News

Wednesday, November 26, 2008

SecurityFocus Newsletter #480

SecurityFocus Newsletter #480
----------------------------------------

This issue is Sponsored by Absolute Software

Securing Laptops in the Field . Live Webinar
Minimize laptop theft and data loss by managing laptops outside the network. In this Dec. 9 webinar, IT asset management specialist at Farmers Insurance explains how he remotely audits end-user hardware and wipes out data on lost or stolen computers.

http://www.absolute.com/public/landing/CIO1208/default.asp?ref=SF1108-CIOwebinar


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Encase It's Not a Search
2.Microsoft's Stance on Piracy Affects Us All
II. BUGTRAQ SUMMARY
1. Chipmunk Topsites 'start' Parameter Cross Site Scripting Vulnerability
2. Chipmunk Topsites 'authenticate.php' SQL Injection Vulnerability
3. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
4. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability
5. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
6. Mozilla Firefox '.url' Shortcut Processing Information Disclosure Vulnerability
7. MauryCMS Unspecified Arbitrary File Upload Vulnerability
8. LoveCMS Simple Forum Password Reset Security Bypass Vulnerability
9. Ez Ringtone Manager Information Disclosure Vulnerability
10. getaphpsite.com Real Estate Arbitrary File Upload Vulnerability
11. getaphpsite.com Auto Dealers Arbitrary File Upload Vulnerability
12. Goople CMS '/win/notepad/index.php' Arbitrary Command Execution Vulnerability
13. Goople CMS '/win/content/upload.php' Arbitrary File Upload Vulnerability
14. Pilot Group PG Job Site Pro 'homepage.php' SQL Injection Vulnerability
15. Pilot Group PG Real Estate SQL Injection Vulnerability
16. Pilot Group PG Roommate SQL Injection Vulnerability
17. Prozilla Hosting Index 'directory.php' SQL Injection Vulnerability
18. NetArt Media Car Portal 'image.php' SQL Injection Vulnerability
19. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
20. Mole Group Airline Ticket Script 'username' SQL Injection Vulnerability
21. Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
22. Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability
23. Talking Birds eSHOP100 'index.php' SQL Injection Vulnerability
24. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
25. Discuz! Reset Lost Password Security Bypass Vulnerability
26. ZoGo-Shop 'product-details.php' SQL Injection Vulnerability
27. MyBB 'my_post_key' Remote Image Information Disclosure Vulnerability
28. VideoScript 'admin/homeset.php' Remote PHP Code Injection Vulnerability
29. SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability
30. VideoGirls 'view_snaps.php' SQL Injection Vulnerability
31. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
32. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
33. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
34. Microsoft Windows Vista 'iphlpapi.dll' Local Kernel Buffer Overflow Vulnerability
35. Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability
36. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
37. 'tog-pegasus' Package for Red Hat Enterprise Linux Security Bypass Vulnerability
38. PHP Multiple Buffer Overflow Vulnerabilities
39. Werner Hilversum Clean CMS 'full_txt.php' SQL Injection and Cross Site Scripting Vulnerabilities
40. Werner Hilversum FAQ Manager 'catagorie.php' SQL Injection Vulnerability
41. Pie RSS Module 'lib' Parameter Remote File Include Vulnerability
42. IBM Tivoli Access Manager for e-business Remote Denial Of Service Vulnerability
43. Multiple BDigital Web Solutions Applications 'pageid' Parameter SQL Injection Vulnerability
44. MODx CMS Cross Site Scripting and Remote File Include Vulnerabilities
45. NitroTech 'common.php' Remote File Include Vulnerability
46. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
47. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
48. MicroHellas ToursManager 'cityview.php' SQL Injection Vulnerability
49. MicroHellas ToursManager 'tourview.php' SQL Injection Vulnerability
50. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
51. htop Hidden Process Name Input Filtering Vulnerability
52. COMS 'dynamic.php' Cross Site Scripting Vulnerability
53. Total Video Player 'TVP type' Tag Handling Remote Buffer Overflow Vulnerability
54. Quicksilver Forums Local File Include and Arbitrary File Upload Vulnerabilities
55. NitroTech 'members.php' SQL Injection Vulnerability
56. Pie Multiple Remote File Include Vulnerabilities
57. FTPzik 'c' Parameter Local File Include and Cross-Site Scripting Vulnerabilities
58. FreeBSD 'arc4random (9)' Pseudo-Random Number Generator Insufficient Entropy Weakness
59. Nero ShowTime '.m3u' File Remote Buffer Overflow Vulnerability
60. NetArt Media Real Estate Portal 'ad_id' Parameter SQL Injection Vulnerability
61. FlexCell Grid Control (ActiveX) Arbitrary File Overwrite Vulnerability
62. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
63. W3C Amaya 'TtaWCToMBstring()' Multiple Stack Based Buffer Overflow Vulnerabilities
64. NetArt Media Blog System 'image.php' SQL Injection Vulnerability
65. Gallery Unspecified Security Bypass Vulnerability
66. ClamAV 'get_unicode_name()' Off-By-One Heap Based Buffer Overflow Vulnerability
67. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
68. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
69. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
70. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
71. Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
72. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
73. NOS Microsystems getPlus Download Manager Unauthorized Access Vulnerability
74. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
75. ffdshow Long URL Link Remote Buffer Overflow Vulnerability
76. CUPS 'cupsd' RSS Subscriptions NULL Pointer Dereference Local Denial Of Service Vulnerability
77. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
78. Lighttpd Duplicate Request Header Denial of Service Vulnerability
79. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
80. phpMyAdmin '$_REQUEST' SQL Injection Vulnerability
81. phpMyAdmin Local Information Disclosure Vulnerability
82. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
83. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
84. Netrw Vim Script Multiple Command Execution Vulnerabilities
85. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
86. Vim HelpTags Command Remote Format String Vulnerability
87. Vim Vim Script Multiple Command Execution Vulnerabilities
88. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
89. Sun Java Web Start Multiple Vulnerabilities
90. Apple iPod Touch/iPhone Prior to Version 2.1 Multiple Remote Vulnerabilities
91. Mozilla Firefox User Interface Dispatcher Null Pointer Dereference Denial of Service Vulnerability
92. Bandwebsite 'info.php' Cross Site Scripting Vulnerability
93. Bandwebsite 'lyrics.php' SQL Injection Vulnerability
94. Siemens Multiple Gigaset VoIP Phones SIP Remote Denial of Service Vulnerability
95. Jamit Job Board 'index.php' SQL Injection Vulnerability
96. WordPress 'wp-includes/feed.php' Cross-Site Scripting Vulnerability
97. fuzzylime (cms) 'code/track.php' Local File Include Vulnerability
98. RSA enVision Platform Web Console Password Hash Remote Information Disclosure Vulnerability
99. Werner Hilversum FAQ Manager 'include/header.php' Remote File Include Vulnerability
100. RaidSonic ICY BOX NAS FTP Log HTML Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Microsoft hopes free security means less malware
2. Researchers find more flaws in wireless security
3. Secure hash competition kicks off
4. You don't know (click)jack
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #420
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008)
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Encase It's Not a Search
By Mark Rasch
When is a search not really a search? If it.s done by computer, according to U.S. government lawyers.
http://www.securityfocus.com/columnists/485

2.Microsoft's Stance on Piracy Affects Us All
By Oliver Day
For the last few years, Microsoft has wrestled with their stance on piracy. Pirated operating systems are just like legitimate operating systems in terms of their exposure to vulnerabilities: Users must install patches or they will be compromised.
http://www.securityfocus.com/columnists/484


II. BUGTRAQ SUMMARY
--------------------
1. Chipmunk Topsites 'start' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 32470
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32470
Summary:
Chipmunk Topsites is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

2. Chipmunk Topsites 'authenticate.php' SQL Injection Vulnerability
BugTraq ID: 32469
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32469
Summary:
Chipmunk Topsites is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

3. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31858
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/31858
Summary:
GNU Enscript is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GNU Enscript 1.6.1 and 1.6.4 (beta) are vulnerable; other versions may also be affected.

4. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability
BugTraq ID: 32287
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32287
Summary:
pi3Web is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the server to become unresponsive, denying access to legitimate users.

UPDATE (November 22, 2008): The vendor refutes this issue and states that the vulnerable version mentioned does not exist and that they cannot reproduce the vulnerability as described.

UPDATE (November 24, 2008): Additional reports confirm that this issue affects pi3Web 2.0.3 PL2. However, the vulnerability does not cause the server to crash, but only hang while serving the malformed request.

UPDATE (November 24, 2008): The vendor still refutes this issue, but offers workaround information.

5. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30925
Remote: No
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/30925
Summary:
OpenOffice creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

OpenOffice 2.4.1 is vulnerable; other versions may also be affected.

6. Mozilla Firefox '.url' Shortcut Processing Information Disclosure Vulnerability
BugTraq ID: 31747
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/31747
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability when processing '.url' shortcut files in HTML elements.

An attacker can exploit the issue to obtain sensitive information such as browser cache files, cookie data, or local filesystem details. Information harvested may aid in further attacks.

NOTE: To exploit this issue, the attacker must trick a victim into saving a malicious HTML file to the local system and then following a malicious URI.

Mozilla Firefox 3.0.1, 3.0.2, and 3.0.3 are reported vulnerable.

7. MauryCMS Unspecified Arbitrary File Upload Vulnerability
BugTraq ID: 32439
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32439
Summary:
MauryCMS is prone to an unspecified vulnerability that lets attackers upload arbitrary files. The issue occurs because application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

This issue affects MauryCMS 0.53.2 and earlier versions.

8. LoveCMS Simple Forum Password Reset Security Bypass Vulnerability
BugTraq ID: 32435
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32435
Summary:
Simple Forum is prone to a security-bypass.

Exploiting this issue may allow attackers to compromise the application; other attacks are also possible.

Simple Forum 3.1d is vulnerable; other versions may also be affected.

9. Ez Ringtone Manager Information Disclosure Vulnerability
BugTraq ID: 32431
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32431
Summary:
Ez Ringtone Manager is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to view arbitrary local files in the context of the webserver process.

10. getaphpsite.com Real Estate Arbitrary File Upload Vulnerability
BugTraq ID: 32433
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32433
Summary:
Real Estate (by getaphpsite.com) is prone to a vulnerability that lets attackers upload arbitrary files because it fails to properly verify the file extensions of uploaded files.

An attacker can exploit this issue to execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

11. getaphpsite.com Auto Dealers Arbitrary File Upload Vulnerability
BugTraq ID: 32432
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32432
Summary:
Auto Dealers (by getaphpsite.com) is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify the file extensions of uploaded files.

An attacker can exploit this issue to upload arbitrary files and execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

12. Goople CMS '/win/notepad/index.php' Arbitrary Command Execution Vulnerability
BugTraq ID: 32448
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32448
Summary:
Goople CMS is prone to a vulnerability that lets attackers execute arbitrary commands because it fails to properly verify the contents of the 'notepad' feature.

An attacker can exploit this issue to execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and possibly the underlying computer; other attacks are also possible.

Goople CMS 1.7 is vulnerable; other versions may also be affected.

13. Goople CMS '/win/content/upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32428
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32428
Summary:
Goople CMS is prone to a vulnerability that lets attackers upload arbitrary files because it fails to properly verify the file extensions of uploaded files.

An attacker can exploit this issue to execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Goople CMS 1.7 is vulnerable to this issue; other versions may also be affected.

14. Pilot Group PG Job Site Pro 'homepage.php' SQL Injection Vulnerability
BugTraq ID: 32434
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32434
Summary:
Pilot Group PG Job Site Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

15. Pilot Group PG Real Estate SQL Injection Vulnerability
BugTraq ID: 32429
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32429
Summary:
Pilot Group PG Real Estate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

16. Pilot Group PG Roommate SQL Injection Vulnerability
BugTraq ID: 32430
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32430
Summary:
Pilot Group PG Roommate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

17. Prozilla Hosting Index 'directory.php' SQL Injection Vulnerability
BugTraq ID: 32427
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32427
Summary:
Prozilla Hosting Index is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

18. NetArt Media Car Portal 'image.php' SQL Injection Vulnerability
BugTraq ID: 32426
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32426
Summary:
Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Car Portal 2.0 is vulnerable; other versions may also be affected.

19. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
BugTraq ID: 30683
Remote: No
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/30683
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the 'hpssd' process to crash, denying service to legitimate users.

These issues affect HPLIP 1.6.7; other versions may also be affected.

20. Mole Group Airline Ticket Script 'username' SQL Injection Vulnerability
BugTraq ID: 32219
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32219
Summary:
Mole Group Airline Ticket Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

UPDATE (November 24, 2008): The vendor refutes this issue and states that the specified script does not exist.

21. Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
BugTraq ID: 29985
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/29985
Summary:
Pidgin is prone to multiple denial-of-service vulnerabilities affecting the UPnP and Jabber protocols.

Successfully exploits will crash the application, denying service to legitimate users.

Pidgin 2.0.0 is vulnerable; other versions, including Gaim 2.0.0 beta versions, may also be affected.

22. Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 30553
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/30553
Summary:
Pidgin is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.

Pidgin 2.4.3 is vulnerable; other versions may also be affected.

23. Talking Birds eSHOP100 'index.php' SQL Injection Vulnerability
BugTraq ID: 30002
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/30002
Summary:
eSHOP100 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

24. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29956
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/29956
Summary:
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to Pidgin 2.4.3 are vulnerable.

25. Discuz! Reset Lost Password Security Bypass Vulnerability
BugTraq ID: 32424
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32424
Summary:
Discuz! is prone to a security-bypass vulnerability caused by a design error when resetting lost passwords.

An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise the vulnerable application. This can also aid the attacker in further attacks.

26. ZoGo-Shop 'product-details.php' SQL Injection Vulnerability
BugTraq ID: 32423
Remote: Yes
Last Updated: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32423
Summary:
ZoGo-Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ZoGo-Shop 1.15.4 is vulnerable; other versions may also be affected.

27. MyBB 'my_post_key' Remote Image Information Disclosure Vulnerability
BugTraq ID: 32467
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32467
Summary:
MyBB is prone to an information-disclosure vulnerability because it fails to adequately protect POST key data.

Attackers can use the key data to perform cross-site request-forgery attacks. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. Other attacks may also be possible.

MyBB 1.4.3 is vulnerable; other versions may also be affected.

28. VideoScript 'admin/homeset.php' Remote PHP Code Injection Vulnerability
BugTraq ID: 32468
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32468
Summary:
VideoScript is prone to a vulnerability that can be leveraged to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

This issue affects VideoScript 4.0.1.50 and 4.1.5.55; other versions may also be affected.

29. SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection Vulnerability
BugTraq ID: 32464
Remote: No
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32464
Summary:
SuSE YaST2 Backup is prone to a local command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary shell commands in the context of the vulnerable application. This may facilitate the complete compromise of affected computers.

30. VideoGirls 'view_snaps.php' SQL Injection Vulnerability
BugTraq ID: 32477
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32477
Summary:
VideoGirls is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

31. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 32396
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32396
Summary:
BitDefender is prone to a remote denial-of-service vulnerability that occurs when a malicious PDF file is scanned using BitDefender's command-line scanner 'bdc.exe'.

Attackers can exploit this issue to deny service to legitimate users.

UPDATE (November 25, 2008): Further reports indicate that the vulnerable module 'pdf.xmd' is used in other applications, rendering them vulnerable as well.

32. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32281
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32281
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in the following applications:

Firefox 3.0.3 and prior
Firefox 2.0.0.17 and prior
Thunderbird: 2.0.0.17 and prior
SeaMonkey 1.1.12 and prior

33. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

34. Microsoft Windows Vista 'iphlpapi.dll' Local Kernel Buffer Overflow Vulnerability
BugTraq ID: 32357
Remote: No
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32357
Summary:
Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks.

Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

Windows Vista SP1 is vulnerable to this issue.

UPDATE (November 25, 2008): Since this issue may be exploitable only by members of the administrative group, the security implication of this issue may be negated.

35. Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability
BugTraq ID: 32351
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32351
Summary:
Mozilla Firefox, Thunderbird, and Seamonkey are prone to a cross-domain security-bypass vulnerability that can allow an attacker to bypass the same-origin policy.

The attacker can exploit this issue to access arbitrary images from other domains.

Versions prior to Firefox 2.0.0.18 are vulnerable.

NOTE: This issue was previously included in BID 32281 'Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities', but has been given its own record to better document the issue.

36. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
BugTraq ID: 32371
Remote: Yes
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32371
Summary:
The 'imlib2' library is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects imlib2 1.4.2; other versions may also be affected.

37. 'tog-pegasus' Package for Red Hat Enterprise Linux Security Bypass Vulnerability
BugTraq ID: 32460
Remote: No
Last Updated: 2008-11-26
Relevant URL: http://www.securityfocus.com/bid/32460
Summary:
The 'tog-pegasus' package is prone to a security-bypass vulnerability.

Local attackers can exploit this issue to bypass certain security restrictions and send requests to WBEM services.

This issue occurs in the 'tog-pegasus' package built with Red Hat Enterprise Linux 5.

38. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 are vulnerable.

39. Werner Hilversum Clean CMS 'full_txt.php' SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32474
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32474
Summary:
Werner Hilversum Clean CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Clean CMS 1.5 is vulnerable; other versions may also be affected.

40. Werner Hilversum FAQ Manager 'catagorie.php' SQL Injection Vulnerability
BugTraq ID: 32466
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32466
Summary:
Werner Hilversum FAQ Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

FAQ Manager 1.2 is vulnerable; other versions may also be affected.

41. Pie RSS Module 'lib' Parameter Remote File Include Vulnerability
BugTraq ID: 32465
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32465
Summary:
Pie RSS module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Pie RSS module 0.1 is vulnerable; other versions may also be affected.

42. IBM Tivoli Access Manager for e-business Remote Denial Of Service Vulnerability
BugTraq ID: 32461
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32461
Summary:
IBM Tivoli Access Manager for e-business is prone to a remote denial-of-service vulnerability.

Remote attackers can exploit this issue to cause the service to crash or hang, denying service to legitimate users.

IBM Tivoli Access Manager for e-business 6.0.0.17 is vulnerable; other versions may also be affected.

43. Multiple BDigital Web Solutions Applications 'pageid' Parameter SQL Injection Vulnerability
BugTraq ID: 32449
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32449
Summary:
Multiple BDigital Web Solutions applications are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

WebStudio CMS
WebStudio eHotel
WebStudio eCatalogue

44. MODx CMS Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 32436
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32436
Summary:
MODx CMS is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Attackers may also execute script code in an unsuspecting user's browser or steal cookie-based authentication credentials; other attacks are also possible.

These issues affect MODx CMS 0.9.6.2; other versions may also be vulnerable.

45. NitroTech 'common.php' Remote File Include Vulnerability
BugTraq ID: 20810
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/20810
Summary:
NitroTech is prone to a remote file-include vulnerability.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

NitroTech 0.0.3a is vulnerable; other versions may also be affected.

46. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

47. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32463
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32463
Summary:
The 'zip.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

48. MicroHellas ToursManager 'cityview.php' SQL Injection Vulnerability
BugTraq ID: 32110
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32110
Summary:
MicroHellas ToursManager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. MicroHellas ToursManager 'tourview.php' SQL Injection Vulnerability
BugTraq ID: 32397
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32397
Summary:
MicroHellas ToursManager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

50. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

51. htop Hidden Process Name Input Filtering Vulnerability
BugTraq ID: 32081
Remote: No
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32081
Summary:
The 'htop' program is prone to an input-filtering vulnerability that can result in hidden process names.

An attacker can exploit this issue to hide potentially malicious processes, resulting in a false sense of security. This may also aid in launching further attacks against the underlying shell.

This issue affects htop 0.7; other versions may also be affected.

52. COMS 'dynamic.php' Cross Site Scripting Vulnerability
BugTraq ID: 32459
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32459
Summary:
COMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

53. Total Video Player 'TVP type' Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 32456
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32456
Summary:
Total Video Player is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Total Video Player 1.31 provided by 'vcen.dll' is affected; other versions may also be vulnerable.

54. Quicksilver Forums Local File Include and Arbitrary File Upload Vulnerabilities
BugTraq ID: 32452
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32452
Summary:
Quicksilver Forums is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.

Quicksilver Forums 1.4.2 is vulnerable; other versions may also be affected. Note that these issues affect only versions running on Windows platforms.

55. NitroTech 'members.php' SQL Injection Vulnerability
BugTraq ID: 32458
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32458
Summary:
NitroTech is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

NitroTech 0.0.3a is vulnerable; other versions may also be affected.

56. Pie Multiple Remote File Include Vulnerabilities
BugTraq ID: 32455
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32455
Summary:
Pie is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

Pie 0.5.3 is vulnerable; other versions may also be affected.

57. FTPzik 'c' Parameter Local File Include and Cross-Site Scripting Vulnerabilities
BugTraq ID: 32450
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32450
Summary:
FTPzik is prone to a local file-include vulnerability and two cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

Exploits of the cross-site scripting issues may allow the attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

58. FreeBSD 'arc4random (9)' Pseudo-Random Number Generator Insufficient Entropy Weakness
BugTraq ID: 32447
Remote: No
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32447
Summary:
The FreeBSD kernel is prone to a weakness that may result in weaker cryptographic security.

This issue stems from a lack of sufficient entropy in the 'arc4random (9)' pseudo-random number generator.

An attacker may be able to exploit this weakness to launch attacks against additional applications that depend on the affected pseudo-random number generator.

This issue occurs in FreeBSD 6.3 and 7.0.

59. Nero ShowTime '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 32446
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32446
Summary:
Nero ShowTime is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

NOTE: This issue may be related to BID 27615 (Nero Media Player M3U Buffer Overflow Vulnerability), but this has not been confirmed.

ShowTime 5.0.15.0 is vulnerable; other versions may also be affected.

60. NetArt Media Real Estate Portal 'ad_id' Parameter SQL Injection Vulnerability
BugTraq ID: 32445
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32445
Summary:
Real Estate Portal is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Real Estate Portal 1.2 is vulnerable; other versions may also be affected.

61. FlexCell Grid Control (ActiveX) Arbitrary File Overwrite Vulnerability
BugTraq ID: 32443
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32443
Summary:
FlexCell Grid Control (ActiveX) is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

FlexCell Grid Control (ActiveX) 5.7.0.1 is vulnerable; other versions may also be affected.

62. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32444
Remote: No
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32444
Summary:
VirtualBox creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to VirtualBox 2.0.6 are vulnerable.

63. W3C Amaya 'TtaWCToMBstring()' Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 32442
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32442
Summary:
W3C Amaya is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 10.1 is vulnerable; other versions may also be affected.

64. NetArt Media Blog System 'image.php' SQL Injection Vulnerability
BugTraq ID: 32441
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32441
Summary:
Blog System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

65. Gallery Unspecified Security Bypass Vulnerability
BugTraq ID: 32440
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32440
Summary:
Gallery is prone to a security-bypass vulnerability that occurs when handling certain cookies.

An attacker can exploit this issue to bypass certain security restrictions and gain administrative access to the application.

This issue was introduced in Gallery 1.5.8-svn-b34 and remained in the code until Gallery 1.5.10.

66. ClamAV 'get_unicode_name()' Off-By-One Heap Based Buffer Overflow Vulnerability
BugTraq ID: 32207
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32207
Summary:
ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to ClamAV 0.94.1 are vulnerable.

67. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32462
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32462
Summary:
The 'tar.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

68. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
BugTraq ID: 32100
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32100
Summary:
Adobe Acrobat and Reader are prone to multiple security vulnerabilities:

1. Multiple remote code-execution vulnerabilities.
2. A privilege-escalation vulnerability affecting computers running Unix-like operating systems.
3. An input-validation issue in a JavaScript method may lead to remote code execution.

Attackers can exploit these issues to execute arbitrary code, elevate privileges, or cause a denial-of-service condition.

69. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 29420
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/29420
Summary:
Acrobat Reader is prone to a remote denial-of-service vulnerability. The cause of this issue is unknown.

Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

70. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
BugTraq ID: 28906
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/28906
Summary:
phpMyAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue will allow attackers to view arbitrary files within the context of the webserver.

Versions prior to phpMyAdmin 2.11.5.2 are vulnerable.

71. Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
BugTraq ID: 31168
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31168
Summary:
Turba Contact Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Note that this issue also affects Turba on Horde IMP.

Turba Contact Manager H3 2.2.1 is vulnerable; other versions may also be affected.

72. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31962
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31962
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.

Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect OpenOffice 2 prior to 2.4.2.

73. NOS Microsystems getPlus Download Manager Unauthorized Access Vulnerability
BugTraq ID: 32103
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32103
Summary:
NOS Microsystems getPlus Download Manager is prone to a security vulnerability that may allow unauthorized modifications of internet options on affected computers.

Successfully exploiting this issue may allow attackers to modify internet configuration settings, which may lead to other attacks.

The following applications use the getPlus Download Manager:

Adobe Acrobat Professional
Adobe Acrobat Reader

74. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 32105
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32105
Summary:
NOS Microsystems getPlus Download Manager ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

The following applications use the getPlus Download Manager:

Adobe Acrobat Professional
Adobe Acrobat Reader

getPlus Download Manager 1.2.2.50 is vulnerable; other versions may also be affected.

75. ffdshow Long URL Link Remote Buffer Overflow Vulnerability
BugTraq ID: 32438
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32438
Summary:
The 'ffdshow' codec is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks may cause denial-of-service conditions.

This issue affects ffdshow versions prior to rev2347_20081123. Additional applications that use this codec may also be vulnerable.

76. CUPS 'cupsd' RSS Subscriptions NULL Pointer Dereference Local Denial Of Service Vulnerability
BugTraq ID: 32419
Remote: No
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32419
Summary:
CUPS is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference in the 'cupsd' daemon.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users.

NOTE: This issue may be remotely exploitable via cross-site request forgery attacks if an attacker can trick a local user into visiting a malicious web page.

77. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
BugTraq ID: 31599
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31599
Summary:
Lighttpd is prone to an information-disclosure vulnerability because it performs redirect operations on URIs before decoding them.

Attackers can exploit this issue to bypass expected filters or rewrite rules and may gain unauthorized access to certain resources. Other attacks may also be possible.

Versions prior to Lighttpd 1.4.20 are vulnerable.

78. Lighttpd Duplicate Request Header Denial of Service Vulnerability
BugTraq ID: 31434
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31434
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue will allow attackers to cause the affected computer to leak memory, eventually denying service to legitimate users.

Versions prior to lighttpd 1.4.20 are vulnerable.

79. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
BugTraq ID: 31600
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31600
Summary:
The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module.

Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks.

Versions prior to 'lighttpd' 1.4.20 are vulnerable.

80. phpMyAdmin '$_REQUEST' SQL Injection Vulnerability
BugTraq ID: 28068
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/28068
Summary:
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to phpMyAdmin 2.11.5.

81. phpMyAdmin Local Information Disclosure Vulnerability
BugTraq ID: 28560
Remote: No
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/28560
Summary:
phpMyAdmin is prone to a local information-disclosure vulnerability because it fails to securely protect login credentials and secret keys.

Local attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

Versions prior to phpMyAdmin 2.11.5.1 are affected.

82. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30420
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30420
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.8 are vulnerable.

83. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 30648
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30648
Summary:
Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Vim 6.2.429 through 6.3.058.

84. Netrw Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 30115
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30115
Summary:
Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Netrw 125 is vulnerable; other versions may also be affected.

85. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
BugTraq ID: 30795
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30795
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Versions of Vim prior to 7.2.010 are vulnerable to this issue.

86. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

87. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

88. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
BugTraq ID: 30140
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30140
Summary:
Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.

An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions.

The following are affected:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.x_22 and earlier

89. Sun Java Web Start Multiple Vulnerabilities
BugTraq ID: 30148
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/30148
Summary:
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.

Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier

90. Apple iPod Touch/iPhone Prior to Version 2.1 Multiple Remote Vulnerabilities
BugTraq ID: 31092
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31092
Summary:
Apple iPod touch and iPhone are prone to multiple remote vulnerabilities:

1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A remote code-execution vulnerability.

Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.

These issues affect versions prior to iPod touch 2.1 and iPhone 2.1.

91. Mozilla Firefox User Interface Dispatcher Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 31476
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/31476
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

NOTE: This issue may be related to the issues covered in BID 30486 (Mozilla Firefox Unspecified Denial of Service Vulnerability).

Firefox 3.0.3 is vulnerable; other versions may also be affected.

92. Bandwebsite 'info.php' Cross Site Scripting Vulnerability
BugTraq ID: 32454
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32454
Summary:
Bandwebsite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Bandwebsite 1.5 is vulnerable; other versions may also be affected.

93. Bandwebsite 'lyrics.php' SQL Injection Vulnerability
BugTraq ID: 32453
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32453
Summary:
Bandwebsite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bandwebsite 1.5 is vulnerable; other versions may also be affected.

94. Siemens Multiple Gigaset VoIP Phones SIP Remote Denial of Service Vulnerability
BugTraq ID: 32451
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32451
Summary:
Siemens Gigaset C450 IP and C475 IP VoIP phones are prone to a denial-of-service vulnerability because they fail to handle specially crafted SIP messages.

A remote attacker may exploit this issue to cause vulnerable devices to drop all current calls and reboot, resulting in a denial-of-service condition.

95. Jamit Job Board 'index.php' SQL Injection Vulnerability
BugTraq ID: 32478
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32478
Summary:
Jamit Job Board is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions of Jamit Job Board up to and including 3.4.10 are vulnerable to this issue.

96. WordPress 'wp-includes/feed.php' Cross-Site Scripting Vulnerability
BugTraq ID: 32476
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32476
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WordPress 2.6.5 are vulnerable.

97. fuzzylime (cms) 'code/track.php' Local File Include Vulnerability
BugTraq ID: 32475
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32475
Summary:
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks. Other attacks are also possible.

This issue affects fuzzylime (cms) 3.03; other versions may also be vulnerable.

98. RSA enVision Platform Web Console Password Hash Remote Information Disclosure Vulnerability
BugTraq ID: 32473
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32473
Summary:
RSA enVision Platform is prone to a remote information-disclosure vulnerability .

A remote attacker may exploit this issue to access password hashes for web console users. This may aid in further attacks.

RSA enVision 3.5.0 through RSA enVision 3.7.0 are vulnerable; other versions may also be affected.

99. Werner Hilversum FAQ Manager 'include/header.php' Remote File Include Vulnerability
BugTraq ID: 32472
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32472
Summary:
Werner Hilversum FAQ Manager is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

FAQ Manager 1.2 is vulnerable; other versions may also be affected.

100. RaidSonic ICY BOX NAS FTP Log HTML Injection Vulnerability
BugTraq ID: 32471
Remote: Yes
Last Updated: 2008-11-25
Relevant URL: http://www.securityfocus.com/bid/32471
Summary:
RaidSonic ICY BOX NAS is prone to an HTML-injection vulnerability because the device's web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

2. Researchers find more flaws in wireless security
By: Robert Lemos
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
http://www.securityfocus.com/news/11537

3. Secure hash competition kicks off
By: Robert Lemos
Dozens of amateur and professional cryptographers have joined the United States' first open competition for creating an uncrackable algorithm for generating hashes -- the digital fingerprints widely used in a variety of security functions.
http://www.securityfocus.com/news/11536

4. You don't know (click)jack
By: Robert Lemos
Security professionals Robert "RSnake" Hansen and Jeremiah Grossman discuss a class of attacks, known as clickjacking, on user interfaces of Web browsers.
http://www.securityfocus.com/news/11535

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #420
http://www.securityfocus.com/archive/88/498546

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008)
http://www.securityfocus.com/archive/91/498639

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by Absolute Software

Securing Laptops in the Field . Live Webinar
Minimize laptop theft and data loss by managing laptops outside the network. In this Dec. 9 webinar, IT asset management specialist at Farmers Insurance explains how he remotely audits end-user hardware and wipes out data on lost or stolen computers.

http://www.absolute.com/public/landing/CIO1208/default.asp?ref=SF1108-CIOwebinar

No comments:

Blog Archive