creator CMS 'index.asp' SQL Injection Vulnerability
11. PunBB 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities
12. Stash 1.0.3 Multiple SQL Injection Vulnerabilities
13. MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
14. Mozilla Firefox Large History File Buffer Overflow Vulnerability
15. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
16. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
17. GNU Tar Invalid Headers Buffer Overflow Vulnerability
18. Gimp XCF_load_vector Function Buffer Overflow Vulnerability
19. Snoopy Arbitrary Command Execution Vulnerability
20. High Norm Sound Master 2nd Unspecified Cross Site Scripting Vulnerability
21. UBB.threads 'Forum[]' Array SQL Injection Vulnerability
22. Movable Type Multiple Cross Site Scripting Vulnerabilities
23. E-Php B2B Trading Marketplace Script 'listings.php' SQL Injection Vulnerability
24. Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability
25. WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability
26. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
27. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
28. Joomla! Multiple Remote Vulnerabilites and Weaknesses
29. Adobe Flash Player Clipboard Security Weakness
30. Ananta 'connectors.php' Arbitrary File Upload Vulnerability
31. Zanfi Autodealers CMS AutOnline 'pageid' Parameter SQL Injection Vulnerability
32. E-Php CMS 'article.php' SQL Injection Vulnerability
33. KDE PCX Image File Handling Buffer Overflow Vulnerability
34. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
35. Net-SNMP Remote Authentication Bypass Vulnerability
36. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
37. Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability
38. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
39. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
40. Adobe Acrobat Reader 'acroread' Insecure Temporary File Creation Vulnerability
41. HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability
42. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
43. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
44. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
45. Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability
46. Linux Kernel 'SCTP' Module Multiple vulnerabilities
47. Zanfi CMS lite 'index.php' SQL Injection Vulnerability
48. Hot Links SQL-PHP 'news.php' SQL Injection Vulnerability
49. LedgerSMB Versions Prior to 1.2.15 Multiple Remote Vulnerabilities
50. Vastal I-Tech phpVID 'group.php' SQL Injection Vulnerability
51. XMB Forum Member.PHP Cross-Site Scripting Vulnerability
52. XMB Forum Member.PHP HTML Injection Vulnerability
53. XMB Forum Multiple Cross-Site Scripting And HTML Injection Vulnerabilities
54. XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities
55. XMB Forum U2U.Inc.PHP SQL Injection Vulnerability
56. XMB Forum Multiple Vulnerabilities
57. myPHPNuke 'print.php' SQL Injection and Cross-Site Scripting Vulnerabilities
58. Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability
59. WordPress Random Password Generation Insufficient Entropy Weakness
60. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
61. MyBB Prior to 1.4.1 Multiple Unspecified Vulnerabilities
62. Red Hat Enterprise IPA Master Kerberos Password Information Disclosure Vulnerability
63. Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability
64. Multiple Tor World CGI Scripts Remote Script Execution Vulnerability
65. Maxthon Browser Remote Denial of Service Vulnerability
66. Libera CMS Cookie SQL Injection Vulnerability
67. Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
68. Jaw Portal 'index.php' Multiple Local File Include Vulnerabilities
69. CMS Buzz 'id' Parameter SQL Injection Vulnerability
70. GIMP PSD File Integer Overflow Vulnerability
71. GIMP RAS File Buffer Overflow Vulnerability
72. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
73. Extreme Media Board MemCP.PHP Local File Include Vulnerability
74. Zanfi Autodealers CMS AutOnline 'id' Parameter SQL Injection Vulnerability
75. D-iscussion Board 'index.php' Local File Include Vulnerability
76. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
77. NooMS Multiple Cross Site Scripting Vulnerabilities
78. Grafitti Forums SQL Injection and HTML Injection Vulnerabilities
79. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
80. Sports Clubs Web Panel 'index.php' Local File Include Vulnerability
81. minb Multiple Arbitrary File Upload Vulnerabilities
82. libxml XML Entity Name Heap Buffer Overflow Vulnerability
83. Easy Photo Gallery Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
84. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
85. PhpWebGallery Local File Include and Cross-Site Scripting Vulnerabilities
86. sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
87. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
88. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
89. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
90. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
91. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
92. XMB Forum Multiple Input Validation Vulnerabilities
93. XMB U2U.PHP Cross-Site Scripting Vulnerability
94. XMB Forum Flash Video Cross-Site Scripting Vulnerability
95. XMB Forum U2UID SQL Injection Vulnerability
96. XMB Langfilenew Local File Include Vulnerability
97. XMB MemCP.PHP HTML Injection Vulnerability
98. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
99. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
100. Apache Tomcat UTF-8 Directory Traversal Vulnerability
III. SECURITYFOCUS NEWS
1. Security of Google's browser gets mixed marks
2. Online intruders hit Red Hat, Fedora Project
3. Researchers race to zero in record time
4. Gov't charges alleged TJX credit-card thieves
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Manager, Information Security, Seattle
2. [SJ-JOB] Security Researcher, Atlanta
3. [SJ-JOB] CSO, Whitewater
4. [SJ-JOB] Software Engineer, Myrtle Beach
5. [SJ-JOB] Penetration Engineer, Any City
6. [SJ-JOB] Manager, Information Security, London
7. [SJ-JOB] Forensics Engineer, Any City
8. [SJ-JOB] Forensics Engineer, Any City
9. [SJ-JOB] Manager, Information Security, New York
10. [SJ-JOB] Sr. Security Analyst, Stamford
11. [SJ-JOB] Developer, Calgary
12. [SJ-JOB] Forensics Engineer, Any City
13. [SJ-JOB] Sr. Security Analyst, Washington
14. [SJ-JOB] Security System Administrator, Calgary
15. [SJ-JOB] Manager, Information Security, New York
16. [SJ-JOB] Security Architect, Dallas
17. [SJ-JOB] Security Consultant, Somerville
18. [SJ-JOB] Security Architect, Midlands
19. [SJ-JOB] Security System Administrator, San Francisco
20. [SJ-JOB] Application Security Engineer, Dallas
21. [SJ-JOB] Jr. Security Analyst, Chicago
22. [SJ-JOB] Sr. Security Engineer, Redmond
23. [SJ-JOB] Security Consultant, San Juan
24. [SJ-JOB] Security Consultant, Any City
25. [SJ-JOB] Information Assurance Analyst, Arlington
26. [SJ-JOB] Security Consultant, Manama
27. [SJ-JOB] Software Engineer, Redmond
28. [SJ-JOB] Security Engineer, Dallas
29. [SJ-JOB] Certification & Accreditation Engineer, Arlington
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Pandora FMS 1.2 released
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. BUGTRAQ SUMMARY
--------------------
1. kses Multiple Input Validation Vulnerabilities
BugTraq ID: 28599
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/28599
Summary:
The kses HTML filter is prone to multiple input-validation vulnerabilities that can lead to client-side script execution.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. PHP code execution is also reportedly possible, but may be exploitable only in limited -- and unknown -- circumstances.

The issues are known to affect the following multiple projects that have incorporated kses:

Dokeos prior to 1.8.4 SP3
eGroupWare prior to 1.4.003
WordPress prior to 2.5
Moodle prior to 1.9

Other applications may also be affected.

NOTE: These issues were previously documented in the following BIDs:

28424 eGroupWare '_bad_protocol_once()' HTML Security Bypass Vulnerability
28121 Dokeos Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Since these issues were determined to originate in the same kses-based source code, this BID has been created to cover all the affected packages.

2. Microsoft Windows Image Color Management Remote Code Execution Vulnerability
BugTraq ID: 30594
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30594
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because of a flaw in the Microsoft Color Management System (MSCMS) module of the Image Color Management System (ICM).

An attacker could exploit this issue by enticing a victim to open a malicious image file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

3. AvailScript Job Portal Script 'applynow.php' SQL Injection Vulnerability
BugTraq ID: 31101
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31101
Summary:
AvailScript Job Portal Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

4. AvailScript Classmate Script 'viewprofile.php' SQL Injection Vulnerability
BugTraq ID: 31100
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31100
Summary:
AvailScript Classmate Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

5. AvailScript Article Script Multiple Input Validation Vulnerabilities
BugTraq ID: 31095
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31095
Summary:
AvailScript Article Script is prone to multiple input-validation vulnerabilities, including:

- An SQL-injection vulnerability
- A cross-site scripting vulnerability

An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

6. AvailScript Photo Album Script Multiple Input Validation Vulnerabilities
BugTraq ID: 31085
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31085
Summary:
AvailScript Photo Album Script is prone to multiple input-validation vulnerabilities, including:

- An SQL-injection vulnerability
- Multiple cross-site scripting vulnerabilities

7. Live TV Script 'mid' Parameter SQL Injection Vulnerability
BugTraq ID: 31083
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31083
Summary:
Live TV Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

8. Hot Links SQL-PHP 'report.php' SQL Injection Vulnerability
BugTraq ID: 31078
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31078
Summary:
Hot Links SQL-PHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Hot Links SQL-PHP 3 is vulnerable; other versions may also be affected.

9. Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 31080
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31080
Summary:
Dns2tcp is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly validate user-supplied input.

A remote attacker can exploit these issues to crash the application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Dns2tcp 0.4.1 are vulnerable.

10. Creator CMS 'index.asp' SQL Injection Vulnerability
BugTraq ID: 31084
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31084
Summary:
Creator CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Creator CMS 5.0 is vulnerable; other versions may also be affected.

11. PunBB 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31082
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31082
Summary:
PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Versions prior to PunBB 1.2.20 are vulnerable.

12. Stash 1.0.3 Multiple SQL Injection Vulnerabilities
BugTraq ID: 31079
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31079
Summary:
Stash is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Stash 1.0.3 is vulnerable; other versions may also be affected.

13. MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
BugTraq ID: 31081
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31081
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle empty binary string literals.

An attacker can exploit this issue to crash the application, denying access to legitimate users.

This issue affects versions prior to MySQL 5.0.66, 5.1.26, and 6.0.6.

14. Mozilla Firefox Large History File Buffer Overflow Vulnerability
BugTraq ID: 15773
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service vulnerability.

This issue presents itself when the browser handles a large entry in the 'history.dat' file. An attacker may trigger this issue by enticing a user to visit a malicious website and by supplying excessive data to be stored in the affected file.

This may cause a denial-of-service condition.

**UPDATE: Proof-of-concept exploit code has been published. The author of the code attributes the crash to a buffer-overflow condition. Symantec has not reproduced the alleged flaw.

15. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 17516
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories specifying security vulnerabilities in Mozilla Suite, Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as the information embargo on the Mozilla Bugzilla entries is lifted and as further information becomes available. This BID will then be retired.

These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1

16. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
BugTraq ID: 16476
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities. These issues include various memory-corruption, code-injection, and access-restriction-bypass vulnerabilities. Other undisclosed issues may have also been addressed in the various updated vendor applications.

Successful exploitation of these issues may permit an attacker to execute arbitrary code in the context of the affected application. This may facilitate a compromise of the affected computer; other attacks are also possible.

17. GNU Tar Invalid Headers Buffer Overflow Vulnerability
BugTraq ID: 16764
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers. Successful exploitation could potentially lead to arbitrary code execution, but this has not been confirmed.

This issue affects Tar 1.14 and above.

18. Gimp XCF_load_vector Function Buffer Overflow Vulnerability
BugTraq ID: 18877
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/18877
Summary:
Gimp is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

An attacker may cause malicious code to execute by forcing the application to read raw data from a malicious image file, with the privileges of the user running the GIMP application.

19. Snoopy Arbitrary Command Execution Vulnerability
BugTraq ID: 15213
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/15213
Summary:
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

This issue may facilitate unauthorized remote access to the application in the context of the webserver.

20. High Norm Sound Master 2nd Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 31076
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31076
Summary:
High Norm Sound Master 2nd is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects High Norm Sound Master 2nd 1.0.0; other versions may also be affected.

21. UBB.threads 'Forum[]' Array SQL Injection Vulnerability
BugTraq ID: 31074
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31074
Summary:
UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects UBB.threads 7.3.1 (released before September 2, 2008) and prior versions.

22. Movable Type Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 31073
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31073
Summary:
Movable Type is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

The following are vulnerable:

Movable Type 3.36, 4.01, and 4.13
Movable Type Community Solution 1.51
Movable Type Enterprise 1.55

23. E-Php B2B Trading Marketplace Script 'listings.php' SQL Injection Vulnerability
BugTraq ID: 31072
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31072
Summary:
E-Php B2B Trading Marketplace Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

24. Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability
BugTraq ID: 31071
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31071
Summary:
Google Chrome is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in a denial-of-service condition.

Google Chrome 0.2.149.27 is vulnerable.

25. WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability
BugTraq ID: 31068
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31068
Summary:
WordPress is prone to an unauthorized-access vulnerability.

Successfully exploiting this issue will allow attackers to reset the password of arbitrary accounts.

WordPress 2.6.1 is vulnerable; other versions may also be affected.

26. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
BugTraq ID: 31067
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31067
Summary:
Microsoft Office OneNote is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

27. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

NOTE: Further analysis indicates that these issues were previously documented in BID 28599 (kses Multiple Input Validation Vulnerabilities), so this BID is being retired.

28. Joomla! Multiple Remote Vulnerabilites and Weaknesses
BugTraq ID: 31103
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31103
Summary:
Joomla! CMS is prone to multiple remote vulnerabilities and a weakness, including:

- An RNG (random number generator) weakness.
- A security vulnerability that may allow attackers to send unsolicited spam email.
- A URL-redirection vulnerability.
- An input-validation vulnerability.

Remote attackers can exploit these issues to send unsolicited spam email, redirect victims to attacker-controlled sites, and conduct phishing attacks. Attackers can also exploit the RNG weakness to aid in brute-force attacks. Other attacks are also possible.

Versions prior to Joomla! 1.5.7 are vulnerable.

29. Adobe Flash Player Clipboard Security Weakness
BugTraq ID: 31117
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31117
Summary:
Adobe Flash Player is prone to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.

Attackers can exploit this issue to overwrite content that is contained in a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.

30. Ananta 'connectors.php' Arbitrary File Upload Vulnerability
BugTraq ID: 31122
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31122
Summary:
Ananta is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

Ananta 1.0b6 is vulnerable; other versions may also be affected.

31. Zanfi Autodealers CMS AutOnline 'pageid' Parameter SQL Injection Vulnerability
BugTraq ID: 31120
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31120
Summary:
Autodealers CMS AutOnline is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

32. E-Php CMS 'article.php' SQL Injection Vulnerability
BugTraq ID: 31119
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31119
Summary:
E-Php CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

33. KDE PCX Image File Handling Buffer Overflow Vulnerability
BugTraq ID: 13096
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
KDE is reported prone to a buffer-overflow vulnerability when handling PCX image files because the 'kimgio' image library fails to properly validate PCX image data.

This vulnerability was reported to reside in PCX image-handling routines, but the vendor has patched other image handlers, which may mean that other image formats may also be affected by similar problems.

Attackers may exploit this vulnerability to crash applications using the affected library or possibly to execute arbitrary machine code in the context of the affected application.

34. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

35. Net-SNMP Remote Authentication Bypass Vulnerability
BugTraq ID: 29623
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/29623
Summary:
Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.

Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.

Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable.

36. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
BugTraq ID: 30977
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30977
Summary:
Postfix is prone to a local denial-of-service vulnerability because of a file-descriptor leak that occurs when it executes non-Postfix commands.

Local attackers can exploit this issue to trigger automatic Postfix shutdowns, denying service to legitimate users.

This issue affects Postfix 2.4 and later for Linux kernel 2.6 platforms.

37. Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability
BugTraq ID: 29908
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/29908
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The following applications are affected:

- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and prior
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and prior

NOTE: This vulnerability may be related to the issue described in BID 29420 (Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability).

38. FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
BugTraq ID: 29639
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/29639
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

39. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

40. Adobe Acrobat Reader 'acroread' Insecure Temporary File Creation Vulnerability
BugTraq ID: 28091
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/28091
Summary:
The 'acroread' script of the Adobe Acrobat Reader package creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Adobe Reader 8.1.2 for Unix; other versions may also be vulnerable.

41. HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability
BugTraq ID: 30840
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30840
Summary:
HP OpenVMS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.

42. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions since Linux kernel 2.6.24-rc1 are vulnerable.

43. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
BugTraq ID: 30559
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30559
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.27-rc2 are vulnerable.

44. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

This issue affects Linux kernel 2.6.17-rc1 and later.

45. Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability
BugTraq ID: 31107
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31107
Summary:
Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Horde Framework 3.1.9 and 3.2.2.

Note that additional products that use the Horde Framework may also be vulnerable.

46. Linux Kernel 'SCTP' Module Multiple vulnerabilities
BugTraq ID: 31121
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31121
Summary:
Linux Kernel 'SCTP' module is prone to multiple vulnerabilities.

The issues allow local attackers to obtain sensitive information or cause kernel crashes, denying service to legitimate users.

Linux Kernel 2.6.26.3 and prior versions are affected.

47. Zanfi CMS lite 'index.php' SQL Injection Vulnerability
BugTraq ID: 31116
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31116
Summary:
Zanfi CMS lite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

48. Hot Links SQL-PHP 'news.php' SQL Injection Vulnerability
BugTraq ID: 31118
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31118
Summary:
Hot Links SQL-PHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Hot Links SQL-PHP 3 and prior versions are vulnerable.

49. LedgerSMB Versions Prior to 1.2.15 Multiple Remote Vulnerabilities
BugTraq ID: 31109
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31109
Summary:
LedgerSMB is prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to consume an excessive amount of resources, compromise the affected application, access or modify data, or exploit vulnerabilities in the underlying database.

Versions prior to LedgerSMB 1.2.15 are vulnerable.

50. Vastal I-Tech phpVID 'group.php' SQL Injection Vulnerability
BugTraq ID: 31108
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31108
Summary:
phpVID is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

phpVID 1.1 is vulnerable; other versions may also be affected.

51. XMB Forum Member.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 7662
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/7662
Summary:
XMB Forum has been reported prone to a cross-site scripting vulnerability.

XMB Forum fails to adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to a specific XMB Forum script.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running XMB Forum.

Note that although this vulnerability has been reported to affect XMB Forum 1.8, previous versions might also be affected.

52. XMB Forum Member.PHP HTML Injection Vulnerability
BugTraq ID: 15489
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/15489
Summary:
XMB Forum is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

53. XMB Forum Multiple Cross-Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 8013
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/8013
Summary:
XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data.

An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user.

54. XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities
BugTraq ID: 12886
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/12886
Summary:
XMB Forum is prome to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

55. XMB Forum U2U.Inc.PHP SQL Injection Vulnerability
BugTraq ID: 14523
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/14523
Summary:
XMB Forum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

56. XMB Forum Multiple Vulnerabilities
BugTraq ID: 9983
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/9983
Summary:
Multiple vulnerabilities have been reported in XMB Forum. The specific issues include an information-disclosure issue and multiple cross-site scripting and SQL-injection issues.

Attackers can exploit these issues to steal cookie-based authentication credentials, modify SQL query logic and structure, and obtain sensitive information about the underlying environment. Cumulatively, these issues could allow remote attackers to hijack accounts, compromise the forum, mount attacks on the database, and launch further attacks against system resources.

Note that these issues appear to have been introduced across different versions of the software.

57. myPHPNuke 'print.php' SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 31114
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31114
Summary:
myPHPNuke is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to myPHPNuke 1.8.8_8rc2 are vulnerable.

NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.

UPDATE: This issue was previously discussed in BID 30942. Due to a technical difficulty with that record, the issue has been assigned a new BID.

58. Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability
BugTraq ID: 31110
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31110
Summary:
Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

This issue affects Horde Framework 3.2 through 3.2.1.

Note that additional products that use the Horde Framework may also be vulnerable.

59. WordPress Random Password Generation Insufficient Entropy Weakness
BugTraq ID: 31115
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31115
Summary:
WordPress is prone to a weakness in the entropy of generated passwords.

Successfully exploiting this issue may allow an attacker to guess randomly generated passwords.

WordPress 2.6.1 is vulnerable; other versions may also be affected.

60. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31069
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31069
Summary:
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.

61. MyBB Prior to 1.4.1 Multiple Unspecified Vulnerabilities
BugTraq ID: 31104
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31104
Summary:
MyBB (MyBulletinBoard) is prone to multiple unspecified vulnerabilities.

Very few details are available regarding these issues. We will update this BID as more information emerges.

Versions prior to MyBB 1.4.1 are vulnerable.

62. Red Hat Enterprise IPA Master Kerberos Password Information Disclosure Vulnerability
BugTraq ID: 31111
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31111
Summary:
Red Hat Enterprise IPA is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

Red Hat Enterprise IPA version 1 for Red Hat Enterprise Linux 5 Server is vulnerable.

63. Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability
BugTraq ID: 31106
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31106
Summary:
Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects only Directory Server as shipped with Red Hat Fedora. The issue was introduced in adminutils 1.1.6.

64. Multiple Tor World CGI Scripts Remote Script Execution Vulnerability
BugTraq ID: 31105
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31105
Summary:
Multiple Tor World CGI scripts are prone to a remote script-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the affected applications and possibly the underlying system; other attacks are also possible.

The following applications are vulnerable:

Simple BBS 1.86 and prior
Interactive BBS 1.57 and prior
Topics BBS 1.11 and prior
Tor Board 1.3 and prior

65. Maxthon Browser Remote Denial of Service Vulnerability
BugTraq ID: 31098
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31098
Summary:
Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

66. Libera CMS Cookie SQL Injection Vulnerability
BugTraq ID: 31102
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31102
Summary:
Libera CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects Libera CMS 1.12 and prior versions.

67. Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
BugTraq ID: 31096
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31096
Summary:
The Peachtree Accounting 'PAWWeb11.ocx' ActiveX control is prone to an insecure-method vulnerability.

Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).

The issue affects Peachtree Accounting 2004; other versions may also be affected.

68. Jaw Portal 'index.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 31099
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31099
Summary:
Jaw Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to execute arbitrary local PHP scripts within the context of the webserver process.

Jaw Portal 1.2 is vulnerable; other versions may also be affected.

69. CMS Buzz 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 31097
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31097
Summary:
CMS Buzz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

70. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

71. GIMP RAS File Buffer Overflow Vulnerability
BugTraq ID: 23680
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/23680
Summary:
GIMP is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.14 is vulnerable to this issue; other versions may also be affected.

72. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
BugTraq ID: 29589
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/29589
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

73. Extreme Media Board MemCP.PHP Local File Include Vulnerability
BugTraq ID: 19501
Remote: No
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/19501
Summary:
Extreme Media Board is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit may allow an attacker to execute arbitrary local scripts within the context of the affected application.

Extreme Media Board 1.96 and prior versions are vulnerable to this issue; other versions may also be affected.

74. Zanfi Autodealers CMS AutOnline 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 31137
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31137
Summary:
Autodealers CMS AutOnline is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

75. D-iscussion Board 'index.php' Local File Include Vulnerability
BugTraq ID: 31135
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31135
Summary:
D-iscussion Board is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

D-iscussion Board 3.01 is vulnerable; other versions may also be affected.

76. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
BugTraq ID: 31133
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31133
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code or cause a denial-of-service condition.

Versions prior to Linux kernel 2.6.26.4 are vulnerable.

77. NooMS Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 31131
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31131
Summary:
NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

NooMS 1.1 is vulnerable; other versions may also be affected.

78. Grafitti Forums SQL Injection and HTML Injection Vulnerabilities
BugTraq ID: 31130
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31130
Summary:
Grafitti Forums is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue.

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

Grafitti Forums 1.0 is vulnerable; other versions may also be affected.

79. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
BugTraq ID: 31129
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31129
Summary:
Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

80. Sports Clubs Web Panel 'index.php' Local File Include Vulnerability
BugTraq ID: 31128
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31128
Summary:
Sports Clubs Web Panel is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

Sports Clubs Web Panel 0.0.1 is vulnerable; other versions may also be affected.

81. minb Multiple Arbitrary File Upload Vulnerabilities
BugTraq ID: 31127
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31127
Summary:
minb is prone to multiple vulnerabilities that allow remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issues occur because the application fails to sanitize user-supplied input.

minb 0.1.0 is vulnerable; other versions may also be affected.

82. libxml XML Entity Name Heap Buffer Overflow Vulnerability
BugTraq ID: 31126
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31126
Summary:
libxml is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the libxml library. Failed exploit attempts will result in a denial-of-service vulnerability.

83. Easy Photo Gallery Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 31125
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31125
Summary:
Easy Photo Gallery is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Attackers may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Easy Photo Gallery 2.1 is vulnerable; other versions may also be affected.

84. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
BugTraq ID: 31124
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31124
Summary:
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and allow the attacker to gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

85. PhpWebGallery Local File Include and Cross-Site Scripting Vulnerabilities
BugTraq ID: 31123
Remote: Yes
Last Updated: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31123
Summary:
PhpWebGallery is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability.

An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks. Exploits of the cross-site scripting issue may allow the attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

PhpWebGallery 1.3.4 is vulnerable; other versions may also be affected.

86. sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
BugTraq ID: 31094
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31094
Summary:
sSMTP is prone to an information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

sSMTP 2.6.2 is vulnerable; other versions may also be affected.

87. FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
BugTraq ID: 29637
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/29637
Summary:
FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

Successfully exploiting this issue will result in the complete compromise of affected computers.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

88. FreeType2 Printer Font Binary Remote Code Exeuction Vulnerability
BugTraq ID: 29641
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/29641
Summary:
FreeType2 is prone to a remote code-execution vulnerability because of an error when freeing memory.

An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on an affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

89. FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability
BugTraq ID: 29640
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/29640
Summary:
FreeType2 is prone to an integer-overflow vulnerability because it fails to perform adequate checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications using the FreeType2 library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue can allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

90. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 30872
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/30872
Summary:
Red Hat Directory Server is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server, denying access to legitimate users.

Directory Server 7.1, 8 EL4, and 8 EL5 are vulnerable.

91. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
BugTraq ID: 30871
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/30871
Summary:
Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns.

An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.

Red Hat Directory Server 7.1 and 8 are affected.

92. XMB Forum Multiple Input Validation Vulnerabilities
BugTraq ID: 16604
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/16604
Summary:
XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input.

Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.

93. XMB U2U.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15342
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/15342
Summary:
XMB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. A successful exploit could allow an attacker to steal cookie-based authentication credentials and launch other attacks.

94. XMB Forum Flash Video Cross-Site Scripting Vulnerability
BugTraq ID: 17445
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/17445
Summary:
XMB Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

95. XMB Forum U2UID SQL Injection Vulnerability
BugTraq ID: 19280
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/19280
Summary:
XMB Forum is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects XMB Forum 1.9.6; earlier versions may also be vulnerable.

96. XMB Langfilenew Local File Include Vulnerability
BugTraq ID: 19494
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/19494
Summary:
XMB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible.

97. XMB MemCP.PHP HTML Injection Vulnerability
BugTraq ID: 22163
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/22163
Summary:
XMB is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Note that an attacker must have a valid user account to exploit this vulnerability.

98. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30814
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/30814
Summary:
The Microsoft Windows Media Services ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'nskey.dll' 4.1.00.3917 is vulnerable; other versions may also be affected.

99. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
BugTraq ID: 31086
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/31086
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

100. Apache Tomcat UTF-8 Directory Traversal Vulnerability
BugTraq ID: 30633
Remote: Yes
Last Updated: 2008-09-10
Relevant URL: http://www.securityfocus.com/bid/30633
Summary:
Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

The following versions are affected:

Apache Tomcat 4.1.0 to 4.1.37
Apache Tomcat 5.5.0 to 5.5.26
Apache Tomcat 6.0.0 to 6.0.17

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Security of Google's browser gets mixed marks
By: Robert Lemos
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
http://www.securityfocus.com/news/11533

2. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532

3. Researchers race to zero in record time
By: Robert Lemos
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.
http://www.securityfocus.com/news/11531

4. Gov't charges alleged TJX credit-card thieves
By: Robert Lemos
U.S. prosecutors charge eleven people with taking part in an identity-theft ring that stole millions of credit-card accounts from major retailers, among them TJX Companies.
http://www.securityfocus.com/news/11530

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Manager, Information Security, Seattle
http://www.securityfocus.com/archive/77/496252

2. [SJ-JOB] Security Researcher, Atlanta
http://www.securityfocus.com/archive/77/496253

3. [SJ-JOB] CSO, Whitewater
http://www.securityfocus.com/archive/77/496254

4. [SJ-JOB] Software Engineer, Myrtle Beach
http://www.securityfocus.com/archive/77/496255

5. [SJ-JOB] Penetration Engineer, Any City
http://www.securityfocus.com/archive/77/496245

6. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/496251

7. [SJ-JOB] Forensics Engineer, Any City
http://www.securityfocus.com/archive/77/496246

8. [SJ-JOB] Forensics Engineer, Any City
http://www.securityfocus.com/archive/77/496247

9. [SJ-JOB] Manager, Information Security, New York
http://www.securityfocus.com/archive/77/496248

10. [SJ-JOB] Sr. Security Analyst, Stamford
http://www.securityfocus.com/archive/77/496250

11. [SJ-JOB] Developer, Calgary
http://www.securityfocus.com/archive/77/496242

12. [SJ-JOB] Forensics Engineer, Any City
http://www.securityfocus.com/archive/77/496244

13. [SJ-JOB] Sr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/496229

14. [SJ-JOB] Security System Administrator, Calgary
http://www.securityfocus.com/archive/77/496230

15. [SJ-JOB] Manager, Information Security, New York
http://www.securityfocus.com/archive/77/496239

16. [SJ-JOB] Security Architect, Dallas
http://www.securityfocus.com/archive/77/496240

17. [SJ-JOB] Security Consultant, Somerville
http://www.securityfocus.com/archive/77/496241

18. [SJ-JOB] Security Architect, Midlands
http://www.securityfocus.com/archive/77/496243

19. [SJ-JOB] Security System Administrator, San Francisco
http://www.securityfocus.com/archive/77/496132

20. [SJ-JOB] Application Security Engineer, Dallas
http://www.securityfocus.com/archive/77/496134

21. [SJ-JOB] Jr. Security Analyst, Chicago
http://www.securityfocus.com/archive/77/496122

22. [SJ-JOB] Sr. Security Engineer, Redmond
http://www.securityfocus.com/archive/77/496127

23. [SJ-JOB] Security Consultant, San Juan
http://www.securityfocus.com/archive/77/496129

24. [SJ-JOB] Security Consultant, Any City
http://www.securityfocus.com/archive/77/496130

25. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/496120

26. [SJ-JOB] Security Consultant, Manama
http://www.securityfocus.com/archive/77/496121

27. [SJ-JOB] Software Engineer, Redmond
http://www.securityfocus.com/archive/77/496123

28. [SJ-JOB] Security Engineer, Dallas
http://www.securityfocus.com/archive/77/496128

29. [SJ-JOB] Certification & Accreditation Engineer, Arlington
http://www.securityfocus.com/archive/77/496119

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Pandora FMS 1.2 released
http://www.securityfocus.com/archive/91/454078

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

News

Thursday, September 11, 2008

SecurityFocus Newsletter #470

No comments:

WINDOWS CENTER

Blog Archive