----------------------------------------
This issue is sponsored by HP:
Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. BUGTRAQ SUMMARY
1. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
2. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness
3. Android Web Browser Unspecified Remote Code Execution Vulnerability
4. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
5. Questwork QuestCMS Multiple Remote Vulnerabilities
6. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
7. Linux Kernel 'shmem_delete_inode()' Local Denial of Service Vulnerability
8. Citrix Web Interface Security Bypass Vulnerability
9. Linux Kernel 'iov_iter_advance()' Page Fault Local Denial of Service Vulnerability
10. Linux Kernel 'SCTP' Module Multiple vulnerabilities
11. Linux Kernel i915 Driver 'drivers/char/drm/i915_dma.c' Memory Corruption Vulnerability
12. MyKtools 'update.php' Local File Include Vulnerability
13. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
14. bcoos 'modules/banners/click.php' SQL Injection Vulnerability
15. e107 CMS 'alternate_profiles' Plugin 'newuser.php' SQL Injection Vulnerability
16. tlAds Cookie Authentication Bypass Vulnerability
17. Perl File::Find::Object Module Format String Vulnerability
18. phpMyAdmin 'pmd_pdf.php' Cross Site Scripting Vulnerability
19. Kayako eSupport 'html-tidy-logic.php' Cross Site Scripting Vulnerability
20. Linux Kernel 'proc_do_xprt()' Local Buffer Overflow Vulnerability
21. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
22. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
23. Adobe Flash Player Clipboard Security Weakness
24. Sun Solaris RPC Request Denial of Service Vulnerability
25. PC Tools Spyware Doctor Unspecified Denial of Service Vulnerability
26. FCKeditor 'command.php' Arbitrary File Upload Vulnerability
27. Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability
28. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
29. MPlayer 'stream_read' Function Remote Heap Based Buffer Overflow Vulnerability
30. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
31. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
32. Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability
33. Linux kernel 'fs/direct-io.c' Local Denial of Service Vulnerability
34. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
35. Opera Web Browser History Search and Links Panel Cross Site Scripting Vulnerabilities
36. DjVu 'DjVu_ActiveX_MSOffice.dll' ActiveX Component Heap Buffer Overflow Vulnerability
37. PhotoStockPlus Uploader Tool ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
38. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
39. Microgaming Download Helper ActiveX Control Remote Buffer Overflow Vulnerability
40. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
41. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
42. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
43. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
44. Microsoft GDI+ BMP Integer Overflow Vulnerability
45. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
46. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
47. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
48. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
49. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
50. Harlandscripts Pro Traffic One 'trg' Parameter SQL Injection Vulnerability
51. Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite Vulnerability
52. Instinct WP e-Commerce 'image_processing.php' Arbitrary File Upload Vulnerability
53. KVIrc URI Handler Remote Format String Vulnerability
54. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
55. Adobe PageMaker Font Structure Multiple Buffer Overflow Vulnerabilities
56. CafeEngine Easy Cafe Engine 'itemid' Parameter SQL Injection Vulnerability
57. MW6 Technologies Barcode ActiveX 'Barcode.dll' Multiple Arbitrary File Overwrite Vulnerabilities
58. CafeEngine 'id' Parameter Multiple SQL Injection Vulnerabilities
59. MW6 PDF417 'MW6PDF417.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
60. MW6 DataMatrix 'DataMatrix.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
61. Mambo and Joomla! SimpleBoard 'image_upload.php' Arbitrary File Upload Vulnerability
62. WebCards 'admin.php' Login Page SQL Injection Vulnerability
63. 7-Shop 'imageupload.php' Arbitrary File Upload Vulnerability
64. Aztec ActiveX 'Aztec.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
65. Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
66. Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
67. Quassel Core CTCP Ping Input Validation Vulnerability
68. Sepal SPBOARD 'board.cgi' Remote Command Execution Vulnerability
69. Extrakt Framework 'index.php' Cross Site Scripting Vulnerability
70. Atlassian JIRA Cross Site Scripting and HTML Injection Vulnerabilities
71. KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vulnerabilities
72. Elkagroup Image Gallery 'view.php' SQL Injection Vulnerability
73. KKE Info Media Kmita Catalogue 'search.php' Cross Site Scripting Vulnerability
74. H&H Solutions WebSoccer 'id' SQL Injection Vulnerability
75. H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
76. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service Vulnerability
77. Dorsa CMS 'Default_.aspx' Cross Site Scripting Vulnerability
78. Venalsur Booking Centre SQL Injection and Cross Site Scripting Vulnerabilities
79. IBM Lotus Connections Multiple Remote Vulnerabilities
80. IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
81. tlGuestBook Cookie Authentication Bypass Vulnerability
82. Lynx '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability
83. Lynx URI Handlers Arbitrary Command Execution Vulnerability
84. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability
85. Agares Media ThemeSiteScript 'frontpage_right.php' Remote File Include Vulnerability
86. Graphiks MyForum Cookie Authentication Bypass Vulnerability
87. PersianBB 'iranian_music.php' SQL Injection Vulnerability
88. Multiple products Unspecified Library MP4 File Remote Denial of Service Vulnerability
89. PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting Vulnerability
90. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
91. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
92. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
93. Novell eDirectory NCP Unspecified Remote Memory Corruption Vulnerability
94. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
95. libgadu Contact Description Remote Buffer Overflow Vulnerability
96. All In One Control Panel 'cp_polls_results.php' SQL Injection Vulnerability
97. MyKtools Database Disclosure Vulnerability
98. WebGUI 'Asset.pm' Perl Module Handling Code Execution Vulnerability
99. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
100. e107 CMS EasyShop Plugin 'easyshop.php' SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. You don't know (click)jack
2. Researchers weigh "clickjacking" threat
3. Security of Google's browser gets mixed marks
4. Online intruders hit Red Hat, Fedora Project
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Instructor, Reston
2. [SJ-JOB] Security Engineer, Reston
3. [SJ-JOB] Certification & Accreditation Engineer, Reston
V. INCIDENTS LIST SUMMARY
1. Ssh break that claims it was me?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. ClubHack2008 [India] - CFP Closing Soon
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #417
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483
2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482
II. BUGTRAQ SUMMARY
--------------------
1. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
BugTraq ID: 30815
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/30815
Summary:
GNU ed is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to GNU ed 1.0 are vulnerable.
2. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness
BugTraq ID: 31855
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31855
Summary:
Multiple vendors' web browsers are prone a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol.
Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an FTP session. This may allow the attacker to perform malicious actions in a user's browser or redirect the user to a malicious site; other attacks are also possible.
3. Android Web Browser Unspecified Remote Code Execution Vulnerability
BugTraq ID: 31946
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31946
Summary:
Android Web Browser is prone to an unspecified remote code-execution vulnerability.
Successful exploits allow attackers to execute arbitrary code in the context of the browser. Note that attackers can exploit this issue to compromise only the browser, which may result in information-disclosure attacks.
Reportedly, this issue stems from an older vulnerability in one of the third-party packages used by Android. No further details are currently available. We will update or retire this BID when more information emerges.
NOTE: The HTC T-Mobile G1 phone ships with a vulnerable version of Android and is also affected by this issue.
4. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
Versions since Linux kernel 2.6.24-rc1 are vulnerable.
5. Questwork QuestCMS Multiple Remote Vulnerabilities
BugTraq ID: 31945
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31945
Summary:
QuestCMS is prone to multiple vulnerabilities, including a directory-traversal issue, an SQL-injection issue, and a cross-site scripting issue.
Exploiting these issues could allow an attacker to view arbitrary local files within the context of the webserver, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
6. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
This issue affects Linux kernel 2.6.17-rc1 and later.
7. Linux Kernel 'shmem_delete_inode()' Local Denial of Service Vulnerability
BugTraq ID: 31134
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
This issue affects the Linux kernel prior to 2.6.21.1.
8. Citrix Web Interface Security Bypass Vulnerability
BugTraq ID: 31943
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31943
Summary:
Citrix Web Interface is prone to a security-bypass vulnerability that may allow attackers to gain access to a previously terminated session.
Citrix Web Interface 5.0 and 5.0.1 are vulnerable to this issue.
9. Linux Kernel 'iov_iter_advance()' Page Fault Local Denial of Service Vulnerability
BugTraq ID: 31132
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31132
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability caused by an error in the 'iov_iter_advance()' function.
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
This issue occurs in the Linux 2.6 kernel prior to version 2.6.27-rc2.
10. Linux Kernel 'SCTP' Module Multiple vulnerabilities
BugTraq ID: 31121
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31121
Summary:
Linux Kernel 'SCTP' module is prone to multiple vulnerabilities.
The issues allow local attackers to obtain sensitive information or cause kernel crashes, denying service to legitimate users.
Linux Kernel 2.6.26.3 and prior versions are affected.
11. Linux Kernel i915 Driver 'drivers/char/drm/i915_dma.c' Memory Corruption Vulnerability
BugTraq ID: 31792
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31792
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of insufficient boundary checks in the i915 driver.
Local attackers could exploit this issue to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.
This issue affects Linux kernel 2.6.24.6 and prior versions.
12. MyKtools 'update.php' Local File Include Vulnerability
BugTraq ID: 31942
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31942
Summary:
MyKtools is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
MyKtools 2.4 is vulnerable; other versions may also be affected.
13. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
BugTraq ID: 31133
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31133
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code or cause a denial-of-service condition.
Versions prior to Linux kernel 2.6.26.4 are vulnerable.
14. bcoos 'modules/banners/click.php' SQL Injection Vulnerability
BugTraq ID: 31941
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31941
Summary:
The 'bcoos' program is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects bcoos 1.0.13; other versions may also be affected.
15. e107 CMS 'alternate_profiles' Plugin 'newuser.php' SQL Injection Vulnerability
BugTraq ID: 31940
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31940
Summary:
The 'alternate_profiles' plugin for the e107 CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
16. tlAds Cookie Authentication Bypass Vulnerability
BugTraq ID: 31939
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31939
Summary:
tlAds is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access; this may aid in further attacks.
tlAds 1 is vulnerable; other versions may also be affected.
17. Perl File::Find::Object Module Format String Vulnerability
BugTraq ID: 31938
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31938
Summary:
The Perl File::Find::Object module is prone to a format-string vulnerability in its handling of certain loop conditions. An attacker may exploit this issue if an application using the vulnerable library scans a maliciously constructed directory tree.
Versions prior to File::Find::Object 0.1.1 are vulnerable to this issue.
18. phpMyAdmin 'pmd_pdf.php' Cross Site Scripting Vulnerability
BugTraq ID: 31928
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31928
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize
user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
19. Kayako eSupport 'html-tidy-logic.php' Cross Site Scripting Vulnerability
BugTraq ID: 31908
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31908
Summary:
Kayako eSupport is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Kayako eSupport 3.20.02 is vulnerable; other versions may also be affected.
20. Linux Kernel 'proc_do_xprt()' Local Buffer Overflow Vulnerability
BugTraq ID: 31937
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31937
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Local attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
This issue affects Linux kernel 2.6.24-git13 through 2.6.26.4.
21. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.
An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities), but has been assigned its own record because of new technical details.
22. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.
Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.
23. Adobe Flash Player Clipboard Security Weakness
BugTraq ID: 31117
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31117
Summary:
Adobe Flash Player is prone to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.
Attackers can exploit this issue to overwrite content that is contained in a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.
24. Sun Solaris RPC Request Denial of Service Vulnerability
BugTraq ID: 21964
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/21964
Summary:
The Solaris operating system is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the 'rpcbind(1M)' server, denying service to legitimate users.
25. PC Tools Spyware Doctor Unspecified Denial of Service Vulnerability
BugTraq ID: 31630
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31630
Summary:
Spyware Doctor is prone to an unspecified denial-of-service vulnerability.
Attackers can exploit this issue to crash the system, denying service to legitimate users.
Versions prior to Spyware Doctor 6.0.0.386 are vulnerable to this issue.
26. FCKeditor 'command.php' Arbitrary File Upload Vulnerability
BugTraq ID: 31812
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31812
Summary:
FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
27. Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability
BugTraq ID: 28512
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/28512
Summary:
Multiple applications that use X11 are prone to a vulnerability that can allow local attackers to execute arbitrary commands in the context of a user running the application.
This issue affects rxvt 2.6.4 and Eterm 0.9.4; other versions and applications may also be affected.
28. xine-lib 'sdpplin_parse()' Remote Buffer Overflow Vulnerability
BugTraq ID: 28312
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/28312
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.10.1; other versions may also be vulnerable.
29. MPlayer 'stream_read' Function Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 31473
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31473
Summary:
MPlayer is prone to a remote heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
MPlayer 1.0 rc2 is vulnerable; prior versions are also affected.
30. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
31. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
BugTraq ID: 30559
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/30559
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
Versions prior to Linux kernel 2.6.27-rc2 are vulnerable.
32. Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability
BugTraq ID: 31368
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31368
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability related to the 'truncate()' and 'ftruncate()' functions.
Versions prior to Linux kernel 2.6.22-rc1 are vulnerable.
33. Linux kernel 'fs/direct-io.c' Local Denial of Service Vulnerability
BugTraq ID: 31515
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31515
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Local attackers can exploit this issue to crash the affected computer, denying service to legitimate users.
Versions prior to Linux kernel 2.6.23 are vulnerable.
34. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
BugTraq ID: 29942
Remote: No
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/29942
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.
Successfully exploiting this issue may allow attackers to gain access to uninitialized and potentially sensitive data. Information obtained may lead to other attacks.
35. Opera Web Browser History Search and Links Panel Cross Site Scripting Vulnerabilities
BugTraq ID: 31991
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31991
Summary:
Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, change the browser's settings and to launch other attacks.
Versions prior to Opera Web Browser 9.62 are vulnerable to these issues.
NOTE: The 'History Search' issue described here may be related to the 'History Search' that was previously described in BID 31842 'Opera Web Browser Multiple Cross Site Scripting Vulnerabilities'.
36. DjVu 'DjVu_ActiveX_MSOffice.dll' ActiveX Component Heap Buffer Overflow Vulnerability
BugTraq ID: 31987
Remote: Yes
Last Updated: 2008-10-30
Relevant URL: http://www.securityfocus.com/bid/31987
Summary:
The DjVu ActiveX control is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
The DjVu ActiveX control version 3.0 is vulnerable; other versions may also be affected.
37. PhotoStockPlus Uploader Tool ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 29279
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/29279
Summary:
An ActiveX control in the image uploader tool of StockPhotoPlus is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
These issues occur in 'PSPUploader.ocx' which is shipped with PhotoStockPlus Uploader Tool version 1.0.
38. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 31752
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31752
Summary:
Husdawg System Requirements Lab ActiveX controls and Java applets are prone to multiple remote code-execution vulnerabilities.
Successful exploit will allow attackers to download and execute arbitrary files on the affected computer in the context of the application that uses the plugins.
39. Microgaming Download Helper ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23595
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/23595
Summary:
Microgaming Download Helper ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue by enticing victims into opening a malicious HTML document.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
40. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 31706
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31706
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
41. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
BugTraq ID: 31702
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31702
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
42. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
BugTraq ID: 31705
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31705
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
43. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.
Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.
44. Microsoft GDI+ BMP Integer Overflow Vulnerability
BugTraq ID: 31022
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31022
Summary:
Microsoft GDI+ is prone to an integer-overflow vulnerability.
An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.
Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
45. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.
Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
46. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
BugTraq ID: 31020
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31020
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files.
An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.
47. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 31018
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31018
Summary:
Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes.
Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user.
48. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
BugTraq ID: 31682
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31682
Summary:
Microsoft Internet Printing Service is prone to an integer-overflow vulnerability.
Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges.
49. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
BugTraq ID: 31620
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31620
Summary:
Microsoft Windows is prone to a remote command-execution vulnerability in the SNA service through a remote procedure call (RPC).
Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected service.
50. Harlandscripts Pro Traffic One 'trg' Parameter SQL Injection Vulnerability
BugTraq ID: 31986
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31986
Summary:
Harlandscripts Pro Traffic One is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
51. Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31984
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31984
Summary:
Visagesoft eXPert PDF Viewer ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.
Successfully exploiting this issue will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Visagesoft eXPert PDF Viewer ActiveX control 3.0.990.0 is vulnerable; other versions may also be affected.
52. Instinct WP e-Commerce 'image_processing.php' Arbitrary File Upload Vulnerability
BugTraq ID: 31982
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31982
Summary:
WP e-Commerce is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
WP e-Commerce 3.4 is vulnerable; other versions may also be affected.
53. KVIrc URI Handler Remote Format String Vulnerability
BugTraq ID: 31912
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31912
Summary:
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.
KVIrc 3.4.0 is vulnerable; other versions may also be affected.
54. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31962
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31962
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.
Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
The issues affect OpenOffice 2 prior to 2.4.2.
55. Adobe PageMaker Font Structure Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 31975
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31975
Summary:
Adobe PageMaker is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
Adobe PageMaker 7.0.1 is vulnerable; other versions may also be affected.
56. CafeEngine Easy Cafe Engine 'itemid' Parameter SQL Injection Vulnerability
BugTraq ID: 31788
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31788
Summary:
CafeEngine Easy Cafe Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Easy Cafe Engine 1.1 is vulnerable; other versions may also be affected.
57. MW6 Technologies Barcode ActiveX 'Barcode.dll' Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 31979
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31979
Summary:
Barcode ActiveX is prone to multiple vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.
Successful exploits will compromise affected computers and will aid in further attacks.
Barcode ActiveX 3.0.0.1 is vulnerable; other versions may also be affected.
58. CafeEngine 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 31786
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31786
Summary:
CafeEngine is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
59. MW6 PDF417 'MW6PDF417.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 31983
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31983
Summary:
MW6 PDF417 ActiveX control is prone to multiple vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.
Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
MW6 PDF417 ActiveX control 3.0.0.1 is vulnerable; other versions may also be affected.
60. MW6 DataMatrix 'DataMatrix.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 31980
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31980
Summary:
MW6 DataMatrix ActiveX control is prone to multiple vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.
Successfully exploiting these issues will allow the attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
MW6 DataMatrix ActiveX control 3.0.0.1 is vulnerable; other versions may also be affected.
61. Mambo and Joomla! SimpleBoard 'image_upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 31981
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31981
Summary:
SimpleBoard is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to check file extensions properly.
SimpleBoard 1.0.1 is vulnerable; other versions may also be affected.
62. WebCards 'admin.php' Login Page SQL Injection Vulnerability
BugTraq ID: 31977
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31977
Summary:
WebCards is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WebCards 1.3 is vulnerable; other versions may also be affected.
63. 7-Shop 'imageupload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 31978
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31978
Summary:
7-Shop is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
7-Shop 1.1 is vulnerable; other versions may also be affected.
64. Aztec ActiveX 'Aztec.dll' ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 31974
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31974
Summary:
Aztec ActiveX is prone to multiple vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.
Successful exploits will compromise affected computers and will aid in further attacks.
Aztec ActiveX 3.0.0.1 is vulnerable; other versions may also be affected.
65. Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 30001
Remote: No
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/30001
Summary:
Novell Client is prone a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks.
This issue affects Novell Client 4.91 SP4; other versions may also be affected.
66. Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
BugTraq ID: 31976
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31976
Summary:
Python's 'imageop' module is prone to a buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
This issue affects versions prior to Python 2.5.2.
67. Quassel Core CTCP Ping Input Validation Vulnerability
BugTraq ID: 31973
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31973
Summary:
Quassel Core is prone to an input-validation issue that lets attackers hijack
An attacker may exploit this issue to execute arbitrary IRC commands as a user of the vulnerable application. This may aid in further attacks.
This issue exists in versions prior to Quassel Core 3.0.3.
68. Sepal SPBOARD 'board.cgi' Remote Command Execution Vulnerability
BugTraq ID: 31972
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31972
Summary:
Sepal SPBOARD is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
69. Extrakt Framework 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 31971
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31971
Summary:
Extrakt Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize
user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Extrakt Framework 0.7 is vulnerable; other versions may also be affected.
70. Atlassian JIRA Cross Site Scripting and HTML Injection Vulnerabilities
BugTraq ID: 31967
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31967
Summary:
Atlassian JIRA is prone to a HTML-injection issue and a cross-site scripting issue.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible.
Atlassian JIRA 3.13 is vulnerable; other versions may also be affected.
71. KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31970
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31970
Summary:
Kmita Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
72. Elkagroup Image Gallery 'view.php' SQL Injection Vulnerability
BugTraq ID: 31966
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31966
Summary:
Elkagroup is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects Elkagroup 1.0; other versions may also be affected.
73. KKE Info Media Kmita Catalogue 'search.php' Cross Site Scripting Vulnerability
BugTraq ID: 31968
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31968
Summary:
Kmita Catalogue is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Kmita Catalogue V2 is vulnerable; other versions may also be affected.
74. H&H Solutions WebSoccer 'id' SQL Injection Vulnerability
BugTraq ID: 31963
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31963
Summary:
H&H Solutions WebSoccer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
H&H Solutions WebSoccer 2.80 is vulnerable; other versions may also be affected.
75. H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
BugTraq ID: 31961
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31961
Summary:
H2O-CMS is prone to a PHP code-injection vulnerability and a cookie authentication-bypass vulnerability.
An attacker can exploit the PHP code-injection issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Attackers can exploit the cookie authentication-bypass vulnerability to gain administrative access; this may aid in further attacks.
Versions up to and including H2O-CMS 3.4 are vulnerable.
76. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28187
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/28187
Summary:
PacketTrap pt360 Tool Suite PRO TFTP server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
77. Dorsa CMS 'Default_.aspx' Cross Site Scripting Vulnerability
BugTraq ID: 31992
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31992
Summary:
Dorsa CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
78. Venalsur Booking Centre SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 31990
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31990
Summary:
Venalsur Booking Centre is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
79. IBM Lotus Connections Multiple Remote Vulnerabilities
BugTraq ID: 31989
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31989
Summary:
IBM Lotus Connections is prone to multiple vulnerabilities, including cross-site scripting, SQL-injection, information-disclosure and other unspecified issues.
Exploiting these vulnerabilities could allow an attacker to disclose sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IBM Lotus Connections versions prior to 2.0.1 are vulnerable.
80. IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
BugTraq ID: 31988
Remote: Yes
Last Updated: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31988
Summary:
The IBM Tivoli Storage Manager Client is prone to an unspecified buffer-overflow vulnerability.
Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the IBM Tivoli Storage Manager (TSM) Backup-Archive client.
The following versions of TSM are vulnerable:
- TSM 5.5 with client levels 5.5.0.0 to 5.5.0.7
- TSM 5.4 with client levels 5.4.0.0 to 5.4.2.2
- TSM 5.3 with client levels 5.3.0.0 to 5.3.6.1
- TSM 5.2 with client levels 5.2.0.0 to 5.2.5.2
- TSM 5.1 with client levels 5.1.0.0 to 5.1.8.1
- TSM Express all levels
81. tlGuestBook Cookie Authentication Bypass Vulnerability
BugTraq ID: 31958
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31958
Summary:
tlGuestBook is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access; this may aid in further attacks.
tlGuestBook 1.2 is vulnerable; other versions may also be affected.
82. Lynx '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability
BugTraq ID: 31917
Remote: No
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31917
Summary:
Lynx is prone to a local code-execution vulnerability.
Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application.
Versions prior to Lynx 2.8.6rel.4 are affected.
83. Lynx URI Handlers Arbitrary Command Execution Vulnerability
BugTraq ID: 15395
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/15395
Summary:
Lynx is prone to a vulnerability that lets attackers execute arbitrary commands. This issue occurs because the application fails to properly sanitize user-supplied input.
A remote attacker can exploit this vulnerability by tricking a victim user into following a malicious link, thus enabling the attacker to execute arbitrary commands in the context of the victim user.
UPDATE (October 27, 2008): The fix for this issue did not disable the 'lynxcgi' handler when in 'advanced' mode. This may still be an issue if Lynx is called from the command line.
84. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability
BugTraq ID: 31960
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31960
Summary:
Internet Explorer is affected by a URI-spoofing vulnerability because it fails to adequately handle specific combinations of the non-breaking space character (' ').
An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.
Internet Explorer 6 is affected by this issue.
85. Agares Media ThemeSiteScript 'frontpage_right.php' Remote File Include Vulnerability
BugTraq ID: 31959
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31959
Summary:
ThemeSiteScript is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ThemeSiteScript 1.0 is reported vulnerable; other versions may also be affected.
86. Graphiks MyForum Cookie Authentication Bypass Vulnerability
BugTraq ID: 31955
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31955
Summary:
Graphiks MyForum is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain unauthorized access; this may aid in further attacks.
Graphiks MyForum 1.3 is vulnerable; other versions may also be affected.
87. PersianBB 'iranian_music.php' SQL Injection Vulnerability
BugTraq ID: 31953
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31953
Summary:
PersianBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
88. Multiple products Unspecified Library MP4 File Remote Denial of Service Vulnerability
BugTraq ID: 31957
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31957
Summary:
Multiple phone and video products are prone to a denial-of-service vulnerability that occurs in an unspecified library.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers or devices running the affected library.
The following products are vulnerable:
Apple iPhone
Apple iPod touch
VideoLan VLC
Other products may also be affected.
89. PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 31952
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31952
Summary:
PHP-Nuke Nuke League module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
90. X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
BugTraq ID: 29669
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/29669
Summary:
X.Org X Server is prone to an information-disclosure vulnerability that lets X clients read arbitrary X server memory.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
91. X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29670
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/29670
Summary:
The RENDER component for X Server is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.
92. X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability
BugTraq ID: 29665
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/29665
Summary:
X.Org X Server is prone to a denial-of-service vulnerability because the software fails to properly handle exceptional conditions.
Attackers who can connect to a vulnerable X Server may exploit this issue to crash the targeted server, denying further service to legitimate users.
93. Novell eDirectory NCP Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 31956
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31956
Summary:
Novell eDirectory is prone to an unspecified remote memory-corruption vulnerability.
Successful exploits will allow attackers to corrupt process memory, which likely cause a denial-of-service condition or allow arbitrary code to run.
This issue is tracked by Novell Bug 373852.
This issue affects eDirectory 8.7.3 SP10 prior to 8.7.3 SP10 FTF1.
94. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
BugTraq ID: 31874
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31874
Summary:
Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service.
An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.
This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
95. libgadu Contact Description Remote Buffer Overflow Vulnerability
BugTraq ID: 31951
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31951
Summary:
The 'libgadu' library is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious Gadu-Gadu server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to libgadu 1.8.2 are vulnerable. Additional applications that use this library may also be vulnerable.
96. All In One Control Panel 'cp_polls_results.php' SQL Injection Vulnerability
BugTraq ID: 31949
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31949
Summary:
All In One Control Panel (AIOCP) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AIOCP 1.4 is vulnerable; other versions may also be affected.
97. MyKtools Database Disclosure Vulnerability
BugTraq ID: 31950
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31950
Summary:
MyKtools is prone to an information-disclosure vulnerability.
Successful exploits of this issue may allow an attacker to obtain sensitive information by downloading the contents of backed-up databases.
MyKtools 2.4 is vulnerable; other versions may also be affected.
98. WebGUI 'Asset.pm' Perl Module Handling Code Execution Vulnerability
BugTraq ID: 31947
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31947
Summary:
WebGUI is prone to a vulnerability that lets attackers execute arbitrary Perl code in the context of the webserver process. This may help the attacker compromise the application; other attacks are also possible.
Versions prior to WebGUI 7.5.30 are vulnerable.
99. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
BugTraq ID: 29344
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/29344
Summary:
e107 BLOG Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
100. e107 CMS EasyShop Plugin 'easyshop.php' SQL Injection Vulnerability
BugTraq ID: 31948
Remote: Yes
Last Updated: 2008-10-28
Relevant URL: http://www.securityfocus.com/bid/31948
Summary:
The EasyShop plugin for the e107 CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. You don't know (click)jack
By: Robert Lemos
Security professionals Robert "RSnake" Hansen and Jeremiah Grossman discuss a class of attacks, known as clickjacking, on user interfaces of Web browsers.
http://www.securityfocus.com/news/11535
2. Researchers weigh "clickjacking" threat
By: Robert Lemos
A canceled presentation at a Web security summit attracts attention to the danger of overlaying Web pages with graphics to persuade a victim to click where an attacker wants.
http://www.securityfocus.com/news/11534
3. Security of Google's browser gets mixed marks
By: Robert Lemos
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
http://www.securityfocus.com/news/11533
4. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Instructor, Reston
http://www.securityfocus.com/archive/77/497867
2. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/497868
3. [SJ-JOB] Certification & Accreditation Engineer, Reston
http://www.securityfocus.com/archive/77/497869
V. INCIDENTS LIST SUMMARY
---------------------------
1. Ssh break that claims it was me?
http://www.securityfocus.com/archive/75/497803
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. ClubHack2008 [India] - CFP Closing Soon
http://www.securityfocus.com/archive/82/497819
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #417
http://www.securityfocus.com/archive/88/497792
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:
Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
No comments:
Post a Comment